BY INSI

What journalists need to know about the Snoopers' Charter

The so-called Snoopers' Charter, the Investigatory Powers Bill, has passed into law in the United Kingdom, giving the government wide-ranging authority to intercept and hack into communications. 

But what exactly does this bill allowing for the bulk collection of personal information mean for journalists and their work?

The human rights group Liberty says the new law poses a direct threat to freedom of the press as it offers journalists and their sources no protection from the bill’s extensive interception, hacking and surveillance powers.

Source protection will become more difficult under the Snoopers' Charter.

The bill allows the government to keep records of and monitor private emails, texts and phone calls – all without any suspicion of wrongdoing.

It forces communications companies like Sky, BT and Talk Talk to collect and hand over detailed records of everything users do online. The telecoms companies must store everybody’s communications data – records of all calls, texts, location data and web activity – for a year.

This includes records of correspondence between journalists and sources – as well as other privileged communications between lawyers and clients, MPs and constituents and doctors and patients.

The only safeguard is that a judge must sign off on plans to access communications data if the stated intention is to identify a source. But if that isn’t the stated aim, police and security services are free to go ahead unchecked.

The bill also allows:

  • access to a journalist’s notes or video footage stored on a phone or the use of its microphone as a bug
  • access to journalists’ documents, emails, diaries, contacts, photographs, internet messaging chat logs and the location records on mobile equipment
  • access to anything typed into a device, including login details/passwords and internet browsing histories. Draft documents and deleted files could also be accessed
  • access to footage of riots or demonstrations that turn violent

The bill contains no requirement to notify a journalist, media organisation or their legal representatives when the authorities intend to access communications or hack electronic equipment.

There is also no right to challenge or appeal a decision to access communications, material and sources. The application to access a journalist’s communications will proceed in secret, and they may never know if their communications or equipment were accessed by the state.

This marks a significant deviation from the well-established judicial process set out in the Police and Criminal Evidence Act 1984 which, as the National Union of Journalists points out, protects the identity of sources and all related journalistic material. The union has expressed concern that the bill does not respect article 10 of the European Convention on Human Rights on the protection of freedom of expression.

How can journalists keep their most sensitive communications private? 

  • With so little legal protection, journalists’ communications will certainly be at risk, meaning it is more important than ever to practice good information security.
  • New laptops are nearly impossible to defend. Older laptops such as the IBM ThinkPad X60 (and the X60s) are more securable. In very high-risk situations you could use two laptops – one of which must never connect to the internet by any mean.
  • To increase confidence that your operating system does not have potential surveillance ‘backdoors’, it should be ‘open source’. ‘Open source’ software such as Linux is freely distributed software for which the source-code is ‘open’ and publicly available.
  • Ubuntu is the most widely used Linux operating system. It is easy to install, highly functional, and user friendly. Using Ubuntu is a good option for day-to-day, non-sensitive work.
  • Tails is the most secure operating system. The anonymising operating system leaves no trace of your activity after you shut down.
  • You can protect the privacy of your email content by using ‘public key cryptography’ (PGP email encryption). Public key cryptography scrambles the content of your email into (thus far) unbreakable code 

Useful resources for staying safe online
 
Email: GMX and Yandex can be useful for setting up anonymous email accounts as they do not ask for verifiable personal information such as a mobile phone number.

Web browser: Tor is a secure browser that anonymises your location and identity and overcomes web censorship.
 
Web browser plugin: HTTPS Everywhere forces your browser to make encrypted connections to the websites you visit where possible.

Apps: Signal offers more secure instant messaging than WhatsApp. But remember, the vulnerabilities of smart phones are numerous, with some existing in the hardware, and they are not fixable.
 
Storage: VeraCrypt allows you to create an encrypted 'container' that acts as a digital strongbox for files, locked by a password. Once this box is created and filled with files it can be moved to an external storage device such as a USB drive, or sent over the internet to others. Even if the file is intercepted, the strongbox will not reveal its contents to anyone who does not have the password
 
File sharing: Mega is an alternative to popular file-sharing platforms such as Dropbox and Google Drive. Alternatively, OnionShare allows users to share files anonymously over the Tor network.

For more information the Information Security Handbook For Journalists is available here.

Sources: Liberty, Financial Times, the Guardian, National Union of Journalists

Image by AFP