With Julian Assange, Edward Snowden, Thomas Drake and Lauri Love all taking part in the conference, some of the world’s best known whistle-blowers were onstage. The fact that Assange, Snowden and Love had to be beamed in from exile and enforced detention via videolinks underlines the risks they took to reveal war crimes and mass surveillance.
They all reinforced the message from the technology experts and ‘white hat’ hackers: journalists must take more seriously the need to protect their sources and their materials through encryption, threat assessments and darkphones.
Jake Appelbaum, one of the key players in the Wikileaks publication, was especially scathing about the Guardian’s David Leigh. He told the conference Leigh was an “incompetent illiterate” who published information through ignorance that damaged Julian Assange.
Asked by ECPMF to comment on the allegations, Leigh says: “This is paranoid and perhaps malicious nonsense from hackers. I have never endangered any source ever and no source can be found to say so.”
But Appelbaum directed his criticism also to other mainstream media outlets: “When you call me an internet activist you put me at risk of being jailed as a terrorist”, he warned writers and broadcasters. In addition, he voiced his doubts about their autonomy: “You are rarely if ever f*&%ing independent”, and suggested that in order to show true independence, journalists should not be paid for their work.
There’s more to cyber security than e-mail encryption
Still for those who are really independent, Appelbaum aims to get them up to speed. This is part of the conference’s “challenge power” mission. He chaired a two-hour session introducing three technologies that can be built into everyday journalism so that sources and documents are protected online: Tails, Subgraph and QUBES.
He translated the technical jargon that was not clear to many of the journalists in the hall, and explained how to assess which software can be trusted and which may have a ‘backdoor’ allowing secret access for the security services.
David Mirza Ahmad, one of the developers of Subgraph, warned:
An e-mail address is like a window into your house.
That is why journalists should take cyber security really seriously and not send encrypted e-mails while also saving documents on Dropbox, etc. E-mail encryption is a security technique known to the standard internet user. However, if other security leaks – like online cloud storage, which is very vulnerable to attacks and often used by journalists – are ignored, encryption alone is not enough to secure data.
Tensions between the communities
There were tense exchanges between the technology experts and some journalists who felt they were being patronised or wrongly accused. Away from the conference arena, the Logan Symposium also offered a “Cryptobar” for free one-to-one practical coaching in security techniques for those who did not want to show their ignorance in public. There was a wide choice of different open source technical solutions in the marketplace at the conference fringe.
Conference organiser and ECPMF Board Member Gavin MacFadyen of the London-based Centre for Investigative Journalism declared the event a success – despite the tensions it revealed.
“The hackers give us as investigative reporters the tools to keep ourselves, our stories, our sources and even our lawyers protected,” he told ECPMF. ”Similarly we can help hackers, because hackers don’t have publicity, they don’t have access to the media, they don’t have a lot of things we do have. When they are persecuted we should be thinking how we are persecuted,” stressed MacFadyen.
Members of the Berlin-based Courage Foundation also presented their programme that aims to protect whistle-blowers and hackers, and find safe ways to get their stories out into the open. This was the second Logan Symposium – the first was in 2014 – and it may take many more years before the “hacks” and the “hackers” can work together in mutual trust.