January 20, 2021

CLTC Report: An Evaluation of Online Security Guides for Journalists

Download Evaluation of Online Security Guides for Journalists
Download the Report

Attacks on journalists and freedom of the press have increased markedly over the past several years. An Evaluation of Online Security Guides for Journalists, a report by Kristin Berdan, a fellow at the Citizen Clinic and research fellow at the University of Toronto’s Citizen Lab, posits that a key reason why journalists do not take sufficient action to protect themselves online is that there is an overwhelming amount of security advice on the internet, most of which is difficult for journalist-readers to understand or translate into practice, and difficult for the guides’ authors to keep up to date.

Berdan’s analysis included a review of 33 online security guides available on the public internet that are geared toward journalists. She documented nearly 300 separate pieces of advice provided in these guides, including recommendations for roughly 200 different tools. She catalogued each separate piece of security advice, recorded how often a piece of advice appeared across all the guides, and organized the advice into categories. Each guide was evaluated according to a set of quantitative and qualitative criteria to gauge each guide’s efficacy in improving journalistic security.

“Most guides do not account for journalists’ busy schedules and time-pressured work cycles,” Berdan writes. “Journalists also operate in an increasingly hostile environment, even in countries with democratic governments and some historical guarantees of freedom of the press and rule of law.”

The analysis sought to answer three questions: (1) what security advice exists for journalists specifically? (2) is the existing advice effective? and (3) how best to measure that? The analysis revealed that most online security guides for journalists do not prioritize their content in any way, and provide no clear path for users to improve their security in a time-efficient way. Berdan also found that the advice provided was not consistent across the guides. The paper concludes with recommendations to make guides and security education of journalists overall more effective:

  1. Always start with risk. Help the journalist understand and assess the risk of their story or beat. Only then will the reader-journalist be receptive and curious about the tool or practice that is appropriate given their risk assessment.
  2. Integrate security practice with the journalist’s workflow. Journalists will allow only so much friction in their workflow, given the unceasing time pressure of publication. If they first recognize the threat, appropriately measure the risk, and then choose a tool or practice that they can work with on a daily basis, the chances of long-term success as a journalist who keeps themselves, their story, and their sources secure will rise significantly.
  3. Security as a competitive advantage. The journalist who has secured their accounts and their devices will be empowered to safely explore the darker corners of the internet to extract the information needed to tell the stories that help maintain democracy and freedom in society.
  4. Newsrooms and journalism schools should integrate security education into their programs. Journalists could be more effective and their work have more impact if they had institutional support for their online security and if journalism schools graduated students with the skills to both protect themselves and their stories, and the investigative techniques to get the stories.

“The digital age provides immense opportunities for investigative journalism, but it also offers thousands of ways in which journalists can get trolled or threatened,” Berdan writes. “Security education for journalists must be contextually informed, prioritized, and actionable to be effective in facilitating journalists’ critical role in democratic society.”

Download the Report