Forum of Caribbean Community Media Partners
November 26, 2015
Hilton Rose Hall Resort and Spa, Montego Bay,
Jamaica
It
is one of the ironies of the modern era that our greatest technological assets
are presenting some of the world’s more intractable challenges. It is, of
course, possible to take the argument back to the impact of the Industrial
Revolution in Britain during the late 18th into the 19th
centuries and the emergence of a consumer revolution there which, in turn,
helped galvanise and fuel the trade in slaves across the Atlantic right here in
our lands where production for consumption in the colonial motherland was the
primary activity.
I
often follow discussions on what we have been calling a process of
globalisation and wonder sometimes if people understand the extent to which our
societies in these former colonial outposts have been a part of the
internationalising of production, commerce and trade. Depending on the history
class you attended, globalisation has been a feature of our lives centuries
before the World Trade Organisation received its mandate 20 years ago.
I
make this point to indicate that however much we consider ourselves immune or
distant from both the benefits and the challenges of what the planet, its
people and its resources have to offer the world is very much in us to the full
extent that we are in the world.
When
in 2013, therefore, Edward Snowden left his job at the National Security Agency
in the United States and released thousands of classified documents to
journalists, notably Glenn Greenwald of the UK Guardian, the subject of those
leaks ought to have aroused the interest of people everywhere, journalists in
particular.
Greenwald’s
stories lifted the tightly compressed veil from a massive effort by at least
two countries – the US and the UK – to coordinate efforts in a mass
surveillance exercise the true scope and nature of which continue to unfold.
One disclosure of not more than a year ago, for example, is that the NSA has
been in the habit of monitoring every single mobile phone call being made to
and from The Bahamas.
Whether
we consider him to be a whistle-blowing hero or a traitorous criminal, Edward
Snowden’s leaks welcomed a gigantic elephant into the room where we assemble to
discuss the delicate intersection of privacy rights and national security
imperative.
We
will not be able to arrive at any conclusions here today, but we can certainly
explore a number of dilemmas that confront us as media practitioners at
different levels.
We
have engaged a task which embraces two different seemingly contrasting
processes. For one, our media have an interest in the shaping of an environment
in which there is free and open access to public information. In fact, with
very few exceptions, it is desirable that all publicly-held information should
be available for accessing by all citizens including journalists.
On
the other hand, we have an equally compelling motivation to resist intrusion
into the conduct of our own professional affairs as journalists and, indeed, as
citizens. Internationally, there are now organisations that work on uncovering
surveillance practices around the world, and advocate for strong privacy
protections.
This
came home to Trinidad and Tobago when the government changed hands in 2010 and
it was revealed that for at least eight consecutive years, the authorities had
been compiling files based on the telephone conversations of labour leaders,
social activists and journalists. This was followed by the passage of
legislation which closely resembles an emerging menu of laws in developing
countries dealing with official interception of private communications
including emails, text messages and phone calls.
In
Trinidad and Tobago, the Interception of Communications Act prohibits such
practices except in instances where there is a national security consideration
or in instances where a crime punishable by 10 years or more in prison is
involved. Within the first year of the new law, there were more than 250
reported interceptions – most of them linked to counter-narcotics
investigations. We do not know how many convictions were achieved as a result.
I suspect the figure would not be impressive. The state is not very efficient
at prosecuting itself.
In
Jamaica, a law bearing the same name has been in place since 2002 and was
amended in 2011 to enable the authorities to disclose intercepted
communications to other governments provided they meet set public interest
stipulations. This followed the Manatt-Dudus Commission of Enquiry.
A
closer look at this kind of measure merits another discussion at another time.
But the point is being made that not all communications by citizens, among whom
are our journalists, are, at law, subject to an absolute protection on the
basis of the constitutional right to privacy.
But
while governments are among the best resourced to execute such incursions into
private communications, they are not the only ones. Both sophisticated
international networks and petty cyber criminals are now known to be among the
more prolific users of surveillance hardware and software in order to commit
crimes including identity theft, cloning and other forms of fraud that are now
known to contribute toward the commission of other crimes such as terrorism,
the trade in narcotics and human trafficking.
Enter
now the journalist. Not necessarily Greenwald with thousands of classified
files courtesy Snowden, but perhaps an investigative journalist with the
Jamaica Gleaner or Observer or Kaieteur News in Guyana or the Trinidad Guardian
in possession of information that has the potential to shed light on the
wrong-doing of public officials and thus help bring an end to corruption and
other official malpractice.
Several
challenges arise. For one, there is the question of protection of the source or
sources of such information. There is no whistle-blowing legislation to protect
people who wish to blow the cover on corporate or state malpractice, fraud and
other wrong-doing in Caribbean Community countries with the exception of
Jamaica with its Protected Disclosures Act which, of course, has to contend
with the Official Secrets Act and its implications for disclosures related to
information held by the state.
We
have also witnessed a variety of legislative measures to address what our
governments consider to be an exponential increase in criminal breaches online.
It is understandable that the need to meet such a challenge through regulation
is being treated as a matter requiring urgent attention, but there has so far
been a tendency to legitimise official over-reach.
For
example, Trinidad and Tobago’s longstanding attempt to introduce cyber-crimes
legislation has been jeopardised by a fact common to other jurisdictions where
new offences are being created in broad, uninformed terms that have the
potential to capture otherwise innocuous online activities.
According
to one analysis conducted by the Centre for Law and Democracy at the request of
the ACM, there has also been a tendency to shift the onus unto users “to provide
legal justification for activities which are only potentially harmful, instead
of defining what is prohibited narrowly so as to capture only harmful
activity.”
Much
like the country’s Data Protection Act, a proposed cyber-crimes law in Trinidad
and Tobago will have the impact of criminalising the otherwise innocent receipt
of computer data by third parties, including journalists.
Similar
challenges were experienced with respect to Grenada’s Electronic Crimes Act
which essentially created an offence of “offensive” speech regardless of
factual accuracy. The ACM joined with other organisations in condemning the law
and arguing that the law could have had the effect of imposing a roadblock on
information of public interest.
We
have also argued that a public security justification for such laws ought to be
precise and specific.
This
might appear to be off the subject under discussion at this time, but it has a
direct bearing on the ability of the authorities to legitimise incursions into
both personal and corporate data sources. The threats to privacy and the
integrity of journalistic data are thus, in this respect, subject to both open
and surreptitious actions by the state.
So
that, more or less, is the prevailing legislative environment and some trends in
several countries. Some interception of private communication is permissible by
the state under the law. Only in Jamaica is there a protection if the
intercepted communication meets the standards set by the Protected Disclosures
Act and the Official Secrets Act respectively.
The
challenge now is how we operate within these parameters.
The
irony is that the very technology that has become so useful to reporters in
capturing and sifting information through digital means and has revolutionised
the work of the investigative journalist, is what forms the basis for the
development of surveillance software and other processes that provide access to
the private information of media practitioners.
It
is suggested that the rapid growth in the sophistication of such technologies
owes much to a growing demand by governments to become more and more intrusive,
often in pursuit of criminals but sometimes as part of an effort to gather
information on the activities of political opponents and unfriendly states.
It
has now become increasingly important for journalists and their news
organisations to become more aware of the need to protect data and information
and, very importantly, to protect their sources of news and information. Media
development agencies are thus now working doubly hard to ensure that news
organisations are equipped to counter an increasingly intense assault on the
privacy of data and information received and stored by journalists and their
organisations.
Awareness
of this has in many instances impacted on the manner in which news sources now
interact with journalists. In the case of Trinidad and Tobago, the 2010
disclosures led at least momentarily to a much greater degree of reticence by
journalists and their sources when it came to the sharing of information.
Freedom of the press was, in essence, under attack not through guns or official
oppression but by the intangible tentacles of intrusive technology.
The
challenge has also emerged at a time when newsroom operations in most of our
territories in the region are beginning to shrink with declining investments in
areas not deemed to be of urgent concern. There is virtually no investment in
anti-surveillance software and few efforts made to promote greater awareness
among our journalists of the need to address the increasingly prying eyes and
ears of the state and also of criminal elements.
This
leaves a heavy onus on individual journalists to ensure the integrity of the
information they receive and disseminate is protected. This ought to be
supplemented by media outfits ensuring that all technical requirements are in
place once such information reaches their networks. This can include protected
file storage resources and other technical back-stopping.
It
would also be important for journalists and other newsroom operatives to
acquire an understanding of what is required in the conduct of threat
assessments and the use of encryption tools. Some training will be necessary
and there are several possible low-cost online options.
There
are also several basic precautions that can be taken with respect to the two
main communications instruments: your mobile phone and your computer – these
days invariably a laptop or tablet. In a newsroom environment, there is likely
to be a networked desktop computer.
Let’s
first deal with your hand-held device. It is now widely acknowledged that your
mobile phone is a virtual tracking device. People who want to know where to
find you can do so through the use of simple apps and by simply using your
mobile number. In countries where some journalists are at risk, they develop
the habit of switching SIM cards to make it more difficult to be tracked and
monitored.
Additionally,
you need to bear in mind that with the tendency to store a variety of
information including contacts, appointments, photographs and documents, you
would need to ensure that your handheld device is secure in the event it is
stolen or left carelessly around.
Then
there is the web browser you use to access sites that might be of interest to
you when researching your story or checking the balance on your bank account or
making that airline booking or checking email if you do not use a separate app
– activities that require disclosure of information that should remain private.
The
fact of the matter is that whether you like it or not, your browsing history
always leaves a digital trail, whether you have cleared your cache and browsing
history or not. That “incognito” function on your Chrome browser might offer
you a level of privacy with respect to casual users of your machine at the
office, but does not erase data saved in the browser and your Internet Service
Provider can still record all of your activities on the computer.
A
growing number of journalists now use Virtual Private Networks (VPNs) which
provide a high level of protection for personal information including your IP
address, data exchange and browsing history by using an encrypted connection to
the Internet.
You
can also use a Tor browser which uses a network of proxy services to beat
tracking of your browsing habits and reduce the ability of hackers to get hold
of data exchanged via the Internet. Even well-resourced government surveillance
agencies have reported difficulty with tracking data on clunky Tor networks
that move slowly but work well to mask your online footprint.
Its
effectiveness has however made it a prime tool for use by criminals of all
shades and it is truly a double-edged sword.
Now,
let’s deal with your webmail services. I once attended a digital safety
workshop in Austin, Texas put on by the Knight Center for Journalism in the
Americas. Well after registering for the workshop and sharing my Yahoo email
address, the first presenter began by saying that using Yahoo mail is
tantamount to leaving your car with the windows down and the engine running
while you went away.
So,
some of us switched to Gmail. Which is all well and good. It is recognised as
being more secure than Yahoo mail and it works well. However, Gmail has now
morphed into an integral part of the entire world of Google and your Google
account. Outlook mail is considered relatively secure, except that as recently
as last month, security experts picked up a vulnerability which leaves it as
less than completely secure.
Increasingly,
as well, journalists are using cloud file storage services not only as backup
but as a primary platform for storing files. Apple, Google, Microsoft and
Dropbox are among the most popular services. For the most part, these are
generally secure services which encrypt your data while at rest. If you are
concerned about the infamous iCloud hacks of last year, it was subsequently
explained that the celebrities involved had been the victims of a concerted
phishing attack through which hackers were able to secure log-in information.
There
are also secure apps for instant messaging and for making voice and audio
calls.
The
brutal fact is that the best way to secure your data is not to use phones,
tablets and computers at all. The bad guys, including snooping authorities, are
at work morning, noon and night working on ways to find out more about you, for
security, commercial and malicious reasons.
Journalists
are particularly vulnerable not only as individuals, but as important links
between sources of information and the audiences we serve. In the Caribbean,
sufficient attention is not being paid to assessing the risks and taking action
to mitigate their possible effects.
I
would not prescribe a descent into systemic paranoia to which so many have
already fallen prey, but would propose far greater caution than we have displayed
within recent times.