Over the last few years, computer security has finally become a discussion for more than just system administrators. These days one of the main concerns, understandably, is the security of data once it's left your machine. Once the data is out of your hands, it seems to be uncommonly easy to intercept.
Encryption goes a long way to prevent "across the air" surveillance, but there’s also a mentality in the computer security world: If someone has physical access to your machine, nothing can stop them.
When at home, most of these concerns can be managed. But journalists are at their most vulnerable when traveling. Laptops are left in hotel rooms, connected to public Wi-Fi networks and passed through customs and passport controls. This article will outline some basic, proactive steps journalists can take to mitigate the risks of data theft when they’re on the road.
Step 1: Making sure people can’t get to your data
When you’re packing for a reporting assignment, you keep your suitcase light. You don’t bring extra shoes you know you won’t need and you don’t bring an extra dress or suit coat you know you’ll never wear.
You should do the same with your data. Nobody can steal the data you don’t have.
My favorite way to do this is by simply keeping a separate machine. This can be any laptop not used for your daily or extended work, but my personal favorite is a Chromebook. They’re perfect for journalists in general; extremely cheap, light, ultra-long battery life and disgustingly easy to use.
Using a Chromebook offers another major benefit – all your work is, by default, backed up (through HTTPS and SSL) to Google’s servers. This means that if you have to wipe the machine, smash it with a hammer, light it on fire or drop it in a garbage bin, you still won’t lose your data.
Note: Some people will inherently not enjoy the idea of backing up sensitive reporting data with Google. If that’s the case, you can still install Linux operating system on a Chromebook and get the disposability of a cheap machine with great battery life.
There are also basic security measures that a journalist who may be targeted by spies should follow:
- Never go anywhere without your machine (ever)
- Don’t plug random peripherals (USB sticks, power adapters, monitor adapters) into your machine, unless you can trust them
- Always log out when not using your machine
If you have to take some information into the field, make sure to keep a back up of it at home. This way, if things really go bad and you have to wipe everything or risk the machine getting taken, you don’t lose the data you already have.
Step 2: If people do get to your data, make sure they can't read it
Say the steps above didn’t work. Or you’re in the field for weeks and accidentally forgot to wipe your drive when going through a border crossing. The passport control kid noticed who you are, they took your machine and are currently making a copy of the hard drive in a back room. What do you do?
There’s only one thing here that will help: full-drive encryption. With this procedure in place, you’re ensured that no one can access any of the data on your hard drive without an authentication key.
This is where the type of machine you use comes into play.
Mac: This is the easiest by far. Mac’s operating system - OS X – comes with a program called FileVault which enables full-disk encryption, takes literally seconds to set up and will make no difference to you when using your machine. Instructions for getting it up and running can be found here.
Windows: Microsoft pulled a fast one on people. Microsoft does have its own solution for full-drive encryption called BitLocker, which is quite nice and almost as easy to use as FileVault. The catch is that you have to have either the Ultimate version of Windows 7 or the Professional versions of Windows 8 or 8.1. If you have those, use BitLocker.
If you don’t have the more expensive version of Windows, there’s another option called TrueCrypt. The project is technically abandoned and there are a lot of politics around it right now, but at least in most circles, it’s considered secure and usable. Please see the slideshow below for step-by-step instructions on how to use this.
Linux: The full-drive encryption capabilities of Linux OS varies from version to version, and if you’re running Linux you probably know enough to set this up yourself. If you don’t know, go ask the person that convinced you Linux was “good enough” and “just like Windows” to do it for you. They’ll know. (TrueCrypt is probably the answer for you here as well, but again, it depends, and the installation process differs pretty heavily.)
These previous two steps are preventive. They are easy to do ahead of time, and if you have enough lead time, easy to do in the field as well. Emergency data destruction is an entirely different topic and one I will cover in a follow up post to this. It’s a very different mindset than prevention and quite a bit more permanent. Stay tuned.