His lines of communications. Glen gleanwald at the guardian at the time almost missed breaking the story of the nsa Surveillance Program because when snowden asked him to install an encryption tool called pgp, greenwald failed. He went to another journal ist who was better schooled in the dark arts of digit communication who got the documents to the guardian and eventually out to the world. One year into the snowden story, one of the biggest less options journalists can draw this if you are no good at encryption, how can sources transcriust you protect their an animity. If thats the case, why would a source trust you with their story . This week, we are digging into what they call the deep web. A featured interview were the guardian journalist who worked on the snowden story. First, we will explore one of the Growth Industries in the world of journalism, the encryption tools more and more reporters are using to get the story, keep the powers that be accountable to protect their sources without so much as an electronic trace. A skurjournalist has to take precautions because the ones protecting the material that sources send them. When you see a video on the news of atrocities being committed by regimes, then if that source is still alive, chances are they have been using Digital Security tools. Whether we agree with what he had ward snowden did or not, it brought to light how pervasive it has become. The snowden nsa story did make it into print, but it took awhile. Having taken the initiative, snowden knot want to risk sending classified intelligence documents unencrypted. He instructed Glen Greenwald on how to install pgp, an encryption tool been around. Greenwald didnt get it and failed to take those meyers. Snowden then contacted another journalist laura, an american based in berlin who was familiar with encryption who then let greenwald know what snowden had. The rest is history written in headline form. Since then, more and more journalists have been schooling themselves on what is now a tool of the trade encryption. What the snowden revelations did is not necessarily tell us things on a tactical level that we didnt understand. It just led people to understand the true scope of mass surveillance and now, i have been doing judgist trainings for about two years. And before the revelation, the Digital Security track at a conference wasnt particularly well attended. Now, it is standingroomonly. And thats a really good thing. They dont need to listen to your phone calls if they can pick up the information about the connections and when they happen and all of this. You can kind of figure out what people were doing, talking about anyway, without where the Digital Cookie crumbs. Journalists. There are two ways nanl journalists can be exposed over what they do on the web. First, their direct communications, primarily emails. And then, there is the trail they leave on their web travels, the meta data. Pgp stands for pretty good privacy but the name sells the tool short. Its Developers Say it has never been cracked. Anyone who wants to cover their meta data tracks and avoid unwanted observations use the tour network, the onion router. It uses layers and layers of encryption, a kind of cloaking device built for cyberspace. With more on how journalists are securing their communications and covering their tracks on the web, here is the listening posts will young. For the security conscious journalist, these two freely available tools really are essential. One can converts contents into uncrackable code and the other keeps the online activities under radar. First pgp. I am using the extension for Google Chrome called mail velope to get my personal key. This is a private key only i have access to the and a public key i can make available to the people i want to communicate with. Now that my key is ready, i am going to send the public part of it to my colleague, paolo. He has sent me his public key. When i want to send an email, i am going to en crypt it. I will en crypt this message for paolos eyes only. Pgp uses my private key and paolos public key to turn my message into encrypted text. Its not quite security at the click of a mouse, but you have to take the step to keep your communications safe. Now, while encryption means that the content of your communications cannot intrb september, information about your online movements, your meta data, can reveal a lot about you such as what websites you are visiting or who you are communicating with. If you use tour to collect to the internet, your data bounces through a network of volunteer servers, a bit like taking an indirect route through town to shake off someone who is following you. Not only that, it wraps your data in multiple layers of encryption. Each tour server your packet encounters can unwrap and decrypt only one layer of that encryption enough to send it on its path bur not enough to connect the identity of the sender with its ultimate destination. Getting acquainted with pgp and the tour browser are the first steps for the privacy conscious journalist who wants to communicate securely with sources. Building on the multilaird encryption of tour is the latest in Security Communications tools, usesh friendsly enough that even the least tech savvy journalits can make it work. Its called securedrop developed in part by an american nonprofit, the freedom of the press foundation Whose Mission it is to support and defend interest. Its now featured on many news websites and offers a safe landing spot for sensitive information, a safe haven for the sources who use it to get that information out. Secure drop is an open source drop is an open source int that allows journalism and freedom of press foundation took over the management of the securedrop project in the fall of 2013. Weve updated security securedrop to the point where we think its easy for sources to be able to use. We are helping media organizations install it. In 2013, we have had at least a half a dozen media organizations am install securedrop and are using it regularly including in the u. S. , new york, forbes, propublica and Glen Greenwalds new news organization. I think that sources are like likely. Sot news organizations are a big story. They are got to need to start using encryption and setting up securedrop and need to make things safe for their sources. Them. This isnt just a story about the nsa, washington, or the government there. Governments the world over have their secrets and more and more now have the means to find the sores who reveal them. Beijing has tracked sources feeding american journalists stories about government corruption in china. The events accounts of chinese journalists and those in hong kong are routinely compromised. He script is stepping up social Media Monitoring to keep a lid on dissentence or keep tabs on anything to do with the ban did muslim brotherhood. The Assad Government has looked into technology can catalogue email, given all of that, journalists and their sources, wherever they are, need to know that their communications are safe. Yet for some reason, the same reporters who worked the phone for hours or research a story down to the most minute daily often fail to bring that same kind of diligence to communicating securely. Journalism has been covalled covering history on the run and how electronic communication has made it faster, more responsive. Whether its the need for speed, a sense of complacacy or an en assumption that encryption is too complicated, too technical, not enough reporters are taking the necessary precautions. Unfortunately, i dont think the deep web and all of these animity and increption tools have really reached the mainstream of journalism and the general public yet. Right now, the big problem with all of these encryption tools is they are very secure but not necessarily the easiest to use for users who arent steeped in security. The tools you are using, the reality is we are humans and keb tripped. We can be confused. We can make mistakes and all of these things ultimately will lead to intelligence agencies and spies and other people to continue to do their jobs and they depend upon us being human. The computers can be perfect but the humans wont be. We need to be trained by somebody who understands both what it is to be in the position of a journalist who may be under threat of a government and also implications. The implications are serious. The Obama Administration is obsessed with whistle blowers who reveal National Security secrets, prosecuting them in record numbers. The British Government has gone after the guardian at one stage forcing the newspaper to destroy hard drives full of snowden files. These are touchy times for journalists reporting on Security Matters and downright scary times for sources who governments are far, far more likely to prosecute than talk to and that is reason enough for journalists and the organizations they work for to get up to speed on encryption. As we saw in the snowden case, you have to have encryption. You have to have the ability to protect your sources on a technical level in order to get stories. As we saw in the greenwald and snowden case, journalists need the ability to en crypt communication and do everything that they can on a tact cal level to protect their sources otherwise, they wont get the same stories. All of our seems are encrypted and i think that thats the responsible thing to do when you are doing journalism and when you are dealing with sources greenwald almost lost the biggest story of his life because he was not using p to p. They are going to find journalists they trust and also know how to protect them. Our Global Village voices now on the importance of secure communication between reporters. All users have a handful of sources like google and facebook and twitter. This made inevitable by people who see it as power to be collected. If we make giant piles of data, governments, inc. Corp operations will paw through our lives at will and for their own purposes. We need to move structure. We have implemented a whistleblowing platform in november of 2013. It makes use of the browser. We receive a fair number of leaks on a regular basis. The majority of the leaks are about possible wrongdoings and lack of trans pansy in the Public Administration sector. We strongly believe that if leaks can contribute greatly to expose corruption and, above all, to give the public a role in making things better. In phone tapping, the government has the central Monitoring System which can intercept realtime communication and internet based communication. For that reason, we must Start Talking and thinking in investing in Encryption Technologies to protect journalism as and, also, stories and. In many ways, it was chelsea manning, wiki leaks and Julian Assange who first forced journalits t encryption a powerful tool and to do so on unprecedented scale. Then came snowden. Not many journalists can say they were there at the center of both stories the way james ball can. He was an inhouse journalist at wiki leaks before joining the guardian where he worked on the snowden files with Glen Greenwald. You can bet the bulk of the emails relating to the nsa and gchq were encrypted. Story did the nsa tapping into the cell phone has james balls name on the by line. Eventually, he was named as one of the recipients of the Pulitzer Prize the guardian won story. I sat down with james ball in london to get his take on encryption, source protection and journalism in the post Edward Snowden era. James ball of the guardian, today. Thank you. In your communications when he was setting up the interview, did you en crypt it . We did not. Why not . Because unfortunately, while time. Yes . In theory, in practice, you cant get anything done. Every day we have to compromise. If we try to tell people to be ultra secure, you know, if we are doing that is it would take us an hour to get out of the pass. It does not the mean you are not very important. Before snowden there was assange and wiki leaks. Is it possible to summarize some of the changes in journalism that have occurred as a result of what wick i leaks and assange did first . Two distinct lessons, they learned that we should share as much of our information as we can fshlt we want to do it responsibly. We have redacted on wick i leaks and on snowden. But in instead of saying hey, here is our take on this, you know, assanges approach really changed that, and that attitude looks out of date now. Here is a story. Here is the narrative. Here is all of the context we can give you. But if you dont believe us or if you want to check or see what you think, here is the raw material. And i think that kind of open journalism has really advanced in the last few years. I think the lesson from snowden is quite a different one. Thats much more about we have learned that if we want to protect our sources, its not just enough to say, we wouldnt turn. We have to look at how we communicate with them fshlt how we store our files, how we do everything because we now know all of this stuff gets collected up and gets monitored. You say you have done 130,000 air miles over the last couple of years flying to meet people face to face to discuss things that you werent prepared to cind cindylectronically. Apart from what that says about your size 22 carbon footprint, which i know does not go down well at the guardian its not. What does that say about the level of trust you have or were we talking about the people you were talking to . I think its a mixture of both. I think encryption, as far as we know, works. Edward snowden thinks encryption, when its very strong, when its very well implemented, works. But there is a million and one other little cracks. You know, you dont know if someone is just monitoring what keys you type in on your keyboard or looking at travel and transit or hypothetically at the very extreme interest of both, you might just have a recording what is on the screen and so, any kind of network communication, anything electronic like that, we just couldnt ever feel was 100 secure and because of the sensitivities of what we have been working on, for some issues, we just saw a simple way to deal with this stuff is to have face to face conversations. Old school in a park, underground parking lot, a la watergate and deep throat . Does anyone do any journalism that is not in an underground parking lot . Not according to the movie business. You are a digital guy. Yeah. Rolling the clock back to an old school kind of journalism. Yeah. Its a strange thing to do this story thats all about how networks and the internet and technology 2r68d our possession. We were working computers not connected to the internet, flying around and having actual physical between 1990 and 2003 nasa launched four satellites to photograph our galaxy across the spectrum of both visible and invisible light. They made up the agencys great Observatory Program and each orbiting telescope saw things a little differently, and now the youngest of the four satellites has just finished its mission. The spitzer space telescope is an infrared camera, it detects objects that our eyes cant see and it has taken 2. 5 million photographs over the course of almost 10 years in operation. 2. 5 million photographs stitched together into one big view, which allows you to zoom in incredibly far to see all the way out past the dust and so forth that blocks our normal vision and look through infrared through all of that dust out at stars that are all the way out at the edge of our known galaxy. And being able to see all of it in infrared means were seeing distant stars, stars at least 100 times larger than our own sun. The ability to navigate among these stars is invaluable to astronomers, but even to a casual observer its pretty mindblowing. We looked at securedrop in the piece that preceded this interview. Can you give me an idea of how that one piece of technology, that one option, has changed things for you at the guardian and for some of the people you are dealing with . So securedrop is like a really nice shop front. Its a whole bunch of technologies that exist but it gives them a brand and pulls them together so that for a potential source, it looks like this one good tool they can use to communicate anonymously. It has taken every single precaution you can do. It clears logs, advises people how to use it. It will makes sure it can only be open on a computer thats not in the internet. The packaging makes it quite sort of clever. And its a nice premade shop front for someone to send about. Not to sound too paranoid, but as they say, its not paranoia if they are out to yeah. How do we know your securedrop box is as secure as it says . The absolutely honest answer is we can never say 100 we know something is secure. We dont know the full capabilities. What we do know is this stuff, these standards, as good as we can get it. And theres nothing in the snowden documents to suggest trivial. Its obvious in the documents that encryption is a headache for them, especially mass collection. Encryption slows them down. After snowden, with the nsa, all of this talk of encryption, do you run into journalists, be it inside your organization or to them . The sales pitch is if tur communicating with sources and you are not using encryption, you are putting them at an unnecessary risk of exposure. There is no such thing as a responsible journalist who doesnt use encryption. If you dont use this stuff, you are negligent. People have gotten better than they did. If you start to talk about en christians 18 months ago, your editors eyes would glaze over now at the top of any news organization, these are had about how to protect sources. The other way to look at it is glen green wamd fwloou the story of his life, couldnt be bothered or figure out the encryption tool. Yeah. Glen is a phenomenal journalist but he could do it all. Its fine. If he can do it, other reporters should. You dont have to rye train half a day, and youll be there . When it could to the area of secure and before thomas, thomas drake and john kuriak who the obama as minstration, as well known to anybody prosecuted more under the espionage act than all previous administrations combined. Are you seeing any signs that the trickle of information from with whistle blowers is about to grow into something more significant than that . One of the things to remember is before chelsea man, the biggest ever leak was the pentagon papers from Daniel Elsburg and we went a long time waiting for each bigger than the last but then its only been four years, three years between that and Edward Snowden surfacing. What it sort of shows there is this is kind of culture secrecy and its quite self defeating. The glus government and the u. K. Governments try to hold more and more stuff secret and try to do more and more behind closed doors and thats where people seem motivated to exposing about it. The tricky thing for us is the media. We get into the second year of snowden stuff. When we have loads of scoops, itsedes to keep reporting it. All of this stuff is as imports as it was. The risks is journal simple still there. How do we look at it when its not these big scoops . We have to try to reflect in public and private on actually have we done enough, have we changed enough . And what is happening . Thats stuff. Are you seeing signs encryption is being used by journalists . I think yes. Mosh people are using stuff like tour which protects browsing. You start to see on twitter now at the end of peoples bios,lings to pgp keys. I think people are picking up on it. But the difficulty is certainly for journalists and nonjournalists, its not easy to use yet. Itsedes. Its great. When you are trying to use a secure wrap, its not and so i one of the post snowden implications is there is a market for good easy privacy tech where you dont have to be, you know, a nerd like me to get it and to appreciate it. James ball for the from the gua guardian thanks for talking to us. Thanks very