NSA: Protecting Sources

    The recent NSA revelations have confirmed the importance of protecting journalists, sources, whistleblowers and even the stories themselves from US electronic spying. Evidence that the US is now storing the largest mass of personal data - of entire populations -  in history has alarmed reporters, journalists and researchers around the world.
    Last September the CIJ offered the first Computer Security Training Workshop with one of the US’s major security consultants, Jacob Appelbaum. As a two-day course, it’s purpose was to equip journalists with the tools to make their work less visible and subject to interception and spying.  On the 25 March, the CIJ ran a packed four-trainer session introducing encryption, Tor and other methods of  practical use to journalists.   

    At the 2013 Summer School  (13-14 July) we are hosting four sessions on information and computer security with leading experts. It is intended as a practical, hands-on session so bring your laptop. You will leave with key tools to protect yourself and your sources from surveillance.

    Summer School Information Security Classes

    Friday 12 July

    The Politics of the Internet
    Richard Stallman
    Abusive computing and networks, and how we fight them. The talk will cover: 
    Proprietary software that controls the users.
    Malicious features in proprietary software.
    Surveillance by companies and the state.
    The only remedy is to limit how much they can collect.
    Data requests by Internet services.
    Filtering and other censorship.
    Replacing programs on your computer with a service controlled by a company.
    Entrusting to remote services the computing that your computer could do on its own (Service as a Software Substitute).

    Saturday 13 July

    InfoSec: The Introduction
    Information security, technology and behaviours: what they are and why you need them
    Arjen Kamphuis and Michael Rogers
    Journalism is writing what powerful people don't want written or published. In today's digitised world that means serious journalists need to think about guarding the security of the systems they use to do their work. Journalists also need to be able to ensure their sources can communicate with them in ways that are both private and undetectable (depending on the gravity of the story). Consequently journalists need to both equip themselves with the proper methods and tools for their own informational security and  must also help others attain whatever security level required to get the story without compromising the source. Depending on the kinds of story and source the requirements may vary wildly, although anti-terror laws are now regularly invoked by municipalities for very minor issues.
    This talk will give an overview of basic information security concepts (learn to think like the attacker) and point the way to some basic tools and methods for protecting yourself, your colleagues and your sources.
    Infosec: Workshop-I 
    Arjen Kamphuis and Michael Rogers
    This workshop will help participants get the basic internet security tools installed and running on their own system. This is a follow on from the talk: "InfoSec: The Introduction: Information security, technology and behaviours". All participants must bring their own laptops (NOT a tablet! - they are inherently insecure) running Windows, MacOSX or Linux so the participants can install software on their own computers. We will explain, install and configure secure email with PGP-encyption and authentication, setup various web browsers with privacy-enhancing extensions and discuss browsing habits that lower the ability of the third parties to track your online behaviours.
    Infosec: Workshop-II
    Arjen Kamphuis and Michael Rogers
    This workshop will help participants to use additional security tools to achieve very secure (private, undetectable) communications and protect their systems against the consequences of physical theft or inpounding by opponents. Participation in this workshop assumes participation in Infosec workshop-I. Bring one or more USB-drives with at least 8Gb space, as well as your own laptops (see Infosec: Workshop-I). We will explain, install and configure a Jabber client chat application and the OTR (off the record) plugin. This workshop will also go deeper into encrypting hard drives and other storage media. Lastly we will show USB-drive based systems that are cheap, concialable and cheap enough for one-time-use and distribution to larger numbers of sources.

    Book your place at the Summer School.