Over the course of the symposium the CIJ is running a brand new series of training workshops and conversations exploring new developments in investigative practice, and offering attendees the chance to hone their skills.
All training sessions will be free to attend but will have a limited number of places available. Access links to individual sessions will be made available on the dashboard.
Date and Time: Thursday 19th Nov, 15:00-16:00 UCT
The global response to COVID-19 has put procurement in the spotlight. Masks, school lunches, potholes: that’s where the government put taxpayer’s money to work. Globally, US $13 trillion is spent on contracts with private companies. This session will explore tactics and tools to investigate public procurement and provide tips for monitoring red flags and using public data provided by the government. We’ll look into specific case studies and share some of the most outrageous stories.
Date and Time: TBC
As the reach of state and corporate surveillance continues to extend, the need for journalists and investigators to take greater care to protect their sources, themselves and their stories (in that order) is also increasing.
This talk will look at the evolution of this technological threat to journalists and their ability to provide protection to their sources’ confidentiality, looking at the origins in state surveillance, and charting the rising involvement of private groups for corporate and other interests.
Infosec for Newsrooms
Date and Time: TBC
The tools and methods that can help keep journalists and their sources safe from surveillance are only effective if the organisational structures that journalists work within allow these methods to be integrated into a daily workflow. Too often these structures and workflows are at odds with each other, and so here we will also be providing a structured discussion to highlight best practice from the newsroom or organisational perspective, flagging up some of the vulnerabilities that organisational policy often unwittingly introduces and identifying some ways in which these can be avoided or mitigated.
Infosec for Journalists
Date and Times: TBC
Session 1: A general introduction to information security
This first session will serve as a general introduction to the (broad!) field of information security. We will be giving some basic definitions, describing possible risks of using digital technologies, and introducing some of the available strategies and tools to improve our security. Examples and exercises will help put things in context and understand the more abstract concepts. We will maintain a focus on those scenarios and strategies that are particularly relevant to the practice of journalism.
Session 2: Safe web browsing
This session will focus on web browsing: main risks and mitigation strategies. A look at some of the technological elements behind the internet (eg the network of submarine cables, web cookies, etc) will help us understand how certain forms of surveillance are possible and how certain cyber-attacks are carried out. We will be adding some new items to your infosec toolbox, such as privacy-protecting browser extensions, the Tor Browser, the Tails operating system. We will save the time for examples and exercises.
Session 3: Encrypted communications
What’s the digital journey an email or text message have to go through when travelling from sender to recipient? How are these electronic messages processed and encoded? Who are the actors (in between sender and recipient) that make this communication possible and what fraction of the information exchanged do they have access to? We will answer these questions while explaining concepts such as encryption, end-to-end encryption, metadata, and anonymity. Hands-on activity with VeraCrypt, OnionShare, and (time permitting) GnuPG/PGP.
Session 4: More advanced scenarios and an AMA session
This fourth and last session will be for addressing slightly broader and more advanced topics such as evil maid attacks, crossing a border with digital devices, (hints of) operational security, cloud storage options (risks and benefits), free and open source collaborative platforms (eg Nextcloud, Mattermost, and Etherpad), how to preserve digital evidence. A ask-me-anything session.
In the meantime you can catch up on Infosec Bytes. A video tutorial series for journalists and investigators explaining the risks of using information technology, and how to mitigate them. Our videos, which are released periodically, can be watched individually, or in sequence, as a brief course in basic information security for journalists.