Operational Security in the Battle for Press Freedom

Attacks on journalists are no longer the preserve of war zones and authoritarian states. Reports over the last year have indicated a worrying rise in attacks, not in areas of armed conflict, but across the world’s democracies including Europe and the United States. This trend is likely to continue amid a persistent global climate of civil unrest, anti-press rhetoric, and the insidious influence of corruption and organized crime.

Figures from UNESCO show that the proportion of journalists killed in countries with no armed conflict increased from 34% in 2014 to 61% in 2019. The US Press Freedom Tracker reported 376 domestic attacks on media personnel in 2020, up from just 35 the previous year. Last year, the Council of Europe’s Platform for the Protection of Journalists reported a five-year “growing pattern of intimidation to silence journalists” within Europe. They cited 142 serious threats to media freedom in 2019 alone, including 33 physical attacks against journalists, and 43 cases of harassment and intimidation.

This new front line has changed the nature and scope of occupational threats. Both state and non-state actors are implicated in politically motivated attacks, as well as those linked to corruption and organized crime. In addition to physical attacks, many journalists - in particular women - now face serious online risks of illegal hacking, trolling, and harassment. Often, online aggression leads to physical violence. Media organizations are being encouraged to provide appropriate training and resources both to those on payroll and freelance journalists.

One vital resource, arguably underused in this context, is Open Source Intelligence (OSINT). Many organizations already use OSINT “offensively” to conduct research and investigations, but may be less familiar with its protective capabilities. Where the seeds of violence are increasingly sown online, knowing how to deploy protective OSINT will add a critical layer of operational security to both online and physical journalistic activity.

The OSINT Audit: The Best Offense is a Good Defense

Many journalists now maintain a significant online presence across multiple platforms. Social media and new technologies have created valuable new spaces in which to find new leads, engage with sources, distribute findings, collaborate, and interact with audiences. However, they have also opened new arenas for abuse, aggression, and intrusive, arbitrary, or malicious surveillance. 

Operational security online is the first line of defense for digital-era journalists. Yet the costs and complexities of security measures - particularly for those without the weight of an organization behind them - can be daunting. One 2017 survey of journalists facing threats because of their work found that whilst more than three quarters used the internet every day, and 89 percent worried that their internet communications were being monitored, almost 40 percent admitted weak passwords; only 18 percent used email encryption, and less than 40 percent used security software. 

When it comes to online security, prevention is always preferable to cure. It is simpler, cheaper, and more effective to identify and plug vulnerabilities before they are breached than it is to try and patch them up afterward. 

Failure to properly anonymize online research can inadvertently expose a journalist’s activities and personal profiles to the very people they are investigating, inviting a hostile backlash. The ready availability of inexpensive surveillance technologies and illegal malware, to state and non-state actors alike, increases this risk. A “sock puppet” account, or better still a solution that facilitates fully anonymous social media research, is fundamental.

Even a journalist's consciously public presence requires a thorough OSINT audit, to scan for private or sensitive information that has been inadvertently revealed. This could include geotagged posts, public friends lists, or documents contained in the background of photographs. Regular, wider scans for leaked data are also critical. Personal information may have been involved in a targeted hack or leaked to the dark web via a third-party data breach. 

Once exposed information is identified, the risks can be mitigated: passwords, credit cards, or email addresses can be changed, security settings enhanced, tags removed. Left unidentified, exposed information is an open door to hostile actors.

Forewarned is Forearmed: Understanding the Threat Landscape

Much anti-media sentiment has its roots online: and online threats often precede physical action. Both social media and so-called “alternative media” are popular arenas for the stirring up of negative sentiment against the “mainstream” media, and incitement to violent action.

Where direct threats are made, those threats need to be profiled with a view to understanding the subject’s plans, motivations, and intentions. There is a world of difference, for example, between a disgruntled individual venting their feelings behind a screen, and an organized extremist faction planning to take real action offline. Discerning between rhetoric and active threat depends not just on how much data you can gather about the subject, but how efficiently and effectively you can analyze that data to gain an understanding of plans, motivations, and intentions. Beyond the words themselves, critical context and circumstantial factors will affect the seriousness of any threat they may pose.

Often, threats will not be made directly but will gather momentum in a corner of the internet of which the target is unaware. This includes mainstream social media platforms but often takes place in fringe forums like 4chan, 8kun, Gab, or Parler, or even on dark web forums. Perpetrators may take pains not to refer directly to the intended target. Discussions may cross different languages and geographies, making them harder to find and keep track of. They may replace words with emojis, videos, memes, or photographs.

In some cases there may be no specific target to planned violence, but rather a generalized one - the “mainstream media” for example - that nonetheless has serious implications for any individual caught in the crossfire. In other cases, violence is not specifically premeditated but is made likely, if not inevitable, by escalating online rhetoric and aggression in advance of events. 

The ability to conduct searches across multiple forums, accounting for different languages, codes of speech, and metadata, as well as image recognition, is vital to simplifying this deliberately complex threat environment. Online sentiment analysis can be used in advance to flag up potential flashpoints around a given area, event, or subject. Continuous monitoring, with programmed alerts to critical behaviors, keywords, or activities, allows journalists to pick up on noteworthy changes in sentiment: which can happen fast when emotions are running high.

The New Front Line

Journalists are tasked with speaking truth to power, investigating crime and corruption, holding governments to account, and reporting conflict and insecurity from within. These challenges come with a significant risk of violent retaliation. Freelance journalists are particularly at risk: though more and more organizations are making use of them, they rarely enjoy the same levels of protection and safety training as staff journalists, nor have access to equivalent resources on an individual level. 

Organizations can start to close the gap by providing their journalists with enhanced OSINT capabilities, both offensive and protective. The right technology can automate regular, targeted, and fully anonymized research across a comprehensive range of sources and forums (including the deep and dark web), analyze data to draw out actionable intelligence, monitor and alert journalists to key behaviors and activities. With attacks on press freedom at serious risk of becoming a “new normal” even at the heart of our major democracies, it has never been more important for organizations to implement adequate safety measures for journalists, on a front line that is now so very close to home.