Public-interest journalism speaks truth to power, so protecting press freedom is part of protecting democracy. But what does it take to digitally secure journalists’ work in an environment where critics, hackers, oppressive regimes, and others seem to have the free press in their crosshairs?
(You can also find this episode on the Internet Archive and on YouTube.)
That’s what Harlo Holmes focuses on as Freedom of the Press Foundation’s digital security director. Her team provides training, consulting, security audits, and other support to newsrooms, independent journalists, freelancers, documentary filmmakers – anyone who is making independent journalism in the public interest – so that they can do their jobs more safely and securely. Holmes joins EFF’s Cindy Cohn and Jason Kelley to discuss the tools and techniques that help journalists protect themselves and their sources while keeping the world informed.
In this episode you’ll learn about:
- The importance of protecting online anonymity on an ever-increasingly “data-greedy” internet
- How digital security nihilism in the United States compares with regions of the world where oppressive and repressive governance are more common
- Why compartmentalization can be a simple, easy approach to digital security
- The need for middleware to provide encryption and other protections that shield sources’ anonymity and journalists’ work product when using corporate data platforms
- How podcasters, YouTubers, and TikTokers fit into the broad sweep of media history, and need digital protections as well
Harlo Holmes is the chief information security officer and director of digital security at Freedom of the Press Foundation. She strives to help individual journalists in various media organizations become confident and effective in securing their communications within their newsrooms, with their sources, and with the public at large. She is a media scholar, software programmer, and activist. Holmes was a regular contributor to the open-source mobile security collective Guardian Project, where she spearheaded the media metadata verification initiative currently empowering ProofMode, Save by OpenArchive, eyeWitness to Atrocities, and others.
Resources:
- SecureDrop
- The Tor Project
- EFF: “Privacy Isn't Dead. Far From It." (Feb. 13, 2024)
- Digital Dada Podcast: “Combatting Digital Security Nihilism featuring Harlo Holmes” (Dec. 20, 2023)
- Reuters: “Inside the UAE’s secret hacking team of American mercenaries” (Jan. 30, 2019)
What do you think of “How to Fix the Internet?” Share your feedback here.
Transcript
HARLO HOLMES: within the sphere of public interest journalism. The reason why it exists is because it holds truth to power and it doesn't have to be adversarial, although, that's our right as citizens on this planet, but it doesn't have to be adversarial. And over the tenure that I've had, I've seen so many amazing examples where affecting change through public interest journalism done right, with the most detail paid to the operational and digital security of an investigation, literally ended up with laws being changed and legislation being written in order to make sure the problem that the journalist pointed out does not happen again.
One of my favorites is with Reuters. They wrote a story about how members of the intelligence community in Washington DC, after they had left Washington DC, were being actively poached by intelligence services in the UAE.
So it would take, like, leaving members of the people working in Washington DC, place them in cushy intelligence jobs at the UAE in order to, like, work on programs that we know are like, surveillance heavy, antithetical to all of our interests, public interest as well as the interest of the United States government.
And when that reporting came out, literally like, uh, Congress approved a bill saying that you have to wait three years before you can go through that revolving door rotation.
And that's the trajectory that makes me the most proud to work where I do.
CINDY COHN: That's Harlo Holmes talking about some of the critically important journalism that she is able to help facilitate in her role with the Freedom of the Press Foundation.
I'm Cindy Cohn, the executive director of the Electronic Frontier Foundation.
JASON KELLEY: And I'm Jason Kelley, EFF's activism director. This is our podcast, How to Fix the Internet.
CINDY COHN: On this show, we flip the script from the dystopian doom and gloom thinking we all get mired in when thinking about the future of tech -- we're here challenge ourselves, our guests and our listeners to imagine the better future that we could be working towards. What can we look forward to if we dare to dream about getting things right?
JASON KELLEY: Our guest today, Harlo Holmes, is the chief information security officer and the director of digital security at the Freedom of the Press Foundation where she teaches journalists how to keep themselves – and their sources – safe online.
CINDY COHN: We started off by getting Harlo to explain exactly how the Freedom of the Press Foundation operates.
HARLO HOLMES: What we do, I like to say, is a three-pillared approach to protecting press freedom in the 21st century. The first, absolutely most important is our advocacy team. So not only do we have a staff of lawyers and legal scholars that weigh in on First Amendment issues and protect them within the United States, we also have a fantastic advocacy team at our own little newsroom, the US Press Freedom Tracker, where we have reporters who, anytime members of the press have their right to perform their rightful function challenged, minimized, persecuted, et cetera, we have reporters who are there who report on it, and we stay with those cases for as long as it takes.
And that's something that we're incredibly proud of. That's just one pillar. The other pillars that we have, is our engineering wing. So perhaps you have heard of a tool called SecureDrop. In certain newsrooms all over the planet, it's actually installed in order to technologically enable, as much anonymity as, uh, technically possible. Between reporters at those newsrooms and members of the press at large who might want to be whistleblowers or just to, you know, like, uh, say hey to, a news outlet that they admire in a way that ensures their anonymity.
And then there is my small team. We are the digital security team. Uh, we do a lot of training, consulting, security audits, and other supports that we can provide to newsrooms, independent journalists, freelancers, documentary filmmakers, anyone who is making independent journalism in the public interest in order to do their job more safely and securely.
CINDY COHN: Yeah. I think this is a really important thing that the Freedom of the Press Foundation does. Specifically your piece of it, this kind of connective tissue between the people who are really busy doing the reporting and finding things out and the people who wanna give them information and making sure that this whole thing is protected in a secure way. And I appreciate that you put it third, but to me it's really central to how this whole thing works. So I think that's really important.
And of course, SecureDrop for, you know, old time EFF and digital rights people – we know that this piece of technology was developed by our friend Aaron Schwartz, before he passed away. And the Freedom Press Foundation has picked it up and really turned it from a good but small idea into something that is vital and in newsrooms all around the world.
HARLO HOLMES: Yes. And thank you very, very much, for recognizing those particular achievements. SecureDrop has grown over the past, what, 12 years? I would say, into not only a tool that enables, the groundbreaking amount of journalism that has pretty much changed the trajectory of current events over the years that it's been developed, but also, represents increasing advances in technology around security that everyone on the planet benefits from. So for example, SecureDrop would not be anywhere were it not for its deep collaboration with the Tor Project, right?
And for all of us who pay attention to, digital security cryptography and, the intersection with human rights, you know, that the Tor Network is a groundbreaking piece of technology that not only provides, you know, anonymity on the internet in an increasingly, like, data-greedy environment, but also, like, represents, the ways that people can access parts of the internet in so many different innovative ways. And investigative journalism use in Secure drop is just one example of the benefits of like having Tor around and having it supported.
And so, that's one example. Another example is that, as people's interactions with computers change, uh, the way that we interface with browsers change the. Interplay between, you know, like using a regular computer and accessing stuff on mobile, that's changed, right?
And so our team has, like, such commendable intellectual curiosity in talking about these nuances and finding ways to make people's safety using all of these interfaces better. And so even though, we build Secure Drop in service of promoting public interest journalism, the way that it reverberates in technology is something that we're incredibly proud of. And it's all done in open source, right? Which means that anyone can access it. Anyone can iterate upon it, anyone can benefit from it.
CINDY COHN: Yeah, and it, and everyone can trust it. 'cause you know, you might not be able to read the code, but many people can. And so developing this trust and security, you know, they go hand in hand.
HARLO HOLMES: Yes,
JASON KELLEY: You use this term "data-greedy," which I really love. I've never heard that before.
CINDY COHN: It's so good!
JASON KELLEY: So you just created this incredible term "data-greedy" that I've never heard anyone use and I love and it's a good descriptor, I think of sort of like why journalists, but also everyone needs to be aware of like the tracks that they're leaving, the digital security practices that they use because it's not even necessarily the case that that data collection is intended to be harmful, but we just live in this environment where data is collected, where it's, you know, used sometimes intentionally to track people, but often just for other reasons.
Let's talk a little bit about that third pillar. What is it that journalists specifically need to think about in terms of security? I think a lot of people probably who have never done journalism, don't really think about the dangers of collecting information, of talking to sources of, you know, protecting that, how, how should they be thinking about it and what are the kinds of things that you talk to people about?
HARLO HOLMES: Great question. First and foremost, I feel that our team at Freedom of the Press Foundation, leads every training with the assumption that a journalist's job is to tell the story in the most compelling and effective way. Their job is not to concern themselves with what data stewardship means.
What protection of digital assets means. That's our job. And so, we really, really lean into meeting people where they are and just giving them exactly what it is that they need to know in order to do this job better without putting undue pressure on them. And also without scaring the bejesus out of anyone.
Because when you do take stock of like how data greedy all of our devices are, it can be a little bit scary to the point of making people feel disempowered. And so we always want to avoid that.
CINDY COHN: What are some techniques you use to try to avoid that? 'Cause I think that's really central to a lot of work that we're trying to do to try to get people, beyond what I think my colleague, Eva Galperin called “privacy nihilism. I'm not sure if she started it. She's the one who I heard it from.
HARLO HOLMES: I probably have heard that from her as well. I love, Eva and, uh, she has been so instrumental in the way that I think through these issues over the past like decade so yeah, digital security nihilism is 100% a thing.
And, perhaps maybe later we can get into like the regional contours of that because people in the United States have or exhibit a certain amount of nihilism. And then if you talk to people in like Central and Eastern Europe, it's a different way. If you talk to people in Latin America and South America, it's a different way.
So having that perspective actually like really helps the contours around how you approach people in digital security education and training..
CINDY COHN: Oh please, tell us more. I'm fascinated by this.
HARLO HOLMES: OK, so, I do want to come back to your original question, but, that said, I can definitely do a detour into the historicity of, um, digital security nihilism and how it interplays with where you are on the planet.
It's all political and in the United States we have, well, even though we're currently like in a bit of a, or in a bit of a, in a crisis mode, where we are absolutely looking at, you know, like our rights to privacy, the concessions that we make, our prominence in building these technologies and thus having a little bit of, like, insider knowledge of what the contours are.
Uh, if you compare that to the digital security protections of people who are in, let's say, you know, like Central or Eastern Europe, where, historically, they have never had or not for, you know, like decades, um, if not even like, you know, a hundred years. Um, that access to transparency about what's being done to their data and also transparency into how that data has been taken away from them because they didn't have a seat at the table.
if you look at places in, Latin America, Central America, South America, there are plenty of places where loss of digital security also comes hand in hand with loss of physical security, right? Like speaking to someone over the phone can often, especially where journalists are considered, will often come with a threat of physical violence, often to the most extreme. Right. So, yeah, exactly. Which is, you know, according to, um, so many, you know, like academics and scholars who focus on press freedom, know that, that that is one of the most dangerous places on the planet to be a journalist because failures in digital security can often come with literally, you know, like being summarily executed, right? So, every region on this planet has their own contours. It is constantly a fascinating challenge and one that I'm willing to meet in order to understand these contexts and to appropriately apply the right digital security solutions to the audiences that we find ourselves in front of.
CINDY COHN: Yeah. Okay. Back to my original question, sorry.
HARLO HOLMES: Go for it.
JASON KELLEY: Well, what, what is, I mean, did we get to the point? I don't think we really covered yet, really the basics of, like, what journalists need to think about in terms of their security. I mean, that's, you know, I, I, I love talking about privacy nihilism and how we can fight it, but, um, we would talk for three hours if we did that.
HARLO HOLMES: Yeah. Um, so quite frankly, one of the things that we're leaning most heavily on, and this is pretty much across the board, right, has to do with compartmentalization. I feel that, uh, recently within the United States, it's become really like technicolor to people. So they understand exactly why that's important, but it's always been important and it's always like something that you can apply everywhere.
There's always historically been attention as, uh, since the very moment the first iPhone stepped onto the market, this temptation to go the easy route. Everything is on the same device. You're calling your mom. You're, you know, like researching a flight on Expedia. You're, you know, Googling something. And then you're also talking to a source about a sensitive story, or you're also like, you know, gonna like, go through the comments in the Google Doc on the report that you're writing regarding a national security issue.
People definitely do need to be encouraged to like decouple the ways that they treat devices because these devices are not our friends. And the companies that like, create the experiences on these devices, they are definitely not our friends. They never have been.
But I hear you on that and, uh, reminding people, despite their digital security nihilism, despite their temptation to do the easiest of things, just reminding people to apply appropriate compartmentalization.
We take things very slowly. We take things as easily as we possibly can because there are ways that people can get started in order to, actually be effective at this until they get to the point where it actually means something either to their livelihoods or the story that they're working on and that of the sources that they, interact with. But yeah, that's pretty much where it starts.
Also, credential security is like the bread and butter. And I've been at this for, almost exactly 10 years at FPF and, you know, within this industry for about 15.
And it never changes that people really, really do need to maintain as much rigor regarding how people access their accounts. So like, you gotta have a unique, complex password. You have to be using a password manager. You have to be using multifactor authentication. And the ways that you can get it have changed over the years and they get better and better and better.
You have to be vigilant against phishing, but the ways that people try to phish you are like, you know, increasingly, like, sneakier. You know, we deal with it as it comes, but ultimately that has never changed. It really hasn't.
CINDY COHN: So we've, we've talked a little bit about kind of the nihilism and the kind of, thicket of things that you have to kind of make your way through in order to, help, journalists and their sources feel more secure. So let's flip it a bit. What does it look like if it's better? What are the kinds of places where you see, you know, if we could get this right, it would start to get better?
HARLO HOLMES: I love this question because I do feel that I've been able to look at it from multiple sides. Similarly, as I was describing how Secure Drop not only enables impactful public interest journalism, it represents a herculean feat of cryptography and techno activism. This is one example, Signal is another example.
So, one of the things I thought was so poignant when, as Joe Biden was exiting the White House, one of his, like, parting shots was to say like, everyone should use Signal. Like, and the reason why he says this is because, Signal not only represents like a cool app or like, you know, a thing that, like, hackers love and you know, like we can be proud of 'cause we got in on the first floor.
It represents the evolution of technologies that we should have. Our phone conversations had not been encrypted. Now they are. Get with it. You know, like that's the point. So from a technical perspective, that's what is so important and that's something that we always want to position ourselves to champion.
JASON KELLEY: Let's take a quick moment to say thank you to our sponsor. How to Fix The Internet is supported by the Alfred P. Sloan Foundation's program in Public Understanding of Science and Technology, enriching people's lives through a keener appreciation of our increasingly technological world and portraying the complex humanity of scientists, engineers, and mathematicians.
We also wanna thank EFF members and donors. You can become a member for just $25 and for a little more, you can get some good, very stylish gear. Your support is the reason we can keep our digital security guides for journalists, and everyone else, up to date to deal with the latest threats. So please, if you like what we do, go to eff.org/pod to donate.
We also wanted to share that our friend Cory Doctorow has a new podcast. Listen to this.
[Who Broke the Internet trailer]
JASON KELLEY: And now back to our conversation with Harlo Holmes.
Are there tools that are missing that, in a better world you're like, oh, this would be great to have, you know, or things that maybe couldn't exist without changes to technology or to the way that people, work or to policy that you just absolutely hear, you know, oh, it would be nice if we could do this, but for whatever reason, that's not a place we're at yet.
HARLO HOLMES: Yeah. Actually I have started to have a couple of conversations about that. Um, before I answer, I will say that I don't have, like, the bandwidth or time to be a technologist. Um, it's like my code writing days are probably over, but I have so many opinions.
JASON KELLEY: Of course. So many ideas.
HARLO HOLMES: Yeah. Um -
CINDY COHN: Well, we're your audience, right? I mean, you know, the EFF audience are people who, you know, uh, not overwhelmingly, um, but a lot of people with technical skills who are trying to figure out, okay, how do I, how do I apply them to do good? And, and, and I think, you know, over the years we've seen a lot of really well-meaning efforts by technologists to try to do something to support other communities that weren't grounded enough in those communities, and so didn't really work.
And I think your work at Freedom of the Press Foundation, again, has kind of bridged that gap, especially for journalists. But there's, there's broader things. so where else could you see places where technologists could really dig in and have this work in a way that sometimes it does, but often it doesn't.
HARLO HOLMES: I love that question because that is exactly the point, right? Bridging the gap. And I feel that like at FPF, given, you know how I introduce it with like the three pillars or whatever, we are uniquely poised in order to perform, like, you know, user research within a community, right? And then have that directly inform technology mandates, have that directly inform advocacy, uh, like, you know, charge to action.
So I think anyone who finds themselves at those cross sections, that's exactly what you have to kind of, like, strategize around in order to be as effective as possible. In terms of, like, actual technologies, one thing and I already kind of started having these conversations with people, is let's take our relationship within a typical newsroom to cloud services like Google when you are drafting, right? I mean it's anecdotal and like the plural anecdote is not data, right. But that said, we do know that given that, you know, Google's Drive has so much machine learning and AI enabled power, drafting a story that's like the next Watergate, right? Like that's actually going to get you put in jail before you get to publish, right?
Because we know about their capabilities. And, not gonna, like, talk about specific anecdotes, but like that is a thing, right? But one of the things, or like the big contention is that actually, like, in terms of collaboration, how effective you can be writing a story, how like, you know, you rely on the comments section with your editor, right, as you're, you know, massaging a story. You rely on those features as much.
What are 0pen source, like, you know, hacker ethos alternatives. We have, you know, we have Nextcloud, we have uh, CryptPad, we have Etherpad. But all of those things are insufficient not only, like, in terms of their feature set in what needs to be accommodated in order for a journalist to work, right, but also, can be insufficient in terms of their sustainability models, the fact that we can rely upon them in the future. And as much as we love all of those people at those developer initiatives, no one is supporting them to make sure that they can be in a place to be a viable alternative, right?
So, what's the next frontier, right? If I don't want to live in a world where a Nextcloud doesn't exist, where a CryptPad doesn't exist, or an Etherpad, like that's not what I'm saying, 'cause they're fantastic and they're really great to use in creative scenarios.
However, if you're thinking about the meat and potatoes day to day in a typical newsroom, and you have to contend with a tech giant like Google that has become increasingly, like, ideologically unreliable. Guess what? They actually do have a really cool tool called client side encryption, right? So now you're actually, like, removing the people who decide at Google what is ideologically acceptable use of their tools, right? You're removing them from the position where they can make any decision or scrutinize further and client side encryption.
Or like anything that provides end-to-end encryption, that is like the ultimate goal. That's what we should protect. Whether it is in Secure Drop, whether it is in Nextcloud or CryptPad, or if it's in Google itself. And so actually, I would recommend, like, anybody who has these spare cycles to contribute to a developer effort to tackle this type of middleware that allows us to still have as much autonomy as possible within the ecosystems that we have to kind of work within.
CINDY COHN: I love that. I mean, it’s a story about interoperability, right? This, you know, what you're talking about, middleware in this area is like, we should be able to make a choice. Either use things that are not hosted corporately or use things that are hosted corporately, but be able to have our cake and eat it too.
Have a tool that helps us interoperate with that system without the bad parts of the deal, right. And in this instance, the bad parts of the deal are a piece of it, it’s the business model, but a piece of it is just compliance with, with government in a way that the, the company, is increasing, you know, used to fight. They still fight some.
HARLO HOLMES: They still fight, yes.
CINDY COHN: They might fight, yes, but they also don't have the ability to fight that much. We might wanna go to something that's a little, that, that gives them the ability to say, look, we don't have access to that information. Just like Apple doesn't have access to the information that's stored on your iPhone. They made a policy decision to protect you.
HARLO HOLMES: But now we're looking at what happened in the UK, and we’re like, hm.
CINDY COHN: Exactly, but then the government has to act, you know, so it's always a fight on the technical level, and on the policy level, sadly. I wish that encryption we could, you know, fix with just technology. But we need other forms of protection. but I love this idea of having so many options, you know, some that are decentralized, some that are hosted, you know, in the nonprofit world, some that might be publicly supported, and then some that are the corporate side, but with the protections that we need.
And I just feel like we need all of the above. Anybody who asks you to choose between these strategies is kind of getting you caught in a side fight when the main fight is how do we get people the privacy that they need to do their work?
HARLO HOLMES: Yeah. Yeah. And one of the things that gives me the most hope is, continuing to fight in a space where we are all about the options.
We're all about giving people options and being as creative as possible and building options for everyone.
JASON KELLEY: What else gives you hope? Because you've been at Freedom of the Press for a while now, and we're at a difficult time in a lot of ways, but I assume there are other things that you've, you know, seen change over the years in a positive way, right? Because it feels too easy to say, look, things are getting dire, because in many ways they are. But, but what else gives you hope, given how long you've been working on this issue?
HARLO HOLMES: I actually, I love really thinking through the new challenges of other types of media that is represented. So much of my career had been, pretty much centered around traditional print and/or digital. However, I am so enthusiastic about being alongside, like, podcasters and YouTube creators as they navigate these new challenges and also understand, like, the long history of media theory, where we've gone as an industry in order to understand how it applies to them.
So one thing that I thought was pretty cool was having a conversation, recently, with a somewhat influential, TikTok person about class consciousness in regards to whether or not people who are influencers should actually start considering themselves as journalists legitimately.
And one of the things that I mentioned had to do with the fact that, you know, like in the 2010s, bloggers were not considered quote unquote journalists, and yet blogging has become one of the most influential, even like from a financial perspective, like, drivers within this market. So influencers should not consider themselves anything other than journalists, because their fights are – especially like when, you know, platforms get involved and like what their economic model looks like and their, you know, integrity and ethos within journalism – like, that's the media history that we are building right now. So that excites me.
CINDY COHN: Oh, that's great. You know, EFF was involved in some of the early cases about whether bloggers could be protected by journalism shield laws, we had a case called Apple v. Does a long time ago that, uh, that helped establish that in the state of California. But I, I really love helping, kind of, new media think of itself as media.
And also, I mean, the way that I always think about it is, it's not whether you're a journalist, it's whether you're doing journalism, right? It's the verb part. and that, different framing than I think helps break people out of the mold of, well, I do some stuff that's just kind of silly, and that might not be journalism, but if you're bringing news to the public, if you're bringing information to the public that the public wants, even if it's in a fashion context, like, that's journalism and it should have, uh, you should think of yourself that way because there is this rich history of how we protect that and how important that is to society, not just about the kind of hard political issues, but actually, you know, in creating and shaping and managing our culture as well.
HARLO HOLMES: Mm-hmm. I agree 100%.
JASON KELLEY: How did you end up doing this kind of digital security work specifically for journalists? Did you make an intentional choice at some point that you wanted to help journalists, or have you sort of found yourself here and it's just incredible, important work?
HARLO HOLMES: A little bit of both. I'm an avid media consumer who cares a lot about media history, and in undergraduate school I studied comparative literature, which is all based off of the fact that the media itself has its own unique power. And the way that it is expressed says way more than what is actually said.
And I've always found that to be the most important thing to do. As far as technology is concerned, as any young inquisitive person might do, I got into coding like so hardcore and, it wasn't until I was in grad school that I discovered, via a class with this fantastic person, Nathan Freitas, who's a Harvard, uh, Berkman Fellow Emeritus, and also the head of the Guardian Project, where he opened my eyes to the fact that like the code that you're writing, just like, you know, for fun or whatever, like you can actually use this to defend human rights.
And so it was kind of the culmination of those ideas that led me through, like, a couple of things. Like, um, I was an open news fellow at, um, the New York Times for about a year where I worked with the computer assisted reporting team and that was really impressive. And that was the first time where I got to see how people will, like, scrape a webpage in order to write an investigative story.
And I was like, wow, people do that that's so cool! And then also because I was hanging out with like Nathan and other folks, um, I was the, the one of the kids in the newsroom floor who knew what Tor was, they're like, that's cool. How do we use this in journalism? I'm like, well, I got ideas. And that's how, kind of how my career got started.
CINDY COHN: That's so great. Nathan's an old friend of EFF. That's so fun to hear the tentacles of how, you know, people inspire other people. Inspire other people. I think that's part of the fun story of digital rights.
HARLO HOLMES: Yeah, yeah. I agree. I think anyone is super duper lucky to understand not only like the place that you occupy right now, but also where it sits within, like, a long history. And, I also really love, any experience where I get to kind of touch people with that as well.
CINDY COHN: Nice. Ooh, that's a nice place to end. What do you think, Jason?
JASON KELLEY: That sounds great. Yeah. And think of all the people who are saying the same thing about you now that you're saying about Nathan. Right. It never stops.
HARLO HOLMES: It shouldn't ever stop. It shouldn't. This is our history.
CINDY COHN: Oh, Harlo, thank you so much for coming and spending time with us. It's just been a delight to talk to you and good luck going forward. The times really need people like you.
HARLO HOLMES: Thank you so much. Um, it's always a pleasure to talk to you and, um, I love your pod. I love the work that you do, and I'll, you know, see you next time.
JASON KELLEY: Well, I'm really glad that we got a chance to talk to Harlo because these conversations with folks who work in these, um, specific areas with people are really helpful when, you know, it's not our job every day to talk to journalists, just like it's not our job every day to talk to specific advocates about specific issues. But you learn exactly what the kinds of things are that they think about and what we need to get things right and what it'll look like if we do get things right for journalists or, or whomever it is.
CINDY COHN: Yeah, and I think the thing that I loved about the conversation is the stuff that she articulated is stuff that will help all of us. You know, it's a particular need for journalists. But when, you know, when we asked her, you know, what kind of tools need to exist, you know, she pointed, you know, not only to the open source decentralized tools like Ether Pad and things like that, but to basically an interoperability issue that making Google Docs secure, so that Google doesn't know what you're saying on your Google Docs. And I would toss Slack in there as well. That, you know, taking the tools that people rely on every day and building in things that make them secure against the company and against government coming and strong arming the company into giving them information, like that's a tool that will be really great for journalists, and I can see that. It'll also help all the rest of us.
JASON KELLEY: Yeah.
CINDY COHN: And the, you know, the other thing she said when she was giving, you know, what advice do you give to journalists, like off the top? She said, well, use separate devices for the things that you're doing and don't have everything on one device, you know, because, uh, I think I love the, what she say, they're data-hungry?
JASON KELLEY: Data-greedy.
CINDY COHN: Data-greedy, even better. That our devices are data greedy. So separating them gives us something. That's a useful piece of information for anyone who’s in activism.
JASON KELLY: Yeah. And so, I mean, I, I wanna say easy. It's not always simple to have two devices, but the idea that the solution wasn't something more complicated. It reminds me that often the best advice is something that's fairly simple and that really, you know, anyone who has the ability and the money could have multiple devices and, and journalists are no different.
So it reminded me also that, you know, when we're working on things like our surveillance, self-defense guides, it's helpful to remember that, like Harlo said, her job is to make the journalist’s job easy, right? They shouldn't have to think about this stuff. And that's how sort of the spirit of the guides that we write as well.
And that was just a really good reminder that sometimes you feel like you're trying to convince everyone, or explain to them how all these tools work and actually it might be better to think about, well, you shouldn't have to understand all of this deeply like I do. In some cases you just need to know that this works and that's what you need to use.
CINDY COHN: Yeah, I think that's right and I, you know, obviously, you know, ‘just go out and buy a second device’ isn't advice that we would give to people in parts of the world where that's a really a prohibitive suggestion. But there are many parts of the world, and journalists, many of them, live in them, where it is actually not that hard a thing to do to get yourself a burner phone or get a simpler phone for your work, rather than having to try to, you know, configure one device to really support all of those things.
And turning on two FA right? Turning on two factor authentication. Another thing that is just good advice for anybody. So, you know, what I'm hearing is that, you know, if we build a place that is better for journalists, it's better for all of us and vice versa. If we build a world that's better for all of us, it's also better for journalists. So, I really liked that. I also really liked her articulating and lifting up the role that the Tor project plays in what they do with Secure Drop. What they do to try to help protect journalists who have, uh, confidential sources.
Because we're, again, as we're looking into all of these various tools that help create a better future, a more secure future, we're discovering that actually open source tools, like Tor, underlie many different pieces of the better world. And so we're starting to see kind of the network for good, right, the conspiracy for good of a lot of the open source security projects.
JASON KELLEY: I didn't really realize when we were putting together these guests for this season, how interconnected they all were, and it's been really wonderful to hear everyone lift everyone else up. They really do all depend on one another, and it is really important to see that for the people who maybe don't think about it and use these tools as one-offs, right?
CINDY COHN: Yeah. And I think as those of us who are trying to make the internet better, recognizing that we're all in this together, so as we're headed into this time, where we're seeing a lot of targeted attacks on different pieces of a secure world. You know, recognizing that these things are interconnected and then building strength from there seems to me to be a really important strategy.
JASON KELLEY: And that's our episode for today. If you have feedback or suggestions, we'd love to hear from you. Visit eff.org/podcast and click on listener feedback. And while you're there, you can become a member and donate, maybe even pick up some of the merch, and just see what's happening in digital rights this week and every week.
Our theme music is by Nat Keefe of Beat Mower with Reed Mathis, and How to Fix the Internet is supported by the Alfred P SLoan Foundation's program and public understanding of science and technology. We'll see you next time. I'm Jason Kelley.
CINDY COHN: And I'm Cindy Cohn.
MUSIC CREDITS: This podcast is licensed creative commons attribution 4.0 international, and includes the following music licensed creative commons attribution 3.0 unported by its creators: Drops of H2, The Filtered Water Treatment by Jay Lang. Sound design, additional music and theme remixes by Gaetan Harris.
