It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.
Credit: Electronic Frontier Foundation (CC BY 2.0)
In the news
Break out those 12-foot tall novelty skeletons, because it’s spooky season. Time for a creepy story, one that puts the “crypt” in encryption.
The FBI, Department of Homeland Security, and U.S. intelligence agencies suggest China’s Ministry of State Security is involved in a breach of multiple major U.S. telecommunications providers, potentially in service of identifying Chinese targets of American surveillance. As first reported by The Wall Street Journal, telecom providers like Verizon, AT&T, Lumen, and likely others, have been penetrated for months. The Washington Post reports, “One apparent target is information relating to lawful federal requests for wiretaps, according to U.S. officials.” Read more.
What you can do
We currently have no indications that journalists were specifically targeted in these breaches. This is nonetheless a big “I told you so” moment for those who have been warning about the risks of providing backdoor access to our telecommunications systems. Because our telephone infrastructure is designed to allow police to wiretap investigative targets, we all suffer the risk of both legal and extralegal actors abusing these systems. But fortunately, we do have some safer alternatives to standard mobile phone calls and texts.
- Easy win: For journalists in regions where it’s safe to do so, we often encourage the use of end-to-end encrypted messaging software tools like Signal — not only for sensitive conversations but as a baseline for routine communication. Read our guide to getting started.
- Longer-term goal: What tools work best for you will depend on your circumstance, particularly where your sources prefer to chat, but also what level of risk you think they realistically experience. We have a bunch of learning materials to help you build out your broader chat strategy. Read our beginner-friendly guides to secure communications.
Updates from our team
- In our new advice column, my colleague Davis Erin Anderson tackles a question we often get in our journalist security trainings: If I use a password manager, am I “putting all my eggs in one basket?” It’s an important question, so be sure to read her response here.
- Our team's own David Huerta will be running a newsroom digital security workshop at the ACP/CMA National College Media Convention in New Orleans on Oct. 31 at 10 a.m. CDT. Attend in costume and get a free security key!
- We’re co-hosting “Source!” the London Logan Symposium, with The Centre for Investigative Journalism on Nov. 14-15 in London, England. Hear from journalists from all over the world about press freedom issues and the challenges they face in protecting themselves and their sources. Register to attend here.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin
–
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation
