Hello again!
It’s Martin, deputy director of digital security at Freedom of the Press Foundation (FPF), with our regular update on the U.S. Journalism School Digital Security Curriculum.
J-school security curriculum update
- To provide more context about the weaknesses of encryption when your phone connects to cellphone providers, my colleague Evan Summers updated slides in our “Digital security 101” module concerning internet and telecommunication security. In recent months he’s also audited all of the curriculum materials for updates, so as you head into your next quarter or semester, it’s a great time to take a scan through the curriculum for updates you might want to pull into your materials as well!
Highlights from digital security in the news
- U.S. border patrol agencies are spending millions on forensic tools like Cellebrite and Graykey, which are designed to help extract data from targeted devices in law enforcement possession. However, in a case concerning a search of two lawful permanent residents crossing into a Southern border port of entry, Customs and Border Protection was unable to extract complete data from their phones. Officers were nonetheless able to file a warrant with Apple for data stored in their iCloud accounts, which may have included iMessage or WhatsApp backups, location history, and more. While it’s unclear what data Apple produced in response to the request, “Both women were charged with bringing in aliens for financial gain. They have pleaded not guilty.” Read more. Suggested modules: Device protection, Law enforcement surveillance tech, Legal requests in the U.S.
- The FBI monitored a New York City “courtwatch” Signal group for immigrants’ rights activists to coordinate observation at federal immigration courts. In documents obtained by The Guardian, the FBI and New York Police Department report quoted the group chat, and described participants as “anarchist violent extremist actors.” Signal messages are end-to-end encrypted, meaning the app is designed to prevent access to anyone but participants in conversations. This suggests investigators most likely obtained a participant’s unlocked phone (and with it, the messages), or joined the group themselves. Read more. Suggested module: Chat safety
- Finally, some good news for you spreadsheet lovers out there. (There are dozens of us!) Proton has released a new addition to its end-to-end encrypted productivity tools, Proton Sheets. Think of this as a more private alternative to collaborative spreadsheet editors like Google Sheets. Read more. Suggested module: Chat safety
What we're reading
The 'Signalgate' report
The Pentagon’s Attorney General released a report analyzing the Defense Department’s failure to keep secret war plans contained, in large part because officials appear to have accidentally added the editor-in-chief of The Atlantic, Jeffrey Goldberg, to a secret Signal group chat. While a modest amount of the report is redacted, this is the most detailed play-by-play about when specific communications were sent and when, alongside which DoD policies were violated in turn. (For better or worse, this is the kind of thing I find interesting.) The report can be found here.
As always, let me and our team know how you’re using the curriculum, what’s useful, and how it can be improved! Feel free to respond to this email or [email protected].
Thanks so much,
Martin
--
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation
