Federal anti-SLAPP law needed ASAP
Recent baseless lawsuits against liberal and conservative outlets show the need for a federal law counteracting strategic lawsuits against public participation, or SLAPPs.
Sen. Durbin, advance the PRESS Act
NewsletterSen. Dick Durbin has a rare chance to strengthen freedom of the press right now by advancing the bipartisan PRESS Act, a bill to protect journalist-source confidentiality at the federal level. But he needs to act quickly. This week, Freedom of the Press Foundation led a coalition of 123 civil liberties and journalism organizations and individual law professors and media lawyers in a letter to Durbin, who chairs the Senate Judiciary Committee, and ranking member Sen. Lindsey Graham, urging them to schedule a markup of the PRESS Act right away.
Assange decision: A wake-up call for US
NewsletterOn Monday, the High Court in London granted WikiLeaks founder Julian Assange leave to appeal his extradition to the United States. The court’s decision is a welcome one. But as Freedom of the Press Foundation (FPF) wrote in The Guardian, it's "painfully ironic" that a U.K. court is defending the First Amendment against U.S. overreach. The ruling should be a “wake-up call” for President Joe Biden
California police violate press rights
NewsletterCalifornia police are violating state law “right and left” during the protests and police raids on campus encampments. That’s according to University of California, Irvine, School of Law professor Susan Seager. We interviewed her in the wake of arrests of two California journalists in recent weeks, among other press freedom violations. Suppression of the press isn’t supposed to happen anywhere in America, but especially not in California, where it’s explicitly against the law for police to intentionally interfere with journalists covering a demonstration.
‘A national embarrassment’
Arrests/Prosecutions•NewsletterThe flood of press freedom violations against journalists covering protests opposing the Israel-Gaza war is a national embarrassment. The U.S. Press Freedom Tracker has documented dozens of abuses connected to protests and counterprotests, and the numbers will likely grow. These recent incidents confirm what past data in the Tracker has demonstrated: protests are an especially dangerous place for journalists.
Cops on campus arrest, bully journalists
NewsletterAs police stormed several college campuses in recent days and arrested hundreds of students protesting the Israel-Gaza war, the free press was also under attack. Texas Department of Public Safety officers arrested Carlos Sanchez, a photojournalist for the local Fox affiliate, as he was covering protests at the University of Texas at Austin. But police can’t seem to make up their minds about what, exactly, they want us to believe Sanchez did wrong, repeatedly bringing then dropping charges against the photographer.
Biden signs off on ‘spy draft’
NewsletterLast week, we warned of a dangerous new bill that would expand the surveillance law Section 702 of FISA. Unfortunately, the Senate approved the Reforming Intelligence and Securing America Act, or RISAA, over the weekend, officially reauthorizing Section 702 without any significant reforms and with dangerous expansions of the intelligence agencies’ spy powers. President Biden quickly signed the bill into law, authorizing intelligence agencies to essentially “institute a spy draft” that could require ordinary Americans and businesses to help the government surveil online communications, including those of journalists.
‘Spy draft’ bill threatens press freedom
NewsletterThe Senate is dangerously close to passing a bill that would allow intelligence agencies to essentially “institute a spy draft” and order everyone from dentists to plumbers to surveil their patients and customers’ communications. The RISAA would also allow the government to order commercial landlords who rent space to media outlets, or contractors who service newsrooms, to help it spy on American journalists’ communications with foreign sources.
Stop this horrifying mass surveillance bill
NewsletterThe House has slipped a horrifying amendment into its bill extending intelligence agencies’ already expansive spying powers under Section 702 of the Foreign Intelligence Surveillance Act. Anyone who values press freedom — or their own freedom — needs to tell their senators TODAY to VOTE NO on the Reforming Intelligence and Securing America Act, or RISAA, by calling 202-899-8938.
‘Imperative’ to pass PRESS Act
NewsletterVeteran journalist Catherine Herridge threw her full support behind the PRESS Act, the federal bill to put an end to surveillance and subpoenas to force journalists to out their sources, during Congressional testimony on April 11, 2024.
Stop arresting journalists
NewsletterJust a few months into 2024, the U.S. Press Freedom Tracker has documented four arrests or detentions of journalists covering protests in New York, Tennessee, and California. These arrests violate journalists’ rights, and they undermine the right of the public to learn about newsworthy events happening in their communities. They also show the disturbing and stubborn persistence of a system of policing that either doesn’t know or doesn’t care about First Amendment rights.
UK grants Assange another hearing
NewsletterOn Tuesday, the High Court in London granted WikiLeaks founder Julian Assange another hearing on his extradition to the United States, averting — at least temporarily — a press freedom catastrophe. While we’re glad that Assange isn’t being immediately extradited, the threat to journalists from the Espionage Act charges against him remains.
‘National security’ claims don’t trump First Amendment
NewsletterMost analyses of Monday’s Supreme Court argument in Murthy v. Missouri, the case about government pressure on social media content moderation, agree that the justices are likely to rule that the government can influence platforms’ moderation decisions. But when it comes to alleged threats to “national security,” some justices seemed willing to let the government go even further by coercing — or even requiring — takedowns.
The public pays for records lawsuits
NewsletterPublic records and freedom of information laws are fundamental for government transparency. But when journalists fight for access to wrongfully withheld records at the state and local level, the public is paying the price, according to the U.S. Press Freedom Tracker. Over the past year alone, local governments have paid journalists at least $1.6 million in attorneys fees — all of which was financed by taxpayers — following public records lawsuits.
NYPD must stop arresting journalists
NewsletterEarlier this month, NYPD officers violently tackled journalist Reed Dunlea and arrested him while he attempted to cover a pro-Palestinian protest for his podcast. In a letter to the Brooklyn District Attorney calling for the charges to be dropped, FPF wrote that "arresting reporters is a crude form of censorship." Read more in our newsletter.
Indictment threatens digital journalism
NewsletterThe disturbing indictment against journalist Tim Burke reportedly arises in part from Burke’s dissemination of outtakes from a 2022 Tucker Carlson interview with Ye. Federal prosecutors accuse Burke of “scouring” the internet for news and failing to obtain express authorization before accessing information posted on public websites. Requiring journalists to get permission to report news is, obviously, problematic. Read more in our newsletter.
Help save the First Amendment
NewsletterThe High Court in London is hearing arguments this week on whether to extradite Julian Assange to the United States to face charges under the Espionage Act for obtaining and publishing secret documents from a source — also known as journalism. We’re doing everything we can to urge the Department of Justice to drop the Espionage Act charges against Assange ahead of his potential extradition. You can help.
Assange case threatens journalism
NewsletterNext week, the High Court in London will consider whether Julian Assange should be extradited to the United States to face charges under the Espionage Act for obtaining government secrets from a source and publishing them. Even if you don’t like Assange, or don’t think he’s a journalist, his case poses an existential threat to the First Amendment rights of the journalists you do like.
Bipartisan support for the PRESS Act
NewsletterAs unlikely as it sounds, Republicans and Democrats are putting their differences aside to support the most important press freedom legislation in modern times — the PRESS Act.
Harsh punishments for leakers hurt journalism
NewsletterFormer IRS contractor Charles Littlejohn received the maximum sentence of five years’ imprisonment on Monday, after pleading guilty to leaking Donald Trump’s returns to The New York Times. Littlejohn also leaked a tranche of ultrawealthy Americans’ tax documents to ProPublica. It’s sadly ironic that Littlejohn is being harshly punished for exposing billionaire tax evasion while billionaire tax evaders themselves continue to be afforded leniency by the judiciary.
The SignalGate problem nobody is talking about
Secrecy•NewsletterThe White House isn’t complying with the Presidential Records Act (again)
Was chaotic JFK declassification marred by National Archives firings?
Secrecy•NewsletterPlus: Wired drops FOIA reporting paywall. Will other media outlets follow?
It’s Marco Rubio’s party, and he’ll burn documents if he wants to
FOIA•NewsletterPlus: A judge ruled DOGE is likely subject to FOIA. But that doesn’t mean we’re guaranteed to see its records.
USAID keeping reports secret out of fear of Trump retaliation
Secrecy•NewsletterPlus: The government’s excuse for keeping a climate report hidden is easily disproved
Capricious government secrecy could threaten crop production
FOIA•NewsletterPlus: Trump administration attacks the advisory committees that keep the government honest
What’s the status of JFK declassification efforts?
Secrecy•NewsletterPlus: Don’t be mad DOGE posted classified budget information. Intelligence agencies’ budgets should be public
New declassification task force may be more bark than bite
Secrecy•NewsletterPlus: Why the Federal Aviation Administration’s safety reports should be public
Here’s how you can help save government data
Secrecy•NewsletterPlus: Why should the public have to wait until 2034 to file FOIA requests with DOGE?
My Groundhog Day prediction: More secrecy
Secrecy•NewsletterDisappearing government data, transparency double-standards — another busy week tracking government secrecy
Health agencies silenced, DOGE transparency in doubt, and more
Secrecy•NewsletterPlus: President Trump’s first week back in office was a busy one, with many orders worsening government secrecy
Government secrecy issues to watch during Trump’s presidency
Secrecy•NewsletterPlus: Will Trump keep trying to flush presidential records down the toilet?
Will DOGE be subject to transparency rules?
Secrecy•NewsletterPlus: Be skeptical when government says the sky is falling anytime classified documents enter public domain
Join live FPF-New Yorker discussion on Haditha massacre reporting
Secrecy•NewsletterPlus: Trump may fire the archivist. She can still fight secrecy
EPA has known for 20 years that it promotes toxic fertilizer
Secrecy•NewsletterPlus: The CIA drugged unsuspecting Americans as part of its mind-control research programs.
Aliens, Gitmo, and the weather: Excessive secrecy affects everything
Secrecy•NewsletterPlus: a look back at 2024
Gitmo, background checks, and drones: a busy week in secrecy news
Secrecy•NewsletterPlus: U.S. government declassifies 1960 report stating Israeli nuclear site was for weapons
National security claims hide information from families separated at border
Secrecy•NewsletterPlus: how you can help preserve federal data at risk of being deleted
Apple’s password app
NewsletterIn the hope of simplifying how customers can log into apps and websites, Apple has announced it will offer a new Passwords app in its upcoming versions of iOS 18, iPadOS 18, and macOS 15.
Oops, all breaches!
NewsletterData breach notification service “Have I Been Pwned?” has added the login information associated with 361 million email addresses. Have I Been Pwned owner Troy Hunt says as many as 151 million of these unique email addresses have never been seen in his database before. The website boasts tracking over 13.5 billion breach accounts. Some of these credentials are reportedly harvested from users’ devices infected with information-stealing malware.
Slack trains AI models on user data
NewsletterOver this past week, Slack published a blog post defending its privacy practices following widespread criticism over its use of customer data to train its global AI models. At the moment, organizations are required to opt out to prevent their messages, content, and files from being mined to develop Slack’s AI.
Crossfire over messaging security
NewsletterJohns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.
Google Docs locks out writer
NewsletterWhile it’s powerful and convenient, Google Docs might not be right for all documents, including those that you consider sensitive, private, or that you can’t risk losing. Read more about newsroom privacy and security considerations when using Google Workspace.
Google details app violations
NewsletterAccording to its security blog, Google prevented 2.28 million — yes, million — Android apps from being published on its Play Store in 2023. The company says it also removed 333,000 accounts for attempting to deliver malware through the Play Store, as well as for “repeated severe policy violations.” These numbers have grown substantially since 2022, when the company disclosed it prevented 1.43 million apps from being published on the Play Store.
Bill expands US spying powers
NewsletterLast week, Congress reauthorized a controversial surveillance authority, Section 702 of the Foreign Intelligence Surveillance Act. While legislators considered reforms to FISA that would restrain the federal intelligence and law enforcement community’s abilities to spy on American communications without a warrant, they in fact expanded these surveillance powers to subject more electronic communications service providers, such as U.S. cloud computing data centers, to data collection.
Apple warns iPhone users of targeted malware
NewsletterOn April 10, Apple sent users in 92 countries warning of mercenary malware attacks targeting the iPhone. The notification did not provide details about the identities of the attackers. According to TechCrunch, Apple warned, “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
Preparing for election-related security issues
NewsletterThroughout this year, our digital security training team will share our thoughts on navigating security issues during the 2024 election season. Elections around the world experience distinct security issues that may change from year to year, but in the U.S. we look to 2020 for lessons on how to get ahead of likely issues, from surveillance of our sensitive communications to perennial phishing attacks and harassment for political reporting.
Google to delete old Chrome Incognito data
NewsletterFollowing a class-action lawsuit over Google’s handling of user data in its Chrome browser’s “Incognito” private browsing mode, the search company will expunge “billions of event-level data records that reflect class members’ private browsing activities” improperly collected before January 2024. It also updated its Incognito landing page to highlight that even Google can discern your activities in private browsing mode. Additionally, the company will be required to delete data that makes users’ private browsing data personally identifiable, such as IP addresses.
DOJ sues Apple, spotlighting iMessage
NewsletterThe U.S. Department of Justice filed an antitrust lawsuit against Apple, claiming the company engages in monopolistic practices over the smartphone market, preventing competitors by degrading the experience of communicating with non-Apple users in its products. iMessage features prominently in the suit, with the DOJ alleging consumers are disincentivized to leave its “walled garden” and so miss out on unique features built into the iMessage protocol, including end-to-end encryption between Apple users.
Controversy over Mozilla’s anti-data broker service
NewsletterWe recently shared news of Mozilla’s partnership with data removal service Onerep. Through a service it calls Mozilla Monitor Plus, Onerep is designed to automatically scan for personal information on data broker websites. But journalist Brian Krebs has found evidence that the founder of Onerep, purveyor of anti-data broker services, himself created dozens of data broker services. Read more.
WhatsApp now supports messages with third-parties
NewsletterUnder the new European Union law, the Digital Markets Act, Meta is required to allow interoperability between third-party chat software and its WhatsApp and Facebook Messenger apps. These tools offer end-to-end encryption using the Signal protocol, the strong encryption specifications pioneered by the Signal encrypted messaging app.
Post-quantum iMessage
NewsletterBoth in the U.S. and abroad, governments are capturing encrypted connections that pass over the public internet and saving them for later use. Within years or decades, post-quantum computers could meaningfully shorten the amount of time required to unscramble encryption, allowing attackers to read previously private messages. So a growing number of organizations, including Apple, are preparing for attacks like these with post-quantum encryption. Read more in our newsletter.
Avast caught selling browsing data
NewsletterAye hearties, gangway — the Avast cor-pirates are walking the plank. That’s because the company sold user data without consumers’ knowledge, according to the Federal Trade Commission, which ordered U.K.-based Avast Limited to pay $16.5 million and will also bar the antivirus company from selling or licensing browser data for advertisements. Read more in our newsletter.
Signal usernames are here!
NewsletterThis week, security nerds are dancing in the streets because Signal, the encrypted messaging app, is finally rolling out usernames. Signal has previously required users to provide their phone number as an identifier, but with this most recent update, users may instead use a username. Read more in our newsletter.
Mozilla breaks into the anti-data broker game
NewsletterHundreds of data brokers aggregate and sell access to personal data, such as phone numbers, emails, addresses, and even purchasing habits collected through loyalty card programs, social media sites, apps, trackers embedded in websites, and more. Mozilla has a new monthly subscription service which automatically scans for your personal data on data broker websites, but there are other ways to make your data less easily searchable. Read more from the Digital Security Team.
Moving from passwords to passkeys
NewsletterInstead of traditional passwords, where you log into a website with credentials that you know or store in a manager, a passkey is a credential that you store on your device, registered with an online account. Read more in our newsletter.
Journalists targeted with Pegasus yet again
NewsletterMercenary spyware firm NSO Group’s Pegasus spyware, designed to remotely access targeted smartphones, is marketed to governments around the world for the purposes of law enforcement and counterterrorism. But in the wild, we’ve seen governments repeatedly abuse this and similar spyware tools to infect journalists, spying on their most sensitive files, communications, and sources.
Harden your iPhone against thieves
NewsletterThieves don’t just steal iPhones for the hardware — they may also want access to banking apps and Apple Pay to facilitate fraudulent transfers and purchases. One thing that works in thieves’ favor is that people often use short passwords that are easy to shoulder surf and to memorize — typically only six digits. To minimize this risk, instead of typing in passcodes, where possible and practical consider opting for Face ID or Touch ID when unlocking the phone in public spaces.
J-school security curriculum: DeepSeek leak and more ‘fun’ news
NewsletterWell, at least there’s a lot of stuff to talk to your class about
J-school security curriculum: Into the Dangerzone
NewsletterWe’ve added new slides to our Malware module to help instructors get started sharing the good word about Dangerzone.
J-School Digital Security Curriculum: September Update
NewsletterHello again!It’s Martin, principal researcher at Freedom of the Press Foundation (FPF), with our regular update on the U.S. Journalism School Digital Security Curriculum.J-school security curriculum highlightsTo account for new username and privacy options in recent versions of Signal, we made some small changes to the …
J-School Digital Security Curriculum: July Update
NewsletterHello again!It’s Martin, principal researcher at Freedom of the Press Foundation (FPF), with our regular update on the U.S. Journalism School Digital Security Curriculum.Before we jump in, I want to share that we’re hiring a Monitoring, Evaluation, Research, and Learning (MERL) consultant to help us develop a …
