Lessons from a newsroom raid: How to encrypt your devices to protect yourself

Martin Shelton

Principal Researcher

Image: Marion County Record

Based on the reporting we’ve seen so far, the Marion, Kansas Police Department raid on the Marion County Record appears to violate federal law — and the First Amendment. While this shouldn’t have happened in the first place, we can’t assume law enforcement will always follow the law. However, journalists can take some straightforward steps to better protect newsroom data and to maintain continuity during an emergency.

While the Record — and all newsrooms — should be able to operate without these kinds of press freedom violations, knowing what digital security vulnerabilities police may have exploited during the raid gives media organizations insight into defending against these potential vulnerabilities.

Device seizures and encryption

According to court documents, officers seized two cellphones, four computers, a backup hard drive and reporting materials. In a video recording of the police raid (around 2:44), officers are heard discussing whether they can turn off a computer tower, with one officer stating, “I don't believe this is encrypted so I think we’re OK.”

Get Notified. Take Action.

When seizing a device, law enforcement officials hope yours is unencrypted because an encrypted device is significantly more time consuming to examine without your permission. Without encryption, law enforcement can use the device just like you can, making your most sensitive reporting materials and internal communications up for grabs.

The good news is that if you have a modern, up-to-date iPhone or Android phone, your device is encrypted by default, just by having a password.

Older Android devices may not be encrypted by default, but you can check by going to your Settings app and looking under security settings for “disk encryption” (it may also be “device encryption” or under a similar name).

Thousands of U.S. law enforcement groups have access to tools to help crack your password, particularly on older phones and phones with short, predictable passwords. If you can help it, the longer and more random a password you have, the better. We recommend a password manager, which can generate and store your passwords. 1Password is free to newsrooms under the 1Password for Journalism program.

To learn more, check out our guide to securing your smartphone.

Unlike your phone, however, your desktop computer likely does not have encryption enabled by default. You can turn this on manually. On macOS you can enable device encryption in your settings using FileVault. On Windows, you can enable device encryption with BitLocker. The password and recovery code need to be stored somewhere safe, like that password manager we just mentioned.

It’s important to note that many types of device encryption are only activated when the device is fully turned off. To sufficiently protect your phone or computer with encryption, turn it all the way off — don't just put it to sleep.

Backup plan

During the raid at the Record newsroom, Kansas police seized a single backup hard drive. We are not aware of what other backup devices the weekly news outlet may have had, but the incident underscores the importance of regularly maintaining backups in more than one physical location, in case these devices are ever seized, lost, stolen, or break down over time. This is not just about security — this is about minimizing disruptions to newsroom operations.

One of the easiest ways to make a backup on your own external hard drive is with Apple’s built-in Time Machine tool on macOS, as well as Backup and Restore settings on Windows.

On Apple devices you can also make end-to-end encrypted backups using Apple’s iCloud Advanced Data Protection mode, meaning even Apple can’t read them. And while you can make remote backups using Microsoft’s built-in backup tools, Windows machines do not have an end-to-end encrypted option at this time, making them vulnerable to legal requests. If you feel in control of your physical space, local backups on your own hard drive can be safer.

Also taken from the Record newsroom was reporting material, underscoring the importance of encrypting individual files or folders you want to keep secure on USB storage devices. For example, Windows users can use BitLocker To Go to encrypt external USB drives and macOS users can encrypt USB storage with Disk Utility. All major desktop operating systems support Veracrypt.

Check out our guides on picking which encrypted USB storage option works best for you.

Our digital security training team supports newsrooms in need of digital security assistance and we’re always happy to talk through these issues. Reach out here.

Donate to support press freedom

Your support is more important than ever.