Skip to main content

UW CSE’s Franzi Roesner co-authors study of computer security practices and pitfalls for journalists

Franzi RoesnerUW CSE professor Franzi Roesner, graduate students Polina Charters and Tobin Holliday of UW’s DUB Group, and Susan McGregor of the Columbia Journalism School have released the results of a new study examining journalists’ computer security practices in an age of widespread data collection and surveillance.

The researchers analyzed the security habits of 15 working journalists, including how they communicate with sources and what tools and strategies they use to protect sensitive information that they receive in the course of their work. They found that the method of communication is often driven by the source rather than the journalist, and that journalists often use personal mobile devices and cloud-based systems to transmit or store information — practices which could compromise security despite the journalists’ best intentions.

From the UW news release:

“‘The way people try to bridge gaps can introduce security issues,’ said UW senior author Franziska Roesner … ‘If you use your iPhone to translate speech to text, for example, it sends that information to Apple. So if you record a sensitive conversation, you have to trust that Apple isn’t colluding with an adversary or that Apple’s security is good enough that your information is never going to be compromised …’

“’The flip side is that it’s not just a matter of giving journalists information about the right tools to use — it’s that the tools are often not usable,’ Roesner said. ‘They often fail because they’re not designed for journalists.’”

The team hopes its findings will help members of the computer security community to better understand the needs of journalists. These insights will help them to develop security solutions that protect journalist-source communications without hindering the journalistic process.

Read the full new release here and the team’s detailed findings, which will be presented at the 24th USENIX Security Symposium next month, here.

July 22, 2015