Journalists Need To Be Protected From Cyber Threats

War is raging in Ukraine and Gaza. The United States is headed for another tight, and heated, presidential election. Political upheaval is taking place in countries around the globe. And journalists are tasked with covering it all, despite the rise in threats to their physical and digital security, which are often connected.

The news media needs more protections from cyber threats, before more damage is done and it becomes too late to enact safeguards. The Center for News, Technology & Innovation (CNTI), a non-profit for which I serve as Executive Director, studies digital security and has assembled resources for journalists and publishers in our new briefing: “How can we ensure digital security of the press and protect against cyber threats?”

Digital safety for journalists must be addressed at multiple levels: by governments, technology companies, publishers, and researchers. Progress will require dedication and cooperation.

Policymakers need to acknowledge the very real threats facing journalists and ensure that digital policy initiatives protect them and do not inadvertently threaten press independence, basic privacy rights, or encryption and VPN protections.

Technology companies need to establish and protect human rights and privacy safeguards for journalists, while at times navigating state demands (sometimes via onerous legislation such as Zimbabwe's Interception of Communications Act, surveillance regulation that has had a chilling effect on the practice of journalism) to provide private data and information on their users, potentially permitting government abuses of power.

Publishers should engage in proactive efforts around cyber education, safety and support, and share their experiences within the industry so that similar attacks might be prevented. A lack of digital security training — particularly in newsrooms outside of large national (and largely Western) publishers with the means to provide such training — can create chilling effects for sources and whistleblowers who increasingly fear being unintentionally exposed by journalists.

Researchers and civil society need to do their part to collaboratively shed light and provide data on the trends, risks, and potential avenues forward. Many current conversations about how to address these threats, for example, lack global evidence such as how, or to what extent, digital security technologies like encryption software have been implemented by journalists outside of Western countries.

Why is all this necessary? Because the physical and digital security of journalists and their sources are under threat in many parts of the world. They are targets for cyberattacks and digital surveillance, compromising their own and their sources’ personal information and safety. Researchers have tracked nearly 180 cases of spyware targeting journalists in multiple nations. Just a few examples:

• Agents of the Vietnamese government attempted to install spyware on the phones of US journalists (as well as members of Congress and others).
• Russian journalist Galina Timchenko, who leads an independent news agency, was the target of a different spyware attack.
• TikTok employees used company resources to track a UK journalist and her sources, exposing the ways in which common apps can be used as spyware.

These attacks can come from government officials, powerful individuals, corporations, extremists and criminal networks. And more tend to be aimed at freelance, non-Western or exiled journalists, as well as smaller newsrooms who often do not have the financial resources or technical expertise to defend their employees and sources.

Policymakers have taken notice, with 156 countries enacting some form of cybercrime legislation as of 2021. But research has found that a majority of cybercrime laws include provisions that can be used to target an independent press and hamper free expression, often via vague or broad wording and few safeguards to protect against investigative overreach.

Global leaders in policy, technology, journalism, and research need to come together to create shared knowledge about these issues and chart best paths forward to investigate cybercrime, support journalists, and safeguard the broader digital ecosystem. CNTI seeks to help by conducting and synthesizing research, organizing discussions and offering analyses that advance these goals.