Six Encryption Tools Every Journalist Should Use

By: Jorge Luis Sierra | 02/02/2016

In several years of training journalists, I have seen that most journalists agree with the need for encryption to protect their information, but only a few of them really embrace the technology. At first, I thought it was a problem of awareness, but I have since come to realize that the complexity of technology also plays a role.

Journalists often fail to protect their information because encryption systems are complicated and not very friendly to non-technical users. Most journalists have multiple assignments, little time and limited technological skills. They sometimes prefer to accept risks rather than go through the hassle of learning difficult tools.

Even experienced reporters, dealing with confidential sources, working on high-risk stories and visiting dangerous places, are willing to take the risk of using regular email to send plain text messages rather than hassling with what they consider complicated and time-consuming encryption tools.

The consequences of this problem might be disastrous: I know cases of journalists who lost years of research; sources whose online identity got compromised; and reporters who were physically attacked because an adversary intercepted their communications and discovered the subject of their investigations.

Today, with drug traffickers, ruthless terrorists and even corrupt officials trying to intercept and read the emails of investigative journalists, it is more important than ever to encrypt information and send it securely through email.

Here are a few options for securing email that are more user-friendly, along with the pros and cons of using them. Also, I would like to give you one bit of advice: If you are at extreme risk and require privacy, do not transmit information via email at all. Otherwise, please take the time and effort to adopt one of the following tools:

OpenPGP

Pros: This is based on the classical Pretty Good Privacy (PGP) asymmetric encryption technology. There is practically no way for an adversary to crack and read a message carefully encrypted with OpenPGP. Once installed, it is pretty easy to use.

Cons: Setting up OpenPGP properly is not very easy. You need to follow carefully the instructions to install the software. You will have two keys, one private, and one public. Everybody can have your public key, but only you must have access to your private key. You can encrypt files with PGP technology.

Tutorials:

RiseUp

Pros: This is a secure and free email service supported by a network of advocates of Internet privacy. It allows the use of the most important security features such as https and operates only over the Secure Socket Layer (SSL). You can open an account without providing your personal information.

Cons: Because RiseUp is identified with human rights and privacy activists, having a RiseUp account can attract attention from adversaries. You need to get codes for two existing RiseUp users to open an account.

Tutorial:

ProtonMail

Pros: This is a free tool with highly protected servers in Switzerland. Emails are secured with end-to-end encryption. You can create an account anonymously without putting your personal information to open an account. There is no need to download software. ProtonMail does not have access to users’ decryption keys. It uses open source PGP encryption standard. It is easy to use.

Cons: You need to wait some weeks to get a ProtonMail account.

Tutorial:

Mailvelope

Pros: This is a browser extension that allows users to exchange encrypted emails following the OpenPGP encryption standard. It is an open-source free tool. Encryption is strong. You will need to create a pair of keys, one private and one public. You may share your public key with your contacts and keep the private one secret, just for yourself. It is recommended to use a strong passphrase to decrypt messages.

Cons: If your computer or your browser is hacked, adversaries can eventually get access to your private key and try to crack your passphrase to decrypt your emails. Your passphrase is your last line of defense and you need to store it safely. The Mailvelope keys are not usable to encrypt and decrypt files.

Tutorial:

Hushmail

Pros: This is a proprietary source tool with a free option. It uses both asymmetric and symmetric encryption and is easy to use.

Cons: You need to provide a regular email account and cannot hide your original IP to open a Hushmail account. Your password will be stored at the Hushmail servers. With a judicial order, a government may request access to the user data. Subject of the email, headers and metadata are not encrypted. If you want to send an encrypted message to a non-Hushmail user, you will need to share the key through other means. Hushmail requires users to sign in at least once every three weeks to keep the account active.

Tutorial:

Peerio

Pros: Peerio is an easy-to-use open-source software that offers a high-level encryption system. Peerio creates a pair of keys, one public, and one private and use them automatically for the user to send or read encrypted messages. Users can also can encrypt files and send them securely over Peerio. The platform can be used as a repository of encrypted files. Files are not only encrypted to travel securely from end to end, but are also encrypted specifically to the receiver’s public key. This way, nobody else but the intended recipient could decrypt and read it.

There are other features that can be attractive to journalists. Peerio produces a unique avatar for each user, so you can recognize if the person you want to exchange messages with is an impersonator. Peerio produces passcodes very difficult to crack. To enhance the user’s privacy, Peerio does not store the passcode. It is a major difference from popular email services where the company knows and stores both the username and the password. Peerio also enables a two-factor authentication, pairing the user’s mobile device to the account to provide more security.

Cons: Peerio is still in beta. If you want to send extremely sensitive documents or messages now, you may want to try OpenPGP instead.

Tutorial:

This post is also published on IJNet, which is produced by ICFJ.

Main image CC-licensed by Flickr via Yuri Samoilov.

Related Programs
ICFJ Knight Fellowships
Topics
Media Innovation
Country/Region
Latin America / Caribbean

Latest News

Guidance for Building Trust with the Communities You Serve

Trust in the media has fallen globally. 

Today on average, according to Reuters Institute’s 2023 Digital News Report, just four in 10 people say they trust news most of the time. Amid this decline, people are also more likely to avoid consuming news coverage.

One way journalists and news organizations

How to Develop an Ethical AI Use Policy for a Nonprofit

Technology changes quickly, and as it does, it often leaves us wondering “What does this mean for us?” When ChatGPT ushered in a new era of accessible artificial intelligence (AI) tools in 2023, our staff here at the International Center for Journalists (ICFJ) were full of questions about what this meant for our work, our mission and journalism in general. 

To support our staff, we embarked on a project to develop a policy that provides guidance on how the organization will use AI tools. And because we know we aren’t alone in answering these big questions, we wanted to share the lessons we learned along the way to help other organizations that are in the midst of creating their own policy.

Cross-Border Journalism Network Amplifies Local Solutions

Guyot, who officially launched the Human Journalism Network as an ICFJ Knight Fellow in 2023, said his goal is to highlight how people are making progress on social challenges in ways that are not only interesting but potentially useful.