Journalism, and especially investigative journalism, is a risky profession. In recent years, it has been documented how journalists in Latin America are targets of attacks, threats, harassment, and persecution just for doing their job. However, many journalists and newsrooms are unaware of the extent to which their digital and physical safety hangs in the balance.
That's why the Global Investigative Journalism Network (GIJN) worked with a team of experts from the Ford Foundation to develop the Journalist Safety Assessment Tool (JSAT), which provides an online diagnostic of an organization's physical and cyber security strategies, with recommendations on how to improve them.
The launch of the Spanish version of this tool took place on Dec. 15 in an online conversation led by Gia Castello, an expert in digital security, with the participation of journalists from El Faro, Mongabay Latam, Convoca Perú, among others. They shared their experiences and lessons learned on the subject.
The English JSAT version had already been launched in November 2021 during the Global Conference on Investigative Journalism. It is currently also available in Arabic, Indonesian, Turkish, Portuguese, and Russian.
Journalist Safety Assessment Tool (JSAT) home page. Photo: Screenshot.
The tool consists of a series of questions that are divided into three parts: media security strategy, device security and physical security. "It takes between 30 minutes to an hour to use the tool. To answer the questions, it is recommended to be in dialogue with other departments of the organization or news outlet to have the best possible information," Castello said during the event.
At the end of the questionnaire, the tool issues a rating of the organization’s security and provides recommendations on how to mitigate those with lower scores. Castello recommends taking the JSAT at least once a year and sharing the results with colleagues and media leaders to think about next steps to improve security.
During the presentation, journalists from different Latin American media participated and spoke about the measures they take to improve their digital security. Most of them use encrypted communications either by e-mail or instant messaging when covering investigative topics.
"We at Convoca have learned from working on collaborative projects. Based on these experiences, we consider the security of our conversations to be essential. We use PGP (for e-mail and attachments) and Signal (for text messages)," Milagros Salazar, director of the Peruvian media Convoca, said.
Gia Castello, digital security expert, who led the conversation at the launch of the Spanish version of the Journalist Safety Assessment Tool (JSAT). Photo: Courtesy.
Salazar also said that when they have led collaborative projects they’ve used secure document sharing platforms such as the one offered by the International Consortium of Investigative Journalists.
Castello recommended attendees encrypt documents if they do not have access to a secure file-sharing platform, and suggested using the CryptPad.fr tool.
Mongabay journalist Alexa Vélez said that "it’s still difficult for journalists to use these new tools. I feel they’re still in the process of adaptation. Vélez explained that the two tools her team has already implemented are 1Password (a password manager) and Signal.
In addition to this new Spanish-language security assessment tool, GIJN has been working on other resources to strengthen newsroom security, such as a Digital Security guide, Freelancing: Safety and Security, Basic Steps in Digital Security for Journalists and a Security Manual for Covering Street Protests.
During the presentation of JSAT, Mauricio Sandoval, administrative manager of El Faro, told how the Salvadoran media has had to increase its digital security because 22 of its journalists were tapped with Pegasus spyware between 2020 and 2021.
"The issue of internalizing discipline and order in your communication habits is complicated. Currently, in El Salvador, the attack is taking place more through institutional means, i.e. laws, lawsuits, etc. So the stronger we are institutionally, the better we can face attacks," Sandoval said.
The whole Pegasus case at El Faro began when one of its workers, Julia Navarrete, received a notification from Apple warning her that she might have malware on her phone. Navarrete took the notification seriously and decided to ask for a more exhaustive analysis of her device. That’s how she discovered that she was being spied on.
For these cases, Castello recommended the use of an Amnesty International tool to analyze both Android and Apple devices. "The thing about Pegasus is that it’s been around for a while now and, luckily, we already have these tools to find out whether we are being spied on," Castello said.
The overall call of the event was to not underestimate the threats and make use of the available protection tools. "We underestimate threats until they happen. We tend to believe that we are vaccinated against espionage. There is some denial among us, but the facts show that we are vulnerable and that our equipment is not prepared for the challenges we face," Argentine journalist Irene Benito said. "I’m concerned that we could develop a resistance to taking into account which areas need improvement. Organizations have to take these issues very seriously and be realistic about threats."
