Individual versus Organizational Computer Security and Privacy Concerns in Journalism

Open access


A free and open press is a critical piece of the civil-society infrastructure that supports both established and emerging democracies. However, as the professional activities of reporting and publishing are increasingly conducted by digital means, computer security and privacy risks threaten free and independent journalism around the globe. Through interviews with 15 practicing journalists and 14 organizational stakeholders (supervising editors and technologists), we reveal the distinct - and sometimes conflicting-computer security concerns and priorities of different stakeholder groups within journalistic institutions, as well as unique issues in journalism compared to other types of organizations. As these concerns have not been deeply studied by those designing computer security practices or technologies that may benefit journalism, this research offers insight into some of the practical and cultural constraints that can limit the computer security and privacy practices of the journalism community as a whole. Based on these findings, we suggest paths for future research and development that can bridge these gaps through new tools and practices.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] A. T. Garbett R. Comber P. Egglestone M. Glancy and P. Olivier “Finding real people: trust and diversity in the interface between professional and citizen journalists” in 32nd Annual ACM Conference on Human Factors in Computing Systems. ACM 2014 pp. 3015-3024.

  • [2] U.S. Supreme Court “Risen v. United States” SCOTUSblog Retrieved: June 5 2014.

  • [3] A. E. Marimow “Justice Department’s scrutiny of Fox News reporter James Rosen in leak case draws fire” The Washington Post May 2013. [Online]. Available:

  • [4] N. Perlroth “Hackers in China Attacked The Times for Last 4 Months” The New York Times January 2013. [Online]. Available:

  • [5] N. Perloth “Washington Post Joins List of News Media Hacked by the Chinese” The New York Times February 2013. [Online]. Available:

  • [6] - “Wall Street Journal Announces That It Too Was Hacked by the Chinese” The New York Times January 2013. [Online]. Available:

  • [7] Human Rights Watch “With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism Law and American Democracy” Jul. 2014

  • [8] K. A. Ruane “Journalists’ Privilege: Overview of the Law and Legislation in Recent Congresses” 2011. [Online]. Available:

  • [9] S. Hardy M. Crete-Nishihata K. Kleemola A. Senft B. Sonne G. Wiseman P. Gill and R. J. Deibert “Targeted threat index: Characterizing and quantifying politicallymotivated targeted malware” in Proceedings of the 23rd USENIX Security Symposium 2014.

  • [10] W. R. Marczak J. Scott-Railton M. Marquis-Boire and V. Paxson “When governments hack opponents: A look at actors and technology” in 23rd USENIX Security Symposium 2014.

  • [11] S. E. McGregor P. Charters T. Holliday and F. Roesner “Investigating the computer security practices and needs of journalists” in 24th USENIX Security Symposium (USENIX Security 15). USENIX Association 2015.

  • [12] G. Greenwald No Place To Hide: Edward Snowden the NSA and the U.S. Surveillance State. Metropolitan Books 2014.

  • [13] C. Savage and L. Kaufman “Phone Records of Journalists Seized by U.S.” The New York Times May 2013. [Online]. Available:

  • [14] S. Huntley and M. Marquis-Boire “Tomorrow’s News is Today’s Intel: Journalists as Targets and Compromise Vectors” BlackHat Asia Mar. 2014

  • [15] Freedom of the Press Foundation “SecureDrop (formerly known as DeadDrop originally developed by Aaron Swartz)” 2013. [Online]. Available:

  • [16] K. Biscuitwala W. Bult T. J. P. Mathias Lecuyer M. K. B. Ross A. Chaintreau C. Haseman M. S. Lam and S. E. Mc- Gregor “Secure Resilient Mobile Reporting” in Proceedings of ACM SIGCOMM 2013.

  • [17] S. Carlo and A. Kamphuis “Information Security for Journalists” The Centre for Investigative Journalism Jul. 2014. [Online]. Available:

  • [18] S. E. McGregor “Digital Security and Source Protection for Journalists” Tow Center for Digital Journalism Jul. 2014. [Online]. Available:

  • [19] M. Keys “Google experts reveal how top organizations are in danger” The Blot 2014

  • [20] A. Soltani “12 of the top 25 news sites (incl. @washingtonpost) rely on Microsoft or Google for hosted email services” Twitter 2014

  • [21] P. Thornton “Outlook/Exchange vs. GMAIL” The Journalism Iconoclast May 2008. [Online]. Available:

  • [22] N. Borisov I. Goldberg and E. Brewer “Off-the-record communication or why not to use PGP” in ACM Workshop on Privacy in the Electronic Society 2004.

  • [23] P. R. Zimmermann The Official PGP User’s Guide. Cambridge MA USA: MIT Press 1995.

  • [24] R. Dingledine N. Mathewson and P. Syverson “Tor: The second-generation onion router” in Proceedings of the 13th USENIX Security Symposium 2004.

  • [25] N. Unger S. Dechand J. Bonneau S. Fahl H. Perl I. Goldberg and M. Smith “SoK: Secure Messaging” in Proceedings of the IEEE Symposium on Security and Privacy 2015.

  • [26] M. Brennan K. Metzroth and R. Stafford “Building Effective Internet Freedom Tools: Needfinding with the Tibetan Exile Community” in 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) 2014.

  • [27] Internews Center for Innovation & Learning “Digital Security and Journalists: A SnapShot of Awareness and Practices in Pakistan” 2012

  • [28] J. L. Sierra “Digital and Mobile Security for Mexican Journalists and Bloggers” Freedom House 2013. [Online]. Available:

  • [29] S. Gaw E. W. Felten and P. Fernandez-Kelly “Secrecy flagging and paranoia: adoption criteria in encrypted email” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM 2006 pp. 591-600.

  • [30] G. Norcie J. Blythe K. Caine and L. J. Camp “Why Johnny Can’t Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems” in Workshop on Usable Security (USEC) 2014.

  • [31] A. Whitten and J. D. Tygar “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0” in Proceedings of the 8th USENIX Security Symposium 1999.

  • [32] N. Diakopoulos M. De Choudhury and M. Naaman “Finding and assessing social media information sources in the context of journalism” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM 2012 pp. 2451-2460.

  • [33] N. Taylor D. M. Frohlich P. Egglestone J. Marshall J. Rogers A. Blum-Ross J. Mills M. Shorter and P. Olivier “Utilising insight journalism for community technology design” in Proceedings of the 32nd ACM Conference on Human Factors in Computing Systems. ACM 2014 pp. 2995-3004.

  • [34] A. Adams and M. A. Sasse “Users are not the enemy” Communications of the ACM vol. 42 no. 12 pp. 40-46 1999.

  • [35] Y.-Y. Choong and M. Theofanos What 4500+ People Can Tell You - Employees’ Attitudes Toward Organizational Password Policy Do Matter ser. Lecture Notes in Computer Science. Springer International Publishing 2015 vol. 9190 ch. 27 pp. 299-310.

  • [36] K. Renaud M. Volkamer and A. Renkema-Padmos “Why Doesn’t Jane Protect Her Privacy?” in Proceedings of the 2014 Privacy Enhancing Technology Symposium 2014.

  • [37] J. Corbin and A. Strauss Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications 2014.

  • [38] V. Venkatesh and H. Bala “Technology Acceptance Model 3 and a Research Agenda on Interventions” Decision Sciences vol. 39 no. 2 pp. 273-315 2008.

  • [39] A. Greenberg “How the Syrian electronic army hacked us: A detailed timeline” Forbes February 2014. [Online]. Available:

  • [40] Symantec “Internet security threat report 2014” 2014. [Online]. Available:

  • [41] D. D. Caputo S. L. Pfleeger J. D. Freeman and M. E. Johnson “Going spear phishing: Exploring embedded training and awareness” Security & Privacy IEEE vol. 12 no. 1 pp. 28-38 2014.

  • [42] A. Das J. Bonneau M. Caesar N. Borisov and X. Wang “The tangled web of password reuse” in Symposium on Network and Distributed System Security (NDSS) 2014.

  • [43] K. E. Caine “Supporting privacy by preventing misclosure” in CHI’09 Extended Abstracts on Human Factors in Computing Systems. ACM 2009 pp. 3145-3148.

  • [44] P. Kumaraguru S. Sheng A. Acquisti L. F. Cranor and J. Hong “Teaching Johnny Not to Fall for Phish” ACM Transactions on Internet Technology vol. 10 no. 2 pp. 7:1-7:31 Jun. 2010.

  • [45] PhishMe

  • [46] K. Niknejad A. Kaphle A. A. Omran B. Baykurt and J. Graham “The New Global Journalism: Foreign Correspondence in Transition” Tow Center for Digital Journalism Sep. 2014. [Online]. Available:

Journal information
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 579 388 29
PDF Downloads 333 238 13