Be smart with phones, use throwaway internet accounts -- and never play the fourth track while driving.

In the wake of Nicky Hager's home being raided to ferret out Rawshark, the hacker who allegedly supplied the emails that led to Dirty Politics, it's become clear that journalists are seen as a source of information by authorities in more ways than one.

What can a journalist concerned about the safety of his/her sources do then, apart from giving up and quitting the job?

There are a few things, actually. Here's a non-comprehensive round of suggestions for journalists wanting to make life a little more difficult for the long arm of the law.

To have or not to have tech?


You need to have technology and use it. That is, use it sensibly. A journalist with no tech sticks out like a sore thumb. Any unusual behaviour like that is enough to mark you as a target.

Use tech for normal day-to-day stuff like everyone else, but be careful not to bring it near your sources. This includes smartphones that can be easily tracked and pinpoint your location - and that of a source - quickly and easily, and for days after the meeting took place.

Similarly, use the internet but make sure to utilise throwaway accounts that are deleted after use and which don't lead back to you.

Never browse sites without Secure Sockets Layer/Transport Layer Security encryption enabled - that padlock in your browser should show up.

Using an anonymising, encrypted service like The Onion Router (TOR) could be good too.

The FBI has been targeting TOR lately however, and it's not the easiest to set up and use.

Get an old banger

Some newer cars have Sim cards in them, just like mobile phones. It means service people and rescue organisations can call you if something goes wrong, but ... the cars can be easily tracked too.


Likewise, Bluetooth signals for wireless connections can be picked up by hidden roadside scanners, and then there's all the electronics in a car.

Once you learn that researchers at the University of San Diego were able to record a special music file on to a CD which when played switches off the car's brakes, well ... you'd be happier with a very manual, low-tech car (see:

I never play the fourth song on any album while in the car these days.

Careful with cameras

Pictures literally say more than words in the digital age. Smartphones and a number of cameras these days have a global positioning system (GPS) receiver that will work out the exact location within a few metres accuracy.

That information can be recorded into metadata in images, providing a rather useful hint as to where they were taken.

Not only that, having images in digital format makes it much faster to analyse them quickly to reveal things that should stay secret.

Scramble the lot

Email traffic is starting to become encrypted by sending and receiving servers, although you usually have to enable it yourself manually. Your ISP will tell you how.

Without that encryption, you are essentially sending potentially sensitive information over an open communications network that just about anyone along the path can listen into. A bit like writing it down on postcards, thinking nobody will read them.

Taking it further, learn how to use end-to-end encryption like PGP for email. It can be a bear to set up and use, but as far as I know it works. Unfortunately, for PGP to be useful, the person at the other end has to use it too, and very few people apart from a small tech-savvy crowd do.

Email contains metadata however that will reveal the time it was sent and where to, so use it sparingly. Encrypted instant or peer-to-peer messaging might be safer.

Apple's new iPhones and, soon, smartphones running the latest version of the Android operating system are hard for police to break into. Neither Apple nor Google will hold the keys needed to decrypt phones in the future. It's not known if police can get into them some other way, but the loud protests from the FBI suggest it's difficult and slow and maybe impossible.

Don't stop there though. Make sure you have a new operating system that can encrypt storage like hard drives and thumb disks. A pro tip here is to have a solid state drive (SSD) in your computer because it's much, much faster to encrypt it -- and to wipe it.

Recovering data from an SSD is also very hard due to the way it's designed, compared to a standard hard drive.

Don't get any malware, ever, and learn how to use virtual private networks and also virtual machines. The latter are basically computers written in software, and are handy when you wish to visit for instance unsafe sites that might try to hack you.

Back up your stuff off-site, in several locations. This will enable you to continue working when or if the cops let you out of the holding tank.

Except it probably won't save you

The big problem with all the above is of course if the courts tell you to produce the goods, you must. I don't know how far the authorities would go to coerce you into handing over, say, encryption keys for files, but it could lead to some uncomfortable situations.

Not the least because it's easy to forget complex passwords, or something goes wrong and the files are permanently scrambled. In that case, you may find that the officers demanding the password don't quite believe your memory or device are faulty. In some jurisdictions, police will attempt to help you remember secret codes in a forceful manner. The technical term for this is "rubber hose decryption".

By now you might think that the above measures are just ridiculous and too much trouble.

Assuming that a free media should still be around to hold the powerful to account, they really shouldn't be necessary.

In that case, campaign for change, for proper, strong laws to protect journalists and whistleblowers from intimidation, coercion, surveillance and random searches.

Update: Talking to the NZ Herald's data editor Harkanwal Hothi made me realise that another problem with encryption is that it is permanent.

Journalists' notes and source material that should be disclosed after a certain amount of time, for research or out of historical interest, could become locked away forever if the encryption is strong enough.

The same applies if a journalist dies without having shared encryption keys.

This could potentially be solved through a trusted key escrow service in a country with strong privacy provisions, but it would be subject to enormous pressure from governments.