In the digital world, almost everything you do to communicate leaves a trace. Often, emails are stored on servers even after they're deleted. Phone calls create logs detailing which numbers connected, when and for how long. Your mobile phone can create a record of where you are.
If you're a journalist trying to protect a confidential source, this is a very difficult world to work in.
"I have been running around in my newsroom, screaming about this ... for years," says Julia Angwin, who covers computer security and privacy at The Wall Street Journal. "There's so much evidence now that journalists are being targeted, that our communications are vulnerable and, mostly, that our sources are being put in jail."
It's in this context that The New York Times decided to outsource its email to Google. This summer, the paper moved all of its reporters onto corporate Gmail accounts. Before the switch, Times emails were stored on servers it owned; now those messages are in Google's digital filing cabinet.
'A Sense Of Nervousness'
Unlike the free Gmail used by millions of consumers, corporate Gmail accounts cost money and offer greater privacy protections. But that protection is not complete, and the move could leave Times reporters and their sources with fewer legal protections if they are the subject of a government investigation.
Angwin says one of the reasons that so many journalists have been unable to protect their sources is that records about whom they are talking to are collected by third parties. Last year, when the Department of Justice was investigating a leak about a foiled terrorism plot in Yemen, it didn't subpoena reporters at the Associated Press. Instead, it went to Verizon and asked for the records of calls going into and out of the AP's bureaus.
Prosecutors also go after journalists' private email accounts. And often investigative requests to companies like Google and Verizon come with gag orders.
"I find that all of this, including the AP revelations, contributed to a sense of nervousness among sources," says Jennifer Valentino-DeVries, also of The Wall Street Journal. "Even people who are not discussing particularly sensitive information with me will comment about the possibility of my emails and phone calls being tapped. And I think that's been disconcerting."
"I worry a lot about the outsourcing of email at a news organization. We only have two layers of protection, right? One is technological and one is legal," Angwin says. "So certainly our lawyers at a news organization are gonna fight to protect our emails. But, if they don't fully control them technically, they can't mount a very good argument.
"If Gmail is handling our emails, then we have to rely on them to mount our legal arguments," she adds. "And that's not a situation that news organizations have been in, in the past."
Investigations And Gag Orders
The New York Times isn't the only media organization to outsource its email. In a statement, it said it had discussed the legal issues involved in detail and the company is confident that its deal with Google, combined with precautions its journalists are now taking, has enhanced the protection of sensitive information. Right now, the Times believes hackers are a bigger security threat than government investigations or gag orders.
Fred Cate, the director of the Center for Applied Cybersecurity Research at Indiana University, says a large email service provider like Google may very well offer better security. Still, Cate says, when it comes to mounting a legal defense against a leak investigation, the Times is making itself vulnerable.
"There will be a gap. There is no question that there's going to be a gap," Cate says. "Because previously you would have had to serve that piece of paper on The New York Times."
Now, an investigator would serve Google. And if the request comes with a gag order, the Times might never know.
Transcript
AUDIE CORNISH, HOST:
The New York Times has moved all of its reporters onto corporate Gmail accounts. Unlike the free Gmail used by millions of people, corporate Gmail accounts cost money and have greater privacy protections. But that protection is not complete. The move could leave Times reporters in a difficult legal situation if they are the subject of a government investigation. NPR's Steve Henn reports.
STEVE HENN, BYLINE: In the digital world, almost everything you do to communicate leaves a trace. Emails are stored on servers often after they're deleted. Phone calls create logs detailing which numbers connected, when and for how long. Your mobile phone can create a record of where you are. So if you're a journalist trying to protect a confidential source, this is a very difficult world to work in.
JULIA ANGWIN: I have been running around in my newsroom screaming about this for years.
HENN: Julia Angwin is a reporter at The Wall Street Journal who covers computer security and privacy.
ANGWIN: There's so much evidence now that journalists are being targeted, that our communications are vulnerable, and mostly that our sources are being put in jail.
HENN: She says one of the reasons so many journalists have been unable to protect their sources is that records about who they're talking to are collected by third parties. So last year, when the Justice Department was investigating the leak about a foiled terrorism plot in Yemen, it didn't subpoena reporters at The Associated Press. Instead, it went to Verizon and asked for records of calls going into and out of AP bureaus. Prosecutors go after journalists' private email accounts. And often, investigative requests to companies like Google and Verizon come with gag orders.
JENNIFER VALENTINO-DEVRIES: I find that all of this, including the AP revelations, contributed to a sense of nervousness, I guess, among sources.
HENN: Jennifer Valentino-DeVries is also with The Wall Street Journal.
VALENTINO-DEVRIES: Even people who are not discussing particularly sensitive information with me will comment about the possibility of my emails and phone calls being tapped, and I think that's been disconcerting.
HENN: It's in this context that The New York Times decided to outsource its email to Google. Before the switch, Times' emails were stored on servers it owned. Now, those messages are in Google's digital filing cabinet.
ANGWIN: I worry a lot about the outsourcing of email at a news organization.
HENN: Julia Angwin.
ANGWIN: We only have two layers of protection, right? One is technological, and one is legal. So certainly, our lawyers at our news organization are going to fight to protect our emails, but if they don't fully control them technically, they can't mount a very good argument. If Gmail is handling our emails, then we have to rely on them to mount our legal arguments, and that's not a situation that news organizations have been in in the past.
HENN: The Times isn't the only media organization to outsource its email. And in a statement, it said it had discussed the legal issues involved here in detail. The company said it's confident its deal with Google, combined with precautions its journalists are now taking, has actually enhanced the protection of sensitive information. Right now, the Times believes hackers are actually a bigger security threat than government investigations or gag orders. Fred Cate is the director for applied cyber security research at Indiana University. He says a large email service provider like Google may very well have better security. Still, Cate says when it comes to mounting a legal defense against a leak investigation, the Times is making itself vulnerable.
FRED CATE: There will be a gap. I mean, there's no question that there's going to be a gap because previously you would have had to serve that piece of paper on The New York Times.
HENN: And now, an investigator will serve Google. And if the request comes with a gag order, the Times might never know. Steve Henn, NPR News, Silicon Valley. Transcript provided by NPR, Copyright NPR.
300x250 Ad
300x250 Ad