How a few PhD students revealed that phishing trainings might just not work: Lock and Code S03E03

Telling stories securely, with Runa Sandvik: Lock and Code S03E07

In 2017, a former NSA contractor named Reality Winner was arrested for allegedly leaking an internal report to the online news outlet The Intercept. To verify the report itself, a journalist for The Intercept sent an image of the report to the NSA, but upon further inspection, it was revealed that the image was actually a scan of a physical document. 

This difference—between an entirely digital document and a physical piece of paper—spurred several suspicions that the news outlet had played an unintended role in identifying Winner to her employer. Some security onlookers proposed that, because The Intercept had sent a scan, the NSA did not have to search far to find who looked it: Rather than combing through every employee or contractor who had access privileges to the report itself, the NSA only had to find people who had printed it.

Winner eventually received the longest sentence ever for sharing classified information—five years and three months in Federal prison. The former co-editor of The Intercept said that the way that the story was handled, including the push to have the documents verified by the NSA, was a “deeply embarrassing newsroom failure.” 

This is what journalism can look like in the modern age. There are countless digital traces left behind that can puncture the safety and security of both journalists and their sources. Adding complexity and stress to the situation is that many journalists have an online person in which they share many details about their private lives—a habit that could provide leverage for future harassment, said security researcher Runa Sandvik.

“If you’re default is to share absolutely everything and anything that you’re doing on social media, at some point in time, some people that are upset with something you wrote, may actually find that and use that to harass you and harass your friends harass your loved ones.”

Runa Sandvik

Today, on the Lock and Code podcast with host David Ruiz, we speak with Sandvik about how she helps reporters tell important stories securely and privately amongst many digital threats. 

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.