Encryption

Learn to encrypt sensitive data.

Properly used, encryption is a surefire way to keep information and communications secure.

At its most simple, encryption works by using a mathematical formula to scramble data, which can only be unscrambled with a specific key and/or pass phrase. As a journalist, you store and transmit a great deal of information – some of which may be sensitive and/or put you and your sources at risk. You may want to encrypt this information to protect it.

In some countries, encryption has legal restrictions on use, so you will need to consider that before crossing borders and/or working in certain places. Thorough research on this should be included in your risk assessment.

Encryption

Encrypted messaging apps and internet calls

There is a wide range of tools that encrypt communications while they are in transit from the sender to the recipient, but are no longer encrypted when you open up the message on your phone. If someone gains access to your device, either remotely or physically, they will be able to read your messages.

The tool that you use should be dictated by the preference and situation(s) of the people that you need to communicate with and the country you are in. Always speak with your sources using the most secure method possible and be informed about who makes the tool you are using. All companies store data on their users that can be subpoenaed by governments and used to build a case against you. Some companies keep more data than others, so finding out how much they store is vital.

Here are some common encrypted messaging services:

Encrypted email

You can use different types of software to encrypt your email, which usually encrypts “end to end”. If used correctly, end-to-end encrypted email can be a very effective way of communicating securely.

End-to-end encrypted email means that the content of your email is encrypted and can only be decrypted by the recipient. The recipient will also need to use end-to-end encrypted email. Be aware that the title of your email and the email address of the sender and receiver are not encrypted.

Key points on encrypted email:

  • There is a variety of software that you can use to encrypt your messages, but encrypted email will only work if the person you are sending to is also using it.
  • You should always update your software to protect it against security vulnerabilities.
  • Encrypted email can be complicated to set up and is not always convenient. There is currently no way to send encrypted email from your phone, for example.

Common ways to encrypt email:

Encrypted cloud services

Journalists frequently back up documents to the cloud, using popular services such as Google, iCloud and Dropbox. These may be perfectly suitable for many users, but you should be aware that your documents are only as secure as the service they are stored on. Some of these services have been breached and user data has been stolen.

If you are storing especially sensitive documents and/or material or are concerned that you might be targeted directly by an adversary, you may want to use an encrypted cloud service.

Some examples of encrypted cloud services include:

Encrypt your devices

Computer

You may want to encrypt the drive on your computer, which is known as full-disk encryption. This is relatively easy to do and can be an effective way of protecting data. Be aware that travelling to and/or working in certain countries with encrypted devices is illegal.

Full-disk encryption for your computer:

  • Bitlocker for Windows
  • Filevault for Mac

Extra reading on encrypting your computer:

Phone

Most newer phones have encryption as a default model. This means that information on your phone is encrypted when it is being stored or sent. However, if you want to prevent your data being physically accessed, you will need to encrypt your information and protect it with a passphrase. If your phone is not encrypted, you can turn on this option in the security settings of your phone.

Your phone will normally back up information on your device to the cloud service. If you are using an iPhone, for example, it will back up information to the iCloud. If you are using Android, it will back data up to Google Drive. Be aware that the information in the cloud may not be encrypted.

You may want to remove data from your phone if it is lost or stolen. To do this, you will need to set up your phone to remote wipe. Turning on this feature will give Apple and Google access to the location of your device at all times.

To set up remote wipe:

  • Find my iPhone for iPhone
  • Android Device Manager – you may need to enable ‘remote lock and erase’

Encrypt your files, your hard drive and USBs

If you want to keep sensitive documents safe, you might want to consider encrypting them. All major computer systems have their own methods for encrypting, so you should check which one is available on your computer.

You can also encrypt your drive and/or external devices using Veracrypt. To encrypt files in the cloud, Cryptomator is a good option.

Encrypt your website

See our guide on Navigating the Internet for information on this.

Further reading