What is the link between free and open source software (FOSS) and journalism? And why should we all care about FOSS?
On the second and third of February, tech experts from all over the world gathered in Brussels for the 19th edition of FOSDEM – a free event for software developers to meet, share ideas and collaborate on a yearly basis right next to the European Union institutions. The event was attended by more than 8000 people taking part in 776 lectures, keynotes, developer rooms, and stands.
FOSDEM was followed by a Hackathon entitled co-designing independent open source tools for protecting journalists and their sources in 2019 on Monday the 4th at the Brussels Press Club. The event focused on the link between FOSS and journalism, their areas of intersection, and the ways in which people from each discipline could learn from each other.
What is open source?
Open source refers to software whose secure code can be seen, edited, and used openly. It is a specific approach to creating computer programs that gives value to open collaboration, transparency, meritocracy (“the best idea wins”), and community-oriented development. The opposite of open source are proprietary codes or closed source, which gives allowance to use software just the way it is provided without the possibility of seeing or modifying it.
Advocates of open source highlight the higher level of control and security over the code in that errors and loopholes can be spotted quicker. Moreover, open source is also more stable in that programs stay online even if their creators stop working on them. FOSS refers to ‘free’ and open source with the goal to create transparent and secure tools that are on top of that also not controlled by large corporations. FOSS is quite different from open source in that open source is the license model while the term ‘free’ means the freedom of the software.
For everyone that still doesn’t see the benefit of open source, an IT expert gave me this comparison: It is like a dish. You can get the dish and it tastes good, but you still don’t know what’s inside. Or you get the recipe with it and you can adapt and modify it, add some salt, take some unwanted ingredients out, so that it tastes better and is healthier.
What’s the problem?
So why should we all care about open source? Tanja Drca from Necunos, a company designing open mobile devices highlights that “even though people say they have nothing to hide, they still have the right to privacy. Unfortunately, many people don’t know about online safety and most existing security tools are not enough.” Yet, especially for journalists, online security can become vitally important.
Referring to the case of Maltese investigative journalist Daphne Caruana Galizia, who was killed in October 2017 by a car bomb because of her work that had denounced corruption, clientelism, and all kinds of criminal behaviors in Malta, Tanja continues to say “I am not a journalist. But what I got from this: if you want to do this job, understand that you are not safe.” Moreover, “there is not much you can do to make your smartphone secure. Not because you don’t want to or don’t try to but because they were never developed to be secure. In the end our smartphones are controlled by manufacturers, companies and phone carriers, not to even mention about 3rd party applications and their data collecting.”
Journalism, as every other aspect of our lives, has undergone major changes since the beginning of digitalization. Even though digital transformation has led to liberated ways to communicate and to the empowerment of citizens, it also poses a threat to the traditional role of journalism to safeguard informed public debates. In their daily work, journalists rely on many intermediaries such as Facebook, Google, and other private companies to communicate with sources or to store information. Due to a lack of regulation or in the name of terror prevention, governments all over the world can potentially gain access to this information.
Mobile #infosec – #journalism We need each other. Read the first part of our blog miniseries https://t.co/wkNz6SBNFi and join the conversation: #HackForJournalism @ECPMF @IPI @EFJEUROPE @AEJBelgium @IFJGlobal @RSF @CPJTechnology pic.twitter.com/KUYFcMWkMy
— Necunos (@necunoscom) 8 de febrero de 2019
How can journalists benefit from FOSS?
Several tech companies have recognized the need to react to these developments. Veronika Nad from the open software provider Enough argues that “there is a lack of political will to strengthen freedom and transparency and to foster public access to information. This short before European Parliament elections in May, only one third of the member states have measures in place to protect whistleblowers. And many more countries around the world, such as Hungary, Poland, Israel or Australia have just recently implemented strict media laws that restrict freedom of speech.”
Enough provides for a set of privacy-enhancing tools, as well as a community of technical people and journalists. Their goal is to empower journalists to protect their and their sources’ privacy, especially in situations when freedom of press is challenged. Their main concern lies in establishing closer cooperation between journalists and technological experts to close the formers technological know-how gap.
Close the knowledge gap
To close the knowledge gap was also one of the main goals of Monday’s Hackathon that was codesigned by the Association of European Journalists Belgium, the Brussels Press Club, FOSDEM, and Necunos. Tanja: “This is exactly the problem. I know nothing about the journalism world and vice versa. We need to learn from each other. I need to know for example whether journalists use one phone for work and for their private communications, for their interaction with their sources and for storing pictures of their children.”
Necunos has started developing a completely open mobile device in terms of hardware and software. Their motivation came from their experiences with the spyware Pegasus that has been detected in 2016 and that has become famous for its uniqueness and its high effectiveness. According to Tanja, regular encryption tools on mobile phones are no effort at all for Pegasus and anonymity is not ensured on most mobile devices. Software such as SecureDrop, which are aimed at securing the communication between journalists and their sources, require a lot of work and dedication and are only on-top tools.
Tanja:” Instead of developing security solutions on top of the existing rotten platforms, we start from the very beginning. That doesn’t mean the device is completely unhackable because there is just no full security, but it is the best we can do.” She continues saying that “we are proud as a company to say, ‘Don’t trust us.’ Because you shouldn’t. Ask your company to check our devices and codes beforehand.”
Future challenges remain
Monday’s Hackathon ended with a lot of input for all participants, but it has also provoked many new questions. Even if I use a secure mobile device such as the one designed by Necunos, what if my source simply communicates via Gmail? Is there the danger of safe devices being used by terrorists to enhance their anonymity? And how could Necunos possibly counter such threats? It is clear that the open source world is not yet developed so far as to answer all these questions. Even the biggest open source advocates still sometimes have to rely on proprietary sources.
Summed up, tools such as Necunos’ secure mobile device might not yet be necessary and still too underdeveloped for regular news competition. Yet, for issues of critical security, they could be crucial for investigative journalists and their networks to communicate. In this regard, the Hackathon has revealed that we need to prepare ourselves for upcoming changes in internet usage, at least give a thought to our daily digital usage patterns, and that our work is appreciated by those who see the technical problems of modern internet. Companies such as Necunos are working on engaging in co-designing devices together with journalist associations, yet, they are also in need of financial support that would not jeopardize the important editorial independency.
For those who are interested in more information, it is worth checking out the Perugia Principles for Journalists that have been drafted by 20 international journalists and include i.e. a list of 12 principles for working with whistleblowers in the digital age. Finally, Necunos has also published a blog where you can find a lot more information on the issue and the slides from the presentation of the Hackathon are available via this link.
By Alena Bieling