Missing Comma: Why aren’t all journalism students learning data security?

A long, long time ago in 2007, Alysia Santo wrote an article for the Columbia Journalism Review on the incorporation of data security into journalism classes. Since then, we’ve had the Wikileaks debacle, Snowden’s leaks and Manning’s leaks, leading to worldwide state crackdown on journalism:

“I spoke with a number of journalism schools, to see how the growing issue of cyber-security was being handled, and found a range of approaches. I turned to my alma mater, Columbia’s Graduate School of Journalism, and spoke with Emily Bell, the director of Columbia’s Tow Center for Digital Journalism, a dual master’s program in journalism and computer science, which is in its first year. She says that issues of cyber security bother her “immensely,” but at this point, most students aren’t receiving detailed instruction about it. The only cyber-security course being taught takes place within the computer science program, which is only offered to the students enrolled in the Tow Center’s double major. Bell says discussions are underway for how to introduce this more broadly to the curriculum.”

This is great, but not all journalism students want to (or have the means to) go on to graduate school, much less at Columbia, much much less as a double major. Everyone I’ve spoken to who’s taken undergraduate journalism or general communications classes said that data security wasn’t brought up in the classroom.

Now I’ll be honest, as an undergrad, I’m a bit lazy with my data. I’m not reporting on anything particularly hard-hitting or of national interest, so I’m not too worried that anything journalistic on my computer or iPhone is incriminating. Most of what I know about journalistic data security is from my own research and a seminar I attended at the national Society of Professional Journalism conference hosted at Boston College this past April. In only about an hour, the presenters explained TOR, encrypted messaging, email protection, and general data security measures journalists should know about like using burner phones. There’s no reason these skills shouldn’t be applied in every undergraduate journalism class. Since I’m not done with my degree program I’ll give my school the benefit of the doubt for now, but most students I talk to don’t even know what TOR is, and that’s extremely problematic for the future of this field.

A few years after Santo’s piece, NYU journalism professor Adam Penenberg had this gem of an excuse why not:

“… the NYU program didn’t require all students to learn comsec [communication security] for the same reason that they didn’t require all students to learn ‘how to line up ‘fixers’ in a war-ravaged nation or go undercover with a hidden camera. Only a fraction of students will ever need those skills.'”

Only a fraction of journalism students need to learn how to protect their information? It should be a no-brainer that any type of data, particularly email or phone correspondence, which journalists use most often, can potentially fall into the wrong hands and become incriminating. Not all students are techies, but modern journalism requires at least a base knowledge of technology, considering most of it is now on the internet. The days of meeting Deep Throat at a parking garage are long gone; although face-to-face conversation is still the most secure method of gaining information, this is not always possible as your sources may be halfway across the globe.

Susan McGregor, Columbia journalism professor offered the best rebuttal:

“As for the question, Does everyone have to learn this stuff? McGregor says, absolutely. Journalists have a collective responsibility; it’s as important as closing and locking the door behind you when you walk into your apartment building. ‘You may not be covering the NSA, but a colleague of yours might,’ says McGregor. ‘Unless you’re working really on your own, you have a responsibility to protect the person who is vulnerable or may be targeted within your organization by being responsible yourself. If you are not being responsible, you are exposing the people you work with, potentially.'”

Undergraduate journalism classes usually have a section on media law; my school has a whole required class on it. While of course it’s important to know how to deal with a lawsuit, wouldn’t it make sense to learn how to prevent one in the first place? There is concern over making students paranoid, but isn’t a healthy amount of paranoia necessary in the current security state?

McGregor is right – if you wouldn’t leave your apartment door unlocked, you wouldn’t leave all of your data out in the open fields of the web.

Anarchy and Democracy
Fighting Fascism
Markets Not Capitalism
The Anatomy of Escape
Organization Theory