Publishers could end up helping authorities hack their own readers. This is how.

Paul Bradshaw
Mar 18, 2016 · 4 min read
The Guardian complied when authorities demanded they destroy the Snowden files

So far most of the talk about the Investigatory Powers Bill has been about the lack of protection for journalists’ sources thrown up by powers to intercept communications.

But there’s another part to the Bill which relates to facilitating state hacking — and an analysis by Danny O’Brien has thrown up some worrying ambiguity on this front for publishers — not just those based in the UK.

The key here is how ‘communications providers’ are defined in the bill:

“The UK has redefined these terms so broadly that if you run an Internet company, administer a website, run an online video game, provision open source Internet software, operate a chat forum, or simply run a wifi hotspot, this power could be turned on you.”

Publishers, that means you.

Obliged to assist the authorities — and keep quiet

O’Brien lists just a few examples of what that might involve:

  • “include in your web advertisement inventory a fake advert that pushes malware to a group of your readers;
  • “roll out spyware to computers you have control over that would seize email, take screengrabs, pictures and record conversations;
  • “push updates to software you’ve written, including a government-specified backdoor;
  • “rewrite a smartphone app to relay its users’ position directly to the British authorities;
  • “search through emails or other personal data you host, to find passwords or information that could help the authorities to hack;
  • “create or fake messages to cause password resets or mislead users into accessing malware-infected website.”

This might sound alarmist, but it’s worth noting that publishers are already carrying malware in their ads. And one US agency has used fake news stories to plant malware on targets’ computers.

The future is already here: but is it just unevenly distributed?

Outsourcing without security

This sounds incredible, and I hesitate to write it. Would an agency ever exercise those powers? Would a publisher comply?

Perhaps they would not even have to.

Outsourcing your app design or comment moderation, buying in a content management system or hosting content on a social media platform all represent potential security vulnerabilities when any of those third parties could be subject to the same warrants.

Trust

Surveillance has been justified on the grounds of protecting a public body’s interests; over employees’ breaking confidentiality clauses; or simply not justified at all; on other occasions confidential material has been handed over by accident.

It is not enough for former Attorney General Dominic Grieve to say the proposed bill is “well intentioned”. When even the Chief Surveillance Inspector at the Office of Surveillance Commissioners says that “the legal and policy framework is not strict and that oversight is not rigorous”, we should worry.

At the bottom of all this lies our ability to build trust not only with sources, but with the audiences and communities we serve, and where sources live and work. This is the battle that Apple is having right now; that BlackBerry had in India. It is the reason that no one trusts Skype, or uses webcams on Yahoo.

For once the news industry has a chance to learn from the mistakes of the tech industry. We should not miss it. The NUJ has a briefing on what happens now, and the Open Rights Group has guidance on how to write to your MP.

This post was first published on the Online Journalism Blog.

Thoughts On Journalism

Taking on the problems and challenges in journalism.

Thoughts On Journalism

Taking on the problems and challenges in journalism. Spreading ideas, passions and new ways of thinking about media. A publication run by Media Lab Bayern.

Paul Bradshaw

Written by

Write the @ojblog. I run the MA in Data Journalism and the MA in Multiplatform and Mobile Journalism @bcujournalism and wrote @ojhandbook #scrapingforjournos

Thoughts On Journalism

Taking on the problems and challenges in journalism. Spreading ideas, passions and new ways of thinking about media. A publication run by Media Lab Bayern.