The article you just read was brought to you by a few thousand dedicated readers. Will you join them?

Thanks for coming by The Tyee and reading one of many original articles we’ll post today. Our team works hard to publish in-depth stories on topics that matter on a daily basis. Our motto is: No junk. Just good journalism.

Just as we care about the quality of our reporting, we care about making our stories accessible to all who want to read them and provide a pleasant reading experience. No intrusive ads to distract you. No paywall locking you out of an article you want to read. No clickbait to trick you into reading a sensational article.

There’s a reason why our site is unique and why we don’t have to rely on those tactics — our Tyee Builders program. Tyee Builders are readers who chip in a bit of money each month (or one-time) to our editorial budget. This amazing program allows us to pay our writers fairly, keep our focus on quality over quantity of articles, and provide a pleasant reading experience for those who visit our site.

In the past year, we’ve been able to double our staff team and boost our reporting. We invest all of the revenue we receive into producing more and better journalism. We want to keep growing, but we need your support to do it.

Fewer than 1 in 100 of our average monthly readers are signed up to Tyee Builders. If we reach 1% of our readers signing up to be Tyee Builders, we could continue to grow and do even more.

If you appreciate what The Tyee publishes and want to help us do more, please sign up to be a Tyee Builder today. You pick the amount, and you can cancel any time.

Support our growing independent newsroom and join Tyee Builders today.
Before you click away, we have something to ask you…

Do you value independent journalism that focuses on the issues that matter? Do you think Canada needs more in-depth, fact-based reporting? So do we. If you’d like to be part of the solution, we’d love it if you joined us in working on it.

The Tyee is an independent, paywall-free, reader-funded publication. While many other newsrooms are getting smaller or shutting down altogether, we’re bucking the trend and growing, while still keeping our articles free and open for everyone to read.

The reason why we’re able to grow and do more, and focus on quality reporting, is because our readers support us in doing that. Over 5,000 Tyee readers chip in to fund our newsroom on a monthly basis, and that supports our rockstar team of dedicated journalists.

Join a community of people who are helping to build a better journalism ecosystem. You pick the amount you’d like to contribute on a monthly basis, and you can cancel any time.

Help us make Canadian media better by joining Tyee Builders today.
We value: Our readers.
Our independence. Our region.
The power of real journalism.
We're reader supported.
Get our newsletter free.
Help pay for our reporting.

Are Leaked Docs Safe With Canadian Reporters?

A homegrown Ed Snowden would find few journos with encrypted email.

By Tim Groves 27 Mar 2015 | Canadaland

Tim Groves is a freelance reporter and investigative researcher based in Toronto. His articles have appeared in The Guardian, the Toronto Star, and more.

[Editor's note: An earlier version of this story ran on Canadaland, March 19. Since then, dozens of Canadian reporters have begun using encrypted email. To learn how to safely leak and receive documents, see Electronic Frontier Foundation's tutorials here.]

Thousands of people in Canada have access to top secret government documents, but if any of them are considering following in the footsteps of Edward Snowden and leaking records to journalists, they will find comparatively few reporters in this country who are capable of protecting them.

Snowden, an NSA contractor-turned-whistleblower, leaked a massive trove of documents that revealed potentially illegal surveillance programs throughout the "Five Eyes" intelligence alliance of Australia, Canada, New Zealand, the United Kingdom and the United States. Intelligence agencies in these countries not only monitor the communications of terrorists and foreign states, they also collect private and potentially compromising information from journalists and the public at large.

However, since the Snowden leaks were made public, only a handful of reporters in Canada have taken steps to secure themselves and their sources. Many investigative reporters and even some national security reporters in Canada are not equipped with email encryption.

A Canadaland investigation into over 100 Canadian media organizations, including all major papers and broadcasters, found only 37 journalists in the country have publicly begun using encrypted email with their work accounts since the first Snowden NSA stories in June 2013. This information was obtained using the MIT PGP Public Key Server, a sort of a phone book for PGP encrypted email contacts, to find journalists and other staff publicly using PGP encryption with their work email accounts. The number does not include freelance reporters, but it remains atrociously low when compared with journalists in the United States.

For example, in the same period from June 2013 to present, reporters at the New York Times alone registered 55 encrypted professional email accounts.

Only 12 media outlets in Canada have had reporters sign up for encryption since the Snowden leaks. The Toronto Star tops the list with seven new PGP users, Sun Media has six, and The Globe and Mail and La Presse tie the CBC with five new PGP users apiece.

Dozens of media organizations including Global, Maclean's and The Canadian Press, didn't have a single email address registered on a public key server. 

However, looking up the emails of media organizations on the public key server does not reveal all the journalists using encryption. Three categories of journalist do not show up: freelance journalists, reporters who have only encrypted their personal email accounts and those who have not listed themselves on the server.

For example, VICE Canada politics reporter Justin Ling uses PGP but hasn't uploaded his key to a public key server. His colleague, Matthew Braga, listed his personal account on the server in 2013, but only added his email address this February.

To increase the scope of our investigation, Canadaland set up an email account under a pseudonym, "Loqior," and contacted several Canadian journalists while posing as a source hoping to leak them documents through encrypted means:

"Is there a way to send you an encrypted message? I was not able to find you on the Public Key Server. If you are using PGP encryption, please send me your public key."

The email was sent to national security reporters, the winners of the most recent round of Canadian Association of Journalists (CAJ) awards and to investigative news programs.

Reporters who were already using encryption were not contacted. These included the CAJ award winners Amber Hildebrandt and Michael Pereira of the CBC, who are currently collaborating with Dave Seglins to report on Snowden documents. National security reporters Michelle Sheppard of the Toronto Star and Colin Freeze of The Globe and Mail were also already using encryption.

However, the majority of CAJ award-winning reporters did not respond to the email. Neither did the investigative news programs W5, The Fifth Estate and 16x9. Update: The Fifth Estate says a PGP key can be provided on its website.* Two national security reporters who were contacted -- Jim Bronskill of The Canadian Press and Ian MacLeod of the Ottawa Citizen -- were not using encryption but are planning to do so in the future. Both indicated that if the matter was urgent they would set it up right away.

'Encryption works': Snowden

On the other hand, some positive stories did emerge.

Glen McGregor, a reporter with the Ottawa Citizen, initially responded, "No, don't have anything like that but I suppose I should probably get one." Less than 30 minutes later he replied with a newly established public key.

Similarly, Tyee journalist David Ball replied, "There is now" along with a link to his public key.

Most impressive was the response from CBC's Ian Johnson, who replied to the email with the key for a "trusted colleague" and explained, "If necessary, we have access to an air-gap computer, use Tails and can also use other tools to help ensure privacy if the situation requires it."

Robert Fife, a parliamentary reporter with CTV, responded by saying the he did not use PGP encryption, but provided his BlackBerry PIN-to-PIN, another means of sending an encrypted message that is widely used in government circles. While much more secure than sending unencrypted messages, Blackberry PIN messages fall short of the security provided by other forms of encryption. The CSE states on their website that "any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry."

"Encryption works," declared Snowden, shortly after stories based on his leaks were first revealed. "Properly implemented strong crypto systems are one of the few things that you can rely on."

Whether through legal or illicit means, unencrypted emails can be read by a variety of parties, including internet service providers, email providers, law enforcement, spy agencies, and criminal hackers. Without encryption, a journalist has shut the door to sources who need a secure method of communication in order to protect their identity.

"As a reporter, you are holding yourself out to the public as someone who sources can trust" says Lex Gill, a Montreal based activist and law student, who has organized training sessions, dubbed 'crypto parties,' aimed at helping the public learn to use encryption tools. "In this day and age it is irresponsible for anyone who is communicating with vulnerable sources, or has sensitive documents, to not be using encryption. This is a matter of journalistic ethics."

If any CSE employees are disturbed by their agency's current activities, they may not feel safe approaching many media organizations in Canada. That's because the handful of journalists using PGP encryption on its own this is not enough to protect sources with highly sensitive records.

The new manilla envelope

In 2013, The New Yorker began using SecureDrop, a system designed to allow sources to send journalists records with considerable protection.

The following year The Guardian, the Washington Post and many other media outlets began using SecureDrop. However, it wasn't until earlier this month that the Globe and Mail became the first organization in Canada using the tool.

"SecureDrop is the 21st-century equivalent of the manila envelope," said David Walmsley, The Globe and Mail's editor in chief, when the newspaper announced earlier this month that it had adopted the technology.

Sources can upload encrypted data to SecureDrop, but the system is only accessible through Tor, a tool that allows users anonymity by routing their online traffic through multiple computers across the internet.

Journalists then receive the encrypted data from SecureDrop and transfer it via a USB key to an air-gapped computer -- a machine without an internet connection -- to prevent external access. The data is then decrypted on the air-gapped computer, which uses Tails, an operating system that runs off a USB key and leaves no trace on the computer running it.

The Globe and Mail, however, is not the only media organization in Canada that is capable of secure communication beyond PGP. Some reporters at CBC are capable of decrypting messages on an air-gapped computer running Tails. The problem is that the broadcaster doesn't publicize this capability, and potential sources have no way of knowing.

The handful of CBC reporters using encryption are likely a product of the broadcaster's current collaboration with Glenn Greenwald, one of the reporters first approached by Edward Snowden, and his publication The Intercept.

On Oct. 21, 2014, Greenwald visited CBC's Toronto headquarters to talk about his reporting on surveillance. On that same day Dave Seglins first registered an encrypted email account. Soon after Amber Hildebrandt and Michael Pereira would also encrypt their emails, and a few weeks later the CBC began publishing stories on Snowden documents related to CSE.   

While any number of spy agencies around the world may be targeting journalists covering national security, reporters covering other beats are not immune from risk.

"The government isn't the only party who has strong incentives to monitor your communications: everyone from the private sector to organized crime might pose a risk to journalists," says Gill, the Montreal based law-student.  

She is convinced encryption is integral to the future of journalism, and encourages reporters to not only learn to use PGP encryption but to also use other tools that are designed to encrypt their phone calls, chats, text messages, and the data that is stored on their computers. She thinks it is particularly important that reporters are encrypting their notes, and other sensitive documents.

"Learning basic encryption is not difficult," states Gill, "reporters have no excuse for not using it."  [Tyee]

*Updated Friday, March 27 at 8:10 a.m.

Read more: Media


What: Tyee Master Class with investigative reporter Tim Groves.

When: 6 to 8 p.m. on Monday, April 13 and Tuesday, April 14.

Where: Online via webinar

Cost: $100

What you'll learn: the skills and techniques that investigative journalists, private eyes, and other researchers use to unlock hidden information on the web.

To find out more and register, click here

Share this article

The Tyee is supported by readers like you

Join us and grow independent media in Canada

Facts matter. Get The Tyee's in-depth journalism delivered to your inbox for free


The Barometer

Tyee Poll: What Coverage Would You Like to See More of This Year?

Take this week's poll