After more than 10 years at The Wall Street Journal, I took the buyout offered to the newsroom this fall. My decision is bittersweet: Although I’ll miss my colleagues, I am excited for the opportunities coming my way this year.
I will be spending time with family and will start 2017 as interim communications director at the new Knight Institute for the First Amendment at Columbia University. The institute, funded jointly by the Knight Foundation and Columbia, works to protect and expand freedoms of speech and the press in the digital age.
As the Internet has shaken the media industry, traditional outlets have been less able to undertake First Amendment litigation. Simultaneously, changes in communications technology are raising First Amendment questions about things such as surveillance and the freedom of Internet platforms. The institute will aim to help solve these problems in favor of greater press freedoms. I’ll be working with them to get their website launched, get on social media, develop an introductory symposium and produce initial research and commentary.
I also will do some freelance work this year, so stay tuned. My plan is to head back to full-time journalism work late in 2017.
I’ve written here before about “empirical journalism” and the idea that reporters don’t have to wait for experts to conduct studies that might help readers. Continuing with that idea, recently I worked with a computer researcher to evaluate the security of popular Wi-Fi routers for a story.
The novel survey showed that half the devices arrived with known, previously documented security weaknesses. Only two required users to change from the default password–something that computer security pros have been demanding for many years. Half didn’t let users easily check for new software during the standard setup process. Instead, users had to search on the Web themselves or run optional programs. Two actually told users that updated software wasn’t available, when in fact it was, and one directed users to download new software that itself had a severe, documented security flaw.
Security of Wi-Fi routers might not sound too sexy. But routers already have been used in attacks to disrupt networks or siphon people’s data. And they’re one of many types of devices that are being connected to the Internet but that don’t receive the security attention of PCs. Trust me, these devices are poised to become more important to hackers in the future; almost every security pro I talk with sees things like this as a weak link.
One of my favorite parts of the biggest article I wrote this year is summed up in just a single line: “The Journal this week filed legal motions in a Texas federal court to unseal several cases.”
The paper’s publisher filed the motions in an effort to open up documents related to law enforcement requests for electronic surveillance that have been kept under seal for years. Such documents were the subject of my story, which looked at the increase in federal surveillance requests and the fact that most of them remain secret indefinitely, unlike traditional search warrants.
I’m excited about the case because it’s not the sort of thing in which I’m frequently involved. The legal issues involved here are relatively new and untested, and it’s great to get a news organization like the Journal on record behind the public’s right to information in this type of case.
For now, the matter is before a judge in Texas. An example of the government’s response is here, and one of our latest filings is here.
Over the past year, I’ve been increasingly asked to speak about computer security for journalists–specifically, how reporters can avoid surveillance by governments and help protect their sources.
Unfortunately, many people seem to think there’s some kind of magic bullet that will protect reporter-source conversations, and that all our problems would be solved if reporters could simply learn to use encryption. But encryption isn’t as magic bullet; there’s much more to source protection than encrypted email.
If you’re here thinking you’re going to find an easy solution–or any particular solution at all, really–I’m sorry. I don’t have one.
But I’ve been speaking about this subject enough now that I have a few tips and tools I’d like to put together in one place.
Note: After publication of this post, the Journal’s graphics server was hacked. Graphics associated with this story may not be available.
For some people, the price of a Swingline stapler on the Staples.com website is $15.79, while for others, it’s more than a dollar cheaper, at $14.29. This is for the same stapler, at the same time, with the same shipping costs and taxes.
So what’s going on?
My colleague Jeremy Singer-Vine and I found that the Staples website was displaying different prices to people after it had estimated their locations — and that, specifically, Staples appeared to be offering discounts to people who were closer to rival brick-and-mortar stores.
The story, which was in The Wall Street Journal in December, identified several companies that consistently adjusted prices and offers online based on a shopper’s characteristics, including location. It was a fun story to write and to report. But perhaps the most important part of the reporting of this story is actually found in the technical methodology, which appeared only online.
This reporting was primarily a technical feat by Jeremy and another colleague, Ashkan Soltani. The two of them built custom software to analyze pricing on sites. And on Staples, Jeremy simulated visits from all the more than 42,000 ZIP Codes in the U.S. and analyzed the results statistically.
So why is this important? Because this type of work allows us as journalists to develop theories and test them ourselves. Without this, we would have to rely on others to tell us what’s happening — when too often, people simply don’t want anyone to know what’s going on.
Sure, it’s not possible to do this type of journalism on every subject. But I find it helpful to think regularly about whether a subject might benefit from data gathering and analysis.
And I’ve found that empirical journalism particularly helpful when studying the Internet. It’s something my editor Julia Angwin pioneered in the What They Know series, which reshaped the debate on digital privacy precisely because it produced empirical evidence in addition to a compelling story.
Empirical journalism isn’t a new idea, of course. For decades, journalists have developed stories by painstakingly investigating and compiling information. Recently, data-driven journalism has produced great work as well. But the type of reporting in the What They Know series is slightly different; it involves not just analysis of an existing dataset, but rather the gathering of entirely new data. And it’s the future of technology coverage.
The Wall Street Journal had its first hackathon this year. Sort of.
The Data Transparency Weekend, as it was officially called, was actually billed as a “codeathon,” a word that might be meaningless but that, unlike the more commonly accepted word “hackathon,” is guaranteed not to alarm anyone who is worried about masked geeks bent on cyberdestruction.
Over that weekend in April, the Journal brought about 100 programmers together to work on tools to help people see and control their personal data. The projects, which surpassed even my high expectations, ranged from a tool for monitoring data that escapes your cellphone to software that lets Web surfers see what their browsing habits indicate about their demographic profile.
Generally, like any good journalist, I’m a bit cynical. I’m not prone to using phrases like “community-building” or “honoring the process.” But this weekend left me optimistic. Among the highlights: Princeton professor and Chief Federal Trade Commission Technologist Ed Felten hacking with his daughter, a high-school computer science student; cat-shaped emoticons in the Cryptocat chat room; and a censorship-detection tool modeled on “Minesweeper.”
My husband and I also had the pleasure of hosting a couple Data Transparency Weekend hackers at our home in Brooklyn. To decide who slept in the guest room and who slept on the couch, they used a random number generator. Awww.
If you want to communicate more securely, encryption can be a good solution. For email, I use a tool called PGP, which stands for “pretty good privacy” and which relies on a system of “keys” to lock and unlock data. PGP does a good job of protecting the content of your messages, but using it isn’t exactly simple, especially for the average person.
I’ve gotten a few questions in the past several months from journalists and others who want to email in a more secure way but don’t yet know how to use PGP, so I figured I’d provide some basic instructions. If you have any further questions, please feel free to let me know.
Before you get started, a word of caution: Using encrypted email can protect the contents of your messages, but it doesn’t hide the fact that you were sending the message in the first place.