On July 16th, US President Donald Trump and Russia’s Vladimir Putin will meet for their first summit in Helsinki, Finland. Some consider this an important meeting of two statesmen that could redefine the political world order, while others expect it to be a kind of employee evaluation meeting (“So, Agent Orange, how would you, in your own words, describe your performance in the last twelve months?”).
Neither the American troublemaker-in-chief nor Russia’s premier conqueror of wild animals have a reputation of looking very favorably at the concept of a free press. This is why Finnish IT security company F-Secure recently issued some very helpful OPSEC advice for journalists attending this summit (or, one might add, *any* political event).
“OPSEC”, in case you aren’t familiar with this term, is short for “operational security”. The phrase is taken from military language. It basically means, “covering your tracks by handing out the least amount of information possible to enemy forces”, by, say, *not* using a fitness app that uploads your jogging route data to the cloud even though you’re stationed at a supposedly secret military base. Today, the term is commonly used in the wider sense of “staying safe under adverse conditions”, such as a reporting from a civil war, being a Kremlin critic in Russia, or working for a newspaper in the Unhinged States of America, continuously whipped up by Trump’s anti-free press hate speech.
F-Secure’s Information Security Manager Samuli Airaksinen offered the following advice to journalists (I’m summarizing here):
* Always use a VPN, i.e. an encrypted network connection, for hooking up to the internet.
* Never plug in unfamiliar USB devices, such as – and I’m not making this up – USB-connected fans that were handed out to journalists covering the recent Trump/Kim Jong-un summit. (Every kind of USB device can contain malware, even if’s something as unsuspicious-looking as a miniature fan.)
* Use end-to-end-encrypted communications services such as Signal instead of SMS or e-mail.
* Secure your device, e.g. with a log-in passphrase, disk encryption, and by installing up-to-date software with all the security patches.
F-Secure security advisor Sean Sullivan added that one should be very careful when updating software *during* such an event, as even careful users can be tricked by fake update pop-ups in a hectic environment.
As helpful as this advice is, let’s take it a few steps further. Here are some tips that I feel direly need adding:
* At summit press conferences, all journalists should wear Groucho Marx masks. This would not only give anonymity to critical journalists, but would also provide the level of dignity a Trump/Putin press conference deserves.
* When posing questions to Trump, journalists should always start with, “Jim Acosta, CNN. Mr. President…” Claiming to work for CNN practically guarantees that Trump will refuse to answer, saving all media the effort of covering it, and of covering a tweet with the exact opposite statement a few hours later.
* For an even higher OPSEC level, journalists should use code names such as Mr. Black, Mr. White, of Ms. Mauve. If you really want to play it safe, you should also address the politicians by code names, such as Mr. Red, or Cry-Baby Orange.
* Investigative journalists, especially those covering the Kremlin, should be very careful about where or what they eat. They should make reservations at several restaurants simultaneously, only to attend a totally different one. Also, always check your food with a Geiger counter before eating. On a final note, you are advised to avoid the chocolate you’ll find on your hotel bed pillow. Especially if it emits gamma rays or comes with a USB plug.