Google Services Don't Guarantee Privacy

Journalists aren't the only ones who should take stronger security measures with online services, security researcher warns--and Google counsel agrees.
10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
But news organizations should also get a clue about security, said Soghoian, and do right by their confidential sources. The Wall Street Journal, for example, launched a WikiLeaks knockoff, SafeHouse, in May. But privacy experts blasted the site for a string of security shortcomings, including poor SSL implementation, as well as Adobe Flash as a choice of uploader, since it would defeat anonymizing technologies such as Tor. In addition, the site's terms of service further break that "safe house" metaphor, saying that "we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice."

Besides Google and its ilk, as well as media organizations, Soghion also singled out journalists for failing to practice proper privacy, for example by not using secure communications. "Many major media organizations have distanced themselves from WikiLeaks, which, they tell us, is reckless, and does not engage in real journalism," said Soghoian in an op-ed published last week in The New York Times. "But if the hallmark of quality journalism is the ability to protect confidential sources, then WikiLeaks should, in fact, be seen as a beacon of best practices."

Will DeVries, policy counsel at Google, concurred with that piece. "Journalists (and bloggers, and small businesses) need to take a couple hours and learn to use free, widely available security measures to store data and communicate," he said via Google+. In other words, don't trust in Google to keep your data secure.

What could journalists--or businesses owners concerned with blocking industrial espionage attacks--do better? Start by encrypting stored data and transmitting sensitive information in encrypted format.

In addition, when it comes to protecting confidential sources and securing transmitted information, look to the standard set by WikiLeaks, said Soghoian. "Whatever one thinks of Mr. Assange, he is a skilled data security expert. He knows an awful lot more about information security than even the most tech-savvy journalist," he said. "His platform appears to have worked: none of WikiLeaks' confidential sources have ever been exposed by the organization. (Bradley E. Manning, the detained Army private who has been accused of the leak, was exposed by an acquaintance.)"

"Until journalists take their security obligations seriously, it will be safer to leak something to WikiLeaks--or groups like it--than to the mainstream press," he said.