After Edward Snowden revelations, a changed world for journalists

The top editor of the British newspaper The Guardian told Parliament on Tuesday that since it obtained explosive documents on government surveillance from a former National Security Agency contractor, Edward J. Snowden, it has met with government agencies in Britain and the United States more than 100 times and been subjected to measures "designed to intimidate."

The editor, Alan Rusbridger, said the measures "include prior restraint" as well as visits by officials to his office, the destruction of Guardian computer disks using power tools and repeated calls from lawmakers "asking police to prosecute" The Guardian for disclosing the classified material in news articles.

Rusbridger was testifying before a parliamentary committee looking into national security matters. He faced aggressive questioning from lawmakers, particularly those of the ruling Conservative party. Some asserted that The Guardian had handled the material irresponsibly, putting it at risk of interception by hostile governments and others. Others said that the paper had jeopardized national security.

At one point during the hearing, to his evident surprise, Rusbridger was asked whether he loved his country. He answered in the affirmative, noting that he valued its democracy and free press.

He also said The Guardian would "not be put off by intimidation" but would also not act recklessly.

Following Rusbridger in front of the committee, a senior British police officer, Cressida Dick, refused to rule out prosecutions as part of an investigation into the matter.

"It appears possible once we look at the material that some people may have committed offenses," she said.

Rusbridger's appearance gave a public airing to issues that newspapers, particularly those that have dealt with Snowden's material, have been grappling with in private. Journalists are struggling to adjust to a new world that sometimes resembles a spy novel, with governments aggressively investigating leaks of sensitive material, security experts and journalists said.

"The old model was kind of like your house," said Marc Frons, the chief information officer of The New York Times. "You locked your front door and windows but not your desk drawer, even if it had your passport inside. In the new model, you have locks on everything."

The Guardian, The Washington Post and The Wall Street Journal declined to comment about internal security arrangements.

But Rusbridger told Parliament that the newspaper was "not blind to the sensitivity of this material, and we went to more precautions over this material than any other story we have ever handled."

Senior editors at The Guardian were initially skeptical earlier this year when asked to hand over their cellphones before discussing Snowden's documents, said a person with knowledge of the reporting process, who did not want to be named discussing confidential security procedures.

That soon changed when they reviewed the information Snowden had supplied, this person said. The documents, they came to realize, would be of intense interest to any of several parties - the U.S. and British governments from which they were taken, other governments like China and Russia seeking an espionage edge and hackers seeking to embarrass either government agencies or the publications writing articles about the material.

Eventually, the skepticism receded and the same editors insisted that meetings be held in rooms without windows and that any electronic devices nearby be unplugged. Computers that contained the information could never be connected to the Internet. And reporters who needed to consult colleagues in other countries about the documents had to meet them in person, despite the extra costs. On one occasion, Rusbridger said Tuesday, encrypted documents were sent via Federal Express.

Nicholas Weaver, a computer security researcher at the University of California, Berkeley, said that effective countermeasures began with first contact with a source.

Noting that electronic devices "leave fingerprints everywhere you go," he described what he viewed as effective precautions for news gatherers.

"Leave all your high-tech gadgets at home; meet in a public location that's kind of noisy, and wear a hat so you don't get caught on camera," he said.

"You have to walk there, because we have this network of license plate readers now," he said, or buy a transit ticket with cash and dispose of it afterward.

As for making first contact with a sensitive source, Weaver said, "you have to wait for them to contact you."

Trenchcoats are optional.

Communicating with existing sources, said Ashkan Soltani, a security expert and reporter who has worked with The Guardian, The Wall Street Journal and The Washington Post, should be done on a computer isolated from all other "promiscuous communications" like web browsing and downloading files, to avoid malicious software being installed secretly to monitor activity.

"If the computers have malware, no amount of secure email, no amount of encryption, is going to help," he said.

The threat is not abstract: Several news organizations have been victimized by hacking in recent years. In 2012, Chinese hackers infiltrated The New York Times' systems, seeking access to reporters' inboxes.

The U.S. government, too, seeks access to email information involving news organizations. Several secret subpoenas to technology companies like Google for data relating to accounts linked with WikiLeaks have surfaced in recent years.

The phone records of dozens of Associated Press reporters, including records for some home and cell lines, were seized by the Justice Department in 2012. The company did not find out for nearly a year.

Government officials in both Britain and the United States say that leaks of classified material can damage national security interests. They have defended surveillance programs as necessary in providing valuable information that helps protect against a variety of threats.

The issue is particularly pressing, several experts said, as news organizations, including The New York Times, now outsource their email services.

"A news organization, in my mind, is committing negligence in not running email in-house," Weaver said.

People briefed on security plans said that technology companies like Google regarded Snowden's revelations, and the flurry of subpoenas, as an alarm. Google now encrypts almost everything it stores or sends and has strategies for resisting government subpoenas. Microsoft has also moved to secure its Internet traffic, The Washington Post reported.

Ultimately, Soltani said, sensible security might take the shape of special computers issued to those in high-risk reporting roles. But that will most likely take time.

"It's hard to change a newsroom, harder to change a company's network and even harder to change human behavior," he said.