“It's not paranoia if they really are out to get you”: Navigating risk to journalists when connected devices are everywhere
IAMCR 2022 Conference “Communication Research in the Era of Neo-Globalisation: Reorientations, Challenges and Changing Contexts” (2022), 18 pp.
Institution of author: University of Oxford
"The consumer Internet of Things (IoT) is a fast-growing area of technology, increasingly embedded in the public and private spheres, including both in and on bodies. There are various security concerns and academic investigations into potential risks of this expansion, but none yet specifically addressing the implications to journalists and the democratic pillar of press freedom. Not only are risks to this community not yet assessed, but IoT threats generally are not communicated without technical jargon, making them inaccessible to non-experts. Given the importance of a free press, mapping IoT devices and, crucially, communicating associated risk in ways understandable and actionable to journalists themselves, is key.
Journalists and the press are particularly at-risk from IoT devices that may feature in the environments with which they must regularly interact because of the fundamental imperative of source confidentiality. Previous research demonstrated that members of the press are largely unaware of the ways in which the IoT can threaten their work and wellbeing. The networked capabilities of IoT devices increases the ease with which well-resourced threat actors can target journalists who routinely handle confidential information and are already at risk around the world from a variety of non-IoT threats. This paper therefore presents a novel categorisation of both ambient and wearable consumer IoT devices according to the environments in which journalists are most likely to interact with them. It draws on related academic work classifying devices for technical audiences to create a system that is accessible to journalists and their sources. Its goal is to make members of the media aware of the prevalence of these technologies and which of the devices’ capabilities may increase their individual risk. Useful risk assessments cannot be undertaken without an accurate understanding of where threats may be encountered. By systematically outlining risks in numerous environments, this taxonomy can be easily incorporated into existing security training materials and risk assessments for journalists. This paper presents a novel taxonomy to codify and organise IoT present in different environments, with examples of how journalists and their work could be impacted, both passively (i.e. via surveillance) or actively (i.e. via information theft). It also discusses how different environments that may contain IoT devices are often under the control of actors whom journalists cannot easily influence, nor protect themselves against. Especially as these devices continue to proliferate, journalistic risk from IoT devices in surrounding environments are growing. It is therefore important to address the contemporary and emerging risks to journalism that are associated with connected devices. This paper enables journalists and readers to not only visualise and conceptualise how IoT devices in different environments may create risks, its user-focused language and organisation also empower journalists to begin to use this taxonomy for awareness, mitigation, and protective purposes." (Abstract)
Journalists and the press are particularly at-risk from IoT devices that may feature in the environments with which they must regularly interact because of the fundamental imperative of source confidentiality. Previous research demonstrated that members of the press are largely unaware of the ways in which the IoT can threaten their work and wellbeing. The networked capabilities of IoT devices increases the ease with which well-resourced threat actors can target journalists who routinely handle confidential information and are already at risk around the world from a variety of non-IoT threats. This paper therefore presents a novel categorisation of both ambient and wearable consumer IoT devices according to the environments in which journalists are most likely to interact with them. It draws on related academic work classifying devices for technical audiences to create a system that is accessible to journalists and their sources. Its goal is to make members of the media aware of the prevalence of these technologies and which of the devices’ capabilities may increase their individual risk. Useful risk assessments cannot be undertaken without an accurate understanding of where threats may be encountered. By systematically outlining risks in numerous environments, this taxonomy can be easily incorporated into existing security training materials and risk assessments for journalists. This paper presents a novel taxonomy to codify and organise IoT present in different environments, with examples of how journalists and their work could be impacted, both passively (i.e. via surveillance) or actively (i.e. via information theft). It also discusses how different environments that may contain IoT devices are often under the control of actors whom journalists cannot easily influence, nor protect themselves against. Especially as these devices continue to proliferate, journalistic risk from IoT devices in surrounding environments are growing. It is therefore important to address the contemporary and emerging risks to journalism that are associated with connected devices. This paper enables journalists and readers to not only visualise and conceptualise how IoT devices in different environments may create risks, its user-focused language and organisation also empower journalists to begin to use this taxonomy for awareness, mitigation, and protective purposes." (Abstract)
