Communication Security

_THE CONVERSATIONS WE HAVE over phone calls, text messages, and even social media are usually not as secure as we need them to be.

That is, your conversations can be read by the service provider (e.g., the phone company, social media companies). This might be especially problematic if you are investigating one of these service providers, or a government that they answer to. The good news is that there are simple alternatives that allow you to have a conversation privately.

READ ON FOR YOUR COMMUNICATION SECURITY STRATEGIES:

01: Create a communications plan for secure messaging, calling, and video conferencing

02: Secure and encrypt your emails

Lyric Cabral, on establishing a secure communications plan

“Let’s say I’m communicating with someone about a film plan, whether that’s the crew or people who will be in front of the camera, it becomes a question of how to communicate that information in the most secure manner. There is a tension between [security] and technological possibilities. I personally use encryption technology, like Signal, to communicate, but that requires the person on the other end to have the capacity to download the app. And if they don’t have that capacity, it’s contingent on me to plan around that.”

Strategy 01
Create a communications plan for secure messaging, calling, and video conferencing

_A SECURE COMMUNICATIONS PLAN should be established at the outset of any film project. It can take many forms, but should include:

  • A collective agreement on what topics constitute a sensitive conversation
  • Approved tools for sensitive team conversations on mobile and desktop (e.g., strategizing with your producer and editor)
  • Approved tools for sensitive external conversations on mobile and desktop (e.g., discussions with funders, collaborators, and sources)
  • A fallback plan for when things go wrong (e.g., agreement on how the team can get back in touch over a reliable mode of communication)

When dealing with sensitive sources and other external collaborators, you’ll often have to meet them where they are. Sometimes, this means making concessions for the sake of access. With an agile understanding of communication security versus accessibility, you equip your team with the information everyone needs to stay safe, and keep every stage of the project under wraps.

Recommendations
Signal, WhatsApp, Wire, Keybase_
For secure messaging and calling, use an end-to-end encrypted app
Read now
BEGINNER
Platforms:
iOS
Android
MAC OS
Ed Ou, on privileging end-to-end encryption everywhere

“Every time I reach out to someone, I try as much as I can to get them on Signal immediately, or WhatsApp, or whatever their comfort level is. I kind of give the same speech to every subject, regardless of who that is. I think in that way, it furthers my personal opinion that privacy is something that really everyone should be thinking about.”

Jitsi Meet, Zoom, Wire_
For video-conferencing, use a tool that meets your security, privacy, and accessibility needs
Read now
BEGINNER
Platforms:
Strategy 02
Secure and encrypt your emails

_EMAIL IS ESSENTIAL for communication in virtually any industry. Filmmaking is no exception. Email is ubiquitous, and inherently insecure.

With most email services, your message content is protected with encryption between the sender (e.g., you), the service provider (e.g., Google via Gmail), and the recipient (e.g., your colleague). This level of security will not protect the content of your messages should they be intercepted through a legal request, or if someone manages to break into your email account. For those situations when email is necessary, but a higher level of security is required, PGP encryption can help.

PGP stands for Pretty Good Privacy, a standard designed to help users encrypt messages and files. There are many different implementations of PGP encryption in email, and as always, each has its own usability and security tradeoffs. We’ll introduce three approaches to PGP encryption within email, as well as some general best practices — choose the best approach for you by referring to how you assess your risks.

Recommendations
Follow email best practices
Read more
BEGINNER
Platforms:
Protonmail_
Encrypt email with ProtonMail
Read more
BEGINNER
Platforms:
MAC OS
LINUX
WINDOWS
Laura Poitras, on mitigating the risks of using email while filming Risk

“When I started this project on Wikileaks, I was very aware that there are national security letters, that the government can obtain your email records pretty easily without going through a warrant process. I wanted to get an email address that would be harder to get, so I obtained an email address from a university. I created anonymous email addresses not in my true name.”

Mailvelope_
Encrypt email with Mailvelope
Read more
INTERMEDIATE
Platforms:
LINUX
MAC OS
WINDOWS
Thunderbird_, Apple Mail_
Encrypt email with a PGP client
Read more
ADVANCED
Platforms:
LINUX
MAC OS
WINDOWS
back to home
Is a project by:
Risk Assessment
Footage Security
Communication Security
Mobile Security
Desktop Security
Travel Security
More Resources
Glossary of Terms