_A SECURE COMMUNICATIONS PLAN should be established at the outset of any film project. It can take many forms, but should include:
- A collective agreement on what topics constitute a sensitive conversation
- Approved tools for sensitive team conversations on mobile and desktop (e.g., strategizing with your producer and editor)
- Approved tools for sensitive external conversations on mobile and desktop (e.g., discussions with funders, collaborators, and sources)
- A fallback plan for when things go wrong (e.g., agreement on how the team can get back in touch over a reliable mode of communication)
When dealing with sensitive sources and other external collaborators, you’ll often have to meet them where they are. Sometimes, this means making concessions for the sake of access. With an agile understanding of communication security versus accessibility, you equip your team with the information everyone needs to stay safe, and keep every stage of the project under wraps.
“Every time I reach out to someone, I try as much as I can to get them on Signal immediately, or WhatsApp, or whatever their comfort level is. I kind of give the same speech to every subject, regardless of who that is. I think in that way, it furthers my personal opinion that privacy is something that really everyone should be thinking about.”
_EMAIL IS ESSENTIAL for communication in virtually any industry. Filmmaking is no exception. Email is ubiquitous, and inherently insecure.
With most email services, your message content is protected with encryption between the sender (e.g., you), the service provider (e.g., Google via Gmail), and the recipient (e.g., your colleague). This level of security will not protect the content of your messages should they be intercepted through a legal request, or if someone manages to break into your email account. For those situations when email is necessary, but a higher level of security is required, PGP encryption can help.
PGP stands for Pretty Good Privacy, a standard designed to help users encrypt messages and files. There are many different implementations of PGP encryption in email, and as always, each has its own usability and security tradeoffs. We’ll introduce three approaches to PGP encryption within email, as well as some general best practices — choose the best approach for you by referring to how you assess your risks.
“When I started this project on Wikileaks, I was very aware that there are national security letters, that the government can obtain your email records pretty easily without going through a warrant process. I wanted to get an email address that would be harder to get, so I obtained an email address from a university. I created anonymous email addresses not in my true name.”