You, Me, And PGP

by Tommy Collison in

Our ideals of usable crypto have not been served well by PGP. So what should we do?

On Feb. 24, Moxie Marlinspike, head of Open Whisper Systems and former head of security at Twitter, wrote about the trials of using PGP encryption, a cryptographic tool for encrypting and decrypting files and e-mails:

Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don’t mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers. 

Increasingly, it’s a club that I don’t want to belong to anymore.

Before I respond to his opinions on PGP, here’s some background on me and my relation to cryptography.

2014 became the year of the cypher for me — someone’s “I prefer to receive encrypted e-mail” prompted me to learn about this PGP thing. I got to know some activists at the Electronic Frontier Foundation who encouraged me to organize events around PGP and online privacy more generally. I’ve teamed up with organizations like Verso Books and Bluestockings Activist Center to teach crypto, and held smaller events on and around the NYU campus.

I feel a part of the crypto community, but I’m not an active developer — I’m an interpreter, someone who (mostly) understands the underlying technical aspects of crypto, but who spends their time teaching non-technical people about this software and teaches them how to use it.

The more I spoke to activists and interested parties, the more I started to notice a lack of communication between encryption evangelists and the people I think should be thinking about privacy: activists and journalists.

Most journalists know basic infosec is important, but there’s a disconnect between demand for trainings and supply by volunteer instructors like me.

So from my perspective, getting those journalists trained in some form of basic infosec is more important than being very particular with the choice of tools. PGP is a total mess, but I think we’d be wrong to abandon it entirely until a more user-friendly e-mail encryption standard comes along in which we have similarly high levels of confidence.

Moxie is right: PGP is broken, probably hopelessly so. It’s been around for 20 years and the overarching ideals of cypherpunks (activists advocating widespread use of strong cryptography as a route to social & political change) are no closer to being realized.

But I disagree with Moxie’s view that PGP is totally unusable and should cease being used immediately. We’re confident it’s cryptographically secure, it solves the problem of secure e-mail (which TextSecure and such don’t).

But I’ll be the first to admit it has a ton of problems. Every time I do a workshop, the same issues come up.

  • It’s relatively hard to make private keys mobile. Private keys can live on USB sticks, but if your intention is to get people using PGP, carrying another piece of technology around is yet another behavioral change to ask them to make.
  • Setup requires administrative privileges. This is, I think, the main barrier to comprehensive PGP installations in workplaces and, crucially, newsrooms. Activists aren’t talking to IT departments yet.
  • Our metaphors don’t make a lot of sense. What’s a key? What’s a keyring? Is it different to a keychain? How do I find people’s keys? How do I use them?
So what do we do?

The solution, I think, has to come from two sides:

  • Make sure journalists have a decent grounding in infosec — not just PGP. They should know about good password habits, hard-disk encryption, and other strategies. I agree with Chris Soghoian on this one, who maintains that J-schools and newsrooms are ‘failing to provide reporters with digital security skills’: “They’re forcing journalists to figure it out for themselves,” he said.

The workshops I’ve been running are not “PGP 101.” They’re more general than that because they have to be. You can’t just budget 3 hours for a PGP installation workshop and expect everyone to get it. Trainings work best when you get repeat attendance and a build-up of skills and understanding over time.

  • Develop new cryptographic tools for e-mail. We can’t drop PGP until we have something more user-friendly to replace it that doesn’t compromise on security.

This is why the disconnect between developers and not-very technical users is so harmful, and it’s one I’m currently trying to bridge. Paul Graham once wrote that startups have to aggressively aquire the early users. Developers have to do something similar — sit down with users and see for themselves where the pain points are, and then fix them.

PGP has many, many shortcomings. But ultimately I’m optimistic. The privacy landscape has changed irrevocably since Snowden: it’s no longer a question of “can the NSA surveil journalists?” but a question of “how are we going to mitigate this problem?”. That’s a tectonic shift in the conversation.

I write a weekly column about student life and technology for the Washington Square News, NYU’s daily student newspaper. My job is to contextualize the latest tech news, answering the fundamental question of how this applies to readers. I feel like an interpreter, translating between computer to human. It’s a role I want to embrace more fully teaching journalists about digital information security.

Thanks to Dani Grant, Freia Lobo and Star Simpson for reading drafts of this.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. He studies journalism and politics at New York University. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be found on Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

NYU News: Mandatory study away can benefit college students

by Tommy Collison in

I wrote a second column this week for the Washington Square News, NYU's student newspaper. As an international student in the US (with all its inherent advantages and drawbacks...) it was fun to make the case for more travel.

NYU’s Washington Square admissions site mentions the benefits that come with living in a city so full of different cultures and communities. Beyond New York, though, students also have the opportunity to study away at portal campuses spread across six continents. 

These opportunities allows students to live in one of 13 different countries as they work toward their degrees. Such an opportunity is unparalleled. Given that the cost of living is almost always cheaper abroad than in New York and that exposure to foreign cultures has undeniable benefits, NYU should make spending a semester at an abroad site mandatory for all students who live
on campus. 

Studying away has both professional and personal benefits. Students who have traveled are seen as more well-rounded, and speaking a second or third language can significantly boost career prospects — a feat more easily accomplished through immersion than in a classroom.Choosing to live in a different country also shows adaptability and a desire to challenge oneself. 

NYU’s international student population currently stands around 16 percent. These are the students who already have experience living in a foreign country, and almost all of them can attest to the benefits of living in a different country. NYU should take steps to imbue a higher percentage of their student body with this sort of world experience.

The university has gone to great lengths to assure that those who study away are supported throughout their experiences, guaranteeing housing and assistance in securing passports and visas. They should do more and provide housing scholarships for commuter students. 

International travel can be expensive, and students are less likely to do it after graduating when they pursue careers or start families. Given that students at NYU are already paying tuition, there are fewer logistic obstacles to spending the semester in a foreign country. Students in Global Liberal Studies or the combined Global Public Health program are already required to spend at least one semester abroad, so there is very little reason not to expand this requirement to other programs since all student degrees benefit from a worldly perspective.

Mark Twain is thought to have written, “Travel is fatal to prejudice, bigotry and narrow-mindedness.” Students who study abroad distinguish themselves as having received a more rounded education than those who choose to remain in one spot. Even international students who already technically study away stand to benefit from spending part of their formative years in foreign countries, particularly those with cultures different from the United States.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. He studies journalism and politics at New York University. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be found on Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

NYU News: AT&T payment plan further erodes privacy

by Tommy Collison in

My column this week for the Washington Square News, NYU's student newspaper. 

The past year brought an unprecedented rise in discussions surrounding Internet freedom and consumer privacy, reflected in the upcoming FCC vote on net neutrality and Citizenfour, Laura Poitras’ documentary on Edward Snowden and NSA surveillance. But while the Internet is an essential component of modern life, pitfalls remain as companies seek to monetize users’ personal information. The New York Times Bits blog reported last week that AT&T is charging customers an extra $29 a month to opt out advertisements tailored to users’ browsing data. The move is the latest example of Internet service providers monetizing users’ browsing habits and represents yet another worrying erosion of
consumer privacy.

The announcement comes as part of AT&T expanding its GigaPower Internet service in parts of Kansas City, Missouri in order to compete with Google Fiber. Consumers can pay an extra $29 a month to prevent AT&T from analyzing “the webpages you visit, the time you spend on each, the links or ads you see and follow, and the search terms you enter.” But despite offering customers a way to pay and opt out, AT&T still uses cookies to track user behavior and tailor ads.

Some claim that ad tracking is beneficial because the ads users see are tailored to their interests. While targeted advertisements may be useful in certain scenarios, such as looking for a good restaurant, when users search for sensitive information like health conditions, their browsers are tagged by some of the thousands of ad agencies who make money by tracking users across the web. It is clear why this practice carries inherent privacy concerns. In 2012, the Wall Street Journal reported that varied the price of its products depending on who was browsing its site. Customers could end up paying more for goods and services because websites are tracking their location. Consumers would rightly balk if a store clerk followed them around as they browsed a brick-and-mortar store, noting their actions and preferences, but seem to have passively accepted the notion that the same actions are acceptable when they happen online. 

Giving people the option of paying for privacy is a regressive move that positions privacy as a luxury rather than a right. The rate of technological advancement far outstrips the ability to adapt and, as a result, lawmakers’ ability to regulate it. The Internet should not be yet another apparatus for private corporations to pad their bottom line. AT&T does not have to perform invasive behavioral tracking to make money considering over 100 million people pay to be wireless customers. As consumers become more concerned about privacy violations, AT&T must be more sensitive towards their users’ personal information.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. He studies journalism and politics at New York University. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be found on Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner


by Tommy Collison in

Hey blog! I almost forgot I had you. Here are an assortment of life updates from me over the last few weeks. 

I'm back in New York! I spent Xmas in Ireland and Germany, and now I'm back at NYU for my second semester of my sophomore year. I feel like much more of a real student now that I've declared my major, which was a little surprising to me -- I thought it was going to be a rubber stamp that gave me precidence for registration, but I feel much more grounded, much less of an imposter.

This is probably linked to that is the fact that I've stopped joking about dropping out like John and Patrick every two seconds. I've come to realize that college is a really great place for me to be right now, because I'm treating it like an incubation period for me. I'm getting a chance to try so many different things, and find what's right for me. It's far and away the best place for me right now.

I'm taking four journalism classes this semester. It's a lot of work, but I lucked out to some extent because only one of them is a straight up reporting class -- the rest of them are theory. On average, I'm reading about 500 pages a week for the four classes, so I'm definitely being kept busy. I spent most of this weekend in the library catching up on assignments -- they have an annoying habit of all falling due at the same time.

I'm a few weeks into my role as deputy opinion editor with the Washington Square News. Editing is a really interesting role -- not one that I was particularly familiar with before. I keep up my weekly column on the intersection of student life and technology. You can read them all together under my "Columns" tag.

It was immensely gratifying to see Citizenfour win the Oscar for Best Documentary last night. A talk on online security/safety for activists last night in Bluestockings, the activist center, went well. I'm still working on refining and streamlining these sorts of events. In the next week or two, I should be able to announce where I'm working over the summer (hint: it has to do with crypto as a public service), which will be a lot of fun.

I'm trying to read 100 books this year. Given my course schedule this semester, I'll most likely fail at it, but it's a good goal. Two books I want to draw particular attention to: 

"A Portrait of Egypt: A Journey Through the World of Militant Islam," by Mary Anne Weaver. The Middle East is an area I'm trying to get a better understanding of. Given my professor is a former Middle Eastern bureau chief for Newsday, I can't imagine a better person to learn from. If you're interested in the Middle East and contexualizing current events, you should check that book out. 

"Making News at The New York Times, by Nikki Usher." I'm in a class on the future of The New York Times this semester. I think it's going to be the most interesting one I take, if only because it's probably only going to be offered once. It's with Jay Rosen, the media critic and reporter who's currently serving an advisory role to Pierre Omidyar's First Look Media. Usher's book is a good ethnographic study of the current waters the NYT is trying to navigate. I write this 20 minutes before this class starts, and our guest speaker today is supposed to be Margaret Sullivan, the NYT's public editor. This class is an awesome opportunity.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

It's Between You, Me, and the NSA: Well-Intentioned Crypto Snake-Oil

by Tommy Collison in

I was on the subway the other evening when I noticed an ad on the subway for Talkspace, an app that connects users to licensed therapists

The headline reads: Over 70,000 people text their therapist daily.

In the ad’s screenshot, titled My Talkspace, a therapist named Nicole says “Welcome to our private Talkspace. Anything you say here is 100% secure and confidential. Please tell me what brings you here today?”

When I saw the app, I immediately questioned “100% secure and confidential.” It’s up there with “NSA-proof” when it comes to security hyperbole.

As the 6 pulled into Grand Central Station, I began to make a mental list of what I’d expect of an app that promised 100% security and confidentiality. It surprised me by not being especially long.

  • No logs.
  • It fails the Mud Puddle Test.

The Mud Puddle Test is a thought experiment for gauging who has access to your communications. Facebook chat passes the test (which is bad) but OTR-encrypted AOL instant-messaging chats with logs turned off fails, which is good. Here’s a description:

1. First, drop your device(s) in a mud puddle.
2. Next, slip in said puddle and crack yourself on the head. When you regain consciousness you’ll be perfectly fine, but won’t for the life of you be able to recall your device passwords or keys.
3. Now try to get your cloud data back.
Did you succeed? If so, you’re screwed. Or to be a bit less dramatic, I should say: your cloud provider has access to your ‘encrypted’ data, as does the government if they want it, as does any rogue employee who knows their way around your provider’s internal policy checks.
iCloud: Who holds the key?

A quick search of Talkspace’s privacy policy yields this:

We will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies)

I think this pretty quickly shows that Talkspace fails the mud puddle test, in that they can call up your chat logs if required.

I don’t know the ins-and-outs of what in-person therapists can and can’t disclose to law enforcement. Off the top of my head, I think they can break the confidentiality clause if they suspect you’re going to seriously harm yourself or others, or if they suspect child abuse. The details aren’t super important, because I don’t think any in-person therapists would ever promise 100% confidentiality.

I’ve been working almost exclusively on privacy and security issues for the last 12 months, and almost every layperson seems to have come to accept that their communications are being read by third-parties, whether it’s the government, their cellphone provider, or their ISP.

That thinking benefits people who aren’t doing anything wrong, or socially taboo. In Mubarak’s Egypt, it wasn’t the people going around saying how great the Hosni Mubarak government was who got arrested and tortured and killed — it was only the people out in the streets fighting for democracy. If you go into American Muslim communities, you will never hear anyone say “oh, I’m not worried.”

When people think they’re alone, or away from public gaze, they do and say things which they ordinarily keep to themselves. That’s why the patient/therapist relationship is so unique and so necessary to protect. So really, I’m just taking issue with their advertising copy from a security/cryptography standpoint. Don’t promise things you can’t deliver, Talkspace.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. He studies journalism and politics at New York University. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be found on Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

NYU News: ‘50 Shades’ movie glorifies, excuses abuse

by Tommy Collison in

My column this week for the Washington Square News. Tw discussions of abuse, rape.

The release of the “50 Shades of Grey” film has renewed controversy over the bestseller erotic novel’s subject matter, which includes bondage, domination and sado-masochism. While some have described the book as merely the actions of consenting adults, the film normalizes abusive relationships. There are clear elements of rape, stalking and abuse in Christian and Ana’s relationship. During a sexual encounter, Ana protests and tries to kick Christian off. He ignores her obvious resistance and threatens to restrain her if she does not cooperate. He controls what foods she eats and tracks her cellphone usage — both classic signs of abusive behavior. Since almost one in five women in the United States say they have been sexually assaulted — a number which increases to one in four women on a college campus — “50 Shades” does not exist in a vacuum. Even though some have pointed to ways the movie is less harmful than the book, movie-goers are still exposed to unhealthy and downright dangerous relationship dynamics played out as acceptable on-screen.

Some think that “50 Shades” is harmless because it is fiction. This is not true. We have been imitating other humans since infanthood — it is how we learn basic skills.  We look to stories in books, TV shows and movies to learn social cues, so it is harmful when those stories frame abusive actions as romantic. This is particularly concerning in light of the MPAA giving the film an R rating rather than the more stringent NC-17 rating, which would have prevented children under the age of 17 from seeing the movie. 

While erotic literature is not a new genre, “50 Shades of Grey” is an uncommon mainstream success. Defenders of the series say the book is unfairly criticized because it is a positive representation of female sexuality. This is not the case. While it is possible to display a healthy, consensual relationship that contains elements of BDSM, “50 Shades” goes far beyond this into the realm of abuse. There is a line between consenting dominating relationships and intimate partner violence. “50 Shades” is on the wrong side of it. 

Some have called for a boycott of the film, telling people instead to donate the cost of a movie ticket to a woman’s shelter, a real-life refuge for those abused by their intimate partners. The campaign, under the slogan “50 Dollars, not 50 Shades,” points out that humiliation, cellphone-tracking and isolation are not just the stuff of novels, but common experiences shared by victims of abuse. We must realize that movie-goers may internalize the behavior in “50 Shades” as being normal or acceptable in a relationship — anything else is willful ignorance. It is past time to admit that “50 Shades of Grey” perpetuates intimate partner violence, rape and stalking.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

NYU News: Activists Must Secure Transgender Rights

by Tommy Collison in

My column this week for the Washington Square News.

Alabama became the 37th state where same-sex couples can legally marry on Sunday, so it is understandable that so many activists feel a sense of accomplishment. And while this is a victory for LGBTQ rights, progress must go beyond the right to marry. 

Denver played host last week to Creating Change, a national conference on LGBTQ equality. During the opening plenary, activists stormed the stage with posters calling on members of the community to stand in solidarity with transgender people. “If you serve us, you need to include us,” one activist said. The organizers of the conference allowed the protestors to use microphones to speak to the gathered attendees. Despite the recent gains the LGBTQ community has enjoyed, more work is needed for all sexual minorities to enjoy full equality. LGBTQ activists and the wider community have a responsibility to ensure that new rights and benefits accrue for all members of the community, not just people whose gender identity matches their sex assigned at birth. 

The transgender community has long faced higher instances of violence and murder than the rest of the lesbian, gay and bisexual communities. According to a 2012 National Coalition of Anti-Violence Programs report, LGBTQ people of color were almost twice as as likely to experience physical violence than white LGBTQ people were, and 53.8 percent of anti-LGBTQ homicide victims were transgender women. 

Part of the problem is a legal defense called the “transgender panic defense.” It was used in the trial for the murder of transgender woman Gwen Araujo, who was killed in October 2002 by four men, three of whom she had allegedly been intimate with. When the men discovered that Araujo had male genitalia, they attacked her and hit her head with a shovel. During the trial, two of the men attempted to diminish the severity of their crime by arguing that Araujo had somehow deceived them and the subsequent murder was a crime of passion. The men were convicted of murder, but not of a hate crime despite the fact that the jury denounced the use of panic defense. The existence of such a defense hinges on the notion that transgender individuals are shameful or duplicitous, a stereotype that is incorrect and harmful to the transgender community. 

The media often shortens the rights of the LGBTQ community to simply gay rights. This is a marginalization of the transgender community from the conversation. While the right to marry is an important milestone in the fight for equality, more must be done to bring down the rates of violent crime that too many in the community face.

Photo credit: Shawn Paik.

Photo credit: Shawn Paik.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be found on Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Upcoming Encryption Workshop: 2/22, at Bluestockings

by Tommy Collison in

Photo credit: Victor Jeffreys II.

Photo credit: Victor Jeffreys II.

Happy to say that the next encryption workshop (aka crypto-party) is happening on Feb. 22, in Bluestockings, the bookstore, café, and activist center in the East Village. It's from 7-9pm and the address is 172 Allen Street New York, New York 10002.

The event's free and open to everyone, but because Bluestockings has such an activism slant, I'm going to be gearing the talk towards advocates for social change -- what threats they face and how to mitigate them. We'll be talking about privacy, and there'll be a hands-on tutorial for people who bring their laptops/phones/smart toasters.

You can RSVP at this link, or e-mail if you have questions. Because of space constraints, this event will be capped at 20 people.

From the event description: 

Whether you’re filing your taxes, browsing the Internet, or communicating with a loved one, privacy is a fundamental human right and it’s a non-negotiable requirement for a functional democracy. The Internet is an unprecedented tool for social and economic benefit, but governments and corporations want to turn it into another spying apparatus. This workshop is geared towards journalists, activists, and ordinary citizens who want to reclaim their right to online privacy.

Bluestockings is a 100% volunteer-powered and collectively-owned radical bookstore, fair trade cafe, and activist center in the Lower East Side of Manhattan. They carry over 6,000 titles on topics such as feminism, queer and gender studies, global capitalism, climate & environment, political theory, police and prisons, race and black studies, radical education, plus many more!

See more Bluestockings events here.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Free Speech Under Attack Before Hebdo

by Tommy Collison in

My column this week for the Washington Square News. I had wanted to write something about the hypocrisy of the Cameron and Obama administrations, and the Hebdo attacks shone a light on the extent of that double standard.

The Jan. 7 attacks on the offices of Charlie Hebdo, in which there were 12 deaths, has renewed an international conversation on the importance of a free press. Within hours, politicians were quick to condemn this attack on expression and freedom of the press, perceived as the bastion of Western democracy. British Prime Minister David Cameron said "We should never give up the values that we believe in. It's absolutely essential we defend those values today and every day." President Barack Obama also denounced the attacks, saying "The fact that this was an attack on journalists, attack on our free press, also underscores the degree to which these terrorists fear freedom." The Hebdo attack was an extreme example of an assault on freedom of speech, but in recent years both the U.S. and British governments have made concerted efforts to suppress speech they disagree with. Defense of free speech must extend beyond speech the government agrees with when it is politically convenient to do so. All speech must be guarded equally.

Despite Cameron’s rhetoric, the British government has made moves to criminalize nastiness. 
In March 2012, six British soldiers were killed during the war in in Afghanistan. Two days after their deaths, 19-year-old Azhar Ahmed wrote a Facebook status update in which he complained about the British media disproportionately covering the deaths of soldiers over the deaths of innocent Afghans. In part of the message, he said, "all soldiers should die and go to hell." The teenager was arrested and subsequently charged with a "racially aggravated public order offence." Absurdly, a police spokesperson said that the arrest occurred because "he didn't make his point very well." When a Western government acts in this way, it can no longer claim to uphold free speech as an essential value. 

The Obama administration is making similarly empty statements in support of free speech and has prosecuted more journalists under the 1917 Espionage Act than all previous administrations combined. Not only is the U.S. government prosecuting journalists using a World War I-era law originally intended to prosecute spies, but also the mainstream media is advocating for racial profiling. In the aftermath of the attacks on Charlie Hedbo, the New York Post called on the city to "revisit its decision to dismantle the New York City Police Department’s ‘Muslim Mapping’ intelligence program." Under this measure, the NYPD spied on Muslim places of worship and infiltrated Muslim student groups up and down the East Coast, including at NYU. This sort of racial profiling is anathema to another fundamental American right: to practice one's religion free of harassment.

Both Cameron and Obama are right to characterize the Charlie Hebdo attacks as assaults on the freedom of expression. But before taking the moral high ground, both governments must also examine assaults on free speech in their own countries.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be found on Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Not All Doom and Gloom, Y'know.

by Tommy Collison in

Found this gem in the middle of some readings for my class on the future of the New York Times. More to come.

"How much had the Times invested in the new strategy? While it’s impossible to parse the differing kinds of resources the newsroom added over the last three years or so, the amount of them is a number to behold. In 2011, the Times counted 1,189 newsroom employees. At the end of 2013, the number was 1,251, up 5.2 percent. Currently, it counts 1,330, up 11.5 percent from 2011. With 100 to be taken out, the 1,230 number would still be 3.4 percent higher than three years ago. It’s worth highlighting: While the overall number of newspaper editorial staffers has declined across America (down 20,000 jobs, about 30 percent of the total, in seven years), the Times has been bolstering its staff."
The newsonomics of new cutbacks at The New York Times

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner "The press is wrong to demand a reporter’s privilege for James Risen."

by Tommy Collison in

No they're not.

I read yesterday’s NYT article that a CIA officer has been found guilty of leaking information to a reporter from The New York Times. As I read more about the case, I came across this piece from Slate, simply titled “Make Journalists Testify”:

James Risen, the New York Times reporter, asked the Supreme Court on Monday to take his case. Risen doesn’t want to be forced to tell a jury whether Jeffrey Sterling, a former CIA agent, was his source for a chapter in his book about a botched CIA operation to sabotage Iranian nuclear research. If Risen must testify, Sterling will probably go to jail, and maybe other sources will not talk to Risen or other reporters. Too bad: Whether or not the Supreme Court takes the case, Risen should lose.

I think it’s an interesting case, and probably not particularly clear cut. Slate thinks journalists should testify in leaker cases because leaking classified material is a matter of criminal law. “There is only one way that journalists can escape this logic,” author Eric Posner argues, which is “by arguing that we can trust journalists to use their judgment to make only disclosures that serve the public interest.” He sums up journalists’ argument as “Don’t trust the government, trust us instead.”

I think this is just a case of me disagreeing with the piece. I think we should trust journalists more than the government — I don’t like the cost/benefit analyses that governments have to do (see: Pay Any Price: Greed, Power, and Endless War, James Risen’s book where he talks about the “homeland ­security-industrial complex.”) and I think that even when it trips up, journalism is still a net positive for society.

We should trust the press more than the government, because journalism’s failure mode is better than that of the government’s.

In security, there’s a concept of whether a system fails well or badly. If a bank vault door swings open during a power cut, that’s a bad failure model, because it’s less secure than if it failed a different way (by, say, locking shut until the power returns). I think of journalism in much the same way — I think it’s probably a net positive to overexpose sometimes than underexpose. A democracy is worse off in a climate of timidity and underexposure. In other words, I think the press should aggressively toe the line of what constitutes a “national security risk,” because in the current climate, the US government and the military is incentivized to be too secretive. We know this because they aggressively pursue journalists and activists like Barrett Brown.

Eric Posner talks about the NYT holding the NSA wiretapping story for over a year in 2005 (because of White House concerns about national security) as an example of how journalists aren’t angels. It’s true, the NYT should have published earlier, the public should know about the wiretapping. And he’s right — the NYT did hold the story and only published when they realized they were about to be scooped, which is not what journalists do when they’re thinking about the public good. But I don’t think that’s what should be focused on — the information came out anyway.

I don’t think you can claim with a straight face that journalism isn’t a special profession. Good journalism will always serve as watchdogs to power in a way that other professions don’t. There’s extra responsibility there — and I think a journalist testifying against a source pulls the balance of power too much in the favor of a government which will always not be transparent enough.

Tommy Collison is a writer interested in privacy and the future of journalism in a post-Snowden world. His columns focus on technology, security, and student life. Originally from rural Ireland, he grew up among cows, computers, and not much else. When not writing, he teaches journalists, activists, and others how to use privacy software. He can be foundon Twitter as @tommycollison.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

NYU News: Transgender suicide rate demands action

by Tommy Collison in

I'm back with the Washington Square News this semester, both as a columnist and deputy editor. 

Photo: Shawn Paik.

Photo: Shawn Paik.

The suicide of Leelah Alcorn, a 17-year-old transgender girl from Ohio, has renewed a national conversation on youth suicide and transgender rights. Alcorn’s suicide has received international attention in part due to a suicide note that she timed to publish on her blog after her death. In the letter she wrote that she would only rest in peace if “one day transgender people aren’t treated the way I was.” Tumblr has since reoved the post, reportedly at the request of the parents. Laverne Cox, a transgender activist who spoke about about Alcorn on “The View,” said “isolation made [Leelah] feel that she would never be the woman she dreamed of becoming. She didn’t feel like she had any support.” 

Alcorn’s suicide renewed calls from activists for a ban on Christian gender conversion therapy, a controversial practice which has been condemned by several medical organizations, including the the American Association of Pediatrics. The Obama administration must step up and ban conversion therapy on children and teens, which often amounts to little more than child abuse.

Alcorn’s death is part of a wider epidemic among the LGBTQ community. According to a 1989 U.S. government study, LGBTQ youth are two to three times more likely to attempt suicide than other young people. Meanwhile, a study from the Transgender Equality Network of Ireland reported that 78 percent of transgender individuals admitted to thinking of taking their own lives. Parents, teachers and administrators must be aware of the issues facing transgender youths if they are to offer meaningful, nonjudgmental support. At NYU, the LGBTQ Student Center provides resources for transgender and gender nonconforming students, faculty and staff. This includes regular programming to foster communities of transgender individuals, as well as resources to help students navigate university bureaucracy regarding changing the name and gender listed on enrollment forms. The student health center also provides social and medical services for transgender students, including hormone therapy. 

It is unclear what legal changes, if any, could be brought against Alcorn’s parents. Dan Savage, a gay activist and authorsaid on Twitter he believed Alcorn’s parents can and should be charged with child abuse. He referenced Tyler Clementi, a Rutgers student who committed suicide after his roommate, Dharun Ravi, used a webcam to record him kissing another man in his college dorm. Ravi was sentenced to 30 days in jail and given a $10,000 fine. Whether or not Alcorn’s parents can be charged, Alcorn’s suicide must be seen as a catalyst for legislative support for transgender youth. In 2012, President Barack Obama said he supported gay marriage, but he must go further. It is time to push legislation to protect transgender youth, starting with a ban on conversion therapy. Only then can we begin to lower the numbers of transgender individuals taking their own lives.

A version of this article appeared in the Monday, Jan. 26 print edition of the Washington Square News.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

[NYU] Spring on the Square

by Tommy Collison in

I'll be speaking at NYU next week as part of a panel discussion with the NYU LGBTQ center. If you've wanted to get involved with the center (as a grad assistant, peer educator, first year, or club leader), this is your time to ask questions!

Myself and the other panelists will be talking about our experiences -- I'll probably bring in some of the privacy stuff I've been working on. (LGBTQ rights, privacy, Internet freedom, you can't separate any one issue!) 

It's happening on Thursday 1/29 from 12:30-1:45pm. Hope to see you there!

NYU LGBTQ's "No Shame About Being HIV+" event. Washington Square Park, November 2014.

NYU LGBTQ's "No Shame About Being HIV+" event. Washington Square Park, November 2014.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Pew Polls and Public Education

by Tommy Collison in ,

So a recent Pew poll measured how favorably Americans view the National Security Agency. From my perspective, the findings are cause for concern: 

"Young people are more likely than older Americans to view the intelligence agency positively. About six-in-ten (61%) of those under 30 view the NSA favorably, compared with 40% of those 65 and older."

Quick recap of NSA actions since 9/11. 

  • It collects the call data of millions of Americans on a daily basis irrespective of whether they're suspected of wrongdoing. This includes phone numbers, location data, and the time and date that the call took place. 
  • The GCHQ (Government Communications Headquarters, a UK security and intelligence organization that shares information with the NSA) intercepted the communications of foreign politicians (computers, Blackberries) at two G20 summit meetings in 2009. (Bonus: they set up Internet cafés with e-mail interception programs and keylogging software.) 
  • The NSA was involved in the spying on a political candidate, as well as several civil-rights activists, academics, and lawyers, just because they were Muslim-American. It spied on 7,485 e-mail addresses from 2002-2008 and, according to Faisal Gill, the political candidate, "no non-Muslim attorneys who defended terror suspects had been identified on the list." In a 2005 document which shows how to properly fill out a memo to justify FISA (foreign intelligence surveillance act) surveillance, the placeholder name given is "Mohammed Raghead." 
  • The NSA widely monitors international payments and credit card transactions.  
  • With no suspicion of wrongdoing, the GCHQ and the NSA intercepted and stored webcam images of millions of Internet users, which included a "large quantity" of sexually explicit images. 

When you marry the long, long list of NSA/GCHQ abuses to the fact that this type of surveillance just doesn't work, it becomes clear that major reform of surveillance practices is overdue. French police were intercepting and listening to the phone calls of the perpetrators of the Charlie Hebdo attacks, and failed to prevent it. A presidential review group found in December 2013 that telephone metada collection was "not essential to preventing attacks" and "could readily have been obtained in a timely manner using conventional section 215 orders."

Which brings me back to the Pew poll that shows that over half of under-30s view the NSA favorably. Part of me thinks that the wording of the question has something to do with it -- in theory, at least, it might be hard to disagree with something which has the words "national" and "security" in the title if you don't know the full story. It's like how people intuitively support something called the PATRIOT Act.

If the question was phrased more like "do you agree with the content of your calls/texts/e-mails being read by your government with no suspicion of wrongdoing or public debate," I imagine the results would be different.

So from an activism perspective, the job becomes educating people until they start to make that mental connection themselves. When I read the words NSA, I think of warrantless domestic surveillance, I think about the fact that it doesn't work and that privacy is a right and not a luxury, and that a society where privacy is seen as suspicious is one which is inherently less free and less open. But that's because I've been working in this area for almost a year.

If I knew how to better educate everyday Americans as to why the NSA is a toxic organization that (like the TSA) likes to look like it's doing something without actually being effective, I'd be a much better privacy advocate than I am now. 

But I see results like the Pew poll and I realive just how far we have to go. I'm in it for the long game.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Gearing Up

by Tommy Collison in

(Trigger warning: mention of suicide) 

So I've really been enjoying getting to spend some time in NYC before classes start for the Spring semester. I've been catching up on reading, sleeping a lot, and seeing NYC friends. 

As I've written before, I'm working as a deputy opinions editor with NYU's student newspapoer this semester. I think my first column is going to be on the suicide of Leelah Alcorn and why Obama needs to step up and ban gender conversion therapies. I'll most likely crosspost columns from the NYU news site to here, so stay tuned. 

I'm also expanding my involvement with NYU's LGBTQ student center. I started working there as a volunteer last semester, being a student rep and also giving the 2-3 hour "Safe Zone" training, which aims to:

  • make LGBTQ allyship more visible. (We have placards!) 
  • help LGBTQ allies understand the issues facing queer students and staff
  • raise awareness of the many resources we have on campus. 

As well as continuing that role, I'm going to be designing and sending out the LGBTQ newsletter each week, which includes film screenings, new NYU classes, and related opportunities to the LGBTQ community and its allies.

Apart from that, I'm going to continue giving encryption workshop trainings as long as people sign up for them. The next one is happening next Friday in Brooklyn, and I'm excited for it -- I gave two talks in Ireland over the Xmas break with a new talk I wrote in late Decemeber, and I'm looking forward to seeing how it goes over with an American audience. I'll write something longer about the workshops soon. Suffice to say, they're keeping me busy, but I'm very much enjoying giving them.

As if all that wasn't going to fill my days sufficiently, I'm also taking 4 classes in the journalism and politics departments. History of the media, Middle East reporting, and Journalism Inquiry, which is the introductory reporting class. (As opposed to the introductory theory class I took last semester.) I'm also taking a US politics course, to try and get a grip on this country.

All in all, I'm excited for the next few weeks. Hopefully, I can keep my nose above water.

P.S. Denver readers -- will I be seeing any of you at the Creating Change conference in February? 

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Students Against Surveillance

by Tommy Collison

Last May, I worked with two other NYU students to launch Students Against Surveillance, a project encouraging students and faculty to protest mass surveillance on campuses.

After we wrote the letter and the Electronic Frontier Foundation covered it, we encouraged other students and faculty-members to write their own letters and host them on our site. In all, we hosted 17 letters.

We worked with the Student Net Alliance, a a group dedicated to bringing the fight for digital rights into campus communities all over the world. We believe that a climate of mass surveillance chills free speech and restricts the type of intellectual exploration that is central to the university experience. The private realm, somewhere you're free from the attention of others, is the realm in which creativity and exploration and human freedom and dissent exclusively reside. 

Universities should be strongholds of open communication, where the free flow of information is encouraged. The ability of students to learn and grow is severely hampered when governments monitor our communications and social media activity.

Now, writer and activist Hannah Weverka and I want to expand the project, reaching more students and garnering more signatures. 2015 is going to be a big year in the fight for digital rights, between the sunsetting of Section 215 (one of the main laws that violates the Constitution and our civil liberties) and the continued battle for fair net neutrality laws. Governments across the world are trying to use the Charlie Hebdo attacks to justify more surveillance, and they have to be reined in before all privacy on the Internet is eroded.

Why not join the Student Net Alliance and raise your voice against warrantless surveillance? Here are some things you can do to get involved: 

  1. Become an SNA campus coordinator and get a discussion started among your friends about digital rights.
  2. Write a letter petitioning your university to take a stand against the NSA's chilling mass surveillance practices. (Check out the EFF's guide to writing an open letter here.) 
  3. Keep up with the Student Net Alliance on Twitter and Facebook

Reach out to me on if you want to get involved.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Market-Driven Journalism

by Tommy Collison in

The reduction of news to whatever we happen to want to know in the moment is terrifying.” — Astra Taylor.


There’s nothing objectively wrong with market-driven journalism. It’s just that good journalism is arguably driven by something else — something that isn’t a profit margin.

The thinking is that market-driven journalism is too beholden to corporate interests. What sells isn’t the hard-hitting news that informs a citizenry. More often than not, it’s the .gif-laden articles, funny cat videos, and personality quizzes that gets the most clicks. If reporters only pursued stories that they knew beforehand were going to get clicked on, they’d gravitate toward the overly-sensational and the easily-digestible.

The future of journalism is a question of redistribution. Currently, the money is in repackaging a bite-sized article about Lindsay Lohan’s arrest record, and not in the longer, more thoughtful research-driven pieces that are both entertaining and useful. The running joke is that journalists are going to lose their jobs to content aggregators. (Is resistance futile? The answer may surprise you.)

Fundamentally, it’s hard to get people to eat their vegetables.

Astra Taylor, who identifies as a creator of “steamed broccoli cinema,” links the rise of gif-delivered “news” with the human struggle between doing what they’d like to do and what’s enjoyable — we’d love to eat healthily all the time and read Nabokov, but it’s far easier in the moment to reach for M&Ms and the latest Dan Brown novel.

We don’t have a hard-and-fast answer about the future of news — if there was one, Jeff Jarvis could go back to whatever he does when he’s not extemporizing on how news should be hyper-local and hyper-personal. (Shudder) The best we can hope for is that smart people like media critic and NYU journalism professor Jay Rosen continue writing and contextualizing new developments in the news industry for us.

Thankfully, people like Jeff Jarvis are starting to be challenged on their citizen journalism opinions. It was a scary time when “citizen journalist” was the buzzword du jour with no critical thinking into what makes journalism different from your friend telling you a story.

Yet many influential new-media thinkers argue that the prospect [of citizen-based journalism] should be eagerly embraced. […] The reduction of news to whatever we happen to want to know in the moment is terrifying. What about politics, poverty, foreign policy, and all of the other problems that plague us? […] After a series of historic failures — from the credulous reporting on the nonexistent weapons of mass destruction in Iraq to the business press missing the story of the subprime mortgage scandal and the financial crash until well after the fact — public trust in the media is at a two-decade low, with 63 percent of poll respondents saying that news stories are often inaccurate.
The People’s Platform: Taking Back Power and Culture in the Digital Age, by Astra Taylor (p. 77).

When it comes to companies trying to be the future of news, BuzzFeed obviously has the traffic side of things down — they’re astoundingly successful, even if it’s a stretch to call their content news:

I like Bill Kovach and Tom Rosenstiel’s definition that journalism functions as a society’s moral cartography, “providing citizens with the information they need to be free and self-governing.” It’s really hard to marry 99% of what BuzzFeed produces to reasonable definitions of journalism. I think BuzzFeed is incredibly successful at what it does — I just think that what BuzzFeed does isn’t news, it’s some sort of hybrid info-tainment site. — BuzzFeed’s Relationship to News.

They also seem to have a good firewall between the content and advertising sides of the newsroom, in that journalists can write about whatever they want regardless of what’s happening in advertising, by policy. I think this church-and-state separation is critical to a publication’s ability to deliver news that fits Kovach and Rosenstiel’s definition. (Bizarrely, Jay Rosen and I seem to disagree on this point.)

Beacon is another potential solution, which aims to put the cart before the horse and fund journalists before they go out and do the research. It’s a crowdfunding solution to content production, whereby the journalist has some idea that her audience exists before setting out to research and write the piece.

I’m not sure if the Kickstarter-for-journalism model can solve all the industry’s problems. It’s a lot easier to read five articles with cat .gifs than part with $1 or $5 or $10 for a really decent bit of political journalism.

A more efficient model for reading news online might be for some new service to negotiate with newspapers directly, allowing consumers to read stories from various sources for one price. Readers would pay only for that service, not for each individual subscription.

But at the end of the day, we’re still working these problems. Similarly, we have no good answers for the current privacy debate — how much governmental encroachment into our private lives is “okay” in the name of national security. The best we can hope for is that privacy advocates continue to contextualize the latest developments (hell, that’s what I’m doing).

Tommy Collison is an activist and New York University student who examines privacy and the future of journalism in a post-Snowden world. He runs events where journalists, activists, and other citizens can learn how to reclaim their privacy online.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

Back in New York, Starting a Rock Band

by Tommy Collison in

(Title reference.)

Arrived back in NYC today. Jet-lag was strong but thankfully I have a week and a half before classes start. Using that time to swim, sleep 8 hours a night (a wonderful habit I built up over the break that is 100% untenable during the semester), read, and catch up with friends. 

PSA for NYC friends: Crypto Harlem is happening on 1/22. Details here

What I'm Reading: 
Julia Serano's Whipping Girl: A Transsexual Woman on Sexism and the Scapegoating of Femininity and Jason Stearns's Dancing in the Glory of Monsters: The Collapse of the Congo and the Great War of Africa. I picked up the former in the LGBTQ center just before Xmas break and am only getting to work through now. The latter was a present because I might be going to Ghana with the NYU journalism program in June. More news on that once I apply. 

What I'm Listening To:
Guys and Dolls for my Broadway fix, Everything in Transit by Jack's Mannequin for everything else. 

What I'm Learning:
Not learning as much as during the semester. Check back in a few weeks! 

What I'm Procrastinating By Writing This Blogpost:
Not strictly procrastinating, but I took a break from reading to post this.

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner

David Cameron Should Worry You

by Tommy Collison in ,

Why “We must not allow terrorists safe space to communicate with each other” is fear-mongering garbage.


David Cameron has promised a “comprehensive piece of legislation” to close the “safe spaces” used by suspected terrorists to communicate online with each other. If he wins the election, Mr Cameron said he would increase the authorities’ power to access both the details of communications and their content. —David Cameron says new online data laws needed. BBC News, 12 January, 2015.

Leaked NSA slide from Edward Snowden

Leaked NSA slide from Edward Snowden

It should have come as a surprise to nobody that leaders around the world are jumping on the Charlie Hedbo attacks in Paris as a means to justify increased warrantless surveillance.

What you should take away from his statement is that he’s willing to encroach on the civil liberties of millions of British people in a misguided attempt to increase national security. We know from leaked NSA slides (see left) that this has always been the desire of the surveillance arms of the UK and US governments. Now, they’re using the fear that Paris generated to pass legislation.

But here’s why implementing something like this would actually make us less safe.

It’s unclear exactly what specific measures Cameron is suggesting, but for argument’s sake, let’s assume he wants to create a backdoor into end-to-end encryption and criminalize online anonymity. A software backdoor would allow the government access to data even if it’s encrypted in transit. Skype is an example of this: Skype chats are encrypted as they move over the network, but Microsoft partnered with the NSA to give them access to the decrypted messages.

Criminalizing online anonymity is the bigger issue. His logic is that existing online anonymity software allows terrorists to communicate freely, and that if using these tools was a criminal offense, terrorists couldn’t coordinate and carry out attacks.

I think that’s a very big claim for David Cameron to make, and I don’t think he can deliver.

In 2012, a Mexican drug cartel realized that the telco networks were being monitored. Their response? They built and maintained their own radio network to communicate in secret.

The fact that something benefits terrorism should not be a concern in and of itself. We know that terrorists use phone networks and websites and even, yes, World of Warcraft. We know they use Google Earth.

Are we supposed to criminalize all those? Communications infrastructure by its nature can be used for legal and illegal purposes in the same way anything can. David Cameron is not calling for the criminalization of cars just because one was used in a hit-and-run attack last week.

Doesn’t Tor enable criminals to do bad things? “Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.”

Doesn’t Tor enable criminals to do bad things?
“Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.”

There are dozens of legitimate uses of anonymous browsing that have nothing to do with terrorism.

  • US military field agents use it to safely communicate with home base (Tor, the online anonymity network, even notes that it was created “with the U.S. Navy in mind, for the primary purpose of protecting government communications”)
  • US law enforcement officials use it to conduct sting operations.
  • Citizen journalists in China write about local politics.
  • Activists in repressive regimes use it to communicate without being arrested, tortured, or killed.

If we allow online anonymity to be criminalized, journalists, lawyers, doctors, police officers, activists, and human rights workers would be unable to do their jobs. Doctor-patient confidentiality would be eroded, and journalists would no longer be able to guarantee source anonymity.

It’s easy to fall for Cameron’s rhetoric while we’re still reeling from the Paris attacks. But reactionary laws like the one described are prime targets for civil liberties violations and they don’t even make us safer.

Read More: What’s a Crypto-Party, and Why Should I Care?

Tommy Collison is an activist and New York University student who examines privacy and the future of journalism in a post-Snowden world. He runs events where journalists, activists, and ordinary citizens can learn how to reclaim their privacy online. The next workshop is in Brooklyn on January 30th. Want to attend? RSVP by e-mailing

Enter your email address to subscribe and get blogposts by e-mail:

Delivered by FeedBurner