In November 2021, two Norwegian journalists investigating conditions for migrant workers in Qatar ahead of the 2022 FIFA World Cup were arrested and detained for more than 30 hours shortly before their flight home. The authorities said the journalists, Halvor Ekeland and Lokman Ghorbani with the Norwegian Broadcasting Corporation (NRK), were detained “for trespassing on private property and filming without a permit.” The journalists were questioned for eight hours in separate rooms, while their equipment was seized and thoroughly searched. When the authorities finally returned the equipment three weeks later, the photos and videos had been deleted and the memory cards had been formatted.
Norwegian Prime Minister Jonas Gahr Støre tweeted that the arrest was “unacceptable” and that “a free press is crucial to a functioning democracy.” In a perfect world, the arrest would not have happened; the equipment would not have been seized; the material would not have been deleted. But journalism is inherently risky work, and these are just some of the challenges that reporters around the world face on a daily basis. There’s a lot we can learn from this incident in Qatar, especially around digital security and source protection. I have previously used this story as a case study in my course on threat modeling for the Source Protection Programme together with the Centre for Investigative Journalism and the Freedom of the Press Foundation.
Ekeland and Ghorbani transferred some data to Norway prior to their arrest, but lost most of the raw material when their equipment was seized. The timeline provided by NRK suggests the two had a slow morning on the day of the arrest, though it’s unclear if they had time to transfer more material before heading out for another interview. Transferring material can be an easy process, assuming you have a strong and stable internet connection, but it can be quite time consuming. Not to mention the time spent confirming the transfer was successful, then finding and deleting any sensitive material stored on your memory card. But this step could have helped the journalists protect the subjects they interviewed in the labor camp.
In 2016, the Freedom of the Press Foundation published a letter to leading camera manufacturers, including Canon, Nikon, and Sony, asking them “to build encryption features” into their products to help protect the journalists who use them. The letter was signed by over 150 filmmakers and photojournalists from around the world, including award winners such as Lynsey Addario, Laura Poitras, and Brian Knappenberger. Sadly not much has happened since then.
Journalists often carry multiple memory cards with them on assignment, some swapping cards around when they film or photograph specific people and places. If you are not able to transfer the material, you can at least move it from the memory card to a folder on your computer or an external drive. You can then encrypt the folder or the drive using FileVault on macOS or BitLocker on Windows. A more technical option is VeraCrypt, which supports the creation of hidden volumes and allows you to access the encrypted material on both macOS and Windows. This can be an easy process, assuming you have the folder or drive ready to go. You should still spend some time finding and deleting any sensitive material stored on your memory card.
According to NRK, Ekeland and Ghorbani followed a communications plan while in Qatar and checked in with colleagues in Oslo twice a day, once in the morning and once in the evening. It’s unclear if they developed a similar plan for how they would secure the material they were gathering. This would of course not have prevented the arrest or the seizure of their equipment, but could have helped keep their material confidential and their sources safe. It seems the main challenge here was not the lack of tools, but the lack of process.
In my threat modeling course, I often stress that a good plan for any high-risk assignment must account for physical, digital, legal, and emotional risk. You need to identify the right tools to use, when to use them, and how to use them. If your plan to rely on the hotel internet falls apart, you want to make sure you know how to encrypt a folder to store your material in. After all, it’s this plan that will help you safely do the work you set out to do – and allow you to be flexible in how you do it.