
NSF Org: |
CNS Division Of Computer and Network Systems |
Recipient: |
|
Initial Amendment Date: | September 16, 2015 |
Latest Amendment Date: | September 16, 2015 |
Award Number: | 1513875 |
Award Instrument: | Standard Grant |
Program Manager: |
Dan Cosley
dcosley@nsf.gov (703)292-8832 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
Start Date: | October 1, 2015 |
End Date: | September 30, 2018 (Estimated) |
Total Intended Award Amount: | $304,924.00 |
Total Awarded Amount to Date: | $304,924.00 |
Funds Obligated to Date: |
|
History of Investigator: |
|
Recipient Sponsored Research Office: |
201 SIKES HALL CLEMSON SC US 29634-0001 (864)656-2424 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
300 Brackett Hall Clemson SC US 29634-0001 |
Primary Place of
Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | Secure &Trustworthy Cyberspace |
Primary Program Source: |
|
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.070 |
ABSTRACT
This research focuses on understanding the digital security and privacy needs of journalists and their sources to evaluate and design communication technologies that better support the fundamental operations of a globally free and unfettered press. Journalists -- along with their organizations and sources -- are known to be high-risk targets for cyberattack. This community can serve as a privacy and security bellwether, motivated to use new technologies, but requiring flexibility and ease-of-use. Many existing secure tools are too cumbersome for journalists to use on a regular basis. Moreover, these tools may lack important security and privacy-protecting features that are needed not only by the large and diverse community that is part of journalistic activity, but by other individuals and groups that may have a harder time recognizing and articulating their needs. By learning about the needs and constraints of the journalism community, this project will identify both technical and training interventions that can improve the daily security and privacy of journalists, the many communities with which they interact.
The researchers will perform in-depth interviews and usability tests with journalists and their sources. The insights gained will illuminate both the conceptual and technical issues they encounter with respect to cybersecurity. Using the specific risk- and resource-models relevant to these populations, the researchers will propose, prototype, and begin evaluating novel technical solutions to issues like communications metadata, as well as data management, syncing, search and permission controls, and the possibilities of trusted distributed key servers and "disappearing data." The results of this work will lay the groundwork for future technical advances, not only for journalists but also for use by researchers and organizations interested in implementing and testing these tools and processes for other communities.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
A growing number of communities are required to regularly exchange, analyze and store sensitive information. For example, journalists -- along with educators, lawyers, and healthcare professionals -- are among those who must carefully safeguard their digital communications and data. However, there are few within these communities who are computer privacy or security experts, and many lack knowledge about issues of information security.
This project used the journalism community as a bellwether for understanding the challenges faced by non-experts in identifying and adopting secure communication practices. Through both quantitative and qualitative research with key stakeholder groups involved in the production of journalism -- including reporters, newsroom leaders, their organizational security personnel and even the many regular people who act as journalistic sources -- this project has offered insight into the many competing factors that influence why and how these groups make the security decisions they do.
One key set of findings from this work revealed both how journalists reason about their information security risks, and how they adapt their behaviors to cope with these risks. For example, we found that many professional journalists did not report taking special precautions to protect their communications or data, unless they covered highly sensitive topics like national security. At the same time, however, further research revealed that these self-reports may obscure behavioral adaptations journalists have already made to working with largely insecure communications technologies. In follow-up work we found that many journalists simply declined to communicate or store certain information digitally, because they already recognized the privacy and security limitations of their existing tools. These adaptations, while reasonable and even necessary given current technologies, severely limit the potential benefits of an information technology-enabled workforce; improved usable security technologies are needed to allow journalists and others to reap these benefits.
This project also revealed some of the cultural and institutional concerns that may influence communities' information security practices. For example, in-depth interviews with individual journalists revealed that they often deferred to their sources' communication preferences, even if they had concerns about its security. This deference may also influence professionals' behavior in other sectors -- such as health and assistance organizations -- where the less-expert partner in an exchange often has final say over how it is conducted. At the institutional level, moreover, we found that journalistic organizations -- like many others -- can suffer from an "us-vs-them" mentality between technology teams and journalists. These tendencies were compounded by failures to actively cultivate a sense of shared priorities across teams, reducing incentives for journalists to take on the added work of better security practices, especially against general threats like phishing attacks.
These findings in turn led us to examine a rare case where security went "right": the International Consortium of Investigative Journalists' (ICIJ) "Panama Papers" project, which succeeded in coordinating hundreds of journalists globally to produce dozens of stories without an pre-publication leaks or compromise of their source. In this work, we found that even in a highly-diverse, globally-distributed team, meeting the group's defined security goals was possible through both careful, iterative testing and engineering of protocols, and through clear, consistent communications around security priorities.
Our project has also had significant broader educational impacts, and impacts on the interdisciplinary computer science workforce. Our project supported three women principal investigators, two PhD students from backgrounds underrepresented in computing and one post-doctoral researcher who is now a new tenure-track assistant professor in computer science. One PhD student?s dissertation grew out of this work and will continue beyond the project period, and the other PhD student described work conducted as part of this project in his successful application for this year?s Heidelberg Laureate Forum in Heidelberg, Germany. He was among only 200 young researchers from around the world to receive this honor.
Looking ahead, our results studying journalistic sources suggest opportunities for future research with this population, who -- like legal clients, students, and healthcare recipients -- are members of the general population who need both a better understanding of, and greater agency within, information security systems. Through the production of rigorous, peer-reviewed research, this project succeeded in identifying key individual and organizational issues that secure technologies must address to improve both usability and adoption. These methods also led to a detailed understanding of how journalists and others may cope with the security shortcomings of the tools available to them, and identified factors that contribute to successful security practices, even in very diverse, highly-distributed organizations. In addition to broadening understandings of these issues across related academic disciplines, the insights from this work have supported the creation of new tools, protocols, and practices within journalistic organizations and NGOs. More broadly, this work has laid the foundation for a robust collaboration between the technical computer security, human-computer interaction, and journalism communities, as well as a model for similar collaborations with other sectors.
Last Modified: 12/03/2018
Modified by: Kelly Caine
Please report errors in award information by writing to: awardsearch@nsf.gov.