How the consumer Internet of Things threatens journalists’ security & what can be done about it


By Anjuli R. K. Shere, University of Oxford

Cyber

Threats

Security

Journalism

Privacy

IoT

Biography

Anjuli (@AnjuliRKShere) is pursuing her DPhil in Cyber Security at the University of Oxford. Anjuli focuses on how news organisations and journalists model and mitigate Internet of Things threats. She explores these issues in Taiwan, Australia, the UK and the US, building on her professional experiences in these countries.

Abstract

I study the ways in which news organisations and journalists protect themselves from threats from the consumer Internet of Things (IoT). My research centres on journalists and news organisations in the US, UK, Australia, and Taiwan. Under the supervision of Andrew Martin and Jason R. C. Nurse, I compare existing protection methods to the documented legal and technical intrusive capabilities of state-affiliated actors, and the capabilities disclosed through interviews with experts, in order to develop more effective protective and educational frameworks for media organisations and journalists. To do this, I categorise IoT devices and model the ways in which their exploitative capabilities might affect the press. Through interviews and focus groups, I then work with journalists and media organisations to ensure this information is relevant and accessible to journalists’ security needs.

These taxonomies were created by reviewing academic literature that demonstrates offensive capabilities of IoT devices, plus news articles of high-profile uses of legislation and technology against journalists and news organisations globally. In addition, I investigate how the decision-makers in these countries respond to the increasing prevalence of the consumer IoT and associated mass data collection, through data-related legislation and regulation. This highlights not only the implications for press freedom but also existing gaps in protections for security, privacy, identity, and trust.

Given the multidisciplinary nature of my research, I use mixed qualitative methods, including interviews, literature reviews and surveys, to document the IoT threats to journalism in each of my chosen countries. It is rare that news organisations account for IoT threats in their risk assessments, thereby leaving their staff and sources open to legal, virtual and physical threats. Therefore, the potential impact of this research is substantial, as these taxonomies clearly detail the need for protection from these threats, and my future research will culminate in a framework of recommendations for news organisations to mitigate these threats.

Publications

  1. Nov 2020: “Investigating the Information Commissioner’s Office: Is It Fit for Purpose?” (co-written with Miranda Melcher), published in RUSI Newsbrief, https://rusi.org/publication/rusi-newsbrief/investigating-information-commissioner-office-it-fit-purpose
  2. Oct 2020: “Now You [Don’t] See Me: How have the GDPR and a changing public awareness of the UK surveillance state impacted OSINT investigations?”, published in the peer-reviewed Journal of Cyber Policy, https://www.tandfonline.com/doi/full/10.1080/23738871.2020.1832129
  3. Sep 2020: “Securing a Free Press inside a Networked Panopticon: The case of the Internet of Things” (co-written with Jason R. C. Nurse and Ivan Flechais), published at The 5th European Workshop on Usable Security (EuroUSEC 2020), https://eusec20.cs.uchicago.edu/eusec20-Shere.pdf
  4. Aug 2020: “Reading the investigators their rights: A review of literature on the General Data Protection Regulation and open-source intelligence gathering and analysis”, published in the peer-reviewed publication The New Collection, http://mcr.new.ox.ac.uk/journal/NewCollection2020_Shere.pdf
  5. July 2020: “Police surveillance of Black Lives Matter shows the danger technology poses to democracy” (co-written with Jason R. C. Nurse) for The Conversation,https://theconversation.com/police-surveillance-of-black-lives-matter-shows-the-danger-technology-poses-to-democracy-142194

Applications are open to individuals from academia and professional practice (non-academic) to attend an online sandpit on Digital Vulnerabilities in July 2021. Up to £160k of SPRITE+ funding will be made available to fund interdisciplinary projects.