Anjuli Shere
Analyst/Writer/Researcher, University of Oxford
Anjuli (@AnjuliRKShere) is an analyst, writer, and researcher, currently pursuing a DPhil in Cyber Security at the University of Oxford, following her MA in Science and International Security from King’s College London, a certification from SciencesPo, Paris, and a BA (Hons) in Politics and International Relations from the University of Nottingham.
Building on years of professional experience in both journalism and open-source investigations, Anjuli’s doctoral project focuses on how transnational media companies establish threat models and respond to perceived cyber security threats in terms of training, protection, and prevention. She is particularly interested in exploring these issues in democracies who are currently facing strains from outside influences and new overreaching data protection and retention legislation, such as Taiwan, Australia, the UK and the US, building on her existing academic and professional experiences in these countries.
In her research, Anjuli combines theoretical understandings of computer science, cyber security, and journalism training with policy-oriented practical solutions, developed through both qualitative and quantitative methods. The objective is to create a framework for transnational media organisations in democratic countries to consider when designing their internal policies and strategies to protect their staff and sources against contemporary and anticipatory threat models.
ABSTRACT
“One way or another, they’re going to get you: Threats to press freedom from the Internet of Things”
Internet of Things (IoT) devices are an increasingly pervasive feature of the 21st century landscape, bringing with them seemingly limitless privacy and security implications for both users and bystanders. My analysis shows that individuals at particular risk of targeting by highly-resourced actors could be vulnerable to three kinds of threat: virtual threats (traditional cyber-threats and botnets), legal threats (largely legislation that capitalise on the IoT’s data collection and analysis capabilities), and physical threats (manipulation of the kinetic functions of these devices to directly or indirectly cause material harm). This talk presents the results of a study that evaluated perceptions and mitigations of IoT threats to one especially highly targeted group: journalists. It aims to bring together the aforementioned threats, either evidenced through academic research or in news articles, and to elucidate how these capabilities translate to a range of anticipatory threat models against journalists and news organisations.
Where the free press is concerned, there is a clear asymmetry between their defensive abilities and strategies, and the power of (likely state-affiliated) attackers. In democratic countries, press freedom is an integral part of critical national infrastructure, allowing the public both oversight of political machinations and a say in how and when power is held to account. It is therefore vital to educate the press on how emerging technologies such as the IoT might threaten their freedom to operate, with the objective that they will use this knowledge to prioritise and strategise countermeasures.
Due to their novelty and multiple functionalities involving data gathering, transfer and manipulation, as well as physical actions, each IoT device effectively expands users’ and bystanders’ attack surfaces in innumerable unexpected ways. Additionally, as adversaries targeting journalists are often state actors, the IoT’s international supply chain, which includes both manufacturers and data centres located in various jurisdictions, further complicates mitigation considerations.
Existing research classifying IoT devices and their associated threats do exist, e.g. “Internet of Things Security: A Survey and Taxonomy” by Gulzar and Abbas (2019), and “Internet of Things (IoT): Taxonomy of security attacks” by Nawir, Yaakob and Lynn (2016). However, my categorisation of anticipatory IoT threat models is unique because it utilises these more technical taxonomies to create a list of possible scenarios that journalists will be able to understand and can work to mitigate. My work builds directly on existing research, mainly by Susan McGregor and collaborators, e.g. “Investigating the Computer Security Practices and Needs of Journalists” (2015), “‘Security by Obscurity’: Journalists’ Mental Models of Information Security” (2016), and “When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers” (2017), as well as Jennifer Henrichsen’s “Breaking Through the Ambivalence: Journalistic Responses to Information Security Technologies” (2019). My research combines these two perspectives of the technical capacity of IoT devices along with ways in which emerging technologies can be used to impede the work of journalists and the free press.