The Panama Papers has been dubbed a "notable security success" in a new academic report, which says easy-to-use tools and firm instructions were key in keeping the investigation a secret up until it launched.
The paper, titled ‘When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers’, sought to unpack how ICIJ was able to wrangle nearly 400 journalists across 80 countries to work together on the story for 12 months without anybody else finding out.
One of the project’s biggest successes, according to the report, was how easy members found it to use security measures such as encryption and two-factor authentication.
This was despite a survey of 118 ICIJ members that found journalists were mostly unaware or had never used PGP or two-factor authentication prior to this project (47 percent and 45 percent respectively).
The decision that all members must encrypt their data and use two-factor authentication for logging into networks was enforced by ICIJ throughout the project. The authors said this was a “striking” decision, but meant journalists weren’t left wondering which tools to use.
However, just 10 percent of the journalists surveyed said the technology was “extremely hard” to use with the majority, 63 percent, saying the security requirements were “easy” to use.
“I am kind of technologically challenged, so the fact that I was able to navigate these security features means it was probably as simple as it could be while still being effective,” said one member.
The authors also praised the decision to encourage encryption by default for all messages and documents - no matter how sensitive the material - as it eliminated any “social complexities” for journalists around what to encrypt and what not to encrypt.
Another reason journalists were so willing to adapt to the technology was because they understood the sensitive nature of the documents, but also didn’t want to be left out of future projects, according to the authors.
Journalists also praised ICIJ’s secure communication platform, known as the Global I-Hub, for being an easy tool to use that enabled them to effectively collaborate with other journalists - no matter where they were.
“One of the more important impacts was that journalists discovered how convenient, powerful and good it is to collaborate ... I think that the I-Hub contributed to this: to teach them how to interact, and it is a really good thing to share knowledge, share documents, share data, and build these networks,” said one ICIJ staff member who was also surveyed for the paper.
The I-HUB was developed by ICIJ’s technology team to be similar to other programs they were already using. The authors highlight the use of a “like” button (similar to that of Facebook’s) that allowed journalists to quickly respond to another member’s latest find.
The authors of the article, which was included in the 26th USENIX Security Symposium this year, were Susan McGregor, Columbia Journalism School; Elizabeth Watkins, Columbia University; Mahdi Al-Ameen and Kelly Caine, Clemson University; and Franziska Roesner, University of Washington.
A full copy of the report can be found here.
Read more about the impact from ICIJ's investigations, and find out how you can support ICIJ's work
Find out first! Receive ICIJ's investigations by email.