Susan E. McGregor

Past Events

High-Level Lessons on Digital Security for Journalists


For twenty-first century journalists, maintaining the privacy, security and authenticity of their digital communications with sources is both essential and complex. Though many of the tools that enhance security and privacy are well-known by name – GPG for encrypted email, Adium and Pidgin for encrypted chat, Tor for anonymous web browsing – knowing how and when to uses these applications remains an ongoing challenge. To help address these issues, the Tow Center for Digital Journalism organized an intensive educational workshop around digital security practices in late November. Over the course of the weekend, two dozen journalists, journalism students and researchers worked with digital security trainers, computer scientists and legal experts to explore and address the unique legal and technical understandings that journalists need in order to preserve their work and communicate safely with their sources in a digital world. Though the lessons of the weekend were many, below are a few of the top takeaways from the weekend.

Encrypt Everything
Encrypting all of your data and communications won’t happen overnight, but there is good reason to make it a habit. First and foremost: practice makes perfect. If you use encrypted chat clients all the time, it will be simple – and just as fast – to use with one with a source should the need arise. Second, encryption offers strong protection for the contents of your files, emails and chat sessions. If you encrypt your computer and your phone, you can feel confident that even if something happens to your devices, your data will be extremely difficult for others to access. Likewise, while encryption won’t hide who you’re communicating with over email, it will obscure what was said. Finally, using encryption normalizes it for you, your colleagues, and the industry as a whole. If journalists in general communicate securely, it can provide reassurance to sources that you can better protect them, as well as make it difficult for even government actors to gain access to your information without your knowledge.

Your Devices Are Always Communicating
Most of us like the fact that our laptops discover and connect to wireless internet access points automatically, especially at places like our homes and offices. But the information that our computers send out into the world isn’t limited to the webpages we request or files we download. When your wifi is on, your computer is constantly sending out beacon signals in order to locate wireless access points. Part of that beacon is the so-called “mac address” of your computer, as well as your “remembered” networks. On an unencrypted wifi network, this could be used to connect your physical computer to your web activity, or even to deduce places you’ve recently visited. Be mindful of this when naming a home wireless network, and consider clearing your list of “preferred networks” when you travel. Smartphones with wifi on will behave similarly, so leave the wifi off to protect your information (and your battery life!) when out and about.

Digital Security is Physical, Too
Digital security – both for your data and your communications – isn’t all digital. Keep physical track of your devices at all times; the same few minutes you need to order coffee is all that’s needed to duplicate an unencrypted computer or install malware via USB. Likewise, keep in mind that there are instances when offline communication methods are inherently more secure than digital means. Postal mail, for example, is more difficult to search than email, and has much stronger legal protections.

Diversity Matters
The convenience and efficiency of all-in-one service providers is hard to beat. At the same time, conducting all of your communications in one place also means that anyone who gains access to that service will be able to quickly triangulate information about your sources and stories. Using a variety of communication platforms reduces this risk, and also gives you at-hand alternatives should one of them become unavailable. By using different applications for chat, email, internet phone calls and the like, you make it much more difficult for anyone to create a comprehensive picture of your communications. Perhaps as importantly, trying out and offering feedback on less common tools also gives you the opportunity to provide feedback to their creators, thereby improving the usability – and viability – of alternatives to big-name applications services.

While the above is only a cursory look at principles of digital security, we encourage anyone looking for additional information or specific recommendations to check out resources like Security In A Box  or Encryption Works.  And also keep an eye out for the Tow Center’s comprehensive white paper on digital security and privacy for journalism, which will be published in the coming months.

Susan McGregor is the Assistant Director of the Tow Center. 


Register for the Tow Center’s Journalism Security Workshop


The Journalism Security Workshop, a three-day workshop November 22-24, 2013 at Columbia Journalism School, will provide participants with an integrated overview of how comprehensive digital and physical security practices both support and enhance journalism.

The security experts leading the Journalism Security Workshop include: Quinn Norton, a journalist, published in Wired, The Atlantic, Maximum PC, and more; Frank Smyth, executive director of Global Journalist Security, a private consulting and training firm, and senior advisor for journalist security at at the nonprofit Committee to Protect JournalistsNabiha Syed is a media lawyer at Levine Sullivan Koch & Schulz and a Yale Information Society Project FellowSeamus Tuohy, associate technologist for the Open Technology Institute at the New America Foundation; Chris Walker, who presently working to strengthen digital security training methodologies for activists and to develop an open-source auditing framework that will help small, local human rights organizations identify, understand, prioritize and address their most urgent vulnerabilities; and Carol Waters, Project Manager at Internews, an international NGO that fosters independent media and access to information worldwide.

Story, Source & Self Protection: Essential Security Practices for Journalists

Yes, security has become the buzz word of the journalistic world thanks to everything from the AP phone records seizure to the NSA surveillance revelations that continue to make news. But furor over these events obscures the fact that strategic management of information is a core feature of any professional journalistic practice, from maintaining source relationships to executing FOIA requests and protecting sensitive or exclusive documents.

What’s changed in the last 20 years are the mechanisms and “default settings” on journalists’ methods of information communication, organization and retrieval. The legal landscape, whose protections for journalists were relatively mature in their consideration of traditional reporting and publication methods, have fractured under the stress of novel challenges created by digital, networked and mobile communication technologies. In order to serve the core mission of the press, journalists and news organizations’ practices must be responsive to the changing conditions in the technical and legal environments. Adapting to these updated environments is essential to carrying out the essential informational, investigative and watchdog work of journalism.

Over the course of the three day workshop, we will address three major aspects of security practice for story development and publication:

1. A coherent and functional understanding of the legal and technical exposures embedded in today’s digital communication and storage tools.
2. An appropriate framework for assessing the capabilities and interests of actors wishing to exploit those vulnerabilities.
3. An operational plan for minimizing identified risks.

While at first glance these concerns may seem to simply add complexity to the work of the journalists who, in the always-on digital world, must publish several times a day while determining in real time not just what to publish but how and where (“Is this a Tweet? A blog post? A long form article, or a video?”), we contend that security actually serves accepted editorial considerations, including libel, embargo and conflict-of-interest rules. In this sense, this workshop seeks to be an initial forum for evaluating and elaborating the foundational elements for an industry-wide standard of practice around informational security for journalists.

Participation Requirements
Participation in the workshop is free, though space is extremely limited. Attendees must commit to attending all three days of the workshop, though the official session will end by approximately 1:30pm on Sunday, November 24th.

To make the most of the unique combination of trainers and participants that we expect for the weekend, both student and professional journalists must make a small additional time commitment outside the workshop. Students will be asked to conduct and submit research on issues such as the legal status of technologies such as encryption in a country of their choosing (please see details below), while we ask that professional journalists agree to be interviewed (not necessarily on the record) about their current security practices. For exact dates and details, please review the below participation requirements and be sure meet all deadlines in order to guarantee your space.

Once registered, student participants must submit three choices for a focus country to no later than November 1, 2013. You will receive an email confirming the country you should research.

No later than noon on Monday, November 11 all registered student participants must submit, via email to, answers to the following 6 questions for their assigned country:

1. Is there SIM card registration and what kind of PII is required for activating a SIM card?

2. Are there any legal restrictions on using encryption of over the internet or over telecommunication networks in the country?

3. Are there restrictions on publishing content (Lèse majesté laws, etc) and if so, what are they? Have there been prosecutions for certain activities? Are there intermediary liability laws in the country and if so, what are they?

4. What is the degree and nature of government internet filtering?

5. Have there been incidents where the government has disrupted networks and if so, what are those incidents?

6. What are the requirements for digital identity?

Failure to meet either of these requirements will void your reservation, and your spot will assigned to the next student on the wait list.

In order to improve this and future training programs, it is important to understand the current landscape of security practice within the journalism community. To this end, we ask that professional participants make themselves available for a single 20 minute interview about their own security practices (even if you do nothing! That is part of what we want to understand), either before or during the conference. Once you have registered, someone from the Tow Center will reach out to you to arrange an interview time. If we do not have a confirmed interview slot for you by Monday, November 11, you may lose your place at the workshop, so please respond promptly to scheduling inquiries.

We also believe that interaction with professionals is an essential part of journalism training, so we ask that all professional attendees commit to working with students during group activities.

If you have any questions or comments about the above, please don’t hesitate to reach out to us via email at


Susan E. McGregor is the Assistant Professor at the Tow Center. Follow her on Twitter @SusanEMcG.

Innovation Showcase

Innovation Showcase / NewsBeast Labs


NewsBeast Labs – Data Journalism at Newsweek & The Daily Beast

nb-labs-mosaicSince June, NewsBeast Labs has been developing interactive data projects on such topics as the 2012 election, access to abortion services in America and the national gun debate. Our projects use everything from traditional computer-assisted reporting techniques and web scraping, to new techniques in interactive mapping and presenting readers’ stories as part of the narrative.

When we come up with a project topic, we design for two speeds: What can we do today and what can we do if we had a whole month? For instance, following the Newtown shooting, we did a quick turnaround interactive asking readers to complete the sentences “I own a gun because…” or “I don’t own a gun because…” to see what readers had to say about gun ownership in the wake of the shooting. As a longer project, we created a database of all 530+ members of congress and categorized their stance on gun control based on recent statements and voting records. We created a tool — This Is Your Rep On Guns — to let readers find their representatives, see their recent statements and contact them. We also created a Twitter bot — @YourRepsOnGuns — that retweets representatives when the discuss guns. The bot keeps the project alive and lets the topic become a part of readers’ daily feed.

On a visual level, we also design for two speeds: Some readers will spend two seconds with the story and some will spend two hours — we design the visuals to convey the story instantly but also include all the complexity of the issue in data that interested readers can explore. You can read more about our projects at or get in touch at



Innovation Showcase

Innovation Showcase 2013 / Shadi Bushra


The Road to Nimule: The Story of South Sudan’s First Paved Highway

Shadi Bushra / @shadibushra

Decades of civil war left South SudaAfter a day of cutting sugarcane to sell, a girl stops along then with no infrastructure to speak of. When the war ended in 2005, the international community, led by the United States, took it upon itself to rebuild the country. For six years USAID constructed a road leading from the capital, Juba, to the border town of Nimule, along the frontier with Uganda. The road was meant to link South Sudan with its East African neighbors, offering a new trade route and reducing dependence on the rest of Sudan. The road has done that, but the accidents and crime associated with the road have irked local communities. Local leaders assert that they were deceived as to the road’s width (and therefore its safety) by the companies that built it. There have also been incidents of mob violence to punish those drivers that speed or endanger civilians. As a whole, the road presents the best of both worlds: modernity and possible economic prosperity, but not without the disruptive effects that rapid changes have on the local level. The project is a collection of photos and video that speak to this theme.



Announcements, CU Community

A Brief History of Computer-Assisted Reporting


It’s been more than a year since The New York Times declared this The Age of Big Data, but for most Americans, the news really hit home on election night, 2012.

Nate Silver’s uncannily accurate predictions about how the presidential race would turn out made him one of the most talked about people of the campaign, even in media circles, where the journalistic merit of Silver’s statistically driven work was vigorously debated.

Yet Silver’s work is arguably less revolution than evolution, one facet of a journalistic practice that has actually been around for decades, even if, like Silver, it only recently made it into the mainstream.

“We started out with this a long time ago—before the Web, before even reasonably simple computers,” says Sarah Cohen, editor of the computer-assisted reporting (CAR) team at The New York Times. As early as the late 1960s, journalists like Philip Meyer and Elliott Jaspin were using social science methods and data analysis—sometimes with the help of mainframe computers—to generate and test their journalistic hypotheses. “That was how a generation of us learned what [computer-assisted reporting] was,” says Cohen.

CAR is a practice that, while producing powerful results (see the Pulitzers of Jaspin, Meyer, Dedman, and others) for many years existed only at the margins of most newsrooms, the domain of a few motivated reporters. For much of that time, the methods of CAR hewed closely to those described in Meyer’s seminal book, Precision Journalism, and the tools remained fairly constant: spreadsheets, database software, and, eventually online resources. Likewise, the end product was the same as for any other news story: a printed text article.

In recent years, however, a slew of new terms have filtered into journalists’ vocabularies and job titles, like data journalism, computational journalism, news apps, and data visualization. To the uninitiated, what these descriptors mean—much less how they differ—may seem inscrutable. Yet even to insiders, their intersections and boundaries are often hard to resolve, and somewhere behind the semantics hovers a difficult question: Are these just new methods for executing the old jobs of journalism, or are they a fundamentally new philosophy of what journalism can be?

“In terms of terminology, I think it can be both misleading and enlightening,” says Troy Thibodeaux, the editor for newsroom innovation at the Associated Press. “It’s a very strange thing, because we’re all doing very closely related work.”

But what is it?

Perhaps the first step in discussing these practices is to distinguish between process and product. News apps and data visualization generally describe a class of publishing formats, usually a combination of graphics (interactive or otherwise) and reader-accessible databases. Because these end products are typically driven by relatively substantial data sets, their development often shares processes with CAR, data journalism, and computational journalism. In theory, at least, the latter group is format agnostic, more concerned with the mechanisms of reporting than the form of the output.

“CAR reporters are good at getting records,” says Reg Chua, data editor at Thomson Reuters. “A lot of CAR is data journalism; it’s interrogating data. Computational journalism represents a new step in what you can do—use of computers, and the processing power of computers and programming, to do types of reporting that were unimaginable even a few years ago.”

Harnessing that computational power, however, has meant bringing new practitioners into the field, and their ideas come from outside the typical CAR tradition.

“Now there’s this whole other path of people who were developers who have a very different perspectives,” says Thibodeaux.

At this year’s National Institute of Computer-Assisted Reporting (NICAR) conference in early March, Thibodeaux created and moderated a panel called “From CAR to newsapps and back again,” composed of two-person teams that have collaborated to produce some of the most influential work in digital journalism.

While on the whole the tone of the panel was mutually complimentary, Sarah Cohen conceded that some journalists still tend to trivialize the visual aspects of journalism.

“There are still some editors, though they are fewer and fewer, who really just think of graphics and interactive as just the candy,” rather than a legitimate news format, she says.

For their part, however, the developers present seemed to welcome a move towards more story-driven news apps and visualizations.

“News apps are now edited, which is fairly new,” said Derek Willis, interactive developer at The New York Times. “I think we now hope to treat the editing process as seriously as you do with any story, including asking, ‘Does this work? Does it deserve to stay up?’ I think this has been the growth in the domain.”

Yet while many news app developers will agree that news apps need story, they also assert that journalism needs news apps, which Thibodeaux says do “the thing that a story can’t do, which is let you drill down.”

Rather than focusing only on individual, moment-in-time accounts, Chua says, journalistic publishing needs to include work that is both more focused and more incremental. “The real example of this is Homicide Watch: It updates in essentially real time, and you can drop in anytime and see what the trends are.” This sort of in-progress publishing, Chua believes, is essential, “if we want to get all the value of all the reporting we do every day, and also better serve these communities.”

What’s next?

Whether or not they agree on the need to diversify the way news is published, CAR reporters, data editors, and news app developers alike see new technologies changing the way that journalism is both conceptualized and executed.

As much was indicated by the strong impression made on many attendees by Jeff Larson and Chase Davis’s NICAR presentation, “Practical machine learning: Tips, tricks and real-world examples for using machine learning in the newsroom.”

“I’m pretty conservative on this stuff,” says Thibodeaux. “Source reporting leads to the best data reporting.” But after Larson and Davis’s presentation, he says, he can see how “the techniques start to act like sources. The tools let us ask questions that we couldn’t even conceive of before.”

Likewise, Cohen sees significant opportunities in algorithmic document analysis. “Our ability to make sense of messy original records has been revolutionized,” she says.

Whether the broader use of data science tools to do journalism will increase the acceptance of work like Silver’s remains to be seen, but his methods are more likely to be embraced than abandoned. If nothing else, the economic advantages of offloading more work to machines is hard to finesse:

“We don’t have the financial wherewithal to waste the kind of time we waste,” says Cohen. “If we spend a week doing document analysis that could be done by an algorithm, then we deserve to be replaced by machines.”

“We need to reserve the work for things that take human creativity and human insight.”

Tips & Tutorials

Google Fusion Tables Map Manager


A tool for creating and managing, exploring and publishing Google Fusion Tables maps that have one or more layers.


Past Events

Tow Center Mapathon! 2012


Despite a looming Hurricane Sandy, the Tow Center’s Mapathon 2012! with MapBox and CartoDB  produced great results, with student teams, mentors, and a handful of outside participants collaborating to map and visualize data from West Nile outbreaks to rat populations in the NYC area. Very special thanks to Dave Johnson (@djindc) and Andrew Hill (@andrewxhill) for their invaluable instruction and and tireless assistance to our teams. (more…)

Tips & Tutorials

#stealthis: Security Essentials for Journalists


The following is an abridged version of “Steal this Digital Security Toolbox”, which I presented at the 2012 Online News Association conference. Please note that while the below is only a brief overview of security techniques, there are two major takeaways. (1) Encrypt your devices. (2) Set yourself up with a Virtual Private Network (VPN) to protect your wireless activity. Get in the habit; these practices are important no matter where or with whom you are working. The CUJ community can learn more on October 18, when Jeff Sieben, Columbia Journalism School’s head of IT, will be leading a Tow Tea on digital security. (more…)

Past Events

Cyber Scholars and Doing Data Journalism


In March the Tow Center will sponsor three events related to major issues in digital journalism.

March 27th – CyberScholar Working Group Forum
On March 27th, we will host this month’s Cyberscholar Working Group, a forum for fellows and affiliates of MIT, Yale Law School Information Society Project, Columbia University, and the Berkman Center for Internet & Society at Harvard University to discuss their ongoing research. This month’s gathering will take place at Columbia University’s Graduate School of Journalism on March 27th,6-9 p.m. in Room 107B. Presentations will include:

Harris Chen, Harvard: “The Future Criminal Investigation in the Digital Age”
Shlomit Yanisky-Ravid, Yale: “Traditional Knowledge – Culture Expression and Access to Knowledge: The Open Questions”
David Thaw, Yale: “Comparing Management-Based Regulation and Prescriptive Legislation: How to Improve Information Security Through Regulation”
John Kelly, Columbia/Harvard: “Analyzing Russian Social Media”

Details and RSVP:
Contact: Kate Fink,


March 28th – Doing Data Journalism: It’s Not Just Numbers

Data journalism is quickly becoming one of the hottest topics in the industry – but what exactly is it, and what tools, teams and techniques are necessary for doing it well?

On March 28th, the Tow Center for Digital Journalism will host several of data journalism’s most prominent innovators and practitioners for a discussion about the possibilities and pitfalls of this evolving field. We hope you will join us at Columbia Journalism School from 6 – 7:30pm to hear their perspectives and join the discussion.

Panelists include:

Julia Angwin, tech editor for The Wall Street Journal
Jo Craven McGinty, projects editor for Computer Assisted Reporting at The New York Times
Scott Klein, editor of News Applications at ProPublica
Aron Pilhofer, editor of Interactive News at The New York Times
Ashkan Soltani, technical consultant and privacy expert
Mo Tamman, award-winning data journalist at Reuters

The event is free and open to the public.

Details and RSVP:
Contact: Susan E. McGregor,


Finally, on March 6 the Tow Center partnered with the New York World to sponsor a unique panel discussion about government accountability and transparency in the age of digital records. The event brought together panelists from government and non-profit sectors to help elucidate the goals and challenges of open government initiatives. The lively discussion addressed how legislative wording can have significant impact on the types of records that are made publicly available, and what the opportunities are for further development in this area.

Panelists included:

Philip Ashlock, OpenPlans
Andrew Hoppin, New Amsterdam Ideas and formerChief Information Officer, New York State Senate
Amy Ngai, Sunlight Foundation
New York City Council Member Gale Brewer (invited)
Michael Powell, The New York Times
Moderated by Alex Howard, Government 2.0, correspondent, O’Reilly Radar

Past Events

Tow Center/ScraperWiki Datacamp


On February 3rd & 4th, the Tow Center will be hosting a two-day “DataCamp” along with ScraperWiki, a recent Knight News Challenge winner and innovative platform for collecting and accessing online data.

The focus of the DataCamp is “New York accountability,” and much of the activity will revolve around cleaning up, publishing, and generating stories with hard-to-access New York data sets. In addition to speakers and workshop sessions, the event is designed to provide a space for students, journalists, designers and programmers to explore and develop interesting data-driven journalism with help and support from both the Tow Center and ScraperWiki.

There are three “streams” of participation for the event: one for journalists interested in developing data-driven stories, another for (Ruby or Python) programmers looking to flex their “scraping” skills, and a third for developers interested in learning the finer points of the ScraperWiki platform.

For more details about the three streams and to sign up for the event, please visit the ScraperWiki events page. We recommend signing up soon – the event is free, but space is limited.

We are also interested in hearing from anyone who would like to volunteer to facilitate any or all of these streams during the event. For details, please contact