New York Times abruptly eliminates its "director of information security" position: "there is no need for a dedicated focus on newsroom and journalistic security"

Originally published at: https://boingboing.net/2019/10/23/sitting-ducks-r-us.html

…

this is akin to a bank keeping their customers data in ring binders out in the front of the bank because there is no need for a dedicated focus on such things.

there is no need for a dedicated focus on newsroom and journalistic security

China: LOLOLOL
Russia: hold my beer

There’s no need to protect security when you know you’re going to vulnerate security. It’s better to outsource this to someone without integrity and morals.

I don’t/can’t believe the New York Times made this decision on their own. They’ve been a named target of Trump and i’m sure have received threats from his Brown Shirts.

There’s got to be more to the story. This is based solely on her tweet. The times is clearly more savvy than to ignore the need for information security, and they’ve always been good on that front. The justification that “there is no need for a dedicated focus on newsroom and journalistic security” is probably a poor choice of words (and those are her words, not theirs), but maybe the emphasis is on the word “dedicated”. In other words, maybe they want all people, in all departments to be aware of, and participate in, security issues, and not have someone whose only job function is to focus on that. Not that I think this is a good idea, but I’m just trying to figure it out. They aren’t that dumb.

Also, the abrupt firing is a strong indication that this is more about reacting to her than the job function.

Well, they’ve been uninterested in newsroom and journalistic integrity for quite some time now, so this is only another step on that same road…

Fascism marches forward.

Had to go check that was a real word. It was. (I.e. is now described as archaic or obsolete by the dictionaries I checked. But good usage and good attempt to bring it back into circulation.)

Having people “aware” of security is quite important but it doesn’t replace the need for an expert. Aware but relatively uninformed people can make bad security decisions. I think this is more likely an example of the general principle that security costs money, cost-conscious businesses (and very few aren’t) always want to cut things that cost money, and they typically get really motivated about investing in security after they’ve been hacked, not before.

I agree, there should be an expert. I’m just saying we haven’t heard the Times’ side of the story, only the fired party’s side of it.

“Information security,” “newsroom security,” and “journalistic security” strike me as three different things (and the latter two things don’t seem directly related to the first). If the Times hired her to do the first thing, but she saw her job as doing the other two things, perhaps that’s part of the problem?

If a source didn’t already look side-eyed at The Times, this should really seal the deal. As bad as The Washington Post can be, at least they have an earned reputation for protecting their sources.

As questionable a decision as this may be, a position elimination is not a firing.

Wasn’t the NYT one of the outlets that got sent a fake or poorly constructed bomb last year by that guy from Florida?

Are they just throwing their hands in the air and admitting there is no way of protecting the information?

Congratulations, you have improved my vocabulary!

It is pretty hard to see how the first one wouldn’t be deeply entwined with the other two. We know, in part from the Times’s own reporting, that there are technically savvy entities using computer infiltration to manipulate the news cycle. Broader trends in our society mean that a larger share of communications and evidence used by reporters will continue be digital.

To create some scenarios to demonstrate that we can look at previous news scandals. If you remember the George W Bush Air National Guard story with documents that are believed to be false due typography, you can imagine a large number of attacks that replace real electronic evidence with clearly forged evidence. Or a less subtle and known to be happening example, some individual looking at communications with the Times and using those communications to retaliate against the source or remove them from credibility.

For those of you saying the NYT wouldn’t act this abruptly, please recall what they did to Quinn:

Have they decided to just bundle infosec under the purview of their physical security staffing? Why so suddenly?