The Grant Rant

If there is a reality of being a journalist in 2017 it’s this: governments don’t like us.

I know, I know. That is news in the same way as “the rain is wet” is news. Governments have NEVER really liked reporters. By my experience, if most governments from city hall to the White House had their way, most reporters would be in some kind of gulag and journalism would be reduced to happy photos of cheque presentations and kittens on parade.

What is different these days is the effort by those in public institutions control the message, and this often takes the form of witch hunting for those who share information with journalists. It doesn’t really matter if we are talking about the federal cabinet or the local council. Governments are working harder than ever to keep what they do away from public scrutiny.

And if you don’t think this is true, examine the stories that have hit the headlines the last few years that got their start from whistleblowers who decided the public has a right to know. There are many examples in local journalism. For instance, the work we’ve done at the St. Catharines Standard and Niagara PostMedia papers on the regional government and its related arms has, on more than occasion, reported on leaked information. Our exposé on the long hidden Burgoyne Bridge audit report, is a prime example.

As I have previously written, the response from local government to this kind of reporting hasn’t been to address the issues raised, but rather to complain about leaks and demand unswerving loyalty to the government and, more critically, to its politicians:

Consider the recent comments by regional chair Alan Caslin on the May 16 episode of the Tim Denis show on CKTB 610 A.M.

Denis and his other guests expressed dismay as the NPCA’s draft code of conduct’s insistence on absolute loyalty from board members that supersedes any other loyalty that member may have. Caslin’s reply is telling. He did not address the problems associated with the NPCA demanding loyalty from elected officials, but rather focused on the issue of leaks:

“When it comes to codes of conduct and conduct of councillors, we struggle with trying to keep in-camera items private. Inevitably, they get leaked way too often and that has to stop. So those sorts of, that decorum has to be more more prevalent, not only prevalent but followed and respected because, quite frankly, the information that is dealt with in-camera is in-camera for a reason.”

Denis said he was concerned with the emphasis on loyalty and the consequences of dissent. Caslin again changed the focus on the need for loyalty:

“Being prescriptive where the loyalty lies is an absolute necessity and quite frankly may help in keeping that confidential information private.”

In this kind of environment, it can become difficult for those in public institutions concerned for the public trust to get information to journalists who will share it with the public. So I am taking the same step many other journalists around the world have by providing a means to send me information annoymously and securely.

I’ve set up a PGP email that receives encrypted anonymous messages.

What is PGP? It stands for “pretty good privacy” and is a way for people to send anonymous encrypted messages. This kind of end-to-end encryption method allows you, the message sender, to encrypt a message to me, the receiver, who alone has the means to decrypt it.

This is done through the use of “keys”. You use my public encryption key (see below) to encrypt your message and I use my private key, which no one else has, to decrypt it. In other words, you can send a message that no one can read except for its intended recipient. If someone without my private key intercepted the message, all they can read is a meaningless string of letters, numbers and symbols.

So, how can you send me information without revealing you who are?  There are a couple of ways to do it:

1) Protonmail.

My PGP email is set up through ProtonMail, an encrypted email service built by some scientists at CERN. This is the simplest and easiest way to do it. You can set up your own account without having to identify who you are. If you are sending your message to another ProtonMail user – like your friendly neighbourhood journalist – you don’t need to mess around with encryption keys. The system encrypts and decrypts messages for you.

My ProtonMail address is: grantlafleche@protonmail.com

2) Other PGP email.

So you don’t want to use ProtonMail, but you’ve got a document showing, say, how the local government has been misspending public money. How to get it to me?

Well, there are a number of options to set up a PGP email. If you already know how to do that, or have another PGP system already set up, all you need is my public key, which you will find below. If you don’t, here is a handy guide to setting up your own PGP email.

My public key to encrypt messages can be found by searching grantlafleche@prontonmail.com at the PGP Global Directory, or in the block below:

—–BEGIN PGP PUBLIC KEY BLOCK—– Version: OpenPGP.js v2.5.8 Comment: https://openpgpjs.org xsBNBFmsm/ABCAC7e0dfW4cqKsUE+/aDwleeKqlshcI5KQNOBym5rtck1Ogy yax8stVzsYynO33pXiMmC17DNyxA4Dw+v8TddOO9zZ4jLLluaNr3F46HEM8Q L0BOaItnNmKyABunuTRJB1UuH5EsHfxIpS3GbCbbR8MGt8ps/5bysMpXa0np wCmAFRV/G2OetpeIUpbrpY2ko/BYRj720Mk3ZTJaFfSGYc7BrovKljTCnmD2 N7zF7ZCdpqZCOpS0TbaL4JqjUexuJ2RFt2F5sjqCAv7VWTQV2ofR4QH5PMAx LEc8RTWSmf7oY0DaELeRjjQ5aFMr2mRf7vbk+x/RDI/jh8bOINPgjvPDABEB AAHNO2dyYW50bGFmbGVjaGVAcHJvdG9ubWFpbC5jb20gPGdyYW50bGFmbGVj aGVAcHJvdG9ubWFpbC5jb20+wsB1BBABCAApBQJZrJvxBgsJBwgDAgkQfVy8 v5HlxGIEFQgKAgMWAgECGQECGwMCHgEAANzSB/4sv/Z7MzT5a3R50aQjShZi Z2xxMBcj9NM9tVDwibmvUN2Jdrv6LWz7q+8RJVkfOH1Oja7yTTmxlK+N8vnk nG6F1DjOaP07XXL9tWxRyAsUUzdTLXZl4udcqqTRrbEcMdlCokovP2pMGeHd IOe/QAE3Ht3LhMqIgb++lDDHzZWCJdFwS11ECAHnC+OnAFdQs1Ejda6sMYPP 3W7TGApD7M+VwUJjGLI8EcgbrwCd5u5+I04kRFq//k2u0u6nzRPxvgl734iD 8NBegDkOgmV0TWBMaZtVW7EXizd3TGVhGyzJEICzIWFaCGwCrDwdaoE1yrkv o4UAlDZPqe4R2M1zZSaCzsBNBFmsm/ABCADB0zyTmmgUdx1B4k6CGkWKPe6+ PbkHUUOrCeV/DcUUetM/KGBkv3CSB5ne/IRFK+zHUvToSG9nQ9qJ1Oprhi9l iZXlF3Cz3fGOrGERPKffKtQ2VJGLHj24MDmZeXnDSxFzvBleRCW6oyOXYVpq oVIQWmTRKVMkkjJGkdZZLIFRvp2fAqGgyVwLkm88n1X+avG3VriYIu5bI9+g NqEX6gDgwmJbUqcFYUK3+VEFTwKc3PkW/XVZBPE0TbFP5Vr3lBz2oHBB8+H4 MbSo3aGLznLWl9Eg6YZDSXXzvfvpsahigoLDbQoKjB5tHVIMq84B1Nnu/Diw pYte6LenUBaHU5rtABEBAAHCwF8EGAEIABMFAlmsm/EJEH1cvL+R5cRiAhsM AABxmwf+JyusSwuzyeGz50o/g0mtOz/dAZ7KJBRCbDLMHzD3VOAfKZJJMueX Y2aIUzmmMvxdcNux/LIyWneOdfJeYPGKWFrMlwekdMESwxM8FdDUyY4py9Es HbzRZxhOQHhNLYC3O3ZM492ate3PhRjP/j74S9PnVT66gsjQR2VabMaNxyRa wFQGQyx1hwakc8y4ohLmAycMNZOLsYZjYNdBxVnTdthpNldZiHlkAiUqY+4Y UaozDgrh9wIa4Gv8xR6OvfjUeLNv5ZaG8+ox0Q5MxzBB/5594tSlntpH1EpH tSI756DnuJoDbcda++3TUOjrq4s94BRxC5T13kfNIvTxu3YRNw== =+wJu —–END PGP PUBLIC KEY BLOCK—-

There are other ways to encrypt a message using a public key, such as this service which allows you to enter the public key and your message to produce encrypted text. If you use my public key to encrypt it, I am the only one who can read it. However, this doesn’t protect your anonymity if you send it from say, say, your work email. Your boss might not be able to read it, but they’ll know you sent it. If you have a private email, like Gmail, however, this method can be used to send me encrypted messages. (But again, Gmail isn’t as secure as something like ProtonMail. Forewarned is forearmed, as they say.)

Finally, if you don’t use email or the term “encryption” causes you to break out into a cold sweat for fear that Skynet is rising, then you can always “brown bag” documents or information to my office at 1 St. Paul Street in St. Catharines.