Section 1.
Digital security

It is possible to make a film without going anywhere, but it's pretty hard to do so without communicating with anyone. To make your film, you're going to co-ordinate with your team and then some combination of advisors, suppliers, subjects, funders, festivals, etc. And unless you opt for potentially having your communications under surveillance, you will need a digital security plan! That's why we've put this section first, to start assessing together whether your communications are sufficiently secure to protect yourself, your subjects, your team and make sure that your important work can reach the public and be as influential as possible.

In short, digital security affects us all and will only become a bigger concern as many governments pass new legislation granting them greater powers of digital surveillance. There has never been a better time to start learning about the risk that filmmakers are exposed to and how to protect yourself, your film, subjects and colleagues. Physical safety is often contingent on digital security.

Even though you may not think at the outset of a project that you need to protect your communications and rushes, this may become necessary as events unfold, so it's advisable to think ahead and plan for privacy wherever possible.

It's also important to note that technology is constantly changing and digital security safeguards are being compromised, so you have to be right up to date with the latest tools and understand fully what is no longer safe. Information received in a digital safety course taken last year might not be applicable today. It is also critical to know what sort of software or apps are illegal in certain countries - and which have anti-encryption legislation - as falling foul of these laws could lead to your equipment being seized and could even lead to imprisonment. There is no single, catch-all source to check for these regulations: you have to check country by country with reliable specialists and local sources.

This following section draws heavily on guidelines and advice from the Freedom of the Press Foundation, Committee to Protect Journalists, the Rory Peck Trust and Tactical Technology. Links to key resources are included at the end of this and every chapter.

1.1 Assess Your Digital Risk

First things first, consider what you are trying to accomplish with your film project and what it is specifically that you might need to protect (i.e. confidential data, source identities, locations, film footage, etc) and who or what might threaten it - and how.

Take time with your team to think through both the digital security challenges you could be facing throughout the project and how you will communicate and share source material with your team members securely.

As recommended by the Freedom of the Press Foundation, work through what the digital threat model is to your project by assessing who your potential adversaries are, what their objectives might be and what would happen to you if they succeeded in achieving them. Try asking yourself, and others you work with these following questions:

From there, look first at how you normally communicate, and then try to assess where your processes are vulnerable to those specific threats and how you would mitigate them.

Consider where digital security breaches could occur - not forgetting situations such as working from internet cafes or on computers at business centres of hotels and airports, communicating information on social media platforms or speaking on an insecure (and therefore potentially "tapped") telephone line. And remember that everyone in the project needs to adhere to the same, agreed digital security protocols. Your protocol is only as strong as its weakest link.

Whether in pre-production, production or postproduction, consider any specific local regulations or operating contexts that may be faced. Depending on the countries you are working in, you may find that use of encryption or the use of a particular digital security tool is against the law and so you may need to handle your digital security in another way.

We are recommending digital risk assessment resources you can use from the Rory Peck Trust, Freedom of the Press Foundation and Tactical Technology in the Resources at the end of the section.

Suggested Team Discussion Points:

These questions have been designed to provoke team conversation about the digital risks your production may face. These questions are not exhaustive and it is understood that each project has its own bespoke issues that will merit discussion.

Can you currently foresee any reason why you might be targeted for surveillance by an individual, a government, law enforcement agency, hackers or corporations?

If yes, why?

What is it you are specifically trying to protect? E.g. confidential data, source identities your location, video footage etc?
Who would be interested in accessing your sensitive information and why? Have they committed a crime; are they involved in corruption; perpetrating human rights abuses - or would the information be damaging or embarrassing in some way?
What methods could they use to get it? Could they access your internet or mobile service provider, hack your device, confiscate your equipment, use a court order, etc.? Could they access devices belonging to your sources or support staff?
What would happen if they succeed?

Could you or your source or fixer/ translator/ driver (or others) be arrested, could filming be stopped, or could confidential information be used against others?

What are the local regulations on protective software?

Is encryption illegal? Do you need carnets for equipment like sat phones?

Given your responses to these questions, do you need to perform a risk assessment on this project? There are some great resources available for both risk assessment and threat modelling from organisations such as the Rory Peck Trust and the Electronic Frontier Foundation - please see the end of the section for recommendations

1.2 Minimise Your Digital Risk

Of course, each documentary film project has its own bespoke requirements when it comes to safety and security and it's worth considering exactly what steps you and your team need to take to minimise the identified digital security risks. If you are at risk of surveillance:

Often sensitive material needs to be communicated in the quickest, most efficient way. Technology is the go to habit, but it's important to be aware of how you communicate certain pieces of information if you do not want it shared by anyone else. Think about also how you will be recording and saving the information from your shoot - for example, will you be traveling with footage across borders that can be compromised? It's important to take a step back as a filmmaker and assess any elements of your story that may need to be protected.

If your project demands it, there are a number of encryption tools that can be deployed to protect aspects of your work by making it unreadable to all except the person who knows how to decrypt it such as:

Remember that to function securely these applications need to be updated regularly. Remember also that even if your adversary cannot crack your encryption, they may well be able to see that a device or drive contains encrypted material - so as well as encrypting material, consider hiding it digitally, too.

Bear in mind that important as communication security is, physical theft of data and hardware often poses as great or greater risk in the field than remote surveillance.

You should also think about whether your project merits safe technology too, such as working from a clean laptop when in the field and using a burner phone, a prepaid phone bought for a specific purpose and paid for in cash and therefore untraceable.

There are some excellent resources at the end of the section, including the Center for Investigative Journalism's 2016 guide to Information Security for Journalists.

Carefully consider what your project digital security needs are and then identify the tools that your team need to operate safely.

Suggested Team Discussion Points:

These questions have been designed to provoke team conversation about the risks your production may face. These questions are not exclusive and it is understood that each project has its own bespoke issues that will merit discussion.

Will you, your sources and local support staff (e.g. fixer, translators, drivers) need to use encrypted communications as part of the filmmaking process?
Will you or members of your team need to leave your usual phone behind to avoid being tracked and surveilled?

If this is the case, how will you protect yourself?

Will you need to protect your documents on location and at home? And if so, for what duration?
Should you be encrypting rushes at source on location? Will you be crossing borders? Do you need to encrypt them in your edit room? Should your edit room be quarantined and off-line?

1.3 Online Profile Risks

It's crucial to undertake an evaluation of your team's online presence and the profile of your project, both in terms of search engines such as via Google, Yahoo, Bing and others as well as assessing any risks their social media profiles - e.g. on Facebook, LinkedIn, Twitter or any other personal or professional site or network service - may present.

Suggested Team Discussion Points:

Do any search results put you or the film at risk?

Which of the search results could put you at risk on your upcoming assignment? Are any of them under your control?

Do your social media profiles put you or the film at risk?

Does your team's social media presence jeopardise the project in any way? Would it be beneficial to ask them to change their profiles?

Do you or any of your team members have any of your previous work accessible or listed online?

Is that a risk to the project?

Should you or your team members be using a different name on location vs what you use for your online presence to protect yourself and your subjects/ sources and their families?
Have you or your team members mentioned this project at all on any social media or blog in the past?

Does this compromise the safety of you and /or your team?

1.4 Experience & Training

Having established what the digital security risks are to your project might be, how knowledgeable are you and your team in understanding how to protect yourselves and your film from methods in which your communications could be compromised?

Before your project heads too far into pre-production, an assessment of your entire team's current level of experience with digital security is highly recommended to ascertain whether formal digital security training would be worthwhile. If there's sensitive material associated with your film project, it's important that anyone involved in communicating about it digitally - whether in the production office or on location - is fully up to speed on the most appropriate methods to be using.

1.5 Digital Security Resources

Digital Risk Assessment

Rory Peck Trust - Digital Security Guide

Electronic Frontier Foundation - An Introduction To Threat Modelling

Tactical Technology - Security Guides

Tactical Technology - Research - Digital Security in Human Rights [2014-2016]

Data Management

Electronic Frontier Foundation - Data Safety

Committee to Protect Journalists - Technology Security and Defending Your Data

Freedom of the Press Foundation - How to Generate The Best Passwords

Freedom of the Press Foundation - 11 tips for protecting your privacy and digital security in the age of Trump


Freedom of the Press Foundation - Mobile Security Tips

Freedom of the Press Foundation Rapid Responses for Confiscated Phones

Rory Peck Trust - Mobile Security Guide

Additional Digital Security Resources

CPJ Digital Safety Kit (July 2019)

Electronic Frontier Foundation

Committee to Protect Journalists- Digital Safety Notes

Committee to Protect Journalists - Related digital safety resources

UNESCO Building Digital Safety for Journalism

UNESCO - Publication Series on Internet Freedom

Digital Security Exchange

Online Privacy Guide for Journalists 2018

PEN America Online Harassment Field Manual


Freedom of the Press Foundation - Security Tools

Freedom of the Press Foundation - Anti-Phishing and Email Tips

Center for Investigative Journalists - Information Security For Journalists

Electronic Frontier Foundation - How to Circumvent Online Censorship

When Things Go Wrong

Access Now - Digital Security Helpline

*(24/7 services are available with support in eight languages: English, Spanish, French, German, Portuguese, Russian, Tagalog, and Arabic. They apparently respond to all requests within two hours)

Committee to Protect Journalists - Digital support

1.6 Digital Security Training for Filmmakers

We are only putting forward training that we have heard good things about from filmmakers. We want to hear from you if you have taken Digital Security Training that you can recommend to your fellow filmmakers. Email us anytime at:

Freedom of the Press Foundation organise trainings with the IDA and others and also do bespoke training with teams.

Freedom of the Press Foundation - Training - US

In Europe we recommend:

Tactical Tech - Germany

Next Section