This announcement is an amended version of a public Mint Memo, an internal document shared among the Mint Team to relay important information and brand updates. Mint Memos classified as “internal documents” are often shared confidentially with partners, government agencies, and have been used to inform organizations about sensitive developments before State of the Territory News makes them public.
Today begins the first of several phases of Mint & Company’s cybersecurity expansion, which includes our flagship product, State of the Territory News. In 2019, I mentioned that I would be upgrading the team’s cybersecurity capabilities to better protect our work and personal lives from targeted attacks. Last July, each of your official email handles — linked to our sottvi.news domain — began adopting two-factor authentication as a security standard to prevent unauthorized access. Specifically, unauthorized account access brought on by targeted remote attacks.
September marks the first significant step in State of the Territory News’ renewed focus on cybersecurity. Some of our digital data — both offline and cloud — are now secured using the Titan Security Key, developed by Google. Following the shocking state-sponsored Democratic National Committee and Clinton Campaign email hacks in 2016, it became clear that our cybersecurity capabilities were primitive in nature and needed to be hardened.
Adopting a new security level was necessary as State of the Territory News became more popular and our team began covering more sensitive stories that could make confidential sources a target of government retaliation or professional disparagement. Google announced that none of its 85,000-plus employees had their accounts hacked since early 2017, thanks to an “early version” of a security key the company was testing. Titan Security Keys are designed to protect users at high risk of targeted attacks such as journalists, political campaign teams, and government agencies.
As the Mint brand grows, our digital security standards will only become more stringent and it will eventually expand to cover things like sensitive offline data, cloud storage, and physical security keys. In 2019, I began personally storing interviews with sources and government officials offline. While there have been technical hiccups with this approach and some interviews were lost before ever reaching the cloud safely, the interviews were intentionally left offline for several reasons:
1) To guard sensitive audio recordings against being subject to search warrants and subpoenas that big tech companies often comply with and 2) to add an extra layer of security in the event our cloud resources became compromised by unauthorized intruders. Both scenarios could be potentially devastating to our team’s credibility and could also make it easier to identify our sourcing methods. It will take me several weeks to recover the Mint Team’s encrypted audio files we lost access to in August.
We’re also nearing the final stages of an organization-wide rollout of a Virtual Private Network that was created earlier this summer to protect our team as we research, investigate, and report on high profile officials. Earlier this summer, two of the Mint Team’s eleven members began testing and using our VPN to securely exchange data.
Today, we’re using the Outline VPN, developed by Jigsaw, an Alphabet-owned company to bolster our digital safety. “Journalists need safe access to information to research issues, communicate with sources, and report the news,” the official website for Outline reads. “Outline lets news organizations easily provide their network safer access to the open internet.” Outline is an open-source project created by Jigsaw and released in early 2018 to provide a safer way for news organizations and journalists to access the internet. I’m currently developing training guidelines to make the transition easy for each team member. Physical security keys will begin being assigned in 2020 and our VPN will be mandatory for all team members and some partners by the end of 2021.
The hardware security keys you’ll begin seeing later this year protect against phishing attacks by using two-factor authentication that requires the account holder to present a physical key after successfully entering their password. So far, several devices and product accounts that manage team emails, administrative privileges, cloud resources, financial assets, and sensitive sources are now protected by our first pair of Titan Security Keys. By December, members of the Mint Team — and the newly formed Ivory Team — will begin receiving assigned security keys.
Members of our news team who handle sensitive information like login credentials, anonymous sources, and payment information will begin receiving Titan Security Keys first. Once I’ve successfully linked your work email with our Titan hardware, you will receive your physical keys via mail shortly after.
Technology Innovation Intern
Finally, I’d like to introduce [redacted name], our technology innovation intern to the team. Our new intern will be assisting me with tech investments in 2020 and 2021, as well as future digital training for members and partners of the Mint brand. Together, we can be an innovative force in tech throughout the Virgin Islands as the Mint Team works to build a news product that can better synthesize public information and common knowledge about complex topics.