In my previous blog on propaganda, I noted that private information, when stolen and put in a public context, can prove useful for propaganda efforts. This post develops that concept in more detail, with an emphasis on privacy considerations.
First, some key distinctions. Unauthorized disclosure of confidential information involves a spectrum of information types, with varying impacts on personal privacy. On one end are leaks by whistleblowers revealing information with significant public interest; on the other is publication of private personal information (including, for example, photos of nude celebrities) where there is no public purpose. Some information may be sensitive for business or national security purposes – though of low impact on personal privacy.
The method of obtaining information matters as well: some may be innocently obtained by news organizations. Some may be leaked to the public by a party to whom it was entrusted, while other information may be stolen through cybercrime. A publisher involved in such theft can be culpable, even where publication by an uninvolved party is protected. Because of these distinctions, it’s important to distinguish cases and not draw broad generalizations.
One generalization I will make, however, is that contemporary analyses give insufficient weight to privacy and information security interests. Privacy and information security interests often outweigh the public interest value of making private information public without the consent of the owner or data subject, but that weight may not be recognized. Some reasons for this potentially include media business models that reward clicks and attention, lowered social expectations about personal privacy, increased partisan polarity, mistrust of government and other authorities, insufficient enforcement of laws prohibiting cybercrime, and the fact that publication of private information is useful for propaganda.
I fully acknowledge effective journalism often depends on disclosure of private information without consent of the speaker or the subject of the information. There are public interest values in an informed public, as well as in ethical whistleblowing. But the public interest in effective journalism does not exist in a vacuum, and in some cases “news” is simply entertainment.
These issues are compounded if private information is stolen. In such circumstances, both the excitement of gossip and the justifications for publication can cloud evaluation of the wrongfulness of information theft.
Such emotional reactions lead me back to the topic of propaganda. Publication of private information is useful for propaganda in several ways that are harmful to privacy:
1) It can be used to shame the speaker, chilling his/her expression;
2) It can undermine dissenting groups by inhibiting private organizing efforts;
3) It can undermine core privacy values including personal autonomy and interpersonal trust.
Shaming the Speaker as a Hypocrite
Many of us may blurt in private things we would never act on, and would in fact reconsider if speaking in a public context. Publication of such statements out of context – putting the private into the public – subjects private utterances to the higher standards of public speech. This enables shaming of the speaker, for failure to meet standards which were neither applied nor expected at the time the communication was made.
Moreover, such actions are often used to attack a speaker as a hypocrite. Yes, some public persons appear indifferent to charges of hypocrisy, but others may find the experience of such an accusation rather unpleasant. Hypocrisy makes some people uneasy because it suggests unfairness - someone gets credit for holding a professed view without “doing the work” of acting on, or receiving the consequences of that view.[1].
This form of human perception is not necessarily wrong. In some cases the public position is indeed a dishonest front for the speaker’s real agenda. In other cases, though, the public position is sincerely held and one a speaker is more likely to hold to over time (and be held accountable for over time) - in which case non-consensual publication of a one-time private statement paints the speaker in a false light.
It is not necessarily hypocrisy where a person “vents” emotionally driven views in private that will be revised in calmer times, nor is it hypocrisy when an uninformed private comment is later revised upon further information and reflection. And in some cases, having a “public” and a “private” position is a hallmark of political and social intelligence, and a strategic way of relating to various groups.[2]
Whatever value may be gained by the “outing” of hypocrites, it does not come without its own costs. Shaming a speaker for propaganda purposes involves all the costs that come with propaganda. Such shaming creates disincentives to speak with candor in private settings. And it may inhibit one's ability to vary one’s words for different audiences, in ways that stop short of misleading but help build consensus around core values.
Undermining Organizing Efforts and Rule of Law
Private information can also be published by authoritarian interests to undermine dissent by inhibiting private communications and organizing efforts. Julian Assange reportedly stated that this strategy was at the root of his efforts with WikiLeaks which, ironically, he aimed at “authoritarian” political parties.[3]
Such publication can also undermine rule of law by reinforcing an ends-justify-the means value system. One need not be a pure Kantian/Rawlsian to accept that certain principles, such as rules against theft or invasion of privacy, should be honored regardless of whether doing so benefits a given political agenda.
What Privacy Is For
The fact that private speech may be emotional or inaccurate is even more reason to respect the privacy of such speech. Respect for privacy is important not only as a utilitarian matter (to allow the flourishing of thoughts that may be iterative or innovative), but as a matter of principle. Privacy serves to protect personal autonomy, and as an end in and of itself that fosters self-development.[4]
As Daniel Solove noted, one of the key purposes of privacy is to allow individuals to exercise a degree of control over what we share, to develop “places of solitude…where we are free of the gaze of others,” and to manage boundaries that are essential for identity, self-esteem, and a personal sense that one is worthy of respect.[5]
Publication of private information, without consent, may be necessary in some cases (law enforcement as well as journalism), but to protect these privacy interests such cases should be limited and guided by consistent principles.
Toward Consistent Principles
Consistency of principle is often overlooked when stolen private information proves to be useful for political interests, and thus rationalizations ensue.[6] Leaks that embarrass political opponents are justified as “getting out the truth that people need to know,” whereas leaks that embarrass one’s own political interests are "politically motivated.”[7]
If one objected to the publication of unnecessary intimate details in the special prosecutor’s report of President Clinton’s testimony about his relationship with Monica Lewinsky (details many felt went beyond that needed to argue the legal issues),[8] one should equally object to publishing private records of President Trump's advisor Steve Bannon’s divorce proceedings (which, unless one values ad hominem arguments, is not information necessary to critique Bannon’s political influence and views).[9] And both cases also involve disclosure of personally sensitive information of private parties who, unlike President Clinton or Mr. Bannon, have not sought a public role.
Below, I attempt to articulate a principled position: publication of private information without consent or authorization is generally wrong. To determine if an exception exists, I apply a balancing test to see if privacy interests are low and public interest (that of the entire public, not just one agenda) is high.
Given the First Amendment, this principle is one that, generally, should be for the publisher to apply, as a component of journalistic ethics. In some cases, the First Amendment still affords room for non-consensual publication to be subject to legal sanction, e.g., “revenge porn.”[10] In other cases, though, ethical principles should limit non-consensual publication to cases where public interest is strong – meaning matters relating to official actions rather than personal matters – and where privacy interests are not significantly harmed.
In applying what is obviously a subjective test, publishers should also consider other factors. Such factors incluce sensitivity to when the media may be being “played” by those with interests in propaganda. Publishers should also recognize the court of public opinion is not the only court: some private information that is of public interest need not be made public to address official wrongdoing. It's fairly common, e.g., for private information that indicates wrongdoing to be turned over to qualified investigators or agency Inspectors General rather than published.
This type of balancing test is also common in policy areas. For example, because publication of secrets is such an emotional thrill, we can productively make an analogy to intoxicating drugs. The difference between “leaks” of government activity (where such leaks do not violate national security or espionage laws) and “revenge porn” is akin to the difference between alcohol and heroin.
Heroin is simply too harmful to tolerate for legalized use. While the consequences of alcohol misuse are dangerous, alcohol use in moderation is acceptable and may have salutary effects on social interaction. Moreover, it is so pervasive in society that efforts to prohibit its use produced evasion, duplicity and crime – making the cure worse than the disease.[11] For both alcohol and leaked “public” information, society can therefore regulate the behaviors that follow from misuse (e.g., drunken driving, or leaks of classified information), while recognizing that such behaviors do not inexorably follow from consumption.[12]
Alcohol, as Homer Simpson put it, is “the cause of, and solution to, life’s problems.”[13] Similarly, “leaks” have always been a feature of the landscape – a cause of, and solution to, political disputes.[14]
Separate from questions of publication, though, are questions of acqusition; in particuar acqusition through theft. Consistent principles should recognize unauthorized acquisition of private information is always wrong.[15] Invasion of privacy is a widely-recognized tort.[16] A variety of laws prohibit eavesdropping, including unauthorized interception of electronic communications (both in transit and in storage),[17] unauthorized access to computer systems,[18] and unauthorized transmission of classified information.[19]
“Thou shalt not steal” is a universal moral principle. It is among the Ten Commandments,[20] and the precepts of Buddhism (here, formulated as “I will not take what is not given”).[21] The Code of Hammurabi punished theft of temple or court property by death.[22]
It is in light of these concerns the United States recently imposed sanctions on Russian officials where evidence showed their involvement in unauthorized acquisition of stored email content via phishing.[23] Yet some commentators stated that, so long as the result of such cybercrime was to publish information useful to the public, the downsides of such hacking and data theft should be overlooked.[24] No. A thousand times no.
Unauthorized access to a private computer system, for purposes of public disclosure of private information, is a crime.[25] The accuracy or utility of the information stolen is not a defense. If what the commentator intends to say is “the public benefit of knowing what the stolen information reveals outweighs the public costs of the unauthorized access,” that that is untenable as well – at best that is a defense of publication, not of the theft.
Public interest concerns may well justify publication of ill-gotten private information, and legal protection for such publication is often precisely what the First Amendment envisions.[26] But the public interest rarely if ever justifies an underlying cybercrime, and otherwise protected publishers can be held liable if they are involved in an unauthorized acquisition.[27]
As such, publishers should give weight to whether information was obtained via unauthorized intrusion. Cybersecurity challenges are meaningful enough without additional incentives to steal information. Neither the Fourth Amendment nor the related exclusionary rule should apply to the press, but that is not to say that journalistic ethics cannot consider ways the media might reduce incentives to engage in cybercrime.[28]
Conclusion
I agree with interpretations of the First Amendment finding important protections for publication of private information without consent. And I concur that, as a matter of principle, the public interest can at times justify such publication. But too often the “public interest” defense is a post hoc rationalization rather than a justification.
WikiLeaks, for example, was condemned by conservative media when it published confidential US military information, and received accolades from ostensibly serious journalistic interests and the political left.[29] When the same organization published personal emails embarrassing to the Democratic Party, the polarity reversed.[30] This partisan approach yields a cramped view of the “public interest.”
Publishers should be more careful in defining the public interest. While publication should remain protected by the First Amendment, publishers must more frequently, and more rigorously, consider the costs to privacy and security. Separately, publication should be distinguished from unauthorized acquisition, and laws against unauthorized acquisition consistently enforced. Responsible disclosure concepts - private disclosure, initially, of data security vulnerabilities so they can be fixed - should apply not just to vulnerabilities that can lead to data theft, but to disclosure of stolen data itself.
Publishers should obviously themselves not be in the business of hacking and data theft itself, and should give weight to whether publication truly informs the public, to ways publishers might reduce incentives to engage in data theft, and to privacy harms that arise from non-consensual publication of private statements, particularly by non-public figures. An informed public is an important value. It's not the only ethical value that merits attention.
[1] https://www.nytimes.com/2017/01/13/opinion/sunday/the-real-problem-with-hypocrisy.html?
[2]Hillary Clinton’s maligned comment that a politician needs a “public” and a “private” position was taken to indicate she was not trustworthy in general, and that she was much more favorable to financial and banking interests in New York than she claimed. Whether those conclusions are justified or not, Secretary Clinton went on to explain that the idea for her remark came from Abraham Lincoln, who needed to keep his personal views on slavery distinct from his institutional position as Chief Executive. Lincoln’s approach, ostensibly hypocritical, was well-calculated to navigate a particularly difficult political environment. http://politi.co/2ehMJ5k
[3] https://www.wired.com/2016/10/want-know-julian-assanges-endgame-told-decade-ago/.
[4]See Julie Cohen, “What Privacy is For,” https://papers.ssrn.com/sol3/papers2.cfm?abstract_id=2175406 (“Privacy shelters dynamic, emergent subjectivity from the efforts of commercial and government actors to render individuals and communities fixed, transparent, and predictable. It protects the situated practices of boundary management through which self-definition and the capacity for self-reflection develop”). Relatedly, psychologists such as Jean Piaget have noted the importance of “private speech” – aka “self-talk” – in child development. Just as children develop in part by working through self-control or problem-solving out loud, so do all of us develop and grow in part by engaging in self-reflection and communications with private, trusted groups.
[5]Daniel Solove, “10 Reasons Why Privacy Matters,” at https://www.linkedin.com/pulse/20140113044954-2259773-10-reasons-why-privacy-matters
[6]See, e.g., http://www.nationalreview.com/article/441456/hillary-clinton-wikileaks-pay-play-revelations-justify-stolen-emails (arguing that a bad person (Assange) did a bad thing (publishing stolen emails) with a good outcome (details of Clinton Global Foundation activity revealed to the public).
[7]See, e.g., https://www.nytimes.com/2017/02/14/business/media/divided-media-on-michael-flynn-patriotic-leaks-or-political-espionage.html
[8]http://www.washingtonpost.com/wp-srv/politics/special/clinton/icreport/6narritii.htm
[9]https://theopporeport.com/2016/12/02/the-bannon-files-divorce-records-reveal-marital-discord-and-questionable-parenting/ (the publisher justified publication because of the power and influence he perceives Mr. Bannon holds. Yet other reports on Mr. Bannon and his marriage, including concerns about domestic violence, have cited court records, police reports, and public statements – and declined to name parties involved who were not public figures). http://politi.co/2bTgl65;
[10]See, e.g., Woodrow Hartzog, “How to Fight Revenge Porn,” http://stanford.io/2lbSUXH; see also “Tool Without a Handle: Privacy and Regulation – An Expanded Rationale,” http://stanford.io/2lRURwF (importance of remedy for non-consensual posting of private information).
[11]See, e.g., http://www.thedailybeast.com/articles/2014/08/16/iran-s-drinking-problem.html
[12]One can think of exceptions, of course, particularly in societies where media and Internet tools are heavily censored and/or controlled by the state. In such cases, better media literacy is far more challenging to create and the effects of propaganda can be more pernicious.
[13]“The Simpsons” clip at: https://www.youtube.com/watch?v=hUVwR0rw5fk
[14]While there is much in the recent news about leaks impacting the Trump Administration, leaks were an issue of concern for all modern Presidents; the Obama Administration also took steps to identify and punish leakers (including seeking identification of sources from journalists). See, e.g., http://thehill.com/video/administration/231753-obama-offensive-to-say-leaks-were-authorized-for-political-gain
[15]I.e., acquisition of information through subterfuge, cybercrime, or espionage.
[16]See Restatement of Torts (2nd), § 652, online at: https://cyber.harvard.edu/privacy/Privacy_R2d_Torts_Sections.htm
[17]18 USC Section 2701 et. seq.; Convention on Cybercrime, http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185. Prohibitions on theft of information can also be rooted in general principles against interference in sovereign affairs of other countries, e.g., UN Charter, Article 2. See generally Congressional Research Service, “Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping,” online at: /content/files/sgp/crs/intel/98-327.pdf; Mary Ellen O’Connell, “Cybersecurity and International Law,” http://bit.ly/2i0DEMM
[18]18 USC § 1030.
[19]For a good summary of applicable law see Susan Hennessey and Helen Klein Murillo, “The Law of Leaks,” online at: https://www.lawfareblog.com/law-leaks
[20]See Exodus 20:15. The concept is, in fact, noted twice in the Bible even prior to the issuance of the Ten Commandments to Moses (it’s noted to Adam (don’t take that fruit which is not yours) and to Noah as part of his covenant with God (these are elaborated further in the Talmud as the 7 Noachide laws). Thus the “Ten Commandments” can be fairly thought of as the “Ten Reminders of What I Have, In Fact, Already Told You Several Times.” So it goes with parenting…
[21]http://buddhism.about.com/od/theprecepts/a/The-Second-Precept.htm
[22]http://avalon.law.yale.edu/ancient/hamframe.asp
[23]https://www.whitehouse.gov/the-press-office/2016/12/29/fact-sheet-actions-response-russian-malicious-cyber-activity-and; see also https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity (joint analysis report from Department of Homeland Security and Director of National Intelligence providing a technical discussion of Russian cyber intrusions).
[24] http://www.newsmax.com/Newsfront/trent-franks-sanctions-leaks-obama/2016/12/29/id/766086/ ("The bottom line is…if Russia succeeded in giving the American people information that was accurate, then they merely did what the media should have done”).
[25]See n.18, supra. In addition, many US states and territories have laws specifically on phishing crimes. See http://www.ncsl.org/research/telecommunications-and-information-technology/state-phishing-laws.aspx. In addition to US criminal law, such conduct (if proven) is a violation of international law. See http://www.mjilonline.org/russian-hacking-and-the-u-s-election-against-international-law/
[26]See “First Amendment experts comment on legality of NYT release of Trump’s tax returns,” Concurring Opinions, http://bit.ly/2cWl34b. Notable Supreme Court opinions concur with that view. See, e.g., New York Times Company v. United States, 403 US 713 (1971), online at: https://www.oyez.org/cases/1970/1873; Bartnicki v. Vopper, 532 U.S. 514 (2001), online at; http://caselaw.findlaw.com/us-supreme-court/532/514.html
[27]See Concurring Opinions blog, n.26. (Martin Redish: “if The Times was actively involved in a criminal conspiracy to unlawfully acquire the records… I see no First Amendment bar to criminally punishing them for those acts”).
[28]For a first description of the exclusionary rule, see U.S. v. Nardone, 106 F.2d 41 (2nd Cir, 1939). As for the “public interest,” when a person’s private email account is hacked, the public value of the information obtained is not known at the time of the intrusion. Thus the “public interest” is of little defense to the crime of hacking the account, or to publishing the trove of private emails in its entirety. More likely, emails so acquired will be published selectively to further a partisan agenda. Hence, in the case of the hack of John Podesta’s emails, U.S. intelligence viewed the event with concern. /content/files/files/documents/ica_2017_01.pdf
[29]https://twitter.com/aliensinsocks/status/785710363488624640; https://www.journalism.co.uk/news/julian-assange-wins-martha-gellhorn-prize-for-journalism/s2/a544492/ ; https://cyberlaw.stanford.edu/blog/2011/01/why-us-shouldn%E2%80%99t-prosecute-assange%E2%80%93-uss-sake-not-his
[30]https://www.washingtonpost.com/politics/how-julian-assange-evolved-from-pariah-to-paragon/2017/01/04/2a3ea6e6-d2b8-11e6-9cb0-54ab630851e8_story.html; https://www.washingtonpost.com/news/the-fix/wp/2017/01/04/how-some-republicans-learned-to-stop-worrying-and-love-julian-assange/