WikiLeaks has been busy lately.
Shortly after the failed coup attempt in Turkey, the controversial transparency organization posted around 300,000 emails of Turkish Prime Minister Recep Erdogan. Then last Friday, Wikileaks posted nearly 20,000 emails and 8,000 attachments from high-level officials in the Democratic National Committee.
The latter, they proudly called part of their “Hillary Leaks series.”
In response to the so-called “Erdogan emails,” Turkey’s internet governance agency blocked all access to WikiLeaks throughout the country. Many Westerners saw the national block as yet another case of government censorship of the highest order.
After last Friday’s WikiLeaks DNC email dump, supporters of former presidential candidate Bernie Sanders angrily (and some would say rightly) pointed to the collusion amongst Democratic Party staffers that may have tilted the playing field against Sanders.
In both cases, WikiLeaks claims to be exposing widespread government corruption. And in both cases, in part at least, it’s safe to say they are. But leave no doubt; both leaks are irresponsible, unethical, and parallel many of the issues privacy pros deal with almost daily. There's a reason, as of the writing of this post, Facebook has blocked all links to the DNC data dump.
Professor and social critic Zeynep Tufekci points out that the “Erdogan email” leak exposed “massive databases of ordinary people, including a special database of almost all adult women in Turkey.” Indeed, the leak includes a spreadsheet of “what appears to be every female voter in 79 out of 81 provinces in Turkey,” she writes. This includes their home addresses and, in some cases, their cellphone numbers.
Tufekci continues: “Their addresses are out there for every stalker, ex-partner, disapproving relative, or random crazy to peruse as they wish.” This is also a country, she points out, in which hundreds of women are murdered and thousands go into hiding on an annual basis.
The “Erdogan emails” also contain sensitive data on AKP members (the ruling party in Turkey), including their full names, citizenship IDs, and cellphone numbers. This is significant because these are the same people who belong to a party that just faced a bloody coup; they could easily become future political targets.
In the U.S., the so-called DNC leak has already lead to the resignation of DNC Chairwoman Debbie Wasserman Schultz, long seen by Sanders supporters as a figure who prevented Sanders from getting the nomination over Hillary Clinton. It's also muddling up this week's DNC in Philadelphia.
Yet, like the Turkey email leak, WikiLeaks violated the privacy of countless innocent people in the process. The leak included 19,252 emails from some of the top brass of the Democratic Party. Some of those emails included personal information of donors, including credit card numbers, Social Security numbers, and even passport numbers. Plus, the leak needlessly exposed well-intentioned emails from politicians and professionals trying to do their job.
Just think about those professional emails you write to colleagues; you're not expecting the whole world will see them when you're writing them, right?
I understand that groups like WikiLeaks want to expose corruption and make corrupted official accountable, but does that good counteract the harm created by violating the privacy of thousands of other people — potentially exposing them to identity theft, embarrassment, or even physical harm? It doesn’t appear that WikiLeaks has taken this collateral damage into consideration.
Why couldn't they redact sensitive information about innocent people?
In fact, with a total lack of irony as a so-called free speech organization, they're going after Tufekci on Twitter and threatening the Huffington Post with formal action.
@zeynep Correct your baseless story and stop running flak for Erodogan or we will file a formal complaint with HuffintonPost & others.
— WikiLeaks (@wikileaks) July 25, 2016
The free press has traditionally been the institution to weigh such information flows and to work to do the most public good with the least possible harm. That’s in part why NSA leaker Edward Snowden went to journalists Glenn Greenwald and Laura Poitras instead of publishing the entire trove of information he took with him from the NSA. He knew that publishing such information would have huge implications, and he knew they would wield such data responsibly. The media sifted through much of what Snowden shared, bounced ideas off government officials, got an idea of what may do too much damage to national security, and so forth.
They weighed the ethical and moral outcomes of what they were reporting.
This is a tradeoff and an ethical consideration many privacy professionals see and grapple with on a daily basis. Whether we’re talking about creating expanded new personalized services for customers, A/B testing how end users interact with a social media feed, or sharing de-identified data with third parties or researchers. It's logical to argue there is an ethical foundation for the sharing of protected health information if it can help cure cancer, for example. We’re talking about saving people’s lives. But, even here, there should be privacy and security protections put in place.
On the other hand, companies rush to get a new product or service out, often at the peril of their users’ privacy. Just look at the Gmail access issue that came out of the "Pokemon Go" craze. Millions of users unwittingly gave Niantic Labs full access to their Gmail accounts for a period of time. Even large companies face pressure to change with the times and experiment with their users’ data. This is why companies need privacy pros. They need to help inform judgments that carry such moral and ethical weight. With technology further embedding itself into our daily lives, such judgements will carry huge benefits, huge risks, and huge implications for us all.
Clearly an organization such as WikiLeaks doesn’t employ privacy professionals. But their actions demonstrate the careful attention organizations need to make when disclosing data. Information is more powerful in the Digital Age than ever. Those who wield that power must do so with great care and responsibility.