TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | Ethics and the privacy harms of WikiLeaks Related reading: Privacy ethics: A method, not a destination

rss_feed
DPC18_Web_300x250-COPY

WikiLeaks has been busy lately.

Shortly after the failed coup attempt in Turkey, the controversial transparency organization posted around 300,000 emails of Turkish Prime Minister Recep Erdogan. Then last Friday, Wikileaks posted nearly 20,000 emails and 8,000 attachments from high-level officials in the Democratic National Committee.

The latter, they proudly called part of their “Hillary Leaks series.”

In response to the so-called “Erdogan emails,” Turkey’s internet governance agency blocked all access to WikiLeaks throughout the country. Many Westerners saw the national block as yet another case of government censorship of the highest order.

After last Friday’s WikiLeaks DNC email dump, supporters of former presidential candidate Bernie Sanders angrily (and some would say rightly) pointed to the collusion amongst Democratic Party staffers that may have tilted the playing field against Sanders. 

In both cases, WikiLeaks claims to be exposing widespread government corruption. And in both cases, in part at least, it’s safe to say they are. But leave no doubt; both leaks are irresponsible, unethical, and parallel many of the issues privacy pros deal with almost daily. There's a reason, as of the writing of this post, Facebook has blocked all links to the DNC data dump. 

Professor and social critic Zeynep Tufekci points out that the “Erdogan email” leak exposed “massive databases of ordinary people, including a special database of almost all adult women in Turkey.” Indeed, the leak includes a spreadsheet of “what appears to be every female voter in 79 out of 81 provinces in Turkey,” she writes. This includes their home addresses and, in some cases, their cellphone numbers.

Tufekci continues: “Their addresses are out there for every stalker, ex-partner, disapproving relative, or random crazy to peruse as they wish.” This is also a country, she points out, in which hundreds of women are murdered and thousands go into hiding on an annual basis.

The “Erdogan emails” also contain sensitive data on AKP members (the ruling party in Turkey), including their full names, citizenship IDs, and cellphone numbers. This is significant because these are the same people who belong to a party that just faced a bloody coup; they could easily become future political targets.

In the U.S., the so-called DNC leak has already lead to the resignation of DNC Chairwoman Debbie Wasserman Schultz, long seen by Sanders supporters as a figure who prevented Sanders from getting the nomination over Hillary Clinton. It's also muddling up this week's DNC in Philadelphia. 

Yet, like the Turkey email leak, WikiLeaks violated the privacy of countless innocent people in the process. The leak included 19,252 emails from some of the top brass of the Democratic Party. Some of those emails included personal information of donors, including credit card numbers, Social Security numbers, and even passport numbers. Plus, the leak needlessly exposed well-intentioned emails from politicians and professionals trying to do their job.

Just think about those professional emails you write to colleagues; you're not expecting the whole world will see them when you're writing them, right? 

I understand that groups like WikiLeaks want to expose corruption and make corrupted official accountable, but does that good counteract the harm created by violating the privacy of thousands of other people — potentially exposing them to identity theft, embarrassment, or even physical harm? It doesn’t appear that WikiLeaks has taken this collateral damage into consideration.

Why couldn't they redact sensitive information about innocent people?

In fact, with a total lack of irony as a so-called free speech organization, they're going after Tufekci on Twitter and threatening the Huffington Post with formal action. 

The free press has traditionally been the institution to weigh such information flows and to work to do the most public good with the least possible harm. That’s in part why NSA leaker Edward Snowden went to journalists Glenn Greenwald and Laura Poitras instead of publishing the entire trove of information he took with him from the NSA. He knew that publishing such information would have huge implications, and he knew they would wield such data responsibly. The media sifted through much of what Snowden shared, bounced ideas off government officials, got an idea of what may do too much damage to national security, and so forth.

They weighed the ethical and moral outcomes of what they were reporting.

This is a tradeoff and an ethical consideration many privacy professionals see and grapple with on a daily basis. Whether we’re talking about creating expanded new personalized services for customers, A/B testing how end users interact with a social media feed, or sharing de-identified data with third parties or researchers. It's logical to argue there is an ethical foundation for the sharing of protected health information if it can help cure cancer, for example. We’re talking about saving people’s lives. But, even here, there should be privacy and security protections put in place.

On the other hand, companies rush to get a new product or service out, often at the peril of their users’ privacy. Just look at the Gmail access issue that came out of the "Pokemon Go" craze. Millions of users unwittingly gave Niantic Labs full access to their Gmail accounts for a period of time. Even large companies face pressure to change with the times and experiment with their users’ data. This is why companies need privacy pros. They need to help inform judgments that carry such moral and ethical weight. With technology further embedding itself into our daily lives, such judgements will carry huge benefits, huge risks, and huge implications for us all. 

Clearly an organization such as WikiLeaks doesn’t employ privacy professionals. But their actions demonstrate the careful attention organizations need to make when disclosing data. Information is more powerful in the Digital Age than ever. Those who wield that power must do so with great care and responsibility. 

4 Comments

If you want to comment on this post, you need to login.

  • comment Sheila Dean • Jul 26, 2016
    Privacy is currently mired or fatigued by ethical relativism amid the wheel works of 3 different interests: hacker ethics, business ethics and political ethics. None of which are consistent enough for ethical purists.
    
    That being said, maintain your true north. We all need a good example of what an ethics frame of privacy action should be going forward. See Cisco: http://www.cisco.com/assets/csr/pdf/CSR_Report_2015.pdf#page=11
  • comment Richard Keorkunian-Rivers • Jul 28, 2016
    I'm having a very hard time following the logic of this article. Wikileaks erred by NOT redacting their leaks? To do so would have required a completely arbitrary decision about what information implied wrongdoing and what information didn't. They would be making that decision on behalf of the public. Instead, they let the public decide who is at fault by publishing absolutely everything they had. Should the public have access to all this information? That's a separate question, and very intimately tied with whether you also believe the government in either case did something wrong. Sentence 9 of this article acknowledges that government corruption was afoot in both cases. Yet somehow there was a better (yet unidentified) venue for deciding who was committing the corruption. Pray tell, Bracy, what venue is that? The courts? Last time I checked that's still part of the same government.
    
    You so badly want to be a naysayer about what Wikileaks is doing, but you absolutely cannot recommend a more prudent course of action to save your life.
  • comment Jedidiah Bracy • Jul 28, 2016
    Hi Sheila, thanks for the link. I think you make an interesting point about ethical relativism - we're definitely in new territory here. Since privacy is so protean and means different things to different people and organizations, it's not surprising there are varying or competing interests. We must keep the conversation going and not succumb to fatigue. Great to see Cisco is on it.
  • comment Jedidiah Bracy • Jul 28, 2016
    Richard, thanks for sharing your thoughts, but I'm not sure I follow your logic. You wouldn't mind having your Social Security and credit card numbers leaked and accessible to the world because WikiLeaks made an arbitrary decision to leak an entire trove of data without any consideration of the collateral damage it could cause to innocent people? I think you're confusing the point of my article with politics. I'm talking about personal privacy, and how easy it is to disclose people's personal information in the digital world. This is not about U.S. or Turkish politics, or even the politics of WikiLeaks, it's about organizations - including media - being mindful of the data they decide to disclose.