Opinion: Using Hacked or Leaked Information: To report or not to report, that is the question

Using information obtained through hacks or leaks to uncover stories is a contentious ethical issue in the journalism profession. Despite the fervour surrounding the prominent leaks of recent years — Edward Snowden, Chelsea Manning and Wikileaks — leaking is not a new phenomenon. The methods have changed and the role leaks play in the digital age of journalism is becoming increasingly important.

In their piece titled ‘The Ethics of Leaks’ journalist Jerry Ceppos and ethicist Kirk O. Hanson state that leaks serve an important public function — they add value to the news cycle and without it, the media would have a lot less to report on. They also draw the distinction between ‘Good Leaks’ and ‘Bad Leaks’.

A good leak “is the disclosure of information that expands public understanding of an issue of public interest — without harming anyone.” However, if the leak furthers the understanding of an issue of great enough public importance a leak can be considered ‘good’ even if it causes harm.

Conversely, a bad is leak is the disclosure of information that is not in the public interest and is usually done for nefarious reasons.

One of the major narratives of South African journalism in 2017 was the ‘Gupta Leaks’. An unprecedented event — the biggest data dump to date — in which approximately 200 000 emails from the Gupta family were leaked to journalists. The leak itself was newsworthy enough to sprout numerous stories and even more, articles were gleaned from the information within the cache of emails.

The ‘Gupta Leaks’ saga also called into question the ethics of the profession of as a whole, as the information that they were in possession of was stolen.

According to Paul Bradshaw, there are three major concerns raised when using hacked information. Namely: that the information was stolen (method), the motivation behind obtaining the information was tainted (source) and the information represents an invasion of privacy (effect).

As I mentioned before leaks and using hacked information are not a new occurrence. Bradshaw furthers this by arguing that there is, in fact, a precedent for it: Undercover reporting or obtaining information through misrepresentation. As Francois Nel puts it ‘this (lying) is an area where a pure deontological approach would cause ethical problems’. Using deceptive methods to gather information is generally frowned upon but if needs must, there is an ethical framework in place with which the journalist can justify their actions. The most important considerations to take at all times in this situation are whether it is in the public interest and there is no other way to obtain the information.

Hacking is obtaining information through misrepresentation as the hacker convinces the system that they are someone else in order to gain access to confidential information. The key difference between hacking and undercover reporting according to Bradshaw is that the decision to ‘go undercover’ is not made by the journalist.

The information detailed in documents through hacks were obtained illegally but accessing them is not. These were the sentiments of Anne Helen Peterson after the ‘Sony Leaks’, “Reporting on documents made available through the hack and excerpting from them are covered under both the First Amendment and Fair Use, which protects the reproduction of copyrighted content under the aegis of ‘enriching’ the general public.” Diana Dellamere of The Columbia Journalism Review takes a more cautious view of the handling and publication of information obtained illegally especially if the media organisation is the first to break the story, but the general consensus appears to be that once the information has entered the public sphere it is fair game for publication and those greatest at risk of facing court proceedings are media organisations who had prior knowledge or were directly involved somehow in the illegal procurement of information. Legally speaking, however, not publishing the story first doesn’t diminish liability.

Kelly Mc Bride, a media ethicist argues that “Once something is part of the public domain it’s futile and impractical for a journalist to argue that on principle, that material is off limits.” In my opinion, the South African precedent relevant here would be the case of Tshabalala-Msimang and Another v Makhanya and Others 2008 (3) BCLR 338 (W). The applicants, in this case, sought to stop the respondents (journalists) from further publishing or commenting on medical records (which were obtained illegally) and they also requested that all records and reference to them be removed from notebooks and personal computers.

The judge found that because of the first applicant’s (Minister of Health at the time) public standing she must suffer a limitation on her right to privacy as the implications of the information revealed in the illegally obtained records had a negative effect on her position and therefore were of public interest.

He also felt that he could not stop the journalists from further publishing and comment as the matter had already entered the public sphere and rejected the request that all traces of the medical records be wiped from personal computers and notebooks as the journalists may also have consulted confidential sources. However, he did order the respondents to return all the original records.

While this case may seem to be a win for media freedom in the country, the judge lamented the actions of the journalists and alluded to the fact that if the case had been on an issue of ethics he might have censured the journalists. As a result of their ‘unethical’ conduct, the respondents were ordered to pay the legal costs of the application.

Ultimately, the decision about how to handle hacked information comes down to the personal ethics of the individual journalist and the media organisation and the ethical balancing act they need to perform on a daily basis. The act of weighing the impact of revealing the information as a matter of public interest against the impact it will have on an individual or company. While also taking into consideration which decision/action has the potential to cause the most harm, reporting or not reporting.