The news media has been abuzz recently with stories about the hacker data theft from, Ashley Madison, a website, that focuses on personal ads for married people in search of partners for affairs. Hackers stole the membership list of the website, then threatened to publish the membership list if the owners didn’t shut down the website. When the owners refused to take down the site, the hackers then published the membership list on rouge server sites. Many of the news stories and blog posts regarding this theft and attempted extortion directed readers to the actual data so they could search the stolen data for member email addresses and other identifying information. This raised several questions for me regarding the legality and potential liability of the news media for their part in the dissemination of the stolen data.
Many of the Facebook and blog posts about the publication of the Ashley Madison data celebrate the hacking of the site, extortion of the company, and the publication of the membership list. The attitude is that members of the site are all dishonest cheaters who deserve to have their privacy invaded and to be held up to public scorn and ridicule. I think this analysis is simplistic at best and dangerous at its worst. Consider the possible outcome of a jealous husband, or wife, becoming enraged at the now public exposure of their spouse’s infidelity then resorts an “honor” killing of the other spouse. It’s not such an improbable outcome given the fact that, according to the New York State Office for the Prevention of Domestic Violence, 1/3 of all homicides of female victims are committed by the woman’s intimate partner.
Beyond the fact that disclosure of the data may create a physical danger, I believe that, when a journalist or blogger links to the stolen data, the journalist is then engaged in the act of trafficking in stolen property. The data that was stolen was the customer list of the corporation that owns the website. Customer lists have value to businesses, are considered trade secrets, and as such are considered company property.
In the State of Florida, as in most, if not all, states, it is a crime for a person to: “appropriate a trade secret to his or her own use or the use of another” and a trade secret includes in its definition a “list of customers” Fla. Stat. § 812.081. Additionally, it is also a crime for a person to traffic in stolen property. Trafficking in stolen property means to “sell, transfer, distribute, dispense, or otherwise dispose of property”.
Therefore, I believe a strong argument can be made that journalists, who link to the stolen data in their articles, knowing that their readers will then access the data, and who the journalist has often encouraged to search the data, have engaged in the trafficking of stolen property.
However, many times journalists rely upon leaks of confidential information as sources for their stories and that many of these stories are often of great national importance such as the pentagon papers, Watergate, and the recent Snowden disclosure of domestic spying. Historically, the Courts have protected the use of these materials in cases such as the New York Times vs. Sullivan in which the Court declined to prohibit the New York Times from publishing a story about the leaked pentagon papers disclosing confidential information about the war in Vietnam. However, I think there are important differences in those cases from the Ashley Morgan hack.
First, the disclosures involved in the prior cases all involved disclosure of information describing the content contained the documents. The cases did not involve the full publication of the papers. In NYT vs. Sullivan the story was the summation of thousands of pages of documents, but not the documents themselves. In other words, the focus of the reporting was the story contained within the documents, not the actual documents themselves.
Secondly, the disclosure, through the publishing of the link, of a customer list containing the names of otherwise unknown private citizens who, whether one approves or not, were engaged in perfectly lawful private behavior is tabloid journalism at it’s best. Is the data being disclosed to inform or is it simply titillating gossip? Is there an important first amendment right at issue here, or is this merely an invasion into the private lives of private people for no legitimate journalistic purpose? Does the public have a right or a need to know who may have accessed the website? Does applying the first amendment freedom of the press right in this case and other similar circumstances create a chill over the larger population’s exercising it’s right to free speech, right of association, privacy, and liberty rights?
The case for trafficking in stolen property by journalists in the Ashley Madison case revisits an unresolved issue in the recent case involving free-lance journalist Barrett Brown. Mr. Brown was recently sentenced to 63 months in federal prison following his arrest on charges or trafficking in stolen property after he posted a link to a stolen document in a chat room. Many saw the trafficking charge as an unconstitutional infringement upon the 1st Amendment right of free speech and a strong legal defense was planned. However, that charge never went to trial when Mr. Brown pled guilty to other charges such as threatening FBI agents and the government dropped the trafficking charge.
As of today, the legality of journalists sharing links to stolen data remains unresolved in the law. I believe that journalists have a protected right to comment on stolen data that is brought to them, they can describe the contents and speculate regarding the impact upon public policy or other matters of larger public concern. However, I don’t think the law protects a journalist who transfers the data itself to third parties. I think that it’s hard to argue that transfer of private data either directly or by way of an Internet link is a form of speech. However, I expect that the law will have to closely examine this issue and that we’ll see more of this in the future.