Datagate

Day 2 of the Coleman unsecured data controversy.

This afternoon, wikileaks, the whistleblower site that posted portions of the private data it downloaded from Norm Coleman’s campaign Web site responded to some of the fallout from the release.

The highlights (I can’t link to the page on which it’s contained because the link is also on that page for the leaked data and I don’t believe people’s private information should be accessed.):

>> We don’t just talk about neutrality–we practice it. Many of you have asked whether we would publish similar material from the Democrats. The answer is yes. All documents that fit our simple, transparent guidelines are released to the public. We are non-partisan and have published many documents considered to be supportive of Republican interests that have become major news items.

>> Coleman released full credit details, but Wikileaks did not.

Although the Coleman database contains full credit card numbers, security numbers and all personal necessary details needed to make a transaction. Wikileaks did not release these. Wikileaks released the last 4 digits and the security numbers only, and then only after notifying those concerned:

>> A number of people tried to raise the issue back in January, without releasing any information at all. There was no response from the Coleman Campaign and the material had been “floating around” the Internet for at least six weeks.

>>We would have liked donors to have had several days to digest the findings in private, but Senator Coleman decided to publicly “spin” the issue, forcing us to respond.

>>The database was made public by the Coleman Campaign.

>> There was no “hack”.

Meanwhile, the Coleman campaign is waging its own campaign, setting up a page of allegations about the release of the data.

  • MR

    From the Coleman FAQ:

    “[The Secret Service] conducted an initial forensics review of our server and concluded that there was no evidence that any private or confidential information had been downloaded.”

    I would like to know how they knew this, especially if the data was as wide open as Adria Richards said.

    I also feel like the Coleman campaign never sufficiently answered the questions about the (possibly) faked website crash that this data breach is related to.

    It seems like they’re spending all of their time trying to portray themselves as a victim where it looks like this problem was mostly attributable to incompetence.

  • Tonya

    “It seems like they’re spending all of their time trying to portray themselves as a victim where it looks like this problem was mostly attributable to incompetence.”

    Welcome to politics.

  • http://ravenscroftdogfarm.blogspot.com/ OctaneBoy

    I won’t defend the the Coleman campaign’s data security practices, but there’s another side here; try this analogy: Someone has hopped into a running car that was not their own and driven off. Sure, leaving the car running was unwise (and illegal in Mpls) but why is the car thief coming off as the hero and the car owner as the bad guy?

    At what point is aiding credit fraud a crime vs. some noble act?

  • MR

    I’m just frustrated that the Coleman campaign is getting so much time saying “We were hacked! We were hacked!” And they’re not being challenged very much.

    Though David Brauer of Minnpost pointed out in the Daily Glean today:

    Enjoy two newspapers while you have them: Slightly different framing on the donor story. PiPress: “Former Sen. Norm Coleman’s campaign didn’t do enough to protect donors’ confidential information…” Strib: “Coleman, who said campaign officials found out about the hacking late Tuesday …”

    Maybe I’m just not seeing or hearing the right media coverage.

  • Ryan Melena

    // I won’t defend the the Coleman campaign’s data security practices, but there’s another side here; try this analogy: Someone has hopped into a running car that was not their own and driven off. Sure, leaving the car running was unwise (and illegal in Mpls) but why is the car thief coming off as the hero and the car owner as the bad guy?

    At what point is aiding credit fraud a crime vs. some noble act?

    I don’t know who is who in your analogy. Wikileaks did not aid credit fraud. If anything, they helped prevent it. The Coleman campaign was apparently not willing to own up to their security flaw and because of that their donors’ were kept in the dark as to the possible theft of their CC info. Wikileaks publishing the filtered data (no usable credit card details) brought the issue to the attention of everyone including the affected donors. Now those donors have the knowledge they need to protect themselves.

  • bsimon

    “At what point is aiding credit fraud a crime vs. some noble act?”

    Wikileaks says they did not, to use your analogy, drive the car off. What they did do was publicize the transgression. For instance, to extend the metaphor, they went inside and announced over the PA that some moron had left their car running & unlocked in the parking lot.

    If someone drives the car off, did they aid in the theft?

    If the data was exposed for 6 weeks & the coleman campaign did nothing to correct their mistake, was it responsible or irresponsible for wikileaks to proactively notify the people who’s data was sitting unprotected for all that time?

  • Ryan Melena

    // I can’t link to the page on which it’s contained because the link is also on that page for the leaked data and I don’t believe people’s private information should be accessed.

    This seems rather ridiculous to me. The information is out there, how does you linking to (or not linking to) it change that? Also, where do you draw the line? Can you link to a page with a link to a page with a link to the data? You already told people it was on Wikileaks, how much protection are you offering by making people google it rather than linking directly?

    I don’t mean to be insulting but the no linking policy seems to be a rather arbitrary means of protecting an equally arbitrary ideological viewpoint.

  • Bob Collins

    Right, I recognize I’m not going to stop anyone from getting the data.

    //The information is out there

    This is a great question that tests uncharted ethical territory. I think online journos have this debate all the time. Should I provide a link to the KKK if there’s a story about them? Should I provide a link to the beheading of Danny Pearl? How far and how deep to link? It’s a great question.

    I don’t pretend that my not linking to it is preventing people from getting the data; I think most people who come here pretty much have been to minnpost or mnindy or any of the usual sites that provided direct links. I just to be a direct conduit to the data.

    By the way, I also notice now that wikileaks didn’t stop at just posting the data. They’re not flat out using it and searching it and running “stories” about who the donors are and where they came from etc. So really this is no longer about the right to privacy — if it ever really was.

    //protecting an equally arbitrary ideological viewpoint.

    In my case, the arbitrary ideological viewpoint is the Society of Professional Journalists Code of Ethics. They work for me. They don’t HAVE to work for you. But they work for me.

    (Piggybacking)

    //responsible or irresponsible for wikileaks to proactively notify the people who’s data was sitting unprotected for all that tim

    This is a claim I’d like to hear more about. They claim they notified the people. ALL the people? Or just the people with e-mail addresses?

    The other claim I’ve seen is that ANYBODY could’ve done the original search that uncovered the problem.

    That may well be true but I notice in the videos and various Web sites explaining HOW this was accomplished, there is a lot of explaining about what this term means, how that works, why this screen appears etc. Why — if anybody could’ve done it — would any explanation like that be necessary?

  • Bob Collins

    //but why is the car thief coming off as the hero and the car owner as the bad guy?

    I think the assertion is incorrect, mostly because I think we’re trying too many metaphors.

    Coleman’s handling of other people’s most personal data was shameful. And he did appear to be saving data that state law says he can’t save.

    Now we can quibble — as we have — over whether anyone should have found out about that, but they did find out about that and questions about the methods used shouldn’t change that fact.

    Neither, as I’ve written elsewhere, should that fact take away from questions about whether there were ethical lapses on the part of those illuminating not the EXISTENCE of the data, but the DATA itself.

  • Ryan Melena

    // In my case, the arbitrary ideological viewpoint is the Society of Professional Journalists Code of Ethics. They work for me. They don’t HAVE to work for you. But they work for me.

    Just from the bit you posted in your last blog article on the subject I’m not so sure what wikileaks violated the SPJCE.

    You wrote:

    One of the Society of Professional Journalists’ Code of Ethics is to “minimize harm,” although it adds, “Only an overriding public need can justify intrusion into anyone’s privacy.” By providing links to the spreadsheet in question, have journalists overstepped their own code? Absolutely.

    I still don’t think it is clear that posting the already publicly accessible (if somewhat obscure) data in the filtered form they did really harmed anyone on the list. I also don’t know that I would consider it a significant intrusion into anyone’s privacy. The data that was posted was for the most part data that would be available via other sources. It didn’t contain things like: social security numbers, sexual orientation, medical records, etc. Those are things I would consider truly private. I’m not arguing that there was no loss of privacy but that perhaps the loss of privacy was reasonable considering the public good. Especially if one takes the publishing of the list as the key to breaking open the story and pushing back against the false statements being made by the Coleman campaign. One man’s gross invasion of privacy may be another man’s mild annoyance.

    For some reason I am reminded of the Larry Craig scandal which certainly invaded the Senator’s privacy but also gave the public valuable insight on a public figure. The obvious difference is that in this case 3rd parties are shouldering the privacy loss but the SPJCE passage you quoted doesn’t seem to differentiate. It would seem to me a more nuanced rule is necessary.

    // That may well be true but I notice in the videos and various Web sites explaining HOW this was accomplished, there is a lot of explaining about what this term means, how that works, why this screen appears etc. Why — if anybody could’ve done it — would any explanation like that be necessary?

    As a computer engineer and web developer I assure that, if the reports of how this was done are to be believed, it really was trivially easy. The reason it requires significant explanation is more to do with the fact that most people have literally no idea at all how the internet works. Keep in mind also that it only takes one devious person to download the data and widely distribute it. Obscurity on the internet is not, in fact, security.

  • Ryan Melena

    // Neither, as I’ve written elsewhere, should that fact take away from questions about whether there were ethical lapses on the part of those illuminating not the EXISTENCE of the data, but the DATA itself.

    I think that is the crux of the issue and the really interesting bit here. I don’t claim to know exactly how everything played out but I believe it has been suggested that the Coleman campaign, despite finding out about this issue, continued to try to cover it up. (They certainly seem to be doing that now). This seems to me like a bit of a he-said/she-said situation so long as those illuminating the existence refuse to actually release the data. Now, I suppose the original party could have sent the document to some government organization (that the Coleman campaign presumably couldn’t call liars) rather than Wikileaks. That would end the he-said/she-said dispute but they would be opening themselves up to a firestorm of criticism, possible legal issues, and even retribution.

  • Bob Collins

    //Just from the bit you posted in your last blog article on the subject I’m not so sure what wikileaks violated the SPJCE.

    I don’t think it did either. I think the journalist site who deep linked to either the spreadsheet or the jump page for the spreadsheet did.

    //I still don’t think it is clear that posting the already publicly accessible (if somewhat obscure) data in the filtered form they did really harmed anyone on the list.

    I’d be interested in finding out whether there were conversations about that ahead of time. I’d also be interested in what the wikileaks people heard back from the people when they contacted them.

    // I also don’t know that I would consider it a significant intrusion into anyone’s privacy. The data that was posted was for the most part data that would be available via other sources.

    But would it be considered “sensitive” data worthy of protection. Clearly the law singles out the security codes. So does it lose its sensitivity as its passed from web site? That’s a good question for privacy and data experts, I think.

    //It didn’t contain things like: social security numbers, sexual orientation, medical records, etc.

    Right, but it did contain the specific piece of information that those leaking the information explicitly point out that the Coleman camp had no business possessing AND possessed in violation of the state law that they accuse the campaign of violating. If their point is Coleman should not have collected and possessed that data, then how does possessing that same data once it’s downloaded — and it had to be downloaded — not also violate that provision?

    I’m not a privacy lawyer so I can ‘t answer that question.

    //perhaps the loss of privacy was reasonable considering the public good.

    The public good is defined in the accompanying manifesto as highlighting the political disagreement with Norm Coleman. So theoretically, almost any action taken by anybody in the course of a campaign would be considered “in the public good.”

    If the sanctity of data and the privacy of the individuals had been mentioned as a primary reason for the distribution of the data, then I think there’s a better argument to be made.

    A final reason in the manifesto was “the people have a right to know.” I’m not familiar with any journalist — or at least any decent journalist — who would make an argument that the people have a right to know my security code number of my credit card.

    // Especially if one takes the publishing of the list as the key to breaking open the story and pushing back against the false statements being made by the Coleman campaign. One man’s gross invasion of privacy may be another man’s mild annoyance.

    The assertion that this HAD to be done to bring Coleman to justice is undercut by the fact one of the gentlemen who helped obtain the data didn’t file his letter of complaint with the attorney general until yesterday.

    //For some reason I am reminded of the Larry Craig scandal which certainly invaded the Senator’s privacy but also gave the public valuable insight on a public figure.

    But the other people who were in the bathroom and not partaking in Sen. Craig’s illegal behavior were not identified and pulled before the cameras. Nobody ever made a claim that their would-be victimization — however severe — was a reasonable price to pay. as you correctly point out.

    //It would seem to me a more nuanced rule is necessary.

    Hold oneself to the same standards that you hold others too. Disseminating information that you are criticizing someone for also possessing would seem to be counter to that canon, in my opinion.

    //As a computer engineer and web developer I assure that, if the reports of how this was done are to be believed, it really was trivially easy. The reason it requires significant explanation is more to do with the fact that most people have literally no idea at all how the internet works.

    So if most people have literally no idea at all how the Internet works — and I agree with that — how could it be claimed that “anyone could’ve obtained the information?”

    It sounds like the claim the anti-Coleman people are making is actually that anybody could have done it, with the right amount of explanation and coaching.

    If the data ended up “all over the Internet” (there’s no proof of that claim that I’ve seen, by the way), and yet only one person claims to have discovered the problem in the first place, then isn’t it pretty clear HOW it ended up all over the Internet?

  • Bob Collins

    //Now, I suppose the original party could have sent the document to some government organization (that the Coleman campaign presumably couldn’t call liars) rather than Wikileaks. That would end the he-said/she-said dispute but they would be opening themselves up to a firestorm of criticism, possible legal issues, and even retribution.

    The people who justify the release cite the allegation that Coleman broke the law. In fact, every one of the people involved in the initial discovery of the problem has put the links to the statute on their Web site.

    And yet, there’s no record that any of them contacted anyone in authority of upholding that law. They went to Twitter.

    That’s why I think their claim that the data had to be released as a last resort is not supported by the evidence.

  • Ryan Melena

    // A final reason in the manifesto was “the people have a right to know.” I’m not familiar with any journalist — or at least any decent journalist — who would make an argument that the people have a right to know my security code number of my credit card.

    I think the issue of the security code is interesting. In my mind, it is a piece of data that is only valuable so long as it is kept secret. I’d argue that the moment the data was available to the public its value (to the victim) was lost. In other words, if my CCV has been exposed to some unknown audience in any way (big or small) you better believe I’d want to cancel my card.

    // Hold oneself to the same standards that you hold others too. Disseminating information that you are criticizing someone for also possessing would seem to be counter to that canon, in my opinion.

    In addition to my argument above about CCV numbers I think you still have to take into account that Wikileaks only posted the Last 4 digits of the CC#s. Lets be clear about this, Wikileaks did not make public any data that could be used (in and of itself) for CC fraud while the Coleman campaign most certainly did.

    // The assertion that this HAD to be done to bring Coleman to justice is undercut by the fact one of the gentlemen who helped obtain the data didn’t file his letter of complaint with the attorney general until yesterday.

    also…

    // The people who justify the release cite the allegation that Coleman broke the law. In fact, every one of the people involved in the initial discovery of the problem has put the links to the statute on their Web site.

    And yet, there’s no record that any of them contacted anyone in authority of upholding that law. They went to Twitter.

    I won’t argue that this HAD to be done to bring Coleman to justice. But it may have been one of the only reasonable ways for someone to do it anonymously. With the rhetoric flying from the Coleman campaign about “hackers” and lawsuits I could imagine being wary about contacting the authorities. I’m not saying it was the best way to handle the situation, only that I think we should try to look at things from the perspective of a would-be exposer.

    // So if most people have literally no idea at all how the Internet works — and I agree with that — how could it be claimed that “anyone could’ve obtained the information?”

    The same way that most people have no idea how electricity works but they can still turn on a light. Basically, all this took was browsing to the correct URL in your web browser. I agree that to find that URL for yourself you’d have to have a modicum of understanding about the internet (which again most people don’t). However, once the URL was discovered it could be sent to anyone just like any other web link and all they’d have to do is just click on it.

    // If the data ended up “all over the Internet” (there’s no proof of that claim that I’ve seen, by the way), and yet only one person claims to have discovered the problem in the first place, then isn’t it pretty clear HOW it ended up all over the Internet?

    This is not clear at all. There is a large motivation for anyone who found this to keep it secret. CC#s (especially with CCV and accompanying personal data) are a valuable commodity. A commodity that can be sold, distributed, and traded in the darker corners of the internet. Not everyone online is quite so honest as Adria Richards. The reality is that you have to assume that if Adria stumbled onto the data that others likely did too.

  • http://butyoureagirl.com/2009/01/28/did-norm-coleman-fake-his-own-website-death/ Adria Richards

    Folks,

    I knew this was big so being the techie that I am, I started taking screenshots with my favorite tool, Snagit.

    I did Twitter yesterday to @barackobama that it would help if there was a hotline number like 1-800-911-DATA people could call if they discovered security breaches or personal information on the internet.

    If you haven’t seen these YouTube videos I made, check them out:

    “How I Found Norm Coleman’s Website Database in 2 Minutes”

    Hey Bob, I’ve Got Something For You…Re: Norm Coleman Database

    Thanks,

    Adria Richards

    Organic Technology Consultant

    ———————————————-

    Phone Number: 612-246-4568

    Visit the website http://adennetworks.com

    Visit the blog: http://butyoureagirl.com

  • Paul

    I think these attempts to characterize Wikileaks conduct as some kind of crime, with or without metaphor are dead ends. The only crime that appears to have been committed is the Coleman campaigns collection, storing, and handling of the data.

    According to Wikileaks:

    “>> A number of people tried to raise the issue back in January, without releasing any information at all. There was no response from the Coleman Campaign”

    If this is correct, it means that six weeks after the Coleman Campaign had been made aware of the issue, this data was STILL totally accessible on their website. No one but the Coleman Campaign is culpable for any crime committed by someone accessing this data.

    Wikileaks claims they contacted the donors, Bob asks”

    “This is a claim I’d like to hear more about. They claim they notified the people. ALL the people? Or just the people with e-mail addresses?”

    From what I gather, they could not have contacted all of the donors because they didn’t have e-mail addresses for all of them. This is why it was incumbent on Coleman to make a public announcement, that was the only way to resolve this and alert the donors to the danger they may be in. Coleman had six weeks to make such an announcement, and he didn’t, and there’s no indication that he intended to. The mainstream media was ignoring the story, it wasn’t news until Coleman made it news.

    This brings us to the issue as to whether or not leakers did something unethical by leaking. Bob keeps pointing to the manifesto and the possible failure to report this to law enforcement before leaking it, as an indication of less than pure motives. As far the manifesto is concerned, I say I don’t care, if I’m on that donor list and Coleman is making my cc info publicly available I want to know about it. The election is over, we’ve all voted, I can’t change my vote now because Coleman’s mishandling my financial information. I need to know I’ve been exposed so I can do something. What difference do the motives of the leaker make? Who’s besides Bob is even reading the manifesto anyways?

    Why not go to the Police? For all we know someone did. We know that a month ago the FBI was looking into something over there, someone must have reported something. Would the FBI make a public announcement warning donors? We know they didn’t. Coleman is having a lot of legal problems right now, he’s got one FBI investigation into campaign donations, a lawsuit regarding donations, the election trial, and on top of that he’s gonna announce and investigation into his handling of donor’s financial data? The FBI claims it investigated and found that no one had downloaded the data. So here you have this data sitting there, the Coleman Campaign is ignoring the problem, the FBI has looked at it and decided there’s no problem, and at the time no one made any public announcement. It looks to me like Coleman was covering this up AND failing to protect the data which left the donors exposed to theft.

    No matter how you look at this it comes back to Coleman. Why put a link to the actual data? Well without that link, would this have been news? Really, if all we had here was a redacted spreadsheet on Wikileaks would this have gotten the attention it has? Without the link, what happens if Coleman ignores the story, or simply denies the data is there? What if Coleman continues to leave the data up there? What if the mainstream media continues to ignore the story?

    Regardless of the manifesto, I think one can make a good argument that the path taken by Wiki delivered the shortest sharpest resolution.

  • Ryan Melena

    Great post Paul.

    I agree that too much emphasis seems to be being put on the manifesto and what it says about the motives of the individual or group that submitted the data to Wikileaks.

    It seems to me that questions about the ethics of downloading, sending, publicizing, publishing, and linking to the data can (and probably should) be addressed without worrying about the motives involved.

    And just to inject a little humor into the discussion I think this quote from Joe Rogan’s character on News Radio is appropriate: “Dude, you can’t take something off the Internet… that’s like trying to take pee out of a swimming pool.”

  • Bob Collins

    //No one but the Coleman Campaign is culpable for any crime committed by someone accessing this data.

    I’d love to hear a legal expert weigh in on this. State law defines a data breach as “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. Good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business is not a breach of the security system, provided that the personal information is not used or subject to further unauthorized disclosure.”

    The question becomes whether being able to find data on the Internet and then downloading constitutes authorization merely because it was easy to acquire it.

    I don’t know the answer to that. I know a lot of people who aren’t lawyers are claiming expertise on this sort of thing, but I’ve yet to see this particular question answered. Are there any lawyers in the house?

    // Bob keeps pointing to the manifesto and the possible failure to report this to law enforcement before leaking it, as an indication of less than pure motives.

    Wrong. I’m looking at the manifesto as a DECLARATION of the motives. Because that’s what it is. It says that’s what it is.

    //Well without that link, would this have been news?

    I keep hearing this justification either. But whether it would have or wouldn’t have been news (and how do you define news? It had already been reported, just not to the satisfaction of certain people) really doesn’t have anything to do with either the legality of the process nor the ethics of the process.

    We’ve come full circle here. The point of those releasing the actual data is that people’s privacy had to be sacrificed to maintain people’s privacy. Obviously, I disagree.

  • Ryan Melena

    // The question becomes whether being able to find data on the Internet and then downloading constitutes authorization merely because it was easy to acquire it.

    I agree this is an interesting legal question and I think it would have to take into account the amount of protection applied to said data. One could make the case that this data was protected via obscurity but I think that would be an extremely difficult sell to a technically informed audience.

    Perhaps MPR could devote some time to this topic with a legal expert?

    // Wrong. I’m looking at the manifesto as a DECLARATION of the motives. Because that’s what it is. It says that’s what it is.

    Why aren’t you addressing the real argument that the motivation really doesn’t matter?

    // We’ve come full circle here. The point of those releasing the actual data is that people’s privacy had to be sacrificed to maintain people’s privacy. Obviously, I disagree.

    It is easy to take a black and white view on this but I haven’t seen you address Paul’s points about the Coleman campaign being informed 6 weeks ago, the FBI’s investigation which didn’t result in any action, the lack of press coverage, and the continued failure to admit wrong-doing or alert the victims.

    I can’t tell if you are arguing that, no matter what the circumstances, there could not have been justification for releasing (even a subset of) the data or just that more avenues should have been exhausted first.

    Here is a quick hypothetical that I’m curious how you’d handle: You come into possession of a transcript of an illegal government wiretap. The wiretapee is some innocent 3rd party. You announce that you have this damning evidence but the government officials involved deny it, call you a liar, and/or threaten you with legal action. If you release the document in order to prove your claims you will be publicizing the victims personal phone conversation. What is your next move? Would you ever publicize the document even as a last resort?

  • Paul

    “State law defines a data breach …”

    What state law is that?

  • Paul

    Bob says:

    “I keep hearing this justification either. But whether it would have or wouldn’t have been news (and how do you define news? It had already been reported, just not to the satisfaction of certain people) really doesn’t have anything to do with either the legality of the process nor the ethics of the process.

    We’ve come full circle here. The point of those releasing the actual data is that people’s privacy had to be sacrificed to maintain people’s privacy. Obviously, I disagree.”

    I guess the point, or one of the points is that maybe legality and ethics don’t come into play at all. I guess I haven’t actually seen the case made that there is a compelling legal or ethical issue here. Are you saying journalist should never violate any ones privacy?

    Obviously Bob is not comfortable with the way Wikileaks does things, but just because they function outside of his comfort level doesn’t mean they’re doing anything illegal or unethical. Maybe this is just a case of someone taking the story more seriously than Bob would, and pursuing it to lengths he would not go. Does that mean they’re being unethical? One can just as easily make the case that failing to pursue this story to the point where Coleman had to issue a statement would be an ethical lapse, possibly resulting financial fraud against innocent donors. It all depends on how you define the roles of the press.

  • Bob Collins

    //I guess the point, or one of the points is that maybe legality and ethics don’t come into play at all. I guess I haven’t actually seen the case made that there is a compelling legal or ethical issue here. Are you saying journalist should never violate any ones privacy?

    I think I’ve been pretty clear on that. If you go back to the original post on that, in fact, you’ll note that the title of it is “in the public interest,” which alludes specifically to the SPJ Code of Ethics, the link to which I provided in the hope that people would read it.

    I understand that many of the people involved here do not subscribe to the SPJ Code of Ethics but the original post wasn’t so much about them as about the role of journalists and people who want to be considered journalists.

    //is not comfortable with the way Wikileaks does things, but just because they function outside of his comfort level doesn’t mean they’re doing anything illegal or unethical.

    You know, when I read your comments Paul I always get the impression you’re speaking to everyone else BUT me, which makes it hard to have an actual conversation.

    If you go back and read the original post and all of my comments since, the role of wikileaks is not the subject at hand. How wikileaks functions is entirely up to wikileaks. The ethical questions I’ve posed concern journalists and people who want to be considered journalists.

    I have also questioned the handling of the data by the people who discovered and then disseminated it. I think once someone (a) wants news coverage of something and (b) says one of their motives is the sanctity of people’s private data, they invite that inspection.

    At least in the reaction to it, they and Coleman team are reading from the same playbook. It’s the “how dare you question US, just look at THEM” strategy and for the most it works. That’s unfortunate.

    //It all depends on how you define the roles of the press.

    Right, but for the fact that I’m not the one defining the role and responsibility of the press, the Society of Professional Journalists is.

    That all of this comes in a week in which many of the people criticizing even DISCUSSING this are the very same people who are demanding access to the Capitol because they’re journalists, too, confuses me. I don’t understand how you can claim to be a journalist and then say that there’s no role in the actions of journalists that should be viewed from an ethical perspective.

    Similarly, I don’t really understand why two things cannot be discussed at once. That we cannot discuss both the ethical role of the release of the data AND the incompetence of the Coleman team to lock down their data. I don’t really see why people are saying we can discuss one but not the other.

  • Paul

    Bob says:

    “… If you go back to the original post on … which alludes specifically to the SPJ Code of Ethics,”

    “… the original post wasn’t so much about them as about the role of journalists and people who want to be considered journalists.”

    “… the role of wikileaks is not the subject at hand. How wikileaks functions is entirely up to wikileaks. The ethical questions I’ve posed concern journalists and people who want to be considered journalists.”

    I think it’s pretty clear that you were trying to critique Wikileak in light of the SPJ code, Your complaint appeared to be that if Wikileaks is going to pretend it’s functioning like journalist they should adopt a code of ethics, the only code you mention is SPJ code. If I misread this OK, but then who are are these people who want to be journalists you allude to if not Wikileak?

    As to the SPJ code itself, I read it, and I repeat, I don’t see the ethical issue here, the standard is to minimize harm, not do no harm. One can argue that by publicizing the issue the way they did and forcing the Coleman Campaign to finally issue a public statement, and pull the data offline, Wiki did minimize harm.

    “You know, when I read your comments Paul I always get the impression you’re speaking to everyone else BUT me,…”

    I frequently don’t who I’m talking to either.

    “… I’m not the one defining the role and responsibility of the press, the Society of Professional Journalists is.”

    SPJ is one definition, not the only definition, and your the only one using SPJ as a reference.

    “…all of this comes in a week in which many of the people criticizing even DISCUSSING this are the very same people …’

    And these people are Wikileaks right? You appear to be denying this in your statements above.

    “…who are demanding access to the Capitol because they’re journalists, …I don’t understand how you can claim to be a journalist and then say that there’s no role in the actions of journalists that should be viewed from an ethical perspective.”

    No ones made such a claim, what’s happening here is some other journalists have an ethical perspective different from yours, that doesn’t mean they have no ethical perspective at all. And before you claim they’ve violated SPJ standards, I remind you that you haven’t actually made that case, show me which standard they’ve violated, or at least which standard you think is in play here. Of course any journalists that does violate SPJ standards can always claim that those standards don’t apply, they are voluntary after all, you don’t have to accept them in order to be a journalist.

    Thanks for acknowledging that part of what’s going on here is tension between emerging and established media. I really think that’s at the crux of this entire exchange. I think it may be helpful if that larger context were made explicit in some way.

    “…I don’t really understand why two things cannot be discussed at once…both the ethical role of the release of the data AND the incompetence of the Coleman team…”

    Looks like we’re discussing both things at once here to me.

  • Bob Collins

    //g to critique Wikileak in light of the SPJ code,

    Negative. We’re critiquing journalists in light of the SPJ code. We’re critiquing the leakers in light of their own words.

    //Your complaint appeared to be that if Wikileaks is going to pretend it’s functioning like journalist they should adopt a code of ethics, the only code you mention is SPJ code.

    I don’t believe I mentioned any such proposal.

    //No ones made such a claim, what’s happening here is some other journalists have an ethical perspective different from yours,

    It’s not mine; it’s the SPJ’s. and for the record, prior to the leak when many of the online journalism sites were discussing their qualifications to get onto the House floor, they cited the SPJ. As a matter of fact, on the KFAI show, they even turned to the immediate past president of the SPJ.

    So it’s difficult to know when these other journalists embrace the SPJ as a symbol and standard of journalism and when it’s not going to do that. But perhaps we at least have a framework to discuss the underlying question of that particular controversy, which is ethical differences between new and old media.

    We actually tried to discuss that in February 2008 (you can find an account in the News Cut archives), but it was a disaster that degenerated into the usual “why doesn’t MSM like us and accept us” debate.

    I can’t recall whether I mentioned it here, or on Twitter, or on David Brauer’s blog or on Ed Kohler’s blog, but we’ve got to get past that. It’s about an 8 year old debate that fills the vacuum of the absence of discussion about how people define themselves as journalists. We can’t keep jumping from “we’re journalists, we’re just publishing on a different platform” to “we’re journalists but we have different ethics.” I think people need to pick one and define it and then live by that, rather than define oneself one way when it’s convenient, and then another way when it’s convenient.

    Much of this “but it was wide open data debate” actually is a discussion on what the leakers CAN do, which I think is different than what they should do. The kid who found the drug money this week, wide open just sitting there in a public spot, could take it and then start giving it away. But the law said he shouldn’t have done that.

    It’s clear that much of what happened this week wasn’t really about the Coleman campaign, but it was about getting the mainstream media to pick up the story. So at the same time many of the new media is saying mainstream journalism is irrelevant and nobody does or should pay attention to it, their motivation clearly says the opposite.

    In any case, all I’ve done this week, really, is suggest what the subsequent discussion has already confirmed, that what happened this week was about a lot more than just how incompetent the Coleman Web team is. At least we’ve finally agreed on that.

  • Paul

    //Negative. We’re critiquing journalists in light of the SPJ code. We’re critiquing the leakers in light of their own words.

    Please, the only potential “journalist” in this exchange are Wikileaks. Why are you denying that you’ve been critiquing them?

    //It’s (the ethical perspective) not mine; it’s the SPJ’s…

    Why are you trying hard to distance yourself from the ethical code your referencing? Are you saying you personally don’t subscribe to the code but your referencing it for some abstract intellectual reason?

    //So it’s difficult to know when these other journalists embrace the SPJ as a symbol and standard of journalism and when it’s not going to do that.

    Dude, it’s difficult know when established media are embracing the SPJ- Judith Miller?

    //But perhaps we at least have a framework to discuss the underlying question of that particular controversy, which is ethical differences between new and old media.

    This brings me back to a previous point, I don’t think we’re really talking about ethical differences as much as were comfort levels and reporting styles and priorities. Clearly you want this to be an ethical discussion, you keep referencing SPJ, but I ask again, which SPJ ethic do you think is in play here?

    //We can’t keep jumping from “we’re journalists, we’re just publishing on a different platform” to “we’re journalists but we have different ethics.”

    First of all, the idea of working in a different platform and having different ethics are not mutually exclusive, it’s possible for a journalist to do both. However, again, I don’t see anyone claiming to be working under a “different” code of ethics, I think what we have here is journalists interpreting the same code, or the same principles differently.

    Look, I read the SPJ code, I don’t have a problem with it, I think it’s a fine ethical framework and a decent definition of journalism. Here’s the thing; I don’t see emerging journalists working outside of the SPJ definition of journalism, or violating it’s code of conduct any more than I see established journalists doing so. Did I mention Judith Miller? Little flap there a while back about how she and the NYTs dealt with anonymous sources.. you may recall? Then of course there’s the whole recent CNBC flap.

    If you can’t differentiate journalists by examining their behavior in light of the SPJ, then you can’t use the SPJ to determine who is and is not a journalist.

  • Bob Collins

    //which SPJ ethic do you think is in play here?

    You should go back to the very first post on the subject because it was all there.

    //s a fine ethical framework and a decent definition of journalism. Here’s the thing; I don’t see emerging journalists working outside of the SPJ definition of journalism,

    I think it’s fine if emerging journalists want to work outside of the SPJ. I think it’s lame to jump back under the umbrella when it’s convenient, however.

    I will point out, as one example, that the former managing editor of the Minnesota Independent, Steve Perry, last June referenced the “spirit of the SPJ Code” in defining emerging reporting. So obviously he embraced at least the spirit of and used it to define what he considered ethical and unethical. So if that has now changed, that would be good to know. Perry isn’t there anymore.

    But I haven’t heard anyone in the business — and maybe you’re in the business, I don’t know — come right out and say ‘screw the SPJ Code of Ethics.’ If you’re correct in your assessment, I suppose they wouldn’t have a problem doing that at some point in the future.

    I also wonder if the U of M folks, who are going to be teaching the Pioneer Press and Duluth News Tribune the world of online journalism, have this question in their curriculum.

    It would be an interesting jumping off point if anyone in either “branch” has the courage to try to discuss the issue again in a group setting, although I can’t imagine that happening anytime soon. I think at this point it’s every person for himself and ethics will continue to be applied on a ‘situational’ (that is: one standard when “my guy” is the one attacked and one standard for when “my guy” is the one doing the attacking) basis.

  • Paul

    From the original Post:

    //One of the Society of Professional Journalists’ Code of Ethics is to “minimize harm,” although it adds, “Only an overriding public need can justify intrusion into anyone’s privacy.” By providing links to the spreadsheet in question, have journalists overstepped their own code? Absolutely. Consider this item that’s in the code: “Abide by the same high standards to which they hold others.” One cannot criticize the Coleman campaign for not securing its data, while at the same time publishing — or at least providing a direct link to — that data.

    Your interpretation of the code is that it has been violated, you say: “absalutely”. However, in order to make this ethical claim you have to widen your perspective, you have to take a serious look at Coleman’s conduct prior the post on Wikileaks.

    It’s a complex situation but if one looks back on all of the previous posts it’s pretty obvious that the ethical transgression you propose is not as obvious as you suggest.

    In this example, briefly, you have a situation where a politician is improperly collecting donor information, the data is available to the public (this is NOT a hack), thousands of donors are in immediate danger of fraud. The Candidate has been made aware of this situation and at least six weeks, maybe more, after the fact has done nothing to protect the data or alert the donors.

    Now, let’s say we have two journalists. One journalist runs a story without copies of the data redacted or otherwise and no links to the data. Nothing happens, Coleman ignores it, the data remains posted, the donors remain at risk. This journalist walks away and goes on to the next story.

    A second journalist comes along six weeks later, gets the information, redacts enough data to make useless to criminals who would use it for nefarious purposes, posts it, and posts a link to the original page. Within hours Coleman is making a statement alerting his donors to their exposure, and removing the data from his web site.

    You’re claiming the “victims” of journalistic malfeasance here are the donors who had their privacy violated, and culprit is the journalist who revealed their information. Which of these two journalist did the most damage? The one that walked away leaving the donors at risk for another six weeks, or the one that forced a reaction from Colman and got that information taken down?

    Your the one who’s always saying your interested in the gray area in between… well here it is. Did privacy have to be violated in order to be protected? I think if once goes back and looks at the 40-50 exchanges here over last few days, the very least once can conclude is that good arguments can be made on both sides.

    I don’t think either journalist is behaving more ethically than the other in this situation. Their behavior is clearly different, and that’s part of the emerging vs. established tension. I don’t see emerging journalism ducking in and out of SPJ protective umbrella, at least not any more so than established journalism. What I do see is emerging journalism becoming more relevant and gaining more exposure while established journalism is losing it’s audience. What I think I see is emerging journalists operating outside the comfort level of established journalists in a variety of ways.

    As far as getting together and having a conversation, I’m sure this could be arranged very easily. I don’t know why for instance Carrie Miller couldn’t do a show like Truth To Tell did a couple weeks ago on KFAI. If KFAI can do it, I’m sure you can do it at MPR.

  • Paul

    Interesting tidbit about Wikileaks on MinnPost.