The Ethics Of Publishing Hacked Information

Like many people I’ve been fascinated by the Sony hacks. So much interesting information (and gossip) about the inner workings of a major movie studio.

I was also waiting for Sony to start balking at the re-publication of a lot of that information by the news sites. And sure enough, they’re now calling it stolen information, and threatening publications that are sharing it with the public.

It reminds me distinctly of the situation we found ourselves in in 2009 when a hacker delivered a truckload of internal Twitter information. See In Our Inbox: Hundreds Of Confidential Twitter Documents. See the updates to that post for how it all played out.

Twitter also halfheartedly threatened to sue us over the publication of that information, although we felt that we were on pretty firm legal ground in moving forward. People were both fascinated with the information, and enraged that we would publish it. Some comments we received:

I think it is unbelievable that we are able to read this documents. This could very well be one of the most powerful internet companies since Google and Facebook and here we are reading their private company notes.

Posting any of the information is unethical. The information is stolen property of a legal company, and releasing that information to the public without the consent of said company is quite unethical. Releasing business strategies and funding information could also be the basis for unknown lawsuits due to damage caused to the company by early release of this confidential information. Its so nice to see that ethics are no longer ethical.

You are receiving stolen property, pure and simple. Now, I have a different perspective on this many others – I was an investigative reporter for many years. Many times, I had people offer me documents. However, a private company’s document are different matter. There is no “public right to know” what a private company’s plans are. The hacker stole them, pure and simple.

What you have done by posting this information is no different than “fencing” stolen merchandise of any kind. Using anything illegally obtained for personal gain is not right! Furthermore, it encourages more criminal activity (theft) and makes it “OK”.


We actually held back the personal and/or embarrassing information we had, because we thought it was the right thing to do.

In this case, the press is actually focusing on the really embarrassing stuff, the private emails that show drama between actors, directors, studio execs, etc.

Still, I don’t think there’s much of an ethical or legal question here (other than the distribution of the movies, which is a clear copyright issue). The data is out there and it’s going to be talked about. No matter how many threatening letters Sony sends.

And I see little or no public outrage over any of it.

The upside from situations like this is that companies might take security more seriously than before, and that’s a good thing.

7 thoughts on “The Ethics Of Publishing Hacked Information

  1. Tq White II says:

    I’m outraged. It’s possible to sneak a picture of a person picking his nose. We don’t to it because we want to have a decent society.

    Of course, someone is going to publish it, but, if I were running a media organization, I would not. I would probably browse it for socially useful stuff, collusion, price fixing, slavery, but embarrassing large numbers of people for pure entertainment is disgusting.

    The internet and hackers are here to stay. It’s time for us, as a society, to decide if we still have *any* commitment to the idea of politeness. In my opinion, just because someone leaves a crack in their curtains, it is impolite to look into it. There are lots of rules like this that should be honored and we are worse if we don’t. Refusing to publish the Sony stuff should be left to Breitbart and other scumbags, not decent folk.

    • Michael Arrington says:

      There’s a very large difference between publishing personal information about a person (like the celebrity nude photo scandal) and publishing information about a huge multinational conglomerate (or government).

  2. Tq White II says:

    The guys who published those photos said they were just ripping off Apple. The Sony email messages are the private, unguarded communications among people. People have already been terribly embarrassed.

    The societal rules we call ‘politeness’ are not a matter of ethics. They developed in response to changing situations as ways of avoiding strife, hurt feelings and, importantly, our ability to et along. In Japan, paper walls were enough to insure privacy because people understood that the culture would collapse if they didn’t honor the fiction that they were barriers.

    The assertion that this is somehow different because the people were storing their email on Sony servers is, I think, spurious. Those who publish these messages are not tracking down some matter of public importance, they are exposing the daily musings and interactions of people who, in general, had perfectly good reasons to let their guard down.

    I don’t really see any difference between hacking those email servers and those of, say, gmail or hotmail. Both of those are large companies. Plenty of people using them are talking about things that are every bit as ‘corporate’ as those who were using the Sony servers.

    I continue to think that the phrase, “decent folk” is one that should be considered by ever person considering how to use the result of that hacking.

    (I leave for another conversation the reality that, by publishing these things, one is explicitly furthering the goals, hell, the explicit request of some awful people.)

  3. Basil says:

    I’m pretty sure they took security very seriously before, but they’re on the wrong side of the equation. Technology is what they use to do their business, and the more business they do, the more technology they need. This leads to having a very large surface area exposed to attack, and all the best security practices in the world won’t change the basic economies at play here: they need to flawlessly secure everything, and a hacker only needs to find one vulnerability.

    In short, it’s more expensive for them to secure themselves than it is for a hacker to find a chink in the armor. No matter how much they spend on armor, they will never be perfectly protected. All it does is make it take longer for the attacker to inevitably find what he needs.

  4. Bradley Kirby says:

    Mike, do you agree with TC’s decision to publish the snapchat leaks? And did you experience any consequences from Twitter after you published their documents?

  5. Maybe security has jumped the shark and corporations should now assume they’ll get hacked and switch to good ethics and openness. Take down the shields on their operational databases like email. Harden security on genuine IP and HR compliance. With the right chief executive perhaps the benefits of collaboration in far lower costs of interfacing exceed the drawbacks of trying to maintain a closed system.

  6. Vinit Neogi says:

    Reblogged this on Tech One Stop Shop.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: