People are being sent to jail for leaking data – should they?

The ability to blow the whistle, including by leaking data, is important

A former Defense Intelligence Agency (DIA) analyst has been jailed for more than two years for leaking highly classified data relating to national defence intelligence to two reporters. 

Henry Kyle Frese, a 32-year-old counterterrorism analyst for the US DIA, pleaded guilty to leaking data about foreign states’ weapons systems while at work. The information, which he gained by dint of his “Top Secret/Sensitive Compartmented Information” security clearance, was given to two reporters believed to be working for NBC and CNBC News.

The reporters then did their job, reporting on information around those weapons systems in foreign countries. According to the DIA, the publication of those stories created “a risk of exceptionally grave harm to the security of this country.”

In this case, the issue is a grey matter, rather than a black and white one. But sometimes it’s important to share information with journalists.

Why leaking isn’t always bad

Journalism works in ways many people don’t fully understand or appreciate. Journalists rely on sources to provide them with data – which is often sensitive – under a shroud of secrecy. Many journalists have previously gone to jail for protecting their sources and their right to anonymity.

There is a difference between leaking data and information to journalists, who have the ability to expose evil, and to foreign powers whose goal is to undermine democracy and the rule of law. One is a noble cause; the other is more akin to spying. 

Sometimes the lines are blurred: organisations like Wikileaks have taken on the mantle of journalism, saying what they do is acting as a quasi-media watchdog. They’ve partnered in the past with major news organisations, which has allowed information about phone tapping and internet traffic siphoning to reach large audiences, and to stop those practices occurring. 

Data leaks are about what you leave out as much as what you include

However, for journalists what you leave out of a story is sometimes as important as what you put in. At times, the ethics and the care taken to redact details that could put sources or innocent parties in danger have slipped, particularly with Wikileaks.

Highly personal information about innocent people mentioned in diplomatic cables has been left unredacted in giant tranches of data published online, putting them at risk. Wikileaks remains unrepentant about that, seeing sunlight as the best disinfectant.

Yet it is important that such data is handled judiciously, especially when it’s gained through unconventional means. It’s also important when the data isn’t about people, but is about ways in which countries can launch attacks on one another.

Hacking the hacking tools

Wikileaks has been at the centre of another data leak storm in the past, when a former CIA employee allegedly exposed hacking tools used by the intelligence agency and handed them over to Wikileaks in 2016. The Vault 7 leak caused “catastrophic” damage to national security, according to the US government, and was “the ultimate act of betrayal”.

Data leaking and hacking can also be used not to inform, but to wreak havoc on systems. A former IT manager for Atlanta-based company BlueLinx decided to get revenge on his employer for being bought out by another company by logging into the company’s IT network without permission, changing passwords to routers and causing significant damage.

In the end, the unauthorised access and the subsequent spree caused an estimated $800,000 of damage – showing that data leaking and accessing isn’t always a harmless enterprise, and doesn’t always end up with a net benefit to society.