Identifying Ashley Madison Users Unnecessary, Ethicists Say

As more details about governments' investigation of the breach affecting 30 million-plus users emerge, ethical experts proposed a middle ground on publication of leaked data. They said the answer to competing ethical visions lies somewhere between them and that in reporting on a breach a journalist should consider moral reasoning, not just legal reasoning, and should minimize harm. (Editor's note: This is Part III of our series of stories on the breach; Part II identified blackmail as a concern for government officials who used the site (see 1508210042), and Part I reported that the breach highlights how much personal information is vulnerable to hacking (see 1508200039)).

There is a misconception in journalism ethics that an absolute right and wrong exists, said University of Wisconsin-Madison Center for Journalism Ethics Associate Director Kathleen Culver. Journalists have to be smart about the reasoning used on whether to report information, and should be public about “why we do what we do,” particularly when individuals can be harmed, she said. This isn't the last case of its kind, Culver said.

Society of Professional Journalists Ethics Chairman Andrew Seaman wrote an SPJ blog post Friday on the issue of reporting on the breach, and explained to us further Monday, that data dumped on the Internet is fair game. Before using the data, a journalist should ensure the public's right to know outweighs any harm publication of the information may bring, he said. It’s unnecessary to name names, but a journalist could find a larger story in the data, such as why government employees feel comfortable using their work email addresses to sign up for the site, Seaman said.

The Toronto Police Department has taken the lead in the breach investigation since the website's parent Avid Life Media is based in Toronto, but has partnered with law enforcement around the world, including the FBI and the Department of Homeland Security in the U.S., Toronto Police Department Acting Staff Superintendent Bryce Evans said Monday during a news conference. Italian and German law enforcement also have assisted in the investigation, Evans said. Toronto Police last week asked DHS to join the investigation, Homeland Security Investigations Assistant Attache Ron Marcell said, but he wouldn’t say how DHS is helping.

ALM was first aware of a breach into its system on July 12 when employees powered up their laptops and saw a message from Impact Team while ACDC’s “Thunderstruck” played, Evans said. Impact Team released information for two Ashley Madison users -- one from Massachusetts, the other from Canada -- July 19, Evans said. Impact Team Aug. 17 released the entire Ashley Madison client list, Evans said. Three days later, Impact Team “taunted” ALM CEO Noel Biderman and released his emails, Evans said. Evans asked those “who engage in the dark web” to assist in investigating the identity of the Impact Team hackers. A reward of about $377,177 in U.S. dollars would be provided to those who share information that leads to the identification, arrest and prosecution of those responsible for the breach, Evans said.

In an email interview with Motherboard, Impact Team said it “worked hard” to penetrate the system without being detected, but found once inside the system there was no security system the hackers needed to bypass. ALM makes “$100,000,000 in fraud a year,” Impact Team said, by charging $19 to delete accounts that are never deleted. Law enforcement has found no criminal wrongdoing by ALM, but wants to hold the hackers responsible for “one of the largest data breaches in the world” that has had an impact on the social and economic lives of many, Evans said. Two individuals who used the site committed suicide, he said. Others risk further harm in an attempt to discover who was on the site, by clicking on links that may expose their computer to malware, adware, spyware and viruses, Evans said. Sites claiming to erase profiles are a scam, he said. The hackers said they may release more information about Ashley Madison users as well as internal documents, and issue data dumps from other companies.

Media Ethics, Breaches

For a breach like the one affecting Ashley Madison, journalists primarily view the decision of whether to publicize the information or not from the perspective of whether it’s legal to do so, said Kevin Smith, a member of SPJ’s Ethics Committee and a past national president of the organization. Before journalists decide whether they want to use private information that was obtained by hackers, they need to examine the moral implications thoroughly, he said. The relationship cheating already has occurred and the individuals have been caught, he said, which is why some journalists view printing names as fair game. Things like psychological harm should be considered before naming people, he said. Consideration of harm should increase after reports of suicides related to disclosures, he said.

Never print the names, even if it’s a public figure, said Clint Wilson, Howard University emeritus professor of journalism. Doing so is exploiting somebody’s misfortune, he said. Sharing that personnel from the Justice Department had used the site is news, but naming individuals should be left to DOJ, he said, especially in a case where the wrongdoing is that someone had an affair, or tried to. What drives a story like this is the one-upmanship, Wilson said. Most media don’t want the information to be exposed by some other outlet (first), he said.

Culver agreed the data should be analyzed in ethical terms before publishing occurs. Naming celebrities or politicians to ensure an outlet beats the competition isn't a good reason to publish personal information, Culver said. A journalist must be able to explain how sharing the information serves a public interest other than being interesting or a journalist’s right to tell the truth, she said.