I don’t often disagree with the glorious Glenn Reynolds over at Instapundit but this time I think he and others have gotten the case of Apple’s subpoenas of several web-based media sites dead wrong. The ultimate ramification of these cases isn’t whether citizen journalists (meaning anyone with a website or blog) will have the same privileges granted “professional” journalists but rather whether any of us will every have any information privacy at all.
If every individual has a right to publish stolen information with no expectation that they will ever have to reveal how they got that stolen information, then no one’s information, no matter how private or trivial to the public interest, will be safe
Currently, personal and institutional information is protected in two ways: First, access to the information is limited to selected individuals. It is this limitation, enforced by technology like passwords, encryption and physical isolation, that most people think of as information security. The second protection is the contractual and legal obligation that people with access to the information have, not to misuse it.
No matter how elaborate the technological and procedural protections for everyone’s information, at some point that information gets viewed by a human being. If we have no legal means of holding those individuals accountable then information security, and the privacy it brings, is a dead letter. Granting everyone, from private individuals to vast commercial interests, the right to disseminate stolen information destroys the second protection utterly. Anyone with access to protected information can steal it and perhaps even sell it with little expectation they will be caught.
What we have here is a tag team of privacy violation. The thief steals the information and then the publisher “fences” it. Shielding the thief as a “source” could open the floodgates for information theft. Today, we see the violation of Apple’s NDAs (Non-Disclosure Agreements) but the same legal concept could just as well apply to an individual’s medical and financial data. Even if the actual theft were theoretically illegal, how could one prosecute if the person disseminating your private information had a legal right to protect the identity of the thief?
The relatively trivial nature of the information exposed in this case makes it potentially worse as a precedent, in my estimation. There is no compelling public interest served in stealing and publishing this information. It is not like the theft revealed a crime or malfeasance on the part of Apple. The theft occurred largely for the entertainment or enrichment of the thief and the sites who published the information (all of the sites Apple subpoenaed are for-profit, ad-supported sites). The general public benefited little if at all. If full protection is granted to the theft of information incidental to the public good, then the theft and dissemination of information that is possibly more relevant to the public good might be covered as well. For example, the medical records of anyone even marginally in the public eye might be fair game.
Until recently, few of us had realistic fears that our lives would become an open book to the world at large. Until the Internet age the shear logistic difficulty of duplicating and disseminating information protected the individual from abuse by other individuals. In the Internet age, information is duplicated automatically as a consequence of digital technology and the cost of transmitting it to a very large audience is negligible. Given this reality, establishing a standard where individuals have a right to distribute stolen information is a recipe for widespread abuse.
In the Internet age, we have to fundamentally rethink how we manage information and what our ethical and legal responsibilities are for information we do not own. The standards of the previous era may no longer apply.
(Note: Since blog disclosure is all the rage now I should mention that I worked for Apple Computer for over 8 years and that my spouse still does. My spouse received news today that all Apple employees will receive a 1gb iPod Shuffle as an appreciation gift but this did not influence my opinion on the matter. Well, not much anyway.)
I agree and wrote the following to Glen Reynolds in an email.
“I don’t like the concept of journalists, let alone bloggers, protecting anonymous sources, at least not in every instance.
Here we have a person or persons who have divulged trade secrets and the company has no remedy. It is not as though I-Macs have a tendency to blow up in its users faces and a whistle-blower has leaked information that Apple internal memos prove that the company has known of such problems for years.
Such whistle-blowers, providing information that would benefit society by permitting society a remedy from Apple for harm which Apple knowingly perpetrated against society, deserve to be protected. In that case, society would benefits from protecting whistle-blowers because other whistle-blowers would feel safe to do likewise in the future.
In this case, on the other hand, it is the corporation that has been harmed while providing society no consequential benefit. In my opinion, the leaker(s) deserve no protection.
Just my non-lawyerly opinion.”
As for disclosure, I once owned an Apple EII and once a Power Mac. That’s as close as I come to having ties to the Apple Corp.
Thank you Shannon. I thought Professor Reynolds’comments cavalier as I am sure the advice he would give Apple were it his client would lead it to take much the same action as it has. It looks like bullying and in a sense it is given the disparity in size of the litigants. But none the less, Apple is doing the correct thing from both a business and legal perspective in spite of the negative publicity.
Agreed. If you like, see my similar comments at this post.
To defend Glenn a bit here, he has pretty consistently expressed the opinion that while bloggers should have the same privilege as other journalists, he is uncomfortable with journalists having special privileges at all.
Here are several posts where he discussed the issue prior to the Apple case.
So as long as you thing that MacWorld or Wired could and would have been subpoenaed for publishing the same information, I don’t think you and he disagree all that much.
Jim
I hope your servers are ready for an Instalanche.