I don’t often disagree with the glorious Glenn Reynolds over at Instapundit but this time I think he and others have gotten the case of Apple’s subpoenas of several web-based media sites dead wrong. The ultimate ramification of these cases isn’t whether citizen journalists (meaning anyone with a website or blog) will have the same privileges granted “professional” journalists but rather whether any of us will every have any information privacy at all.
If every individual has a right to publish stolen information with no expectation that they will ever have to reveal how they got that stolen information, then no one’s information, no matter how private or trivial to the public interest, will be safe
Currently, personal and institutional information is protected in two ways: First, access to the information is limited to selected individuals. It is this limitation, enforced by technology like passwords, encryption and physical isolation, that most people think of as information security. The second protection is the contractual and legal obligation that people with access to the information have, not to misuse it.
No matter how elaborate the technological and procedural protections for everyone’s information, at some point that information gets viewed by a human being. If we have no legal means of holding those individuals accountable then information security, and the privacy it brings, is a dead letter. Granting everyone, from private individuals to vast commercial interests, the right to disseminate stolen information destroys the second protection utterly. Anyone with access to protected information can steal it and perhaps even sell it with little expectation they will be caught.
What we have here is a tag team of privacy violation. The thief steals the information and then the publisher “fences” it. Shielding the thief as a “source” could open the floodgates for information theft. Today, we see the violation of Apple’s NDAs (Non-Disclosure Agreements) but the same legal concept could just as well apply to an individual’s medical and financial data. Even if the actual theft were theoretically illegal, how could one prosecute if the person disseminating your private information had a legal right to protect the identity of the thief?
The relatively trivial nature of the information exposed in this case makes it potentially worse as a precedent, in my estimation. There is no compelling public interest served in stealing and publishing this information. It is not like the theft revealed a crime or malfeasance on the part of Apple. The theft occurred largely for the entertainment or enrichment of the thief and the sites who published the information (all of the sites Apple subpoenaed are for-profit, ad-supported sites). The general public benefited little if at all. If full protection is granted to the theft of information incidental to the public good, then the theft and dissemination of information that is possibly more relevant to the public good might be covered as well. For example, the medical records of anyone even marginally in the public eye might be fair game.
Until recently, few of us had realistic fears that our lives would become an open book to the world at large. Until the Internet age the shear logistic difficulty of duplicating and disseminating information protected the individual from abuse by other individuals. In the Internet age, information is duplicated automatically as a consequence of digital technology and the cost of transmitting it to a very large audience is negligible. Given this reality, establishing a standard where individuals have a right to distribute stolen information is a recipe for widespread abuse.
In the Internet age, we have to fundamentally rethink how we manage information and what our ethical and legal responsibilities are for information we do not own. The standards of the previous era may no longer apply.
(Note: Since blog disclosure is all the rage now I should mention that I worked for Apple Computer for over 8 years and that my spouse still does. My spouse received news today that all Apple employees will receive a 1gb iPod Shuffle as an appreciation gift but this did not influence my opinion on the matter. Well, not much anyway.)