Guidelines for Reporting on Leaked Documents

Leaks of private documents and communication records have become an increasingly prevalent source for reporting on Global Voices. Although we typically cite only leaked documents that are available online for public view, we still must take unique precautions when doing this.

Below is a set of guidelines and rules for writing about or citing leaked sources on Global Voices.

What information is in the public interest?
When it comes to personal/private communications, how do we determine what is and is not worthy of our reporting? For any story in this realm, we have to ask ourselves what is and is not in the public interest.

If a leaked document — whether it be a memo, pay receipt, email or some other item — reveals information that we feel the public has a right to know, then we have good reason to publish that information. This corresponds to our mission and it is highly defensible in the EU and the US, the two jurisdictions in which we have standing. It is highly unlikely that we would be taken to court, but given the current climate, we need to be aware of this possibility.

Be transparent about what we know
In the case of Hacking Team, we have access to emails, not video or audio recordings of actual meetings or activities. We can confirm transactions through the database, but other activities may be hard to trace beyond what was said in emails. We'll need to be clear about this in our language — in other words, always use conditional phrases such as “Emails suggest that the company met with X government on Y dates”, rather than describing this as an irrefutable fact.

Avoid linking to downloadable files
If we have access to leaked content¬†only¬†through a link to a downloadable file, we need to proceed with caution. The lawyer recommended that we do our best to avoid linking to a downloadable/torrent file, as it could be considered “inducement to download”. This term made me laugh, but he explained that it could make it easier to argue that our activities are more like participation in the exposure of these private documents (also under copyright), and not just pure reading and reporting on them. We may disagree with this in principle, but in situations where another website has published leaks, it is far better for us to link to their site than to urge readers to download materials for themselves.

Source-specific rules on how to handle quoting/redacting specific types of content from leaked emails:

Content of emails

  • Quote as much as necessary in order to demonstrate the public interest value of the message at hand. Don't go beyond this.
  • Names of individuals in email content: Any company, or person or group considered to be a public figure can be mentioned by name. Individuals who do not fall into this category can be mentioned as “employee of X” or “associate of Y”
  • Contact/location information in email content: Preserve generalized location information (at the level of country or city), but redact precise addresses, phone numbers, email addresses and anything else that can be linked to a discrete individual. If a public office or government building is mentioned, include this but remove references to specific office/suite numbers.

Email metadata

  • Names of sender/receiver: Any company, or person or group considered to be a public figure can be mentioned by name. Individuals who do not fall into this category can be mentioned as “Hacking Team staff member” or “Bahrain defense forces employee”. If anyone has ideas on how to define who is/not a public figure, this would be great to hear!
  • Email addresses of sender/receiver/copied: Redact these completely.
  • Other email metadata (ie date/time sent/received, location data when applicable): This is not highly sensitive, but do remove unless it is relevant to the story, as it can be distracting.
  • If we find ourselves wanting to publish the name of a person who is not a public figure, let's make an effort to notify them first.