Leaks, Whistleblowing, and Citizens’ Rights

In recent days, the release of documents by a hacker group known as “Justice of Imam Ali,” which they obtained from the judiciary and made publicly searchable with over three million entries, has been a significant topic of discussion in the news and media space.

These documents include some classified information and details of disputes between ordinary citizens.

Regardless of this group’s nature, affiliation, or political motives, there is a significant point about the manner of this hack’s publication that might be as important as the content of the documents released.

The main issue in this case is not the ethical debate about hacking, whistleblowing, leaking information, and accessing confidential documents. It’s about how to handle these data once obtained.

Reviewing the publication methods of two significant leaks of confidential information might provide a reasonable basis for comparison in dealing with such incidents.

Julian Assange and WikiLeaks 2.0

Julian Assange, the founder of WikiLeaks, who is currently fighting a significant legal battle in England against his extradition to the United States, where he could face up to 175 years in solitary confinement if convicted, decided after the first round of WikiLeaks data releases, which occurred with the help of major media, to publish information, especially from whistleblowers like Chelsea Manning who risked their lives to leak confidential information, in its entirety without editing or omitting parts that might be said to endanger individuals, in a bulk format on WikiLeaks. He believed that WikiLeaks’ only duty was to ensure the accuracy of the data. Still, it should not decide for the public which parts of the information should be accessible and which parts should be omitted for any reason.

The United States and some countries whose leaked information was published by WikiLeaks claimed that the uncensored publication of this data not only compromised confidentiality and national security positions but also endangered the lives of soldiers and agents, as hostile forces might identify the identity or location of some of these personnel involved in security, intelligence, or military missions.

This is one of the main justifications for the charges brought by the United States against Assange, arguing that Assange and WikiLeaks cannot defend themselves based on the First Amendment of the U.S. Constitution, which guarantees freedom of speech. Their actions do not fall under the definition of journalism and directly endanger the lives of citizens of this country, a viewpoint that has a rare consensus among different political spectrums in the United States, all condemning him.

However, the narrative changes when told by free speech advocates. They believe there is little negotiation between citizens’ right to know the truth and helping the government protect data it has classified as confidential. They argue that freedom of speech cannot be limited under the guise of governmental negligence in protecting its documents. Suppose any danger arises from disclosing these documents to agents or forces of this country. In that case, the responsibility lies with the organization tasked with protecting those documents, not the publisher making this information public.

Snowden and Outsourcing Publication

When Edward Snowden collected a series of classified and significant documents revealing extensive violations and privacy breaches by U.S. intelligence agencies, intending to publish them, he chose to approach reputable investigative journalists instead of sending them to WikiLeaks, which had adopted a policy of publishing without any editing during that period. (A firsthand account of this saga can be seen in the acclaimed documentary Citizenfour, made simultaneously with the events of the early days before and after the publication.)

Snowden claimed that while he had the technical understanding and recognized the importance of these data and concluded that people should be aware of them, he lacked expertise in responsibly managing and publishing these documents. To ensure that these data were published under the most responsible conditions possible, he handed them over to individuals who were not only committed to the publication of these documents but also had the expertise and experience to discern which parts might harm individuals if published and which parts could seriously compromise national security. Hence, he approached investigative journalists with a long history in such projects, who, after quick yet thorough reviews, gradually published the documents, relying on a professional legal team to thwart efforts by the U.S. security apparatus to prevent their publication.

Despite these precautions, instances occurred where high-risk information was published. For example, one of the reports by The New York Times included a slide detailing the operation of a surveillance system, which was supposed to be blacked out. Still, due to the use of incorrect software, there was a possibility that manipulation of the image could reveal text that editors had hidden behind a black mark.

Differences and Similarities

Neither of these methods guarantees the absolute security of the whistleblower and the original publisher. Assange and Snowden might differ in their views on the publication of classified documents, as well as in personality and ethics. Still, both have ultimately faced difficult life circumstances.

Despite differences in approach and ethos, these cases and numerous others, like the Pentagon Papers, share a common characteristic.

Regardless of one’s viewpoint on the publication, what has been leaked, hacked, and published, whether edited or in bulk raw form, are documents that expose government behaviour. When we talk about the potential risk to individuals from publishing this data, we’re talking about the physical danger to intelligence, security, or military agents of a country elsewhere, not ordinary citizens.

If, for example, U.S. embassy correspondences are hacked and published, there might be references to an individual. Still, the importance lies in their role in the political process of foreign relations. What is revealed and published pertains not to personal characters and ordinary citizens.

When we publish documents related to actual individuals, their relationships, or histories, it’s not whistleblowing; it’s more akin to nosy, fruitless curiosity that has nothing to do with you or me. In the case of confidential government documents, however, the matter indeed concerns us as citizens and audiences.

The Distinct Case of Justice of Imam Ali

The actions taken by the hacker group Justice of Ali do not fit into either of these two approaches.

Their recent activity in hacking documents from the judiciary and publishing parts of them, including internal letters, directives, reports, and regulations, is one story, and the bulk publication of documents on the internet, which so far includes more than three million cases, is another.

Among the vast number of documents published, many are related to the private lives of individuals, from ordinary complaints by one person against another to accusations related to a family dispute. A well-known figure might be involved in a family misunderstanding, filing a complaint against another family member.

None of these cases have a public aspect, and knowing them has no impact on anyone other than those involved in the dispute, potentially putting real individuals at risk of harm, extortion, and crisis. Individuals potentially already victims of an unjust and flawed judiciary system are now victimized again by a disclosure intended to expose the judiciary’s injustice for the citizens’ benefit.

The major problem is that many activists and political actors must distinguish between their abilities and expertise. Access to data and hacking capabilities do not necessarily equate to expertise in publication and protecting individuals’ privacy against societal benefit.

These days, among Persian-speaking and non-Persian-speaking media eager to cover events in Iran, some institutions know the basic professional principles. This does not mean they are immune to error. Still, even the weakest investigative team of an ordinary media outlet could have prevented the harmful publication of a vast amount of personal data.

Issues like whistleblowing, apart from particular cases, require more careful investigation and verification than the need for speed in publication. This issue has adverse effects on activists and hackers themselves.

For example, it’s logical to assume that the Justice of Ali group undertook this action to fight against the structure of the Islamic Republic. Naturally, in a fight against a structure, it’s plausible to think that you must make the public aware of the existing danger or the issue you’re fighting against and show why your fight is meaningful, significant, and positive. If we’re to accept, like the structures we fight against, a high volume of collateral damage and, so to say, disregard the victimization of ordinary citizens for the greater good, a portion of our audience and society might likely doubt the righteousness and positivity of this fight.

The critical point is that I have only written about this recent case and specifically how hacked data were published, not intending to make a general statement about the role and performance of defence or criticism of whistleblowing, leaking, and hacking confidential data, which is a different matter.

Risks Beyond One Hack

One critique that might be raised against my criticism is that we do not have a trustworthy media that we can rely on 100% and be sure they don’t follow their specific agendas.

Especially today, with a wide variety of media, this claim might seem a bit unacceptable. Apart from well-known Persian-speaking or non-Persian-speaking press, there are active specialized groups of investigative journalists worldwide who can undertake such projects and provide advice. The responsibility is ours if we don’t utilize these specialized forces with our assumptions.

Unfortunately, this viewpoint has been promoted along with misconceptions about concepts like citizen journalism, citizen reporting, citizen detectives, and other amateur activities, as well as unfounded accusations (naturally, some allegations are documented and adequately presented) against media and journalists who might have published a text slightly contrary to our opinions today or have questioned our perspective, encouraging the belief that no task requires expertise.

In recent years, especially since the Mahsa movement (Woman, Life, Freedom,) we’ve seen among various Iranian political groups, particularly in the online spaces, a valorization of claims by non-experts who, without any humility about their own ignorance and lack of skills, sometimes even take on the role of security agents, from compiling lists and checklists of their assumed adversaries, leaking the location information of other citizens and to taking on the role of a private detective and interpreting all events with minimal knowledge.

It might be necessary to note here that this critique doesn’t mean that people don’t have the right to express their opinions or share their analysis conclusions. On the contrary, the emphasis is that everyone has the right to express opinions. Still, they should consider that their interpretation might be flawed when giving opinions in a specialized or general area.

Lights for the Future

Whether in Iran or globally, this won’t be the last time we face leaks, hacks, and disclosures of information. The recent case concerning the manner of publishing hacked documents from the judiciary indicates a mistake (possibly unintentional) in analyzing the publication method. Hopefully, such an issue will serve as a lesson for the future.

However, it’s not too late now. This group could remove their website and the bulk data from access and temporarily make available documents related to regulations, confidential reports, and cases not related to individual complaints, and then, after reviewing the data, publish cases that don’t strictly involve personal matters.

A more critical point might, however, return to us, the users, who, out of curiosity, visit this website and this data bank, possibly looking for a letter from relatives and friends who might have been named in this space without their case being related to a societal issue. We can play the most crucial role in preventing misuse. Upon encountering data, we should ask ourselves whether the complaint or case relates to us or if we’re intruding into others’ privacy for entertainment.

Leave a Reply