At the Cyberspace Conference in London in November, Igor Shchegolev, the Russian minister of communications and mass media, referred to sci-fi writer Isaac Asimov’s Three Laws of Robotics:
1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
Earlier in 2011, after the phone-hacking scandal erupted in the U.K. and the level of criticism of the journalism profession soared, I started thinking about these three laws. Meanwhile, there is a daily deluge of excitement about data journalism – from Owni.eu to the Guardian, Telegraph and New York Times – and about hacking (enthusiasm for the white hat variety and frequent warnings about the black hat flavor).
Some sections of the media want, at least it may seem to some of us, a witch hunt against the rest for practices that have been long present in journalism, and British journalism in particular. Just this week, former editor of the Sun newspaper in Britain Kelvin McKenzie was giving evidence to the Leveson Inquiry about events 20 years ago. Others want to drive so far toward data and ceaseless online information that some of us wonder what happened to the people we used to interview. And if you question either of those, you will be denounced as being part of the problem.
Obsess too much about the technology and you risk forgetting the human beings we report on, and the fact they can easily be trampled under the feet of hoards of reporters surging in their lust for immediate “information” without pause for second thought.
In an age in which “hacks and hackers” are merged into a confused space focused more on data than the people behind it, I want to see Asimov’s laws rewritten.
Let me propose Three Laws for Journalists in the Digital World:
1. Digital systems must be designed to protect and ensure, to the fullest extent possible, personal data and its exchange and communication.
2. Journalists must pursue all stories deemed to be in the public interest, even where that may require challenging the security of digital systems.
3. Journalists must protect their sources as well as the innocent public to the same extent as the digital systems of the First Law, where it would otherwise render the impossibility of the Second Law.
The First Law
So-called “black hat” hackers, such as criminal gangs who attack companies for data on customers, obviously fall afoul of the First Law above. But the First Law also accommodates those hackers who deliberately challenge a system to ultimately make it safer.
The Information and Privacy Commissioner of Ontario published in 2009 “The 7 Foundational Principles” of Privacy by Design, which included as No. 2: “Privacy as the Default Setting … by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact.”
While it might be relatively straightforward for companies to protect private information, it is less so for society at large.
Michelle Govan, a lecturer in ethical hacking at Glasgow Caledonian University, teaches a course focusing on attacking systems to find the holes and then patching them. She explained that the key element of legal hacking is having the permission of the system owner or operator. For the rest of us, any information online is not private.
“Everybody has a responsibility for their own privacy,” she said. “Where does privacy start? You create your own digital footprint online — anything you put online is open to people using it maliciously.
“I always provide students with the understanding and experience of the application of legal aspects so they know they have to use these skills for good. It’s all about the permission and knowledge of what limits the law sets,” she added. “We have legal laws [and some] ethical laws — it’s down to a person’s own values. You have to make people respect what they’re doing.”
There have been plenty of examples of going further with once private information as companies battle for control of as much data as possible.
Such was the recent case of Klout, which was accused of automatically creating profiles and assigning scores to minors. Klout argued that much of a user’s information, such as name, sex and profile photo, is already public.
Newspaper or other media companies and their systems would also be governed by this First Law, either in protecting their own systems from criminal hacking, or their users who might be exposed to viruses or other online threats via news stories, etc.
The First Law does not exclude examples such as hackers diverting Internet connections when states crack down on civil liberties, such as in Syria. Because those hackers are ultimately aiming to protect individuals and not expose them to harm as they fight for greater democratic freedoms, they meet the requirements of the First Law.
The Second Law
One of the many flaws in the hacking of telephone voice-mail in the U.K. was that the actions were not in the public interest. There are legal precedents in the U.K. for how public interest is defined, but the behavior of celebrities would rarely fall within those categories, and certainly not when the press goes on a “fishing expedition“ for scandal on any high-profile figure imaginable.
Hacking into the voice-mail of a murdered schoolgirl was not legal or ethical. But you could imagine a hypothetical case where if the police were not making adequate efforts to find the killer, or where Milly Dowler had been alive and police were not acting to help trace her; AND at the invitation of her parents, the press got involved and accessed her phone. But that is highly theoretical and was not the case.
If journalists must do investigations — and there’s a recognition we must, even if nobody knows how to pay for it — then there will be instances where they do breach the security of digital systems.
They might need to prove, as an ethical hacker might, that a government or corporate system did not have sufficient protections of citizens’ data.
The Second Law is relatively straightforward if you need to meet the standard of public interest first. There might still be legal challenges after publication, broadcast or posting online, but if you have to justify it internally first, that’s a good start. Most reporters know and follow the Second Law intuitively.
The Third Law
The point of merger for these laws, and for the worlds of “hacks and hackers” is the Third Law.
Even if the hacking of telephone voice-mail wasn’t illegal already in the U.K., a handful of reporters at the News of the World and potentially elsewhere were clearly not ethically protecting their sources. In that world, everyone is potentially fair game for worldwide exposure, on anything, however trivial.
Clare Harris, former editor of the Big Issue in Scotland magazine and now media and communications officer with the Scottish Refugee Council, said journalists and editors don’t always think about the potential consequences to interviewees of their stories going online. While a refugee might be safe in the U.K., their family could still be at risk in the country of origin, where stories about human rights abuses could be easily accessed by government forces.
“We have to be really clear if we are putting someone forward for interview that it is likely to go on the web and go worldwide, because we are dealing with people who are very vulnerable,” she explained.
“In some cases, people would be more happy to speak to newspapers about their situation if they knew their stories won’t be online. No journalist has ever asked us if it is safe to put the story online,” she said.
But for Harris, bigger questions still have to be asked: about the nature of sources and the boundaries for “private” and “public.”
“What is a source now? Is it someone who has tweeted something? Is everything online fair game?” she asked.
Harris’ comments are echoed in the Wall Street Journal coverage last year of a Supreme Court case involving questions of how GPS technology is used by police.
During oral arguments, Justice Samuel Alito said: “Maybe 10 years from now, 90% of the population will be using social networking sites, and they will have on average 500 friends, and they will have allowed their friends to monitor their location 24 hours a day, 365 days a year, through the use of their cell phones. What would the expectation of privacy be then?”
How technically difficult is it to protect sources in the digital age? Very.
Govan in Glasgow said information is so easy to extract now, that it can be eyebrow-raising for her students initially.
“If a reporter is trying to protect their sources online, it’s limited when you can get Google to locate information for you,” she said. “Google caches anything online so once online, it’s essentially public. It becomes public data.”
The need to look beyond data
Stephen Janis is an investigative reporter for Fox 45 in Baltimore and co-author of the book, “Why Do We Kill?“ While data has become more important in journalism, Janis said he always tries to find the people at the heart of stories.
But the people you find also sometimes need protection. He said it is relatively easy to find people on Facebook, and the connections they have, which can expose who you’re speaking to as a reporter.
“I’ve dealt with a lot of sources inside agencies who could get fired for speaking to me. We are all secretive about who our sources are. But my online social relationships could be used to ferret out some sources,” he said.
So if it is so easy to get information about sources, what should reporters do?
Was WikiLeaks better at protecting its sources through military grade encryption on its “drop box”? Did they fail in protecting information of individuals contained within released documents when they published everything sans redaction?
Attempts by the Wall Street Journal and Al Jazeera to entice whistleblowers to traditional media instead of WikiLeaks have been criticized for failing to ensure anonymity or guarantee information would not be handed to law enforcement agencies.
If Twitter has been compelled to release information by the courts on its accounts, how should media organizations encourage the flow of information via social media? Does it require, at the very least, warnings in advance so individuals make an informed choice to contact media companies that can’t protect them?
Or would the media be better to advise their readers and users to apply Tor software to protect their systems from tracking before sending information?
In the pursuit of faster information and more readers/consumers, we may have forgotten the need to protect our sources, and how easily we leave trails exposing them to risk.
Does retweeting a comment from the “Arab Spring” expose the originator, however anonymous, to risk? Do the images we take from Twitter accounts include GPS tags?
Quite apart from the immorality and illegality of hacking the voice-mail of a murdered schoolgirl in the U.K., how are we using technology as reporters?
If we can’t protect our sources, how can our work possibly be in the public interest? If you fail to do the Third Law, you make the Second Law impossible.
Why Three Laws and Why Now?
These questions matter. In obsessing about all the journalism practices used in the U.K. for the past 20 or 30 years, and in the rush for immediacy and intimacy with the digital world, there needs to be an underpinning of something for journalism. Every reporter knows they must protect their sources, even if we have not articulated that well to our citizen counterparts.
T. S. Eliot wrote in “The Rock,” Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information? Data is fine. It can be beautiful and elegant and informative. But some data must be protected, and other data must be investigated. The drive to inform must have an ethical underpinning of some kind.
These three laws could be part of better guiding the professionals and those sources — human or numeric — with whom we interact.
Robot photo by Flickr user ra1000 and used here with Creative Commons license.
Tristan Stewart-Robertson is a Canadian freelance reporter based in Glasgow, Scotland, operating as the W5 Press Agency.