Hackers targeting the 2020 election create challenges for journalists

How will newsrooms respond to stolen data?

By Oliver Darcy and Donie O'Sullivan, CNN Business
CNN/Shutterstock

(CNN) - It's the last week of the 2020 presidential campaign. Donald Trump, running for his second term, is in a close race with his Democratic challenger. Then, shortly before Election Day, hacked material from the Democratic candidate's campaign is uploaded online.

How will newsrooms react? Will they decline to publish the material, for fear they could be aiding a foreign intelligence operation aimed at destabilizing the Democratic process? Or will they blanket the airwaves and newspapers with coverage because the hack reveals important information relevant to voters?

It's a hypothetical scenario -- but not one that is out of the question, given what happened in 2016 to Democratic presidential nominee Hillary Clinton.

To be clear, it's not illegal for journalists to download and report on stolen documents -- given that they were not involved in the original hack or theft -- but since 2016, there has been some introspection about the ethics of publishing hacked documents online -- particularly when the motive of the hackers is unknown or brazenly aimed at stirring chaos ahead of an election.

But will anything really be different the next time around? Most of the news organizations that CNN Business contacted for this story did not reveal any sweeping changes to its rules about publishing hacked materials since the 2016 election. But they did make a case for publishing with care and context that is valuable to voters who read their stories.

 

Then and now

 

During the 2016 presidential campaign, Wikileaks and DCLeaks hosted a trove of emails stolen from the Democratic Congressional Campaign Committee, the Democratic National Committee, and John Podesta, the chairman of Hillary Clinton's campaign.

The hacked material was available for anyone to mine and journalists immediately did so, publishing a legion of stories based on its content. Even Podesta's risotto recipe, which was included in the hack, became fodder for food writers.

Every major newsroom published their own share of stories based on the emails during the 2016 campaign season.

President Barack Obama even used his end-of-year press conference in 2016 to comment on journalist's fixation with the leaked emails.

"This was an obsession that dominated the news coverage, so I do think it's worth us reflecting how it is that a presidential election of such importance, of such moment with so much at stake and such a contrast between the candidates, came to be dominated by a bunch of these leaks," Obama said at the time.

After the election, The New York Times published a front-page story that conceded the publication of such stories by news organizations, including The Times, had turned newsrooms into a "de facto instrument of Russian intelligence."

But the newspaper has no plans to abandon coverage of stolen data for future elections. When reached for comment recently by CNN Business, Times spokesperson Danielle Rhoades Ha said that the newspaper "thoroughly vets and confirms information it receives from any source."

"The decision to publish any information, including hacked documents, is made primarily on the basis of whether it is newsworthy and in the public interest, while also taking privacy concerns into consideration," Ha said. "When we publish, we aim to give readers as much context as possible about the information and the motivation for its release."

It's a topic that has also weighed on members of the BuzzFeed newsroom and its editor-in-chief Ben Smith, who told CNN Business that they "think a lot about this."

There are "difficult calls" that his organization makes on a "case by case basis," Smith said. He noted that BuzzFeed revised its standards guide specifically to address hacked material. It now states that the story should "treat the intention of the hacker as a major part of the story" and "maintain a high bar for news value and context of potentially embarrassing personal information that is being weaponized."

The Washington Post's top editor Marty Baron has also spoken about the "difficult judgement" of determining "what was of legitimate public interest and to put that information in proper context."

"Not publishing anything merely leaves a vacuum for others to fill, working with a lower standard or none at all," Baron said last year. "We published according to our standard, and we stand by our decision." When CNN Business recently asked about the paper's guidelines, a spokesperson pointed to Baron's same comments on the matter.

When reached for comment, spokespeople for The Associated Press and The Wall Street Journal also cited newsroom standards as a barometer of whether hacked material should be published.

Steve Severinghaus, a spokesperson for The Journal, told CNN Business, "Regarding materials that emerge from third party hacking, The Wall Street Journal applies the same high standards for authenticity, accuracy, fairness, and newsworthiness for all of the articles we publish, regardless of the origin of the information."

Lauren Easton, a spokesperson for the AP, said that the wire service "discusses these issues from a standards and journalistic ethics point of view." Easton added, "In deciding whether to publish, we weigh the value of the information and the public's need to know, alongside provenance and possible motivation behind the disclosure."

Spokespeople for CNN and CBS both said that their newsrooms would examine incidents on a case by case basis.

MSNBC, NBC, and ABC all declined to comment for this story. Fox News did not reply to requests for comment.

 

What should newsrooms do?

 

Adam Meyers, vice president of intelligence at CrowdStrike, the company that was first to publicly attribute the 2016 DNC hack to Russia, told CNN Business that, in his experience, part of a hacker's objective is to see their work covered by large news organizations.

But often the information that is derived from hacked material is newsworthy and in the public interest. The emails released in 2016, for instance, exposed a coordinated effort to sabotage Senator Bernie Sanders' presidential campaign. The release of the emails eventually led to the resignation of several top DNC officials.

So exactly what should newsrooms do if hacked material relevant to an election finds its way online?

Todd Gitlin, a professor at and chair of the Ph.D. program at the Columbia Journalism School, told CNN Business that he believes there should be some general rules news organizations follow.

First, Gitlin said, media outlets should "under no circumstances" report on hacked material "without a clear and unmistakable provenance that can be shared with readers."

"Identity of the hackers must be clear-cut," Gitlin explained.

In the case of the 2016 hacks, the source of the stolen information was not wholly clear until October 2016, when the US government said it was confident the Russian government directed the hacking campaign. Earlier that year, Crowdstrike, a private company hired by the Democrats, had also determined that two Russian intelligence-liked groups were responsible for the hack of the Democratic Party.

"We were very early to start reporting that this may have been a foreign intelligence operation, and so I know that definitely was one of the things that put a brake on going crazy over these emails," Daily Beast editor Noah Shachtman told Erik Wemple, a media columnist for The Washington Post, last summer after the Justice Department indicted 12 Russian nationals for engaging in a "sustained effort" to hack the emails and networks of the DNC, DCCC and Clinton's campaign.

Second, Gitlin said, the "leaked material must add something significant to public knowledge."  Cooking recipes and other personal information not relevant to the public interest should not be reported on, he said.

Wemple agreed that news organizations should first "assess [the] newsworthiness" of the hacked material.

"If newsworthy, verify authenticity," Wemple said. "If authentic, publish! The formula that has long applied to leaked material shouldn't be amended even in the aftermath of the 2016 election."

Wemple conceded that there "was overkill" reporting on hacked material in 2016, but said that some of the stories that came to light were "hands-down compelling" and important.

"A world in which media organizations demand pure motives from the folks who leak, steal and furnish information will be a much less informed world," Wemple said.

Frank Sesno, the former CNN Washington bureau chief and current director of the George Washington University School of Media and Public Affairs, also said that news organizations "can't ignore" the release of hacked election material.

"One of the hardest things about journalism in this digital, always-on-air moment is you really can't ignore anything. Because information, in particular disinformation or malevolent information, travels around you," Sesno said. "It courses through social media and takes alternate routes."

That said, Sesno agreed that newsrooms should evaluate how newsworthy the material is and what precisely meets the threshold to be reported on.

"In all cases very sophisticated editorial decision making need to take place to determine whether the information rises to the level of importance that the public needs to know, that there is a public good that that information represents, and despite how it got to you, the value of the information overrides that," Sesno said. "That's a high bar."

 

Where the parties stand

 

A newsroom's decision to avoid publishing the details of hacked materials can be further complicated if a candidate references the material as a way to attack their opponent.

"It's hard to ignore something when a candidate stands in front of a thousand or ten-thousand people and thunders about it," Sesno said.

On the campaign trail, for instance, Trump repeatedly cited the hacked Clinton emails posted by WikiLeaks. He even went so far as to publicly encourage Russia to hack Clinton's private server and release her emails during the 2016 campaign. Trump later walked back those remarks and said was a joke.

After the election, Republicans and Democrats attempted to strike an agreement to reject using hacked materials during an election.

The Democratic Congressional Campaign Committee and the National Republican Congressional Committee were close to signing an agreement ahead of the 2018 midterms that included a pledge to not "participate, (aid), or encourage hackers or foreign actors in any attempt to influence American elections."

The pledge would have also forbidden candidates from seeking out "stolen or hacked information for use in any operations" and barred candidates from promoting hacked materials to the press.

The talks fell apart, but this week the the chair of the DNC Tom Perez wrote to his counterpart at the Republican National Committee asking Republicans to refrain from engaging in the "weaponization of stolen private data in our electoral process." The letter to Ronna McDaniel was prompted by Rudy Giuliani's claim that there is "nothing wrong with taking information from Russians."

Spokespeople for the RNC, NRCC, DNC, and DCCC did not return requests for comment.

Correction: This story has been updated to reflect that the US intelligence community identified Russia as being responsible for the hacks in October 2016.

The-CNN-Wire ™ & © 2019 Cable News Network, Inc., a Time Warner Company. All rights reserved.