[Updated] Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions; Or Not…
from the whoo-boy dept
Important Update: Michael Best has now come out and said that it was actually he who uploaded the files in question, which he got from the somewhat infamous (i.e., hacked the Hacking Team) hacker Phineas Fisher. Through a somewhat convoluted set of circumstances, it appeared the files were associated with the Wikileaks leak when they were not — and then basically everyone just started calling each other names:
The files were obtained by Phineas Fisher, who was the source. As far as I can tell, Fisher did not intend to dump all of the files publicly, and Fisher has not indicated that he meant to give any of the files to WikiLeaks to publish. However, they received a partial set of the documents and decided to publish them.
Following the WikiLeaks release of the partial set, Fisher decided to release his set. Since the files came from a known source (Fisher has been responsible for many high profile hacks, including the hack on the Hacking Team), I used the torrent file that the files were released through to create a bittorrent instance on the Internet Archive?s server. The server proceeded to download the torrent and create the item that was linked to by WikiLeaks.
After the personal information was discovered, the AKP files were removed from the Internet Archive?s server.
Although I wasn?t aware that it was included in the release at the time, I accept my responsibility in distributing the personal information. The explanation as to how it happened is not an excuse for the fact that it did happen.
Of course, in the meantime, there’s been a lot of nastiness, with Wikileaks and its supporters unfairly claiming that Zeynep Tufekci was an agent for the Erdogan government — which is insane if you know her at all. As Best notes in his piece, it’s entirely reasonable that Tufekci assumed Wikileaks was responsible for the files (even though she only accused them, accurately, of promoting the files, not uploading or hosting them — and they did, in fact, tweet a link to the files as well as post it to Facebook), and while Wikileaks may be on the defensive about other claims about its leaks, it didn’t need to attack her credibility in the process. And it is true that Wikileaks tweeted a link to the files.
Update 2: In response to our update, Zeynep Tufekci has sent over the following quote, noting that she still has concerns about how Wikileaks handled this:
“Wikileaks has never clarified that the emails it hosts are almost entirely mundane emails of ordinary citizens and revealed nothing of public interest after days of intense combing (though there were privacy violations there as well), and it has never apologized for the fact that the databases that it repeatedly, and via multiple channels, pointed to its millions of followers as full data of “our AKP emails” (they weren’t) and “more” actually contained private and sensitive information of tens of millions of people in Turkey, including more than 20 million women. I never claimed that they hosted; I was agnostic on that point so none of the substantive discussions revolves around who hosted them. However, I’m glad the person who uploaded them has come forward to apologize, and learn from this. I hope the broader hacker community also reflects on this, and realizes that rushing, jumping on news cycles, dumping data indiscriminately, uploading stuff you do not know, working in a language you do not understand with no local contacts, and then accusing your critics of being government shills without the slightest attempt at research is not okay.”
And… original article below.
Last week, we (like many others) reported on the news that Turkey was blocking access to Wikileaks, after the site released approximately 300,000 emails, supposedly from the Turkish government. We’ve long been defenders of Wikileaks as a media organization, and its right to publish various leaks that it gets. However, Zeynep Tufekci, who has long been a vocal critic of the Turkish government (and deeply engaged in issues involving the internet as a platform for speech) is noting that the leak wasn’t quite what Wikileaks claimed it was — and, in fact appears to have revealed a ton of private info on Turkish citizens.
Yes — this “leak” actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan’s ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. I’ve gone through the files myself. The Istanbul file alone contains more than a million women’s private information, and there are 79 files, with most including information of many hundreds of thousands of women.
What’s not in the leak, apparently, is anything really about Erdogan’s government:
According to the collective searching capacity of long-term activists and journalists in Turkey, none of the “Erdogan emails” appear to be emails actually from Erdogan or his inner circle. Nobody seems to be able to find a smoking gun exposing people in positions of power and responsibility. This doesn’t rule out something eventually emerging, but there have been several days of extensive searching.
At the very least, this does raise some ethical questions. In the past, Wikileaks has (contrary to what some believe!) actually been pretty good about redacting and hiding truly sensitive information that isn’t particularly newsworthy. It’s possible that this is just a slip up. Or it’s possible that Wikileaks got lazy. Or it’s possible that the organization doesn’t care that much to go through what it gets in some cases. [Update: Or, see the update above, where we discover it was a third party that uploaded this data, that then got associated with the Wikileaks data after Wikileaks tweeted].
I still think that the organization has every right to release what it gets, but it should also be open to criticism and people raising ethics questions about what it has chosen to release. The fact that it appears to have failed to consider some of the questions in this case, and then possibly overplayed the story of what was in this release is certainly concerning, and harms Wikileaks’ credibility. [Update: so, this was a mistake, though it’s unfortunate that Wikileaks then lashed out out Tufekci and others making additionally baseless claims. Yes, it was wrongly accused, but that’s no reason to wrongly accuse others as well.]