On April 19, a slew of tens of thousands of wide-ranging, private emails between Chicago public officials was quietly published online.
The group behind the dump — Distributed Denial of Secrets — says it didn’t hack the emails, but after obtaining them around February, spent more than a month sifting through them, decoding the emails and deciding which ones to publish broadly.
“We [initially] found, you know, a lot of really corporate data … about mergers and acquisitions,” said activist Freddy Martinez, one the group’s advisors who’s from Chicago. ”And we sort of put it to the side. And then … looking a bit deeper, we found all of the city of Chicago’s emails … we sort of knew that there was a lot of really important information in there.”
So the group published a database that they say contains 60,000 documents of emails among top officials within Mayor Lori Lightfoot’s administration. The emails appear to touch on innumerable topics, from conversations about when to ignore a reporter’s phone calls, extensive emails on the city’s COVID-19 planning, to a secretive Chicago Police Department drone surveillance program.
The ransomware group Clop took credit for the hack, and published the data behind the emails according to the Chicago Sun-Times. That’s after city officials say the group tried to get a ransom payment to prevent the dump. The emails come from the Jones Day law firm, which the city had hired to conduct an internal investigation into its handling of a high-profile botched police raid.
Experts say the episode raises familiar and long-standing questions about whether hacks like these — obtained illegally with mal intent of ransom — as well as reporting on them, are ethical, or even good for democracy at all.
“The question is moot. … The emails are available.”
First, the question of what to do with the emails. Illegal hacking aside, whether journalists should report on the hacked information is a no-brainer, says Joe Mathewson, a practicing attorney and journalism professor at Northwestern’s Medill School of Journalism.
“There’s no question that this is fair game for journalists,” Mathewson said, referring to decades of case law establishing the right to publish even illegally obtained information. Most famously, of course, is New York Times Co. v. the United States, the Supreme Court decision that allowed the Times and the Washington Post to publish classified documents on the Vietnam War without censorship or rebuke.
Mathewson adds the ethical question is not whether to report on the emails, but how to do so, particularly as Lightfoot has said her office will not be authenticating or commenting on the validity of the emails. With tens of thousands of emails, it would be difficult to know, for example, if the chains of emails are complete.
“I think there’s going to be an ethical call to be made by journalists, by editors, if they’ve got a story that they think is valid, they should try to, of course, authenticate it — to talk to the city departments involved.“
“But when a circumstance like this occurs, through no fault of journalists, it does provide an opportunity for journalists — acting ethically, and carefully — to write stories about newsworthy aspects of our city government,” Mathewson said.
“Transparency has gone a bit too far”
Others predict hacks like these, and the stories they result in, could have a lasting impact on the way public officials communicate, for better or worse.
“You have to wonder the next time an aid or an elected official has a comment or an idea that might be embarrassing if it were leaked, if that is no longer going to be discussed or evaluated, even if it might turn out to be something that our policymakers need to talk about,” said Adam Zelizer, an assistant professor at University of Chicago’s Harris School of Public Policy. “Whether those costs … outweigh the benefits of disclosure, depends.”
Zelizer’s research centers on the ways in which government transparency affects lawmaking.
“In my research, I brought legislators from both parties together in private to discuss legislation, which is an opportunity they don’t have often,” Zelizer said. He says because of restrictions on what lawmakers can hash out privately, “ … issues often become partisan. And there’s grandstanding, there’s playing to the media and to the crowd at home.”
Experts surmise that many of the emails included in this dump would not be publicly available through the Freedom of Information Act, or FOIA — a tool many journalists, lawyers and private citizens use to obtain public information from government bodies.
That’s because Illinois’ FOIA law allows officials to deny requests if the information includes “preliminary drafts, notes, recommendations, memoranda and other records in which opinions are expressed, or policies or actions are formulated.”
That exemption is meant to protect the privacy of, and allow public officials to, speak candidly to resolve issues. While most experts agree it’s a good exemption, Mathewson points out it is ripe for abuse.
“Public officials — state, local and federal — incline toward privacy, and incline toward secrecy … in the way they interpret FOIA requests under many exemptions, and this is clearly subject to abuse,” he said.
Martinez, of the DDoSecrets group, echoed that sentiment in his defense of the group’s publication of the hacked emails.
“I think what we’ve seen in the last week is that we made the right choice,” Martinez said. “It’s almost hard to keep up with all of the stories that journalists and members of the public are finding.”
“It’s very different from the Pentagon Papers”
City officials say reporting on these hacked emails, no matter their subject matter, would only encourage criminals to hack again.
“I would just be very, very cautious,” Lightfoot said to reporters earlier this week. “I don’t want to credit them as a credible news source, so I won’t be commenting on any specifics.”
While stories based on the emails may shed light on previously unknown aspects of Lightfoot’s administration, hacks themselves are cause for concern and bad for democracy, says First Amendment expert and University of Chicago law professor Geoffrey Stone.
The basic worry, he says, is how credible the organizations are that sift and publish the documents, and whether those sources can be trusted to fairly present — and not contort — what the documents show.
“In a world in which 50 years ago it was the case where the disclosure publicly of information that was illegally obtained, would be made by truly responsible … entities like the New York Times, or the Chicago Tribune or WBEZ … the decision to publish that information is not necessarily so harmful, because they will exercise trustworthy judgment,” Stone said.
“But in the contemporary world of social media, and of hackers, the people making the decision to disclose the information are not reliable … And there’s no reason to believe that they will make the decisions that are in fact, in the best interests of our society.”
Stone says to look no further than the 2016 Democratic National Committee email hack published by Wikileaks, a model for groups like DDoSecrets. Later, U.S. officials indicted 12 Russian intelligence officers for the hack in an attempt to influence the 2016 election.
While he says he believes journalists had no choice but to report on the content of the emails, the threat to national security outweighed the benefit of transparency.
“I think there was information that was disclosed that did have a public benefit,” Stone said. “But on net, the balance was very negative — both in terms of the national security of the nation, and in terms of the electoral politics and the role of foreign nations in our political system.”
The group that made the Lightfoot emails available, the Distributed Denial Secrets, is made up of journalists, activists and hackers, according to its website.
Martinez, the group’s advisor, said the group often works directly with newsrooms when they come across data they’re not comfortable releasing directly to the public.
“So it’s a really broad set of questions that we try to tackle and grapple with,” he said.
He says these emails released recently represent just 5% of the total number of emails retrieved by a separate ransomware crew in the initial hack.
Mariah Woelfel reports on city government at WBEZ. Follow her at @MariahWoelfel.