A hacker accessed the e-mail account of a Twitter employee and forwarded detailed company information found there to at least two blogs, the technology Web site TechCrunch reported on July 14, 2009.
According to a July 15 post on The New York Times technology blog Bits, the stolen information about Twitter, a popular “micro-blogging” Web site where users post and read links and text-based messages of up to 140 characters, was sent to TechCrunch and a French blog called Korben.
According to the July 14 TechCrunch post, the hacker, known as “Hacker Croll,” sent the blogs 310 documents, including employment agreements; company calendars; new employee interview schedules; phone logs and bills; alarm settings; financial forecasts; confidentiality agreements with companies such as AOL, Dell, Ericsson, and Nokia; floorplans and security passcodes; and company credit card numbers.
“There is clearly an ethical line here that we don’t want to cross, and the vast majority of these documents aren’t going to be published, at least by us,” TechCrunch founder Michael Arrington wrote in the July 14 post. “But a few of the documents have so much news value that we think it’s appropriate to publish them.”
TechCrunch, a site that describes itself as “a weblog dedicated to obsessively profiling and reviewing new Internet products and companies,” published several of the documents with additional TechCrunch commentary from July 14-16. The published documents revealed, among other things, Twitter’s goal of becoming the first social networking site to reach 1 billion users, a pitch for a Twitter-based TV show, and plans for future revenue-producing models.
“It’s important to note that we have been given the green light by Twitter to post this information – They aren’t happy about it, but they are able to live with it, they say,” a July 16 TechCrunch post accompanying the release of several new documents said. TechCruch emphasized that it would not post anything “personal in nature” or “too sensitive to share.” The July 16 post specifically stated that “there are some details about partner discussions, particularly around Google and Microsoft, that we are just not going to publish.”
Korben blogger Manuel Dorne told the New York Times for itsJuly 15 Bits blog post that he chose only to release “relatively innocuous information” because he admires the company.
“I have a lot of respect for [Twitter founder] Evan Williams and a lot of respect for Twitter, so I’ll never publish sensitive information about them that could cause them prejudice,” Dorne said. “I don’t know if TechCrunch has gone too far, but what I can say is that the Web is small, everybody knows everybody, and publishing this information shows a lack of respect for the Twitter team.”
On July 15, a post on Twitter’s own blog said that the leaked documents were “never meant for public communication, [and] publishing these documents publicly could jeopardize relationships with Twitter’s ongoing and potential partners.” The post also said that the site was “in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents.”
A July 16 post on Twitter’s blog said “the publication of stolen documents is irresponsible and we absolutely did not give permission for these documents to be shared.” The post said the company was concerned that the “rudimentary notes of internal discussions will be misinterpreted by current and future partners[,] jeopardizing our business relationships.”
In a July 15 post, Arrington discussed some of the ethical ramifications of posting the selected documents, as well as the backlash from many TechCrunch readers who had expressed their disagreement with the decision to publish the documents in the comments sections of the various posts.
“We publish confidential information almost every day on TechCrunch. This is stuff that is also ‘stolen,’ usually leaked by an employee or someone else close to the company, and the company is very much opposed to its publication,” Arrington continued. “In the past we’ve received comments that this is unethical. And it certainly was unethical, or at least illegal or tortious, for the person who gave us the information and violated confidentiality and/or nondisclosure agreements. But on our end, it’s simply news … if it lands in our inbox, we consider it fair game.”
In a July 18 column in the British newspaper The Independent, associate business editor Stephen Foley wrote that Arrington, whom he called “Silicon Valley’s most prominent blogger,” had “crossed a line” by publishing the information.
“Arrington’s justification doesn’t cut it. Leaking and hacking are not exactly the same thing; people and corporations do have an expectation of privacy; journalists have to justify using material obtained through subterfuge,” Foley wrote. “Unless journalists rule out the routine use of deceitfully obtained information, a whole industry will spring up pursuing it for us.”
Los Angeles Times columnist James Rainey, in a July 24 column, observed that digital communications technology has “supercharged the debate over what should be in the public domain” without providing clear answers. Rainey said that a central development is that the public can now immediately weigh in on news media decisions to publish leaked documents.
In spite of the amount of criticism TechCrunch received for deciding to publish some of the documents, Rainey wrote, “it seems to me that the website and its editor … acted in good faith and were far from the soulless accomplices that some argued.” Rainey said TechCrunch did “what journalists are supposed to do. It tried to bring more information to its audience, while holding back other documents that could cause needless harm.”
The July 15 New York Times Bits post also reported that Arrington said TechCrunch felt an “ethical obligation to help Twitter” in this situation, and that he was working “to help them mitigate the damages” that could come as a result of the leaked documents. Arrington said he sent Twitter all the documents he received and is trying to put Twitter in direct contact with the hacker, although he said he would not reveal the hacker’s identity to Twitter.
Arrington also said that despite his efforts to keep personal documents private, they might turn up elsewhere on the Web. “We’re not the only people who have them,” he said. “There’s presumably a young hacker out there who wants to make a name for himself. I wouldn’t be surprised to see them wrapped up and thrown on BitTorrent at some point.”
Twitter has not said whether it will file a lawsuit over the hacking. In a 2006 case, O’Grady v. Superior Court, Cal. App. 4th 1423 (Cal App. 2006), a California appeals court rejected an attempt by Apple Computer Inc. to discover several bloggers’ confidential sources for a blog post that revealed confidential aspects of Apple’s development plans. The court ruled the bloggers could claim a journalist’s privilege under Cal. Const. art. I, (b) and Cal. Evid. Code 1070. The ruling effectively ended Apple’s attempt to sue the bloggers for revealing its trade secrets. For more on the case, see “Appeals Court Finds That Bloggers Have Same Protection As Journalists, Newsgatherers in the Summer 2006 Silha Bulletin and “Apple Suit Tackles Legal Protections for Bloggers” in the Winter 2005 issue.
– Jacob Parsley
Silha Research Assistant