Medical records are widely counted among a person’s most private information. But the AP found that WikiLeaks also routinely publishes identity records, phone numbers and other information easily exploited by criminals.
The DNC files published last month carried more than two dozen Social Security and credit card numbers, according to an AP analysis assisted by New Hampshire-based compliance firm DataGravity. Two of the people named in the files told AP they were targeted by identity thieves following the leak, including a retired U.S. diplomat who said he also had to change his number after being bombarded by threatening messages.
The number of people affected easily reaches into the hundreds. Paul Dietrich, a transparency activist, said a partial scan of the Saudi cables alone turned up more than 500 passport, identity, academic or employment files.
The AP independently found three dozen records pertaining to family issues in the cables – including messages about marriages, divorces, missing children, elopements and custody battles. Many are very personal, like the marital certificates which reveal whether the bride was a virgin. Others deal with Saudis who are deeply in debt, including one man who says his wife stole his money. One divorce document details a male partner’s infertility. Others identify the partners of women suffering from sexually transmitted diseases including HIV and Hepatitis C.
Lisa Lynch, who teaches media and communications at Drew University and has followed WikiLeaks for years, said Assange may not have had the staff or the resources to properly vet what he published. Or maybe he felt that the urgency of his mission trumped privacy concerns.
“For him the ends justify the means,” she said.
Evolving view of privacy
Initially conceived as a Wikipedia-style platform for leakers, WikiLeaks’ initial plan was for a “worldwide community of informed users” to curate the material it released wholesale, according to the site’s now defunct question-and-answer page. Prominent transparency advocate Steven Aftergood privately warned Assange a few days before the site’s debut that the publish-everything approach was problematic.
“Publication of information is not always an act of freedom,” Aftergood said in an email sent in late 2006. “It can also be an act of aggression or oppression.”
Those concerns were heightened after WikiLeaks published a series of documents leaked by U.S. Army intelligence analyst Bradley Manning, now known as Chelsea, in 2010. The publication provided explosive evidence of human rights abuses in Iraq and Pakistani cooperation with the Taliban in Afghanistan – among many other revelations – but it also led to allegations that civilians in war zones had been endangered.
Assange insisted WikiLeaks had a system to keep ordinary people’s information safe.
“We have a harm minimization policy,” the Australian told an audience in Oxford, England in July of 2010. “There are legitimate secrets. Your records with your doctor, that’s a legitimate secret.”
Assange initially leaned on cooperating journalists, who flagged sensitive material to WikiLeaks which then held them back for closer scrutiny. But Assange was impatient with the process, describing it as time-consuming and expensive.
“We can’t sit on material like this for three years with one person to go through the whole lot, line-by-line, to redact,” he told London’s Frontline Club the month after his talk in Oxford. “We have to take the best road that we can.”
Assange’s attitude has hardened since. A brief experiment with automatic redactions was aborted. The journalist-led redactions were abandoned too after Assange’s relationship with the London press corps turned toxic. By 2013 WikiLeaks had written off the redaction efforts as a wrong move.
Withholding any data at all “legitimizes the false propaganda of ‘information is dangerous,’” the group argued on Twitter.
But some private information genuinely is dangerous, courting serious consequences for the people involved.
Three Saudi cables published by the WikiLeaks identified domestic workers who’d been tortured or sexually abused by their employers, giving the women’s full names and passport numbers. One cable named a male teenager who was raped by a man while abroad; a second identified another male teenager who was so violently raped his legs were broken; a third outlined the details of a Saudi man detained for “sexual deviation” – a derogatory term for homosexuality.
Scott Long, an LGBT rights activist who has worked in the Middle East, said the names of rape victims were off-limits. And he worried that releasing the names of people persecuted for their sexuality only risked magnifying the harm caused by oppressive officials.
“You’re legitimizing their surveillance, not combating it,” Long said.