The Legality of Publishing Hacked E-mails

Were journalists right to be leery of the “ClimateGate” leak?

The publication of thousands of e-mails hacked from the University of East Anglia’s Climate Research Unit led to furious arguments about the science and politics of climate change. When the e-mails first leaked, however, reporters and bloggers on both sides of the debate expressed reservations about the legality and ethicality of publishing information acquired illegally.

Large excerpts and quotes of the e-mail exchanges have since been published in a variety of media, including newspapers, television, and blogs. The Wall Street Journal posted a full downloadable file on its Web site. Most outlets, however, opted to refer readers to places like for the complete listing – a decision that drew many rebukes. The New York Times in particular has drawn harsh criticism for its handling of the e-mails. Public Editor Clark Hoyt wrote a convincing defense of the paper, arguing that it handled the situation “appropriately.”

Still, confusion over the legal and ethical implications of publishing hacked e-mails lingers. Some of the newspapers that have refused to publish the documents have general policies dictating that journalists not break any laws in the newsgathering process. Where these policies exist, however, they are a matter of journalistic ethics rather than an attempt to adhere to a well defined legal doctrine.

Given the confusion, CJR decided to consult relevant case law and spoke with two publishing law experts about the hacked e-mails. The following is a primer providing some direction for journalists. It should not be taken as legal advice. There is no absolute rule here and the unique details of each individual case are paramount.

Legal precedents

The Pentagon Papers case (New York Times Co. v. United States) tends to get thrown out there as the catch-all for press freedom, and it came up in myriad comments sections during “ClimateGate.” However, the Pentagon Papers represent a situation in which the Federal Government was trying to proactively prevent the press from publishing classified documents (what is known as prior restraint) that were leaked by an individual with legitimate access to the information, but no permission to distribute it. The Supreme Court favored a broad interpretation of First Amendment press freedoms, but left open the option for the government to prevent publication if it could prove a relatively high level of irreparable harm to national security.

Because the Pentagon Papers case was decided on a specific issue of prior restraint by the federal government preventing the initial publication of documents, it is not really analogous to questions about the legality of re-publishing the hacked e-mails from the University of East Anglia: they were not government documents implicating state secrets with national security implications, and there is no issue of attempted prior restraint.

The more appropriate legal precedent can be teased out of a series of Supreme Court and federal circuit court cases that form a spectrum of legal liability for journalistic use of illegally obtained materials. Where an individual situation falls on that spectrum is largely determined by the extent of involvement in the illegal activity of the person or media outlet claiming First Amendment protection.

Bartnicki v. Vopper is the most protective of journalists and sets out the primary “test,” holding that a broadcaster could not be held civilly liable for publishing documents or tapes illegally procured by a third party. The court set out three criteria for legitimate first amendment protection: (1) the media outlet played no role in the illegal interception; (2) media received the information lawfully; (3) the issue was a matter of public concern.

Here is a quick run-down of the result reached in applying the first two criteria in three relevant cases:

1) Bartnicki v. Vopper: A tape recording was made completely independently of the media outlet and given to another person who was involved in the underlying issue, but had no knowledge of circumstances under which the tape was made. The recipient then gave the recordings to a media outlet and they were made public. No media liability was found in this case.

2) Boehner v. McDermott: The media outlet distributed material it may have known was illegally obtained but it did not advise or participate in its acquisition. There was a crime committed by the person who actually obtained the materials illegally. However, no media liability was found in this case.

3) Peavy v. WFAA-TV Inc.: The media outlet was approached by an informant claiming that he had information about a local news issue. The media outlet refused to use the information without further documentation, encouraged the informant to obtain that, and advised him on the process (which amounted to an illegal wiretapping). The media outlet was found to have advised and encouraged the illegal acquisition of materials, which it then took possession of and published. The court characterized this as “undisputed participation.” The informant and the media outlet were found to be liable for the illegal acquisition.

The third criterion of “public concern” or “newsworthiness” is given broad range in interpretation. One California Supreme Court case, Shulman v. Group W Productions, Inc., determined that “a publication is newsworthy if some reasonable members of the community could entertain a legitimate interest in it.” That court granted “considerable deference to reporters and editors, avoiding the likelihood of unconstitutional interference with the freedom of the press to report truthfully on matters of legitimate public interest.”

The above cases all involved violations of the Federal Wiretap Statute , which is similar to the Stored Communications Act and Computer Fraud and Abuse Act, which (together with mirroring state statutes) would likely apply to the hacked e-mails. The University of East Anglia would have to prove that the hackers had violated one of the two laws (a fairly certain bet) and that the university had suffered damage as a result for liability to reach the hackers and, possibly, whoever published them.

Hacked E-mails and the Law

The climate change e-mails are intimately related to high-level climate science and politics, both of which are generally considered to be of the highest news value. The timing of the hack, in relation to the current international climate summit in Copenhagen, elevates the news value even further. Thus, the third criterion of the Barnticki test, requiring high news value, would be satisfied in this case.

As for the first two criteria regarding a news outlet’s relation to the underlying crime, it is “very unlikely” that any news organization that published the e-mails would face legal liability with regard to how they were obtained, says Edward Klaris, Vice President of Editorial Assets & Rights at Condé Nast Publications and an expert in publishing law who lectures at Columbia Law School.

The first leak seems to have occurred in early October, when the BBC’s Paul Hudson received a “chain of emails” that later turned out to be part of the larger group of hacked e-mails that later appeared on the Internet. Mr. Hudson neither posted the e-mails at that time nor revealed the source that provided them to him. (He did, however, post a link to them once they became public.)

Then, on November 17, a hacker accessed the Web site, a forum used by climate scientists to explain their work. A zip file containing all 4,000 documents were uploaded from a computer in Turkey. Within minutes the Web site’s co-founder, Gavin Schmidt, noticed the intrusion and shut down the site. However, a link to the file on RealClimate had been posted in the comment section on Schmidt reported that four users had downloaded the file prior to shutdown.

On November 19, a link to a zip file on a Russian server was posted on The Air Vent, a site frequented by skeptics of climate change. The site’s moderator, Jeff Id, expressed concern about possible legal issues surrounding the link, but later that day posted this:

I’ve been advised that I don’t need to hide the link. Since this is already being downloaded everywhere…

Thereafter, the e-mails were picked up by a number of other blogs. A Web site,, was eventually set up with a searchable database of the e-mails, which has been a frequently linked to resource by those news sites that choose not to post the e-mails on their own sites. (The site refers readers with questions to [email protected], but two e-mails requesting comment were not returned. The page also contains a link to the Opinion Times, a site which presents itself as “News and Opinion from a Conservative Christian Perspective”; an e-mail to the site’s editor, Jim Pfaff, was also not returned.)

“There is a certain laundering that happens … if there is enough distance from the bad act or criminal behavior,” Klaris explains. In other words, the first publisher of illegally obtained information is most at risk, while subsequent commentators are relatively protected by the sheer fact that the information is already in the public consciousness.
“The historical precedent is to turn the other cheek,” Klaris says. “But, risk aversion may have changed over time.” In the case of the hacked e-mails, he suggests two alternative reasons why some publications may have hesitated to publish them in part or in their entirety. First, there are the ethical issues of not promoting the distribution of illegally obtained information.

Second, in regard to whether or not the documents should be republished in their entirety or in large excerpts, news organizations may come up against copyright issues. It is possible that some news outlets see no reason to get drawn into even a possible legal battle if they could just paraphrase and link instead. In fact, Hoyt of The New York Times mentioned the copyright issues in a recent column in the paper. Unlike the legal liability for the acquisition of the documents, the copyright issues do not disappear if more and more publications reproduce the documents. Rather, each and every subsequent publication can be held liable for copyright violations.

What should journalists do when faced with this dilemma?

“Go with your gut,” says Klaris. “[A]s soon as it feels funny, stop and get another opinion… Don’t encourage or participate in any illegal newsgathering activity.”

If you are going to be the first to publish and have a connection with the original, illegal acquisition of the information, or if you are being sent information that has clearly been stolen-no matter how newsworthy it is-think twice before publishing, suggests Klaris. Most likely, a journalist would be in the clear so long as they were not involved in the illegality in any way. But, it’s worth thinking it over and, perhaps, seeking out qualified legal advice.

Nevertheless, there are countervailing factors that journalists should take into account. Just recently, the deans of five of America’s most prominent journalism schools published a letter in The Washington Post titled, “When in Doubt, Publish.” The deans argue that “[i]t is the business—and the responsibility—of the press to reveal secrets.”

In practice, “ignorance often protects news organizations in these cases,” Klaris says, and the Internet provides the perfect environment for acquiring anonymously posted, illicit information under that rubric.

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Diana Dellamere is a former CJR staff writer.