It seems clear, with four years of hindsight, that the American news media owes John Podesta an apology. The political media did almost everything wrong in covering the theft-and-leak of his private emails amid the heat of the 2016 presidential campaign, four years ago today—and yet it’s not at all clear that if confronted by an operation similar to what Russian intelligence executed in targeting the Democratic National Committee via Hillary Clinton’s campaign chair, that we’d get it any more right now.
In fact, so-called “hack-and-leaks” remain one of the most difficult stories to confront appropriately. As we enter the final weeks of the 2020 presidential campaign, when each day seems primed for an October surprise, it’s worth thinking deeply about what makes these incidents so pernicious—and how we as a news media and a society might respond more maturely and rationally than in 2016.
From dozens of conversations this year with numerous reporters, editors, researchers, and executives—as well as a tabletop exercise I ran at the Aspen Institute this summer along with Vivian Schiller, the former CEO of National Public Radio, who now directs Aspen’s media and technology program—it’s clear there’s a shared unease about how the news media handled the 2016 Russian attack on the DNC and Clinton campaign chair John Podesta. The unease stems not from any partisan preference for or against Hillary Clinton; it has to do with the sense that the US media allowed itself to be the delivery mechanism for a Russian attack on our democracy.
The basic details of the Podesta leak have come into focus thanks to the work of US intelligence and Robert Mueller’s investigation as special counsel: On October 7, 2016, just hours after US intelligence first warned publicly of Russia’s unfolding attack on the presidential election and just 30 minutes after the damaging Access Hollywood tape was released, Wikileaks began publishing thousands of emails stolen earlier that year by Russia intelligence from Podesta’s personal email account.
Ever since the dust settled in November following Trump’s surprise victory, there’s been an uncomfortable sense that the media’s tendency toward horse-race coverage aided and abetted a surprise attack by America’s foremost foreign adversary. The Podesta theft and subsequent leak destabilized the campaign and muddled the line between two controversies—confusing many voters between the leak of the Podesta emails and the questions around Hillary Clinton’s use of a private email at the State Department.
A “hack and leak” is among the most likely attacks the US might face in the closing weeks of the presidential race, and it is also one of the hardest to respond to adequately and effectively. The path forward requires understanding both the lessons of previous attacks and why Donald Trump’s words and actions have made the current landscape particularly vulnerable.
How We Got to Now
The first major hack-and-leak was met with more amusement than alarm. To this day, North Korea’s 2014 attack on Sony Pictures Entertainment remains misunderstood—a bizarre incident by a bizarre regime, more embarrassing than harmful, protesting a mediocre stoner movie with Seth Rogen and James Franco.
Yet it was actually a deeply destructive landmark attack, as it turns out, for reasons we didn’t realize at the time. Beyond the actual financial and physical damage, the Sony hack burned itself into America’s mind because the hackers hit the softest part of the company’s IT system—emails—and weaponized that information through the use of social media. North Korea got the mainstream media to pick up on those leaks and do the hackers’ bidding, causing reputational and financial damage to the company as Sony’s innermost secrets were spread across the internet for all to read. A stolen spreadsheet of a company’s executive salaries proved irresistible to reporters, who published it quickly; ditto for reporting on executives’ candid comments on colleagues, actors, directors, and other Hollywood luminaries. Particularly in the sped-up news cycles of the digital age, the media had decided that the “newsworthiness” of purloined internal secrets outweighed any ethical dilemmas raised by how that material was obtained. In Sony’s case, there was no sense or allegation of wrongdoing—just hot gossip.
Unfortunately, that part of Sony’s legacy—so obvious now in hindsight—didn’t sink in with the government and the private sector. America learned the wrong lesson and focused on deterring destructive attackers and hardening network IT systems. Russia, meanwhile, watched the Sony hack and learned the power of stolen information to influence public opinion and undermine confidence in an organization. Russia also saw how American society had been quick to blame and isolate the victim—Sony—rather than unite against the perpetrator of the hack. Russia saw that media organizations—some reputable, some not—would rush to cover such leaks, amplifying the thefts with little self-reflection.
In the years since, we’ve seen similar operations targeting public figures from French presidential candidate Emmanuel Macron to Paul Manafort’s daughter, all carried out by foreign adversaries who see such thefts as advancing their own strategic agendas. Yet the media continues to struggle to contextualize the release of stolen documents, without doing the bidding of the thief.
Hack-and-leaks are a particularly difficult and challenging threat to address precisely because they exploit the seams of democracy, as well as long-held norms and instincts of the news media and news organizations themselves. We’ve seen reporting stray from the newsworthy to the salacious, like the Amazon order history of Sony executive Amy Pascal, or the silly, like John Podesta’s risotto recipe. But stolen, leaked documents often contain legitimate news and insights into key decisions or relationships—news which editors and reporters rightfully feel they can’t ignore, regardless of the source.
Even the nearly unthinkable idea of a complete US media boycott and blackout on leak revelations would prove unlikely to stop such revelations from penetrating the US political landscape. Less reliable fringe or partisan websites can publish material that forces more mainstream and reliable organizations to confront stories they’d normally argue don’t rise to their standards. As we’ve seen from QAnon’s Pizzagate to the president’s own Twitter feed to the rumored-and-never-spotted giant antifa bus during the protests in recent weeks, news organizations often now have to wrestle with fringe provocateurs and conspiratorial ideas in a way that they didn’t have to before.
Couple that with the press corps’ normal bias toward competitive scoops, speed, and horse-race-style coverage and you had a recipe for trouble. Peter Strzok, the FBI agent who was at the center of much of the 2016 mess as it unfolded, had a stark warning as part of his recent book tour. “The press hasn’t solved any of this,” he told me. “If the [Russian intelligence service] GRU dumped the Biden campaign’s binder of opposition research on Kamala Harris right now, every news organization and publishing house would race to publish it. I think if you reset the players and the facts of 2016, I’m willing to bet it plays out exactly the same way.”
The biggest challenge, though, is that we rarely know the origins and motivations behind such leaks in real time. Intelligence agencies and news organizations are left to speculate about the provenance of the documents and the motives and desired outcomes from the attack, leaving a critical void as to the goals of the perpetrators. We now know how concerted, extensive, and coordinated the Kremlin’s attack on the Democratic Party and the Clinton campaign truly was, but none of that detail came out until years after the fact.
Put another way, as one tech platform executive told me, the challenge of an “information influence operation” is that at the start only the adversary knows it’s an operation—a coordinated series of actions that has been thought out and planned in advance. A game of chess has begun, but it might take several moves for the news media or a campaign to notice. By then it may be too late.
News organizations need to recognize that in such maneuvers they are the target of an active information influence operation, either by a foreign adversary or a campaign foe. That requires treating adversarial hack-and-leak operations—or, just as importantly, the possibility of an adversarial hack-and-leak operation—as unique and different from a “normal” whistle-blower like an Edward Snowden or Reality Winner.
What We Might Expect This Fall
The most troubling problem with confronting hack-and-leak operations in 2020 is the special challenge of Donald Trump—a president uniquely inclined to disregard democratic norms, spread unfounded conspiratorial notions, and encourage questions about the legitimacy of the election. Trump’s day-to-day mendacity and encouragement of foreign assistance means that rather than eschewing or condemning such operations, he seems uniquely inclined to wholeheartedly embrace the leak of stolen documents.
Everything we’ve seen over the past five years about Trump’s behavior should warn us that he would embrace aid from foreign adversaries and turn it to his political benefit. He’s said as much, as evidenced by his actions in Ukraine, which led to his impeachment in January seemingly a million news cycles and crises ago, and his calls for China and others to release information that may harm opponent Joe Biden. Similarly, recent evidence shows that attorney general Bill Barr and secretary of state Mike Pompeo both seem willing to use their offices to promote the Trump campaign’s interests. Together, such behaviors represent dangerous, fertile ground for a hack-and-leak operation to take root.
One scenario that seems likely to stymie the best possible intentions of the news media is how a hack-and-leak operation might collide with Donald Trump’s natural instincts to inspire second- and third-order political effects that would be impossible to ignore. Trump, for instance, might weaponize and give oxygen to even a mundane, milquetoast leak to undermine the credibility of the Biden campaign or to raise questions about the legitimacy of the election, distracting and clouding the presidential race with the vaguest of misconduct allegations.
So how should the news media avoid allowing its pages and programs from being turned into weapons? How do we build on the awareness to do a better job of saying “Caveat lector,” let the reader beware?
This summer at the Aspen Institute, Vivian Schiller and I designed and ran a tabletop exercise geared toward an unfolding hack-and-leak operation timed to the second presidential debate in October.
We imagined how the media might respond to an anonymous “DCLeaks”-style website that appears and purportedly contains internal document stolen from Burisma, the Ukrainian energy company that was at the center of the impeachment inquiry. It wouldn’t take much effort for such an operation to reveal a few key doctored documents, appearing to allege that perhaps we don’t know the full truth about Hunter Biden’s role with the company. In the days ahead, journalists compete ferociously, racing to confirm the authenticity of the documents and, within a relatively few days, determine that the most damning documents are false—that there’s no concrete evidence of wrongdoing by the Bidens at all, just some Sony-style internal Burisma corporate gossip, some financial records, and strategy PowerPoints.
In the meantime, though, the mere existence of the leak ricochets through the right-wing media bubble—it is speculated about on Fox & Friends, OAN, and elevated online by Trump fan sites. The president—who in real life today spent the anniversary of the Podesta leaks tweeting unceasingly about some made-up scandal about “Obamagate”—begins amplifying the claims as evidence that Joe Biden is crooked. He calls for the FBI to investigate. He tweets something reckless and unproven, like “Is Joe Biden biggest criminal of all time?” His supporters break into “Lock him up!” chants at rallies. Before the authenticity of the documents are even disproved by reporters, “senior Justice Department officials” leak that a grand jury has been empaneled to investigate the Biden family, and secretary of state Mike Pompeo and director of national intelligence John Ratcliffe announce that they’re traveling to Ukraine to find out the truth. The Biden campaign hits back, saying that the Trump campaign is acting as a pawn of Russia, weaponizing the US government for the president’s reelection. By that point, even if responsible news organizations decide the underlying documents are forgeries, the story has morphed from an “information operation” to an arguably genuine political controversy.
Through the exercise, which was designed to build upon the work of Stanford researchers Janine Zacharia and Andrew Grotto—who have studied hack-and-leaks and published 10 guidelines for what they call “propaganda reporting”—we tested how various responses by journalists and news media might alter the trajectory of the story.
It’s clear that there’s a better path forward. What we found is that a successful response to a hack-and-leak requires news organizations to blend one thing they’re good at—skepticism—and one thing they’re not—careful, slow deliberation.
We boiled our lessons down to four C’s: cooperate, contextualize, control, and curate.
Cooperate. One of the most critical aspects of confronting a hack-and-leak goes against the instincts of most news organizations: Early cooperation among newsrooms turns out to be key, both between reporters who don’t often work together—say national security or intelligence reporters and the day-to-day political teams—and between competing news organizations. An adversary’s operation is likely to exploit the scoop-hungry nature of both individual reporters and collective newsrooms, each of whom want to be first in breaking big news. But one of the few opportunities news organizations have to avoid becoming pawns is simply to slow down—talk among reporting teams, talk among senior news executives, check with other news organizations about how they’re responding and what additional context they may have gathered or be privy to, double-check documents’ provenance and the attribution of leaked documents with campaigns and the US government, both intelligence agencies and law enforcement.
Contextualize. Reporting responsibly also requires providing readers and viewers the best available context. Just as news organizations have gotten better about confronting Donald Trump’s myriad lies and distortions with “truth sandwiches,” that is, contextualizing his inaccuracies with actual facts, both news organizations and tech platforms should endeavor to preface reporting on hack-and-leaks with the clearest possible attribution. Every article and report on the subject should be framed at the start—ideally even in the headline—as reinforcing the adversarial nature of the news. In the 2016 DNC and John Podesta email leak, for instance, the coverage should have been more explicit: You’re reading this because Vladimir Putin wants you to.
Control. Remember at all times to double-check and critique your own coverage: Is this information actually newsworthy? Just because something is published on the internet doesn’t mean it needs to be published. This sounds so obvious and silly, but past incidents, from Sony to Podesta, have proven how quickly news organizations will stray from publishing arguably legitimate news contained in stolen documents to highlighting the embarrassing or frivolous, how thoughtful analysis can be quickly replaced on deadline by clickbait. Responsible reporting on hack-and-leaks requires the same sensitivity as reporting on any other victim of a crime. Zacharia and Grotto argue that news organizations need to do a better job of sticking to subjects deemed to be in the public interest and refrain from reprinting messages that are solely personal or salacious in nature.
Curate. News organizations also need to think technically about how their own web-savvy instincts can advance an adversary’s attack. How news organizations curate and present their reporting online will help determine how much it’s amplified and how readers and viewers access stolen material. Social media policies should be clear about whether individual reporters can tweet or post links to hacked material. Zacharia and Grotto in their work also called for news organizations to stop linking in news stories to hacked material—a new “norm” also apparently embraced as part of Washington Post editor Marty Baron’s new principles for covering such material as well. (If a news organization does choose to link, Zacharia and Grotto also identified and outlined a key technical detail by the Thoughtful Technology Project's Aviv Ovadya, known as a “no-follow link,” that would allow news organizations to link to hacked material without amplifying it for search engines like Google.)
None of these steps would stop legitimate news stemming from stolen documents from getting appropriate coverage—however, together, these four broad guidelines would help ensure both that news organizations don’t re-victimize the victim of a hack-and-leak operation, while minimizing the ability of a foreign adversary to weaponize America’s free press against its democracy.
Russia learned the wrong lessons from the Sony attack; we should take this chance to learn the right lessons from Russia.
Updated 10/18/2020 10:00 pm ET: This story has been updated to clarify Aviv Ovadya’s work on "no-follow links."
WIRED Opinion publishes articles by outside contributors representing a wide range of viewpoints. Read more opinions here, and see our submission guidelines here. Submit an op-ed at email@example.com.