UPDATE: July 27 -- Hours after this blog was published, national security blogger Michael Best, who uploaded Turkish citizens' personal information databases that WikiLeaks promoted, came forward to say that doing so was a mistake after the site where he uploaded the information took it down. The files were removed due to privacy concerns, according to Best. WikiLeaks has not taken down its social media links to the now dead link. This update is continued under the article below.
Just days after a bloody coup attempt shook Turkey, WikiLeaks dumped some 300,000 emails they chose to call "Erdogan emails." In response, Turkey's internet governance body swiftly blocked access to WikiLeaks.
For many, blocking WikiLeaks was confirmation that the emails were damaging to Turkish President Recep Tayyip Erdogan and the government, revealing corruption or other wrongdoing. There was a stream of articles about "censorship." Even U.S. National Security Agency whistle-blower Edward Snowden tweeted the news of the WikiLeaks block with the comment: "How to authenticate a leak."
But Snowden couldn't have been more wrong about an act that was irresponsible, of no public interest and of potential danger to millions of ordinary, innocent people, especially millions of women in Turkey.
And yet Western media reports, ranging from Reuters to Wired, some from journalists I know and respect, made the same assumptions Snowden did. They merely reported the block as an act of censorship and reported WikiLeaks' allegations of what the emails may contain, without apparently any cursory check.
Snowden couldn't have been more wrong about an act that was irresponsible, of no public interest and of potential danger to millions of people.
Journalists and anti-censorship activists who I am in touch with in Turkey have been combing through the leaked documents, and I am not aware of anything "newsworthy" being uncovered. According to the collective searching capacity of long-term activists and journalists in Turkey, none of the "Erdogan emails" appear to be emails actually from Erdogan or his inner circle. Nobody seems to be able to find a smoking gun exposing people in positions of power and responsibility. This doesn't rule out something eventually emerging, but there have been several days of extensive searching.
However, WikiLeaks also posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.
Yes -- this "leak" actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan's ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. The Istanbul file alone contains more than a million women's private information, and there are 79 files, with most including information of many hundreds of thousands of women.
There is not a single good reason to put so many people in danger of identity theft, harassment and worse.
We are talking about millions of women whose private, personal information has been dumped into the world, with nary an outcry. Their addresses are out there for every stalker, ex-partner, disapproving relative or random crazy to peruse as they wish. And let's remember that, every year in Turkey, hundreds of women are murdered, most often by current or ex-husbands or boyfriends, and thousands of women leave their homes or go into hiding, seeking safety.
I have confirmed that these files indeed appear to contain correct private information by confirming that dozens of my friends and family members in multiple cities were included in that database, to my horror, with accurate private data. The files also include whether or not these women were AKP members -- right after a brutal and bloody coup attempt to overthrow the AKP.
Another file appears to contain sensitive information, including Turkish citizenship IDs of what appears to be millions of AKP members, listed as active or deceased. Yet another file contains the full names, citizenship IDs and cellphone numbers of hundreds of thousands of AKP election monitors -- the most active members of the party.
Their addresses are out there, for every stalker, ex-partner, disapproving relative or random crazy to peruse as they wish.
I've long been critical of the AKP's censorship practices in Turkey and will continue to speak out. But there is not a single good reason to put so many men and women in such danger of identity theft, harassment and worse -- especially after the country was rocked by a bloody coup targeting this political party. I also cannot understand why the leak of such private and sensitive information has been met with such uncritical reporting during such a dangerous week.
The leaked emails published by WikiLeaks were presented in a searchable database, illustrated with a caricature of Erdogan using a flying carpet titled "FROM: AKP" to knock down pillars of democracy. I couldn't care less about the Orientalist imagery -- it's just stupid. The main problem here is deception -- because the emails are not actually from the AKP. Rather, most are emails sent to the ruling party in what appears to be a Google group. There are some emails here and there from gov.tr and akp.org.tr domains, but they are not inner-circle emails as far as anyone who has looked has yet found.
These emails are what you expect: chain emails, recipes, wishes for happy holidays, spam emails, pleas for jobs, serious emails imploring some pothole or other problem be fixed. Some of these emails are just forwarded to a group, the way emails often are. They are un-redacted and often include personal information.
WikiLeaks should take down its links to all personal information as soon as possible.
Much of mass media in Turkey has been ignoring this leak, partly because the coup attempt fallout has understandably consumed their attention and partly because the Turkish press is not known for its investigative tendencies. However, links to these files have been circulating widely on Turkish social media, and I fear the damage is done. WikiLeaks should take down its links to all personal information as soon as possible.
Western journalists have barely commented on the content of the files. And yet, it didn't stop them from reporting on it. Even those working for what should be the most eagle-eyed outlets have been merely reporting name searches. For example, one journalist who noted that former House Speaker Denny Hastert was "mentioned" was retweeted almost 500 times, as if this was an important piece of information. Even a cursory Google search of a phrase from that particular email would have revealed that it was actually a copied-and-pasted 2014 news article speculating about a Turkish businessman visiting the U.S.
This kind of misreporting was widespread. Parroting WikiLeaks' claim, the Christian Science Monitor reported that 1,400 of the emails were allegedly related to Fethullah Gulen, a cleric who leads a secretive global network and who the government blames for the coup. This batch of 1,400 emails was actually merely a keyword search for the phrase "Gulen," which also means "smiles" or "smiling" in Turkey, so ads for vacations by the Mediterranean ("Çeşme's smiling face!") were included in these allegedly incriminating "1,400 emails" along with pasted public news articles mentioning the name of the embattled cleric.
They wonder why so many people around the world are wary of 'internet freedom' when it can mean indiscriminate victimization and senseless violations of privacy.
So, let's recap.
Last week, Turkey experienced a bloody coup that was stopped by citizens (including women) facing tanks and sniper fire and getting shot and killed. In the midst of all this, an unaccountable group effectively doxed millions of women and members of a political party targeted by that coup. And not a single news story (that I could find) mentioned these facts or that the emails contained nothing of public interest.
I hope that people remember this story when they report about a country without checking with anyone who speaks the language; when they support unaccountable, massive, unfiltered leaks without teaming up with responsible parties like journalists and ethical activists; and when they wonder why so many people around the world are wary of "internet freedom" when it can mean indiscriminate victimization and senseless violations of privacy. Discretion is not censorship.
UPDATE CONTINUED: -- About three hours after this blog was published, Best tweeted:
Here's an excerpt from Best's blog post, where he describes a "perfect storm of events that I could have prevented, and wish I had":
WikiLeaks had several hours to examine the link that I sent out before they shared, which would have been ample time to perform a sample check on the data. ... Sharing the link was a good faith mistake that both WikiLeaks and I made.
The most important thing we can do now is try to minimize the potential damage of all of this.
It's good to see at least one person take responsibility for his own part, learn from the incident and try to mitigate the damage. However, the role WikiLeaks has played remains unchanged. WikiLeaks never bothered to take down its Twitter and Facebook posts to millions of people, advertising the databases as "the full data for our Turkey AKP emails + more" and providing a direct link to a site where they could be downloaded easily.
I have tried to explain the situation to WikiLeaks directly, but I was immediately called an "Erdogan apologist." After I started showing WikiLeaks that leading Turkish anti-censorship activists and lawyers were saying these leaks were not of public interest and should not have been posted, WikiLeaks blocked me on Twitter. I'm afraid this will become an unfortunate talking point for pro-censorship forces in Turkey: the ignorance with which Western media and alleged activists met the publication of ordinary Turks' private information.
WikiLeaks' defense of the doxing databases appears to boil down to "we didn't upload them." But it's no defense to say that one has merely linked to and publicized information that poses a direct and grave threat to millions, especially for people and groups with the power of publicity and millions of followers. I, along with countless others, learned of these files through WikiLeaks. People and groups with the power to publicize information on the web have a responsibility to act ethically. The ethical decision would be to see if one could help get these files removed or to obscure their location -- not to advertise them as "full data" to millions of people. Thanks to WikiLeaks' brand and large following, every stalker and self-appointed vigilante who wants to find the home address of, for example, a dissident female journalist in Turkey, could learn of this database. This is a very real concern is Turkey.
Wikileaks' other objection seems to be that I did not immediately make it clear that they had linked to these (now deleted) files and, instead, used vague wording on how they publicized them. I did this on purpose, in order to avoid providing an easy roadmap to the data. Part of my research focuses on censorship by authoritarian governments, and I know that every extra added step means that fewer “amateurs” will access information. It's why governments use methods they know are circumventable -- extra steps act like filters. This blog was updated with the relevant, less vague information after the files were taken down and posed less potential harm.
In addition to the databases of personal information, remember that WikiLeaks published hundreds of thousands of ordinary citizens' emails from large mailing lists devoted to sharing news and updates, sometimes containing private information, which are misrepresented on WikiLeaks' own site as "AKP Emails." As far as I know, WikiLeaks has not said a word about this misrepresentation.
In 2010, I wrote an article in The Atlantic criticizing major internet platforms and payment providers for punishing WikiLeaks by kicking them off payment systems and more. I called it the "dissent tax" on WikiLeaks. The article, which is one of many I've written against censorship, shows that I care deeply about the positive potential of the free flow of information. In the article, I warned of unaccountable, centralized powers on the internet acting as censors. I should have added another threat: unaccountable groups irresponsibly depriving ordinary people the right to privacy and safety.
The flow of online information won't die because of government attempts at censorship -- ordinary people around the world, including many in Turkey, are too good at circumventing blocks. Instead, it's these senseless violations of privacy that make people mistrust the free flow of information and instead support whatever governments say protects them. This leak, which has zero public interest, will regrettably be a talking point for people who support censorship.
This was a multi-party breach of ethics, starting first with people who collect and leave such information unencrypted on servers that are not well-protected; to people who hack such data without understanding what it is and then pass it on to others; to whoever sent it to WikiLeaks without vetting; to WikiLeaks for distributing it globally; to journalists who report uncritically about content from another country without working with someone who speaks the language and understands the country.
I hope that going forward, there will be more attention paid to each of these aspects and that all parties involved remember this example of ethical failure. We all need to reflect and learn from it.
This blog has been updated to reflect that WikiLeaks promoted links to the databases via its social media accounts but did not host those databases on its own site.
Earlier on WorldPost: