I’m really far on the side of hackers here, but I’m having trouble justifying sending any data whatsoever to journalists related to criminal investigations. Even one witness’s name, sent merely to prove that the breach happened, could be enough to cause direct harm to that case if the reporter decided to reveal it. You don’t need to do that to show a reporter that the breach happened. And it’s up to the reporter themselves to prove the breach is real.
As is described in the article, this is one of the best cases of responsible disclosure I can think of in recent memory - refuting a government lie that put at-risk people's lives in danger.
I’ve been following this since early August because I grew up in Columbus and still have family there.
Ginther is a terrible mayor and has handled this mess about as poorly as you can. The researcher they’re trying to quiet exposed that Ginther was lying about the data being unusable.
> "This is not about speech. It's not. It's about the actual action of > going on the keyboard, going into the dark web, gathering the information, > downloading it to your computer and then disseminating it to people > who are in the press or otherwise," Klein said.
... sounds a lot like free expression (especially when the city is lying)
Here’s an example from my own life: I created books3, an AI training dataset of almost 200k books. This was thanks to The Eye, who hosted a copy of Bibliotik, a popular shadow library. But everyone is suing the AI companies themselves for using the training data, even though the original harm was caused by The Eye and Bibliotik.
> not this one person who said "the city failed to secure the data - anyone can get it".
If he simply said that, there wouldn’t have been a problem. He sent actual data related to ongoing criminal investigations, and was on the record saying he might set up a website to more widely disseminate information about that data — which could include names of witnesses in those investigations.
Is showing some reporters some sample data to show that the data exists malicious? Because I believe that's all he's been accused of doing.
> was on the record saying he might set up a website to more widely disseminate information about that data
As to whether the website he would make one day would contain the information on investigations: this is disputed. To me, it seems the city misconstrues his quotes about letting people determine if names were contained in the entire dataset.
Snowden was, according to all available evidence, not trying to expose abuses. He was trying to commit espionage against the US, and it's extremely clear to anyone who has passing experience with the leaks and a shred of intellectual honesty, because the vast majority of the files were completely unrelated to domestic surveillance programs, and instead concerned foreign surveillance programs.
Stop bringing up Snowden; all of the evidence indicates that he was lying about his motive.
I don't know how to do that responsibly (just share it with a reputable reporter?), but I definitely get the feeling if you're constantly subjected to bad faith.
If someone’s butt is going to be on the line, it should be a corporation’s (the news agency), or perhaps an individual investigative journalist. Not you. Not for something like this, anyway. If it was just social security numbers I might agree with you, but police databases are obviously dangerous to disseminate, even if it’s just to prove they exist. He could’ve sent redacted screenshots.
Point being, we don’t know what he sent, but sending anything at all from a police database is a bad idea. No lawyer would ever say that that’s legal, let alone ethical.
you are in danger but you dont need to know that, its not your job to protect yourself, thats our job.
By the time Goodwolf got to the data, it had already been compromised and published. The only way he could have possibly contributed to the harm was by drawing attention to it. If you take that perspective, then the city has further contributed to that harm themselves by taking legal action against Goodwolf. Furthermore, you could also conclude from this argument that the city had some moral responsibility to lie to the public about the nature of the breach, and that all those who knew the truth would also have the moral responsibility to protect that lie.
I would say this is an incredibly perverse position to take. All of the data compromised in this breach was already published, and in the hands of criminals. For anybody whose data was included in this breach, the city lying about it was just putting them in further jeopardy. Now they will at least have the opportunity to learn about the breach. The journalists are hardly likely to abuse it. The only legitimate harm caused by Goodwolf was to harm the integrity of the lying city officials. They deserve that harm, and the other side of that coin is that the public benefits when corruption is exposed.
