Feeds

Journalist beats-off Microsoft subpoeana

Hats off to Dan Goodin for hanging in there - and brickbats to Yahoo for not

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Electronic privacy may be coming, but the legal right to privacy in the US is not what might be expected from assurances by Yahoo, AOL and Microsoft. True stories of general interest nevertheless have a greater likelihood of being told without repercussions if told to a journalist, as Dan Goodin of CNET has shown by shaking off a subpoena to squeal on his source for a juicy Gates' story. At issue is the right to anonymity on bulletin boards and the Internet. The US Supreme Court has ruled that anonymity in communication is allowed under the First Amendment, but that's not how the service providers see it. They have fine phrases assuring privacy, but do not wish to become involved if a company wants to find out the identity of disgruntled employees expressing their views on the Web. The latest to get shirty is Raytheon, the defence contractor: reports say that two employees have been dismissed after disclosure of their personal data by Yahoo. Yahoo, heroically, says it always complies with court orders. The core of the privacy issue is whether personal details should be released in response to a subpoena or other legal process without the opportunity for a defence. The problem areas split into three: malicious statements that are not true; the disclosure of confidential company information; and value judgments about a company, together with true facts that a company may not wish to be known but are of general interest. Few people would disagree that spreading maliciously false information should be discouraged, and that after proper legal examination of the merits of a claim, disclosure of a user's name is not unreasonable, providing the user is notified in advance. There is a grey area so far as the disclosure of allegedly confidential information is concerned. Definitions of "confidential" vary, and in some cases disclosure is in effect whistleblowing about some unethical behaviour by a company. So far as value judgements and general interest information are concerned, it is hard to see why a mature company should be unduly concerned about these. Employees that stay with a company that they criticise make fools of themselves. Companies that feel that their reputations are suffering as the result of anonymous postings should consider defending their actions and challenging the attackers to produce evidence. ISPs give way very easily to information requests from companies about anonymous posters because they do not want the hassle of defending themselves. AOL says it gives its customers 14 days to challenge a legal process or comply with it, before disclosing their name. Microsoft will only say that it "usually" notifies customers before it divulges personal information, but has no written policy about this. But journalist Dan Goodin has successfully defeated a subpoena from Microsoft requiring him to disclose how he obtained an email written by Bill Gates in which Gates said that Java "scares the hell out of me". His story was carried on CNET last September. Although the email is now in the public domain, Microsoft was at the time most upset that Goodin had been able to obtain a copy, and claimed that it wanted to find out who was responsible for allegedly violating the court order sealing the document. In the San Jose District Court, Magistrate Patricia Trumbull ruled that Goodin could have obtained the document from many sources without violating the court's seal. Microsoft's effort to keep its leader's words confidential not only failed, but gave them wider circulation than would otherwise have been the case. Microsoft is apparently chewing over whether to appeal, but it seems unlikely. It is noteworthy that Goodin was prepared to go to prison to defend his source, but ISPs do not have the ethical fortitude to see if there is a good case before disclosing their customers' private details to ISPs. If there's a moral in all this, it is that if you have an interesting story, tell it to a journalist with integrity (no jokes please), and avoid getting fired by companies like Raytheon. But if the story is unfounded, it's on your own head if an employer objects to untrue comment when it is posted. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.