In Temple 'doxxing' case, news orgs should learn a lesson about respecting readers | Opinion
Media companies are not regulated by anything akin to HIPAA. Should they be?
Earlier this week, the Inquirer published an article about Temple professor Francesca Viola, who was publicly outed as the user behind an anonymous account linked to conspiracy-theory comments on news websites.
The article glossed over what I find to be the paramount issue: That Nieman Journalism Lab editor Josh Benton accessed private user data through the Disqus commenting platform to identify Viola on Twitter and share other samples of disagreeable comments. Specifically, he was able to obtain her email address out of the Disqus administrator back end, information only available to him because of his role as a comment moderator for Nieman Lab's website.
Was Benton acting as a journalist in this capacity, simply reporting something he deemed newsworthy? Or was he abusing his power by using the private email address? This question has immense consequence not just for news organizations, but all organizations that collect personal information.
Let's break down some facts about this particular case:
According to the federal government, email addresses count as Personal Identifiable Information (PII), a legal designation for any information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Disqus and Harvard University (which houses Nieman Lab) have privacy policies in place to protect readers and commenters. These policies forbid the sharing of PII.
While Benton did not disclose Viola's email address, he used it to gather additional PII to publicly admonish her for comments he deemed inappropriate for a journalism professor.
Consider other scenarios where a commenter could be "exposed" to adverse consequences: an article about the Israeli Defense Force where someone with ardent pro-Palestinian sentiments is exposed to the community; a column on being gay in a place where homosexuality remains stigmatized and gay people are identified to be shamed.
I believe Benton abused his power as a comment moderator by exposing Viola's identity. On Thursday evening, Benton issued a statement on Twitter acknowledging shortcomings in his process:
"By revealing such details without making an effort to contact [Viola] and seek confirmation and explanation, and otherwise adhere to rigorous reporting methods, the tweets did not meet Nieman's journalistic standards. I apologize and regret my error in judgment."
+++
It's no coincidence that privacy incidents have become more prolific in recent years as technology companies reached global scale; technology and media companies are not regulated by anything akin to HIPAA, which safeguards medical information, or FERPA, which safeguards educational data. At this point the news industry self-regulates itself with respect to privacy and standards.
The journalism community is typically very forthcoming in sharing views and reactions to industry events, and an incident like this could easily be discussed in the pages of Columbia Journalism Review, Poynter, or other industry publications, but the journalism community has been quiet on this matter, perhaps due to Nieman Lab's influence in the industry. The silence sets a dangerous precedent.
Journalists must use this case as a learning opportunity and a reminder to hold ourselves and our peers to the same (or higher) standards as those we cover. It's critical for holding the public trust and essential to retaining our time-honored role as the fourth estate.
Davis Shaver is a journalist and software developer who lives in Callowhill.