Hacking into email and apps accounts and removing documents is stealing. Publishing those documents is just as wrong -- and only promotes more stealing.
Over the past 24 hours, it has been widely reported that a hacker broke into the email and apps account of a Twitter employee, downloaded copies of hundreds of personal and company documents and then sent those stolen documents to Michael Arrington, who blogs at TechCrunch. Arrington has decided to publish some of those documents on his blog. His decision is wrong and his action is as unethical as the hacker's action was illegal.
Before becoming an entrepreneur, I was a newspaper lawyer, so I've dealt with this issue before. In my opinion, what Arrington and TechCrunch did here is despicable (disclosure: my company Simulmedia shares an investor with Twitter, Union Square Ventures, though I've had no discussions with any of them about this). Here is why I believe as I do:
The documents were stolen. There is no question about the fact that the documents here were the property of Twitter and that they were stolen. While the password protection could have been stronger, intentionally breaking into and stealing documents from an office with a weak lock is no less a crime than if a strong lock had been in place.
Publishing stolen documents is wrong. TechCrunch knew the documents were stolen; Arrington knew how they were taken. They contain significant proprietary and confidential materials. That they contain sensational information and appeal to readers' voyeristic interests does not condone their publication. These were not the Pentagon Papers. There was no substantial public or national interest served. Hiding behind the "news value" shield is disingenuous. This is about page views.
Publication promotes more stealing. Apparently, this same hacker broke into private Twitter and email accounts before. For the hacker, it is clearly all about attention. Publishing stolen documents is no better than "fencing" stolen jewelry.
With publishing comes responsibility. When you build a soapbox, you have to take responsibility for what you publish from it. It means more than just following the letter of the law. It means accepting some sort of moral and ethical responsibility as well. I don't know whether TechCrunch has broken any laws here yet -- though publishing the credit card numbers the hacker stole would certainly accomplish that -- but promoting the commission of a crime and promoting more of it, shouldn't make TechCrunch principals feel good.
Showing some restraint is no defense. Arrington has written that he will be selective in what he will publish, trying to avoid embarrassing personal information. Apparently, he has been "negotiating" with Twitter. Sounds to me like a kidnapper negotiating over ransom. Showing some restraint and not publishing everything doesn't excuse the lack of restraint in doing it in the first place.
I clearly have a strong opinion on this. How about you? What do you think?