18:30 - 19:30
How to Report on a Hack Without Becoming a Puppet


Pretty much everyday hackers target websites, databases, and then in some cases, government institutions too. But for journalists, reporting on these incidents can be an ethical minefield. In this panel we look at the specific responsibilities of the media when it comes to reporting on hacked data, and why the guiding principles such as independence, verification, and transparency are more important than ever, especially when it comes to stories with geopolitical significance like the hack of the US Democratic National Committee.


Russia’s likely interference in the US election; the hacking of extramarital affairs site Ashley Madison; a huge dump of internal documents and emails from Italian surveillance company Hacking Team. The list of prominent data breaches carried out by pseudonymous groups is long and ever growing.

But there is another story that sits in between the hacks themselves, and the articles that you read: how journalists verify and attribute data breaches, and decide what to publish, and what to redact.

In this panel we will explain how this delicate process, which is rarely seen by the public, plays out: what happens when a hacker approaches a journalist, how journalists verify hacked data, how much do a hacker’s motivations influence a story, and how can journalists link a hack to a particular actor when attribution can be difficult?

This job becomes even more important, and potentially complicated, when dealing with stories of massive political significance, like the recent, and likely Russian-driven, campaign around the US election. And as commentators expect more activity around French and potentially German elections, reporting any future incidents as ethically and responsibly as possible has a renewed sense of urgency.

Never before has hacking held such a political weight; governments, societies, and the press need to lay down the groundwork for dealing with the fallout of serious data breaches.