Why the hacking of NightJack matters

The <em>Times</em> finally admits that a blogger's email account was hacked.

The Times of London is regarded as a form of flagship. For a few it is still the "paper of record" for the United Kingdom. And for News International and perhaps for Rupert Murdoch, it shows that they were able to promote a different and more responsible form of journalism than that practiced at its tabloid sister papers, with their grubby phone hacking, private investigators, and intrusive reporting.

But yesterday there was an admission. The Times admitted that a former reporter used computer hacking as part of an investigation. And not only did the reporter hack into a person's private email account, he also told his managers he had done so. Faced with this, the Times published the story based on that investigation even though they were "unclear" as to the role of computer hacking in the reporter's investigation.

You would have thought that the managers would have wanted to know the exact scope of the unauthorised access used in this investigation before they published what was a significant story -- a story that severely infringed someone's privacy. But the Times yesterday told us the managers simply did not know.

The story was about "NightJack", a popular and extremely well-written blog about the reality of police life. It was written under the pseudonym of "Jack Night" and described the goings on in the fictional world of Smallville and Bigtown. No one who read the blog at the time knew where it was set; indeed, part of its power was that it could have been any urban conurbation, and Jack Night could have been any policeman. Even those hostile to the police in general could gain an understanding of the predicaments which police officers routinely faced in their duties.

And so on 22 April 2009 Jack Night won the first Orwell Prize for blogging, an award hitherto given only to journalists and for books. For a blog to win a major literary prize was noteworthy and, naturally, there was particular interest that the author was not known. A young reporter at the Times then decided to see if he could work out the identity of Jack Night.

Was this a valuable journalistic exercise? Should newspapers be devoting resources to exposing the authors of blogs and those using social media more generally? In some circumstances this sort of exposure would be appropriate. For example, at Jack of Kent over a hundred commenters together identified Johann Hari as using "David Rose" as an alias which was used in a systemic exercise over many years to dishonestly promote his own reputation and to maliciously smear those with whom he disagreed.

Was there any similar public interest in exposing Jack Night? There was certainly a public interest in maintaining his blogs written under anonymity: the posts were fascinating and thought-provoking.

The reporter at the time claimed that there were two ways in which public interest was engaged. First he claimed that it could be that the Orwell Prize was duped by a fabricated blogpost. However, this was not convincing, as the Orwell Prize had openly said it had conducted its own checks and was completely satisfied.

The other public interest claimed (in the reporter's witness statement) was that "a policeman was revealing information he had obtained in the course of his police work and was also offering detailed guidance on how to frustrate the attempts of the police, in breach of the police Code of Conduct." (One rather suspects that this articulation of the public interest was informed by legal advice.)

It is not clear if this actually was the case. There is no reason why police officers cannot discuss their work in public, as the legions of police officers now on Twitter show. Jack Night did once post a delightful piece where he advises anyone arrested to do a variety of things, which would actually not be very helpful at all ("show no respect to the legal system or anybody working in it", was one remarkable tip). Some of the posts did feature incidents drawn from real cases, but it was never possible to identify any real incident unless one knew what to look for in an elaborate news archival search.

In fact, there was no public interest in identifying the author of the NightJack blog. The author was not engaged in any exercise of dishonesty or malice, systemic or trivial.

There was instead a public interest in having insightful and carefully-crafted blogs like this. And there was also a public interest in the principle of anonymity and protecting sources. Jack Night was his own source, and one would have hoped journalists and editors at the Times would have valued the importance of protecting anonymity when it is a pre-condition of publishing information in the public interest.

However, the Times decided to out the author against his will. But how did they identify him? The reporter in question provided a witness statement of some 56 paragraphs and with 56 pages of exhibits which showed a brilliant piece of intellectual detective work. Bits of NightJack blogposts were compared with snippets from obscure Ju-Jitsu sites and the Facebook page of the blogger's brother in Houston, Texas. There is also reference to non-internet sources, including the name the blogger used on a list of ex-directory numbers. Everything which could be known about the blogger from any source seemed to have been found out.

So what role did the computer hacking play in this investigation? The Times said yesterday that the role was "unclear" (but also somehow confidently asserted the investigation was "a legitimate process of deduction based on sources and information publicly available on the internet").

Perhaps we will never know. The newspaper is refusing to confirm or deny whether it has retained the relevant records of the incident and their press officer told me today that she has been "advised that we are making no further comments on this matter".

What the Times did decide, however, was that there was no public interest in the computer hacking which occurred. Once it was known that there had been the unauthorised access of an email account there was a disciplinary exercise, and the journalist was given a formal warning. In making that punishment the newspaper decided that there had been no public interest in the hacking.

But what makes this entire incident especially problematic is that before publication the Times had to resist an injunction application by the blogger to retain his privacy. It is not clear whether managers at the Times knew about their reporter's computer hacking before or after the hearing. In any case, it certainly was not told to the Court.

In my opinion, this has two highly significant implications for the High Court case on the injunction. First, the blogger's barrister was forced to concede crucially that the application would proceed on the basis that there had been no breach of any confidentiality or privacy right in the investigation. Second, and even more importantly, the judge determined at paragraph 33 that the blogger had no reasonable expectation of privacy.

Would the Times still have won the case had the computer hacking been disclosed? This is possible, as the judge was persuaded that there was a strong public interest in identifying a blogging police officer. But we do not know. A breach of privacy by means of computer hacking is a serious matter, and it would certainly have been relied upon by the blogger's legal team had it been disclosed to them. It is a general principle of both law and common sense that wrongdoing is not rewarded.

It would appear that a decision must have been made by a senior manager at the Times not to tell the High Court and the defence about what was clearly a relevant and material matter to the injunction case. Even if the computer hacking was not known about on the date of the hearing of 4 June 2009 it was known by the date of the judgment of 17 June 2009, the day before the Times published its story.

So at some point before judgment was handed down the Times must have taken a decision not to disclose its knowledge about the computer hacking. It may well be that there was no strict legal duty to disclose that information -- such disclosure obligations can be technical in scope. But no sensible person would dispute that in a hearing of this kind that it really should have been made available to the judge and the applicant. There had been computer hacking in the investigation to uncover the blogger's identity, and the Times knew about it and said and did nothing about it.

And no one would ever have known had it not been for the Leveson inquiry. Even then, the Times played it down and it was left to others to make a connection. The newspaper's managers realised something wrong had happened but they never told or apologised to the blogger whose email account was hacked.

Overall, the hacking of NightJack matters not only because it tells us something about dark journalistic practices but that such practices are rarely willingly or openly acknowledged when they occur, even at flagship titles like the Times. Computer hacking was used, a person's privacy was invaded, a court was not told, but the Times published anyway.

 

David Allen Green is legal correspondent of the New Statesman and author of the Jack of Kent blog.

 

David Allen Green is legal correspondent of the New Statesman and author of the Jack of Kent blog.

His legal journalism has included popularising the Simon Singh libel case and discrediting the Julian Assange myths about his extradition case.  His uncovering of the Nightjack email hack by the Times was described as "masterly analysis" by Lord Justice Leveson.

David is also a solicitor and was successful in the "Twitterjoketrial" appeal at the High Court.

(Nothing on this blog constitutes legal advice.)

Photo: Getty
Show Hide image

The Prevent strategy needs a rethink, not a rebrand

A bad policy by any other name is still a bad policy.

Yesterday the Home Affairs Select Committee published its report on radicalization in the UK. While the focus of the coverage has been on its claim that social media companies like Facebook, Twitter and YouTube are “consciously failing” to combat the promotion of terrorism and extremism, it also reported on Prevent. The report rightly engages with criticism of Prevent, acknowledging how it has affected the Muslim community and calling for it to become more transparent:

“The concerns about Prevent amongst the communities most affected by it must be addressed. Otherwise it will continue to be viewed with suspicion by many, and by some as “toxic”… The government must be more transparent about what it is doing on the Prevent strategy, including by publicising its engagement activities, and providing updates on outcomes, through an easily accessible online portal.”

While this acknowledgement is good news, it is hard to see how real change will occur. As I have written previously, as Prevent has become more entrenched in British society, it has also become more secretive. For example, in August 2013, I lodged FOI requests to designated Prevent priority areas, asking for the most up-to-date Prevent funding information, including what projects received funding and details of any project engaging specifically with far-right extremism. I lodged almost identical requests between 2008 and 2009, all of which were successful. All but one of the 2013 requests were denied.

This denial is significant. Before the 2011 review, the Prevent strategy distributed money to help local authorities fight violent extremism and in doing so identified priority areas based solely on demographics. Any local authority with a Muslim population of at least five per cent was automatically given Prevent funding. The 2011 review pledged to end this. It further promised to expand Prevent to include far-right extremism and stop its use in community cohesion projects. Through these FOI requests I was trying to find out whether or not the 2011 pledges had been met. But with the blanket denial of information, I was left in the dark.

It is telling that the report’s concerns with Prevent are not new and have in fact been highlighted in several reports by the same Home Affairs Select Committee, as well as numerous reports by NGOs. But nothing has changed. In fact, the only change proposed by the report is to give Prevent a new name: Engage. But the problem was never the name. Prevent relies on the premise that terrorism and extremism are inherently connected with Islam, and until this is changed, it will continue to be at best counter-productive, and at worst, deeply discriminatory.

In his evidence to the committee, David Anderson, the independent ombudsman of terrorism legislation, has called for an independent review of the Prevent strategy. This would be a start. However, more is required. What is needed is a radical new approach to counter-terrorism and counter-extremism, one that targets all forms of extremism and that does not stigmatise or stereotype those affected.

Such an approach has been pioneered in the Danish town of Aarhus. Faced with increased numbers of youngsters leaving Aarhus for Syria, police officers made it clear that those who had travelled to Syria were welcome to come home, where they would receive help with going back to school, finding a place to live and whatever else was necessary for them to find their way back to Danish society.  Known as the ‘Aarhus model’, this approach focuses on inclusion, mentorship and non-criminalisation. It is the opposite of Prevent, which has from its very start framed British Muslims as a particularly deviant suspect community.

We need to change the narrative of counter-terrorism in the UK, but a narrative is not changed by a new title. Just as a rose by any other name would smell as sweet, a bad policy by any other name is still a bad policy. While the Home Affairs Select Committee concern about Prevent is welcomed, real action is needed. This will involve actually engaging with the Muslim community, listening to their concerns and not dismissing them as misunderstandings. It will require serious investigation of the damages caused by new Prevent statutory duty, something which the report does acknowledge as a concern.  Finally, real action on Prevent in particular, but extremism in general, will require developing a wide-ranging counter-extremism strategy that directly engages with far-right extremism. This has been notably absent from today’s report, even though far-right extremism is on the rise. After all, far-right extremists make up half of all counter-radicalization referrals in Yorkshire, and 30 per cent of the caseload in the east Midlands.

It will also require changing the way we think about those who are radicalized. The Aarhus model proves that such a change is possible. Radicalization is indeed a real problem, one imagines it will be even more so considering the country’s flagship counter-radicalization strategy remains problematic and ineffective. In the end, Prevent may be renamed a thousand times, but unless real effort is put in actually changing the strategy, it will remain toxic. 

Dr Maria Norris works at London School of Economics and Political Science. She tweets as @MariaWNorris.