On Thursday talks fell apart between the National Republican Congressional Committee and the Democratic Congressional Campaign Committee, which had been attempting to work out an agreement not to use stolen or hacked information in campaigns. Given the prominent role that stolen materials played in the 2016 elections, with both the Democratic National Committee and Hillary Clinton’s campaign getting hacked, it’s easy to imagine Democrats especially would be eager to work out some sort of cease-fire going into the next election cycle, though every campaign, regardless of party affiliation, has emails and digital files they would prefer not to see splashed across the front page of every newspaper in the country. But the Republican representatives at these talks decided to withdraw from the negotiations, reportedly because Democrats had gone against an earlier agreement by discussing them publicly.
But ultimately it makes absolutely no difference whether members of Congress can or cannot reach some handshake agreement not to leverage illegally obtained materials in their upcoming campaigns. If information is going to be stolen from campaign computer systems (and it will be), and media outlets are going to cover that information (and they will), and all of us talk are going to gossip those revelations over coffee (and we will), why shouldn’t politicians themselves—and their opponents—be allowed to address those very public issues?
For one thing, politicians refusing to comment on hacked materials or use them in attack ads or campaign speeches will almost certainly not cause any meaningful reduction in hacking activities. After all, none of the campaign-related data breaches that we have learned about since 2016 suggest that the Democrats or Republicans were themselves penetrating computer systems and stealing data—rather, that was being done by overseas agents of the Russian government who are unlikely to feel honor-bound by any agreement between the NRCC and the DCCC.
Certainly, part of the point—perhaps even the whole point—of those breaches was to generate attention and publicity. So, arguably, a commitment by all campaigns to pointedly ignore any information acquired in this way might put a damper on Russia’s enthusiasm for influencing elections through these tactics simply by detracting from how much attention they receive.
But that logic is based on the assumption that political campaigns are the chief distributors and drivers of stories about those stolen materials in the first place. In fact, the perpetrators relied heavily on sites like Wikileaks to release the data they stole, and that information was publicized and reported on by independent news organizations just as much as (if not more than) it was touted for partisan political motives by campaigns.
This is part of what makes it very hard to defend against data breaches that are motivated by a desire to publicly shame the victims. If you want to protect people from financially motivated breaches of payment card information, for instance, you can try to lock down their accounts and freeze their credit and protect their money, even after their information has been stolen. But if you want to protect someone from public humiliation after embarrassing emails are stolen, then pretty much the only option is to go after the people and organizations reporting on and talking about stolen information.
In the wake of the Sony Pictures breach in 2014, Aaron Sorkin wrote an op-ed for the New York Times arguing precisely that—that the news organizations that reported on the documents stolen from Sony were just as responsible for the damage done to the company as the Guardians of Peace, the North Korean hackers who stole that information in the first place. Sorkin stopped short of saying that the press should not be allowed to report on stolen information, but he did write:
[E]very news outlet that did the bidding of the Guardians of Peace is morally treasonous and spectacularly dishonorable. … If you close your eyes you can imagine the hackers sitting in a room, combing through the documents to find the ones that will draw the most blood. And in a room next door are American journalists doing the same thing.
Sorkin’s not wrong about the motivation, but a blackout on journalists covering this sort of information not going to happen. Campaigns might feel they stand a better chance of striking a deal with their political opponents than they do actually preventing them through stronger security measures and more careful use of digital communications. But banning talk about stolen information won’t make those breaches go away or even dramatically alter their impact. To do that we would have to be willing to silence a great many more people and organizations. At a certain point, we’re better off with the breaches.