Yesterday, the hacker group Fancy Bears, which is believed to have ties to the Russian government, released documents it allegedly obtained when they hacked the International Association of Athletics Federations (IAAF) in February (I say "allegedly" because the World Anti-Doping Agency claimed Fancy Bears altered documents after hacking its system in 2016, and the IAAF has not yet verified the authenticity of these leaked documents).
I'm hesitant to write any more about the leak. Not because it contains highly sensitive information, but for the exact opposite reason. It contains very little of value or public interest, and for now none of it is independently verifiable.
Unfortunately, almost everyone reported it anyway. The BBC, the Telegraph, the AP, and dozens more all reported the hack and the alleged revelations therein. So I'm going to repeat this information in the interest of navigating the tricky territory of when to report and not report on hacked information, particularly as it pertains to anti-doping issues.
In short, Fancy Bears leaked documents about England runner Mo Farah, which indicated he allegedly raised flags within the IAAF after a doping test. Something about his blood levels required additional testing and, after that additional testing was conducted, he was cleared.
So, to recap, we have: no verified documents and no actual evidence of malfeasance or rule violations. In short, we know nothing new.
I asked Motherboard's Lorenzo Franceschi-Bicchierai, who reports on hacks and digital security, about this instance. He said this is a "classic example of covering a hack/leak just because it's a hack/leak without stopping to question whether it's newsy or in the public interest."
In May, Motherboard published a guide to reporting on hacks "without becoming a puppet." Unfortunately, this is exactly what happened to the sports media yesterday. They reported precisely what the hackers wanted reported even though it didn't contain any information of public interest.
To illustrate, let's run through the guidelines Motherboard published as it pertains to the Farah news.
YOUR SOURCE'S MOTIVATIONS ARE NOT ALWAYS YOURS
Although we don't know to 100 percent certainty, U.S. intelligence officials believe Fancy Bears are linked to Russia's foreign military intelligence agency. Assuming this is true, Fancy Bears likely hacked WADA, USADA, and the IAAF in an effort to undermine the legitimacy of Western athletes after the 2015 Russian doping scandal. Is it merely a coincidence that, after leaking Therapeutic Use Exemptions (TUEs) from primarily Western athletes, Vladimir Putin called TUEs "one of the most serious issues" in doping?
LOOK AT HOW JOURNALISTS HANDLE LEAKS AND WHISTLEBLOWERS
A lot of the issues with hacked material mirror the ones journalists have dealt with in more traditional realms for decades. Motherboard says some of the questions to answer are: What is the source trying to achieve? What will the impact be of publishing this material? And is publication more important broadly than any damage it might cause? With respect to Farah, it's hard to see how the answers to any of these questions justify covering the leaked material.
With anti-doping documents in particular, there is the additional subject of an athlete's privacy. We don't often talk about it, but athletes surrender a tremendous amount in order to participate in sport. Their medical histories become de facto open books, particularly when it comes to Therapeutic Use Exemptions (TUEs). The athletes never agreed to this information becoming public. Aiding in the dissemination of medical records must come with an obvious news-worthiness or public interest. Farah's case had none of that.
We don't know why Farah's blood levels raised concerns. It could have been for various reasons other than elicit ones. Tens of thousands of samples are tested every year and not every one is done smoothly. The fact that further testing was needed is not particularly noteworthy. Journalists would do well to exercise more judgment in future Fancy Bears leaks.