Data protection: Guardian News & Media
18 March 2011 | By Andrew Pugh
29 October 2013
16 April 2013
10 April 2013
17 April 2013
4 February 2013
Data protection is an issue for many general counsel in the UK, but Guardian News & Media’s director of editorial legal services Gill Phillips is possibly the only one for whom it has been a matter of life and death. It is testimony to the degree of integration between legal and editorial at the newspaper that Phillips and her colleagues played a major role in the explosive WikiLeaks US embassy cables release last year.
‘Cablegate’, as the story became known, was the scoop of the year, dominating the news agenda at the end of 2010. The level of institutional corruption revealed by the releases has even been cited as a catalyst for the revolutions in Tunisia and Egypt.
To give some idea of the task facing Phillips and the legal team, the number of cables passed to The Guardian by WikiLeaks - the non-profit website headed by editor-in-chief Julian Assange - ran to more than 250,000 and emanated from more than 250 US embassies and consulates around the globe. The text files ran to hundreds of millions of words, while 97,070 of the documents were classified as confidential.
Although it is the kind of work that aspiring media lawyers dream of, the cables amounted to a data protection nightmare - any one of them could have contained potential data breaches.
Phillips had to navigate not only the Data Protection Act but also the Regulation of Investigatory Powers Act, the Computer Misuse Act, the Official Secrets Act and the US Espionage Act. And that’s not to mention the UK’s libel laws. Former Clifford Chance associate Phillips has worked in the media since she joined the BBC in 1987, in a career that has included spells at News Group Newspapers and Times Newspapers.
“In a general sense, as an in-house lawyer at a newspaper there are a number of data protection issues that overlap - we gather quite a lot of information from readers and engage in a lot of competitions and that sort of thing,” says Phillips. “There are also lots of issues on the privacy end of data protection in terms of what we’re publishing. These are all fairly standard areas.”
Cablegate was anything but standard. “With WikiLeaks there were many issues in terms of the data we had and what we could and couldn’t do with it, and there was a lot of discussion about strategy and timing,” she says.
Fortunately for Phillips, by the time the embassy cables came along the paper already had a solid legal framework in place, thanks to its work on the WikiLeaks ’war logs’. In July 2010 WikiLeaks released around 92,000 documents on the Afghanistan war to The Guardian, The New York Times and Der Spiegel, covering hugely sensitive areas such as friendly fire and civilian deaths.
“The legal issues for the war logs were primarily about protecting sources of information and making sure we weren’t responsible for putting any lives at risk or getting people shot,” Phillips says. “We were absolutely clear from the start that we had to err on the side of caution, and we took a lot of care to make sure we didn’t fall into any traps.”
While it would have been difficult to establish a direct link between the war logs and informers being killed or tortured, any implications that this might have happened would have had hugely damaging consequences for the paper.
The embassy cables came four months after the war logs. The cables came from US military internet system the Secret Internet Protocol Router Network (SIPRNet), which is run by the Department of Defence in Washington DC.
Embassy dispatches that are marked SIPDIS are downloaded automatically on to the system, which can be accessed by anyone in the US State Department or the military who has the relevant security clearance. Surprisingly, that means three million people.
Along with The Guardian the cables were released to four other news organisations; Der Spiegel, Le Monde, The New York Times and El Pais in Spain.
“With the embassy cables, the whole of the underlying material was confidential so there were instantly data protection issues,” says Phillips. “We looked at it as a collective matter and as a body of evidence that was going to be put out there by WikiLeaks in any case. In that sense we saw ourselves as the monitoring conduit.
“We were concerned about putting people in danger. That’s why there was a process of discussion with The New York Times and the State Department, to the extent that ambassadors were alerted to any potential problems. There were many issues with protecting sources. If we were reporting on a conversation between an American ambassador in Venezuela and an oil executive, for example, our job wasn’t to get them into difficulty so there would be a process of going through the cable and removing things such as telephone numbers and personal information.
“Also, some of the personal conversations could be quite gossipy. In the Saudi Arabia cables there were stories about people going to each other’s homes and drinking - something that, in their culture, could put them in danger.”
The process of redacting the cables took place at The Guardian’s offices in King’s Cross. To deal with the massive amount of information involved, the team developed a system of triple-checking everything before it went to print.
“It was a big team but a compact one, and we all learnt to work together,” Phillips says. “The journalists would start by discussing what was of interest to them, then we were given an indication of what that was so we could start to work out what the danger areas were.
“Three to four days before the articles were published we would see a copy of them, and the relevant cables. One article could involve up to 15 cables. We’d then liaise with the person who was redacting the cables and the article would be refined again. Then we would work with the other newspapers and look at their proposals. The lawyers were totally involved in that process and [editorial] got material to us as quickly as possible.”
Despite its involvement in both WikiLeaks projects, Phillips leads a team of only three lawyers. To provide another level of protection from any legal slip-ups she also took advice from external counsel.
On both sets of leaks Phillips took advice from Matrix Chambers, and as an extra precaution, on the weekend before the war logs were published, she had a team from Olswang on standby to help in any potential last-minute emergencies. For the embassy cables the Matrix team was also on standby.
Phillips says she was “reasonably relaxed” on both weekends. This was partly because, in her words, “most of the information wasn’t damaging, it was embarrassing”.
“There was a lot of political strategic pressure, but there’s been no direct legal pressure from the government,” she says. “We felt it was unlikely that there would be an all-out legal attack, and it helped that we weren’t doing anything in isolation - it was unlikely the Pentagon would try and stop The Guardian if The New York Times was releasing material too, and in the UK it was unlikely the Government would want to look too heavy-handed. We also knew that WikiLeaks had all the information and could dump the whole lot if they wanted to.”
Another reason Phillips was relaxed was the groundwork done in the months preceding the release, borne out by the fact that, to date, none of the papers involved has faced any kind of legal challenge.