Talk:Climatic Research Unit email controversy/RFC/CRU Hacking Dispute

There is disagreement over whether the claim by CRU that they were hacked, and an inconclusive statement by the police that they are investigating a "security breach" is grounds for writing the article as though it were a categorical fact that a hack occurred, despite some (also inconclusive) evidence to the contrary. Drolz (talk) 12:19, 9 December 2009 (UTC)
 * The neutrality of this summary is disputed. See FAQ question 5.

Discussion by involved editors (long)

 * You forgot to mention that there are no reliable sources that support the alternative hypotheses - they're are only blog speculation. Guettarda (talk) 13:02, 9 December 2009 (UTC)
 * In your summary you have grossly mischaracterized the statement of the Norfolk Constabulary, which says they are "investigating criminal offences in relation to a data breach at the University of East Anglia." Both the UEA and RealClimate have categorically reported separate hacking incidents directly related to this issue, and as the site operators they have access to the logs.  There is moreover no (zero, nada, zilch) evidence supporting speculation by some parties that there was an unintentional leak or a deliberate leak by an inside party.  --TS 13:07, 9 December 2009 (UTC)
 * This description is so misleading it's downright dishonest. You're entitled to your own opinions; you're not entitled to your own facts. -- ChrisO (talk) 13:38, 9 December 2009 (UTC)
 * I don't believe there's any evidence (barring speculation) to the contrary. Equally, there's little evidence hacking occurred, though I'd bet any money this is what happened based purely on the intensity of the buzz -- insiders know more than has been published so far.
 * The police statement regarding hacking does not confirm an offense has taken place; they would in any case refer to 'alleged hacking' until any court proceedings were concluded.
 * On balance, I don't think referring to a hack as an established fact is completely fair at this point. Those who suspect hacking, as I do, shouldn't get too hung up about it. Time will tell -- maybe in the very near future the police will confirm an offense has taken place.Dduff442 (talk) 13:43, 9 December 2009 (UTC)
 * There's plentiful evidence in the shape of the statements from the victims of the hackers. You can't simply ignore those. The people who own the servers are the only ones in a position to tell us what happened to those servers. -- ChrisO(talk) 13:47, 9 December 2009 (UTC)
 * but Chris, that would be a Primary source, a clear violation of Wikipedia policy (see your own argument against using Mann's reaction to Climategate as a Reliable Source on the discussion page of Michael Mann's article.) 173.168.129.57 (talk) 04:38, 14 December 2009 (UTC)


 * My familiarity with these issues is slight. I'd be wary of feeding paranoia by treating the antis more reasonable claims the same way as their wholly unreasonable ones. Having had my say, I'll leave the final decision to those better informed than I am.Dduff442 (talk) 14:05, 9 December 2009 (UTC)
 * I thought a look at existing policy and guidelines might be useful, so I took a look and found Notability (criminal acts) (WP:N/CA). My intense dislike of the concept of "notability" aside, there are some useful criteria there. In particular, the following:
 * Notability of criminal acts


 * "Criminal act" includes a matter in which a crime has been established, or a matter has been deemed a likely crime by the relevant law enforcement agency or judicial authority. For example, the disappearance of a person would fall under this guideline if law enforcement agencies deemed it likely to have been caused by criminal conduct, regardless of whether a perpetrator is identified or charged. If a matter is deemed notable, and to be a likely crime, the article should remain even if it is subsequently found that no crime occurred (e.g., the Runaway bride case) since that would not make the matter less notable.


 * We seem to be well within the criteria here, although we're really trying to settle a different question: whether we should refer to this as a crime. Because the police say they're investigating criminal offences we can refer to this as a criminal case.  Should we at some point find a reliable source reporting evidence of an inside job or an accidental leak, we can add that reliable source under due weight, but meanwhile we're correct to refer to it as a hacking case.  There is plenty of evidence in reliable sources to support this characterization. --TS 14:35, 9 December 2009 (UTC)
 * I think even if it is a leak, it is probably a crime, if nothing else, copyright infringement. Gigs (talk) 21:36, 9 December 2009 (UTC)
 * Copyright infringement is a civil tort, not a criminal offence (with certain specific exceptions related to commercial pirating of music, etc). On the other hand, even if the person performing the unauthorized access were an insider, it might well still qualify as computer misuse.  There may also be some relevant aspects of Data Protection law, but I haven't examined that yet.  --TS 22:05, 9 December 2009 (UTC)


 * 'Hack" seems to be most widely accepted because:
 * The term "hack" is ambiguous.
 * Computers were involved, so computer terms can be used.
 * Nobody other than the person who copied the files knows the techniques and motivations.
 * So until more is known about the method or motivation, ambiguous descriptions are being accepted. This may change due to investigation, or when someone's autobiography is published in 40 years.  For the article, we either accept ambiguous phrasing, replace it with RS phrasing, or omit it.  -- SEWilco (talk) 22:27, 9 December 2009 (UTC)

As someone who has been in the computer and specifically IT business for more than 15 years, I can assure you that this is not a case of "hacking". Actual "hackers" (the correct term is actually "cracker" when someone has broken the law, but I won't insist upon getting that technical here,) get busted for their crimes on a routine basis. Anybody who hacked into the servers at the CRU would have had their IP address logged multiple times when they connected and copied the files, and regardless of where they copied them to, would have left a pretty clear trail that would have been traced, with apprehensions made and a media frenzy within days if not hours of the files becoming common knowledge. The fact that the files were deposited on a Russian server is meaningless: that's the first place anybody would deposit such contraband and the Russians will be no help in tracking IP addresses. It's the nature of the beast.

On the other hand, the files could be leaked from inside without leaving a meaningful record at all. People are always telling me that "my email was hacked, blah, blah," and "my account was hacked, blah, blah," and it ALWAYS turns out to be a situation of them copying or moving files to a place that they forget about (ie. they lost the files,) or somebody in their very own household or office messing around with their computer, or employees messing with the server. Not ONCE in 15 years have I ever seen a case of someone "hacking" into a server or machine past a firewall and copying or deleting files. It's just not that common.

The CRU is clearly using the term "hack" in the broadest sense to attempt to distract attention from the content of the files, and the crimes they themselves are implicated in committing. And crimes were committed here, if none other than blatantly attempting to conceal information in violation of multiple FOI requests. And now, I leave you with my IP address. 97.125.18.72 (talk) 09:58, 10 December 2009 (UTC)

And, by the way, I highly resent anybody referring to "hacking" or "cracking" as "ambiguous terms."97.125.18.72 (talk) 10:06, 10 December 2009 (UTC)


 * You claim to have worked in IT yet you display a staggering ignorance of the use of proxy chains and tunneling to hide the origin of a session. Extraordinary.  I'm not surprised that you have opted not to reveal your identity--your employer should ask for his money back! --TS 14:39, 10 December 2009 (UTC)
 * Tony, that's quite inappropriate. This is a page to discuss how to improve the article, not take cheap shots at editors trying to contribute.-- SPhilbrick  T  15:46, 10 December 2009 (UTC)

Tony, I didn't mention ANY technical details, for the sake of brevity. First of all, tunneling doesn't hide anything, it merely allows code to be encapsulated in order to run through machines with a different architecture, and open proxies don't prevent the need for logging into a server to obtain its contents. Doesn't it strike you as at all curious that nobody has mentioned any of this in their conversations with the media? Finally, I'm highly sought after in this state across several counties, and being self-employed, there isn't anybody to fire me. If someone thinks I'm not doing a good enough job they don't rehire me. It's not a problem for me.

Sphilbrick, I agree, this shouldn't be about attacking the messenger. My point here is that it would be fairly easy for someone with full access to the CRU's servers to plug a thumb drive into any workstation and copy the FOI2009.zip file onto that, which seems to be what happened. After the files got into the wild, I have no doubt that Prof. Jones cried, "I've been hacked!" but an internal investigation probably very quickly determined that the files had been copied by one of the 4,000 or so other faculty and students who had access to that particular server. Time will tell.

In the end, this isn't a story about "illegal hacking," though many people seem to be attempting to make it into just such a story. This isn't a case of Valerie Plame being outed as a CIA agent before the general public, where the exposure was the whole story. This is a story about professional integrity in academia, or lack thereof, and its implications in international relations and government. As a "hacking story," this story just isn't notable enough to stand alone. 97.125.18.72 (talk) 18:32, 10 December 2009 (UTC)
 * Why are you embarrassing yourself with all this bilge? This isn't about attacking the messenger, it's about questioning your self-declared and--from what you've written here--extremely patchy, professional knowledge.  --TS 22:00, 10 December 2009 (UTC)

Your comments are off-topic, and only serve to make you look petty. I'm trying to help make Wikipedia a more even-handed source for information here, and you are merely trying to create a distraction. Although I'm not surprised to see any individual take sides on this issue, it's sad to see Wikipedia as an institution taking sides. The heading of this section indicates that an editor requested comments, and I submitted some information from my experience dealing with customers for many years who claim to have been "hacked," and you are contributing nothing useful to this conversation. 97.125.30.93 (talk) 23:56, 10 December 2009 (UTC)

The alleged death threats are not notable. Many death threats occur against public figures every day and only very rarely are notable enough to merit mention in Wikipedia, much less prominent place in the article. A related point: mention of alleged criminal events, for which investigations have only started, should be prefaced by "alleged" or similar wording. There are very good reasons newspapers use the term "alleged" if somebody has not in fact been convicted of a crime, some of them argued above. In the case of the alleged death threats and alleged hacking, nobody has even been arrested, for crying out loud, much less convicted. But Wikilawyers citing "alleged" as a "weasel word" apparently think its preferable to convict groups of people (such as climate skeptics, tarring them by alleged association with alleged criminal events) in Wikipedia before anybody has even been arrested, much less convicted, in a court of law. Flegelpuss (talk) 03:38, 11 December 2009 (UTC)

Favor mentioning hacking: Some quick searches on Google News (articles only) indicate that most news articles are treating the hacking as a given on near-given. Our language and weight should reflect that. I can't find any evidence that many reliable sources are seriously questioning the notion that the information was hacked. MarkNau (talk) 23:17, 12 December 2009 (UTC)


 * Just because news agencies are calling this a hacking attack doesn't mean they're right to do so. Until the actual nature of the data release becomes clear, we should preserve a more neutral tone.  At the very least we should be using phrases like "a likely hacking attack." Benstrider (talk) 09:59, 13 December 2009 (UTC)
 * But it isn't just news agencies. The Norfolk police themselves call it "criminal offences in relation to a data breach" and the Metropolian Police's E-Crimes unit has also been called in.  This is being treated as hacking incident by the police at the highest level and an external police unit specializing in  hacking investigations is involved. --TS 11:37, 13 December 2009 (UTC)
 * The Norfolk police haven't called it "hacking," but "a data breach." Is it really appropriate to state that hacking -- a crime -- occurred when the police haven't confirmed it? 71.206.138.96 (talk) 18:49, 13 December 2009 (UTC)
 * If they hadn't determined that a crime had occurred, they wouldn't refer to their investigation of criminal offences (not potential criminal offences, but criminal offences). --TS 21:30, 13 December 2009 (UTC)
 * Yes, but the actual criminal offences are not disclosed. For all we know, the criminal offences could be violations of the FOIA by the university and its employees. 71.206.138.96 (talk) 23:30, 13 December 2009 (UTC)
 * The police do not enforce the FOI Act or investigate alleged breaches of it. That is done by the Information Commissioner. -- ChrisO (talk) 09:07, 14 December 2009 (UTC)
 * "Data breach" is just a more formal way to say what we mean here by "hacking". We could call this article Climatic Research Unit e-mail data breaching incident; it would mean exactly the same thing, but just be more verbose and over-formal. Like "proceeding in a easterly direction" vs "walking into town". Note that the literal meaning of hacking is just throwing software and other computer instructions together in an informal, ad hoc manner, quickly to achieve limited ends. This is a slightly specialist use, for which some would rather use the word cracking, but that's only relevant in computer-geeky circles. --Nigelj (talk) 21:50, 13 December 2009 (UTC)

It is improper to describe this incident as a "hacking" when there has been no official confirmation that the UEA servers were hacked. The UEA and Real Climate are essentially the same organization. It is possible that a whisteblower could have had access to servers of both the UEA and Real Climate. Both organizations stand to be embarrassed should this prove to be whistleblower. Their opinion at this point in time is far from independent or objective. If this publication is serious about being seen as an unbiased information provider then it must not rely on the opinion of these two organizations. Call it hacking when it has been so confirmed. Until then, it is a security breach.SierraOneOneSeven (talk) 07:56, 20 December 2009 (UTC)

Comments by uninvolved editors

 * Involved editors: in order to keep this section uncluttered, any comments you make here may be moved to the other section.

Comment by 67.70.42.202
Article title is not appropriate

The article title "Climatic Research Unit e-mail hacking incident" is inappropriate for the information that nearly any person is likely to be seeking. Currently, this page is the top ranked page for 'Climategate' on a Google search. If it is possible, someone should look at the referral logs from search engines and determine if 'Climategate' is used significantly more often than other search terms arriving at this page. Certainly, if you have logs showing that people arrive here on the heels of a search for 'Climategate' ten times more often than any other, then you should at least create a 'Climategate' page describing Climategate as such rather than the particular partisan beast that you have in place.

It is not clear that, as the title implies, a 'Black Hat' hacker was responsible for leaking this information. As someone involved in computers for decades, I find it highly doubtful that either a 'black hat' or a 'white hat' would have taken the care to remove personal messages from those Emails or have taken the time to assemble more than a decade worth of Email and documents from disparate sources. It seems much more likely that this was done at least with the aid of an insider who may have thought of themselves as a 'whistle blower'. Whatever the case, *how* the material was obtained is not its most salient feature (at least now) and it should not even be up front, let alone a part of the title.

As it currently stands, the page title and opening paragraphs essentially read as:

"'Very bad people wrongfully inflicted themselves upon innocents to hack their computers and slander them with innuendo. This is a very serious crime and law enforcement is treating it as such all over the world.'"

Even if the above is true, it is not what all the fuss is about.

Opening text is not appropriate

As does the title, the opening paragraph is prejudicial in the extreme. It looks as though it might have been written as an apologia by the people under investigation. Here it is, as of this writing, along with my comments: As it stands:

"The Climatic Research Unit e-mail hacking incident, referred to by some sources as 'Climategate',[1] began in November 2009 with the hacking of a server used by the Climatic Research Unit (CRU) of the University of East Anglia (UEA) in Norwich. Unknown persons stole and anonymously disseminated thousands of e-mails and other documents made over the course of 13 years.[2] The university confirmed that a criminal breach of their security systems took place,[2] and expressed concern 'that personal information about individuals may have been compromised.'[3] Norfolk police are investigating the incident[4] and, along with the US Federal Bureau of Investigation (FBI), are also investigating death threats made against climate scientists named in the e-mails.[5]"

Article content is extremely biased

Analysis:


 * The Climatic Research Unit e-mail hacking incident


 * This title is grotesquely prejudicial and is not currently *known* to even be correct. It is more likely is was some sort of leak. However, even if this is true, it does not belong as the title both because it leads the reader to form conclusions before even reading the article *AND* it is not what this even it called.


 * referred to by some sources as "Climategate"


 * This is very misleading. A Google search for +"[the current title]" yields 14,400 pages. A Google search for +"Climategate" yields 3,050,00 pages. Rewording the above to show the figures, it would read like this:

"The Climatic Research Unit e-mail hacking incident (as it is referred to by less than one percent of people) referred to by some sources (more than 99% of people) ..."

I hope that people can see the problem with the above. The opening line puts a 'spin' on this incident that does not exist elsewhere. It may have been a well-meaning attempt to counteract the 'bad vibe' of 'Climategate', but it is a bad idea. Besides, the 'Climategate' ship has sailed. That is what it is called. That is what people will be using to search for it. To the extent that 'Climategate' is prejudicial, the damage is done. Giving it a long-winded and misleading euphemism just confusing things unnecessarily.


 * began in November 2009 with the hacking of a server

This is currently the subject of an investigation. Precisely what happened has yet to be determined. To the extent that we can speculate what happened, the implied 'Black Hat' hacking would be a poor choice below:


 * something assembled pursuant to a FOIA request and then accidentally placed on an FTP server


 * the same FOIA source, but deliberately leaked


 * an inside whistleblower leaking the information by transporting directly out of the system


 * etc.

That it may have been maliciously hacked by criminals is not definite enough to be categorically stated as a fact. It is not even likely enough to mention as a possibility. By the time you get to that, you would just be cluttering up the article with idle speculation. Even if we *did* know for sure that it was some mean spirited act of vandalism, that is not what is getting it the moniker of 'Climategate' and millions of pages on the Internet. Whether or not the people who took the data are black-hearted, ugly and vile-smelling is for the talk page or somewhere way down in the article.


 * Unknown persons stole and


 * Again, although the CRU and the University are clearly not pleased about this, it is still uncertain under what circumstances that data left their servers. It may have been as entirely innocent as files accidentally left in the wrong place (as one of the Emails in question imply might happen) or it could have been a heroic whistleblower who arguably had some kind of moral (an legally shielded) imperative. Until it is known, it should remain in more neutral language or not mentioned at all.


 * anonymously disseminated thousands of e-mails and other documents made over the course of 13 years.[2]

Is it really relevant that all the people involved in disseminating this are not known at this time? This smacks of trying to paint the people involved as bandits. The 'anonymously' is prejudicial in this context, adds nothing important to the article and should be taken out. Although what was stolen should be mentioned, in this context it seems that it is being used as an intensifier to show what a dreadful crime it was. It seems to imply that somebody destroyed 13 years of somebody else's work.


 * "The university confirmed that a criminal breach of their security systems took place,[2] and expressed concern "that personal information about individuals may have been compromised."[3] Norfolk police are investigating the incident[4] and, along with the US Federal Bureau of Investigation (FBI), are also investigating death threats made against climate scientists named in the e-mails.[5]"

Some of this may be of interest, but in the context of the opening paragraph, especially in the context of the balance of the material, it simply looks like a CYA press release from the University attempting to misdirect attention from the serious allegations of professional malfeasance and possibly criminal behavior. It does not belong in the opening paragraph. From the University's point of view and that of local police and that of the FBI this might be their only interest in this event. However, that seems unlikely given the severity of the allegations being directed at the enterprise that is discussed in the Email and indicated by the computer source code involved. Certainly, the public debate has not focused on details of how the information was obtained.

The treatment of this article is not consistent with Wikipedia's otherwise excellent editorial work elsewhere. It is also not consistent with what is being discussed elsewhere. For instance, if a Google search for 'Climategate' is done, as of this writing, except for Wikipedia at the top, the first page of articles all call this event 'Climategate' (and they don't bother trying to name it anything else or euphemize it) and they focus on the substance of what makes this important. What makes this important is not that someone disseminated information from somebody's system without permission or that they are (or are not) 'bad', in violation of the law, motivated by pure evil or whatever. What makes this important is the substance of the Emails and documents and what they may indicate in terms of professional malfeasance, misuse of public funds, abuse of processes such as peer review and interaction with editors, criminal violations of the FOI laws and possibly enormous damages to the public trust in their institutions, in their area of study and science as perceived by the public generally. If it is indeed true that data was deliberately manipulated to create a scare that is causing policy makers to tax billions or trillions of dollars unnecessarily then this would be an enormous crime and extremely newsworthy on that score. This is really Not about some 'hacking' incident. It is about the information that was exposed.

There is a precedent on Wikipedia for a better treatment

I was wondering how this might be approached and it occurred to me that I should look at the entry for 'Watergate'. That page is called 'Watergate' and has the title 'Watergate scandal'. Presumably that article has been around long enough to represent the way such things are expected to be done on Wikipedia. I took the first couple of paragraphs for the Watergate entry and morphed the Climategate information to fit that mold. It seems to me much more fitting to take that approach. I would hope that someone with more wit would do a better job than I have, but even what I have done is vastly preferable to the current opening.

The Watergate entry

The 'template text' used from http://en.wikipedia.org/wiki/Watergate:

"The Watergate scandal was a political scandal in the United States in the 1970s. Named for the Watergate office complex in Washington, D.C., effects of the scandal ultimately led to the resignation of Richard Nixon, President of the United States, on August 9, 1974. It also resulted in the indictment and conviction of several Nixon administration officials."

"The scandal began with the arrest of five men for breaking and entering into the Democratic National Committee headquarters at the Watergate complex on June 17, 1972. The subsequent investigation by the FBI connected the men to the 1972 Committee to Re-elect the President by a slush fund.[1]"

"President Nixon's staff conspired to cover up the break-in.[2] As evidence mounted against the president's staff, which included former staff members testifying against them in an investigation conducted by the Senate Watergate Committee, it was revealed that President Nixon had a tape recording system in his offices and that he had recorded many conversations.[3][4] Recordings from these tapes implicated the president, revealing that he had attempted to cover up the break-in.[2][5] After a series of court battles, the U.S. Supreme Court ruled that the president had to hand over the tapes; he ultimately complied."

A sample new Climategate entry

The 'target text' that would belong at http://en.wikipedia.org/wiki/Climategate

"Climategate is a scientific and political controversy that started in November 2009. The name comes from a play on the name of the 'Watergate' scandal. The immediate fallout of the scandal led to one of the people at the center of the controversy (Phil Jones) stepping down from his position at East Anglia University. The University has not accused Jones of any wrongdoing. He has vacated his post temporarily, pending an investigation. Investigations were also started by Penn State University into the work of another principal (Michael Mann) as well as investigations by the U.S. Congress and the British Government ICO. It also led the UK Met Office to announce that it would spend as much as three years re-compiling data. The United Nations IPCC announced that it too planned to investigate."

"The scandal began when more than a thousand Emails and a large body of documents and data were made public that showed what appeared to be possible improprieties in handling worldwide temperature data related to Global Warming research, refusing FOIA requests and tampering with the peer review process. Investigations are ongoing."

"When the controversy began, it was downplayed by those involved. It was largely ignored by major media, but mounting pressure from people on the Internet eventually caused it to become well-known."

—Preceding unsigned comment added by 67.70.42.202 (talk • contribs)

My first attempt at participating in a talk. My prior contributions to Wikipedia focus on non-controversial WWII order of battle topics. This is an important issue that divides along the lines of the anthropogenic global warming debate. Those who consider the science settled focus on the "crime". Those, like me, who consider the science open focus on the content. The current article leans toward focusing on the crime. To the extent that it looks at the data, it picks easy targets and makes superficial rebuttals. So, IMHO, it demonstrates a strong bias. I would be in favor of a title along the lines of the "CRU Data Controversy". My recommendation is to expand the focus on the data in this article and to move the discussion on whether it was hacked, leaked, or discovered to another article: the CRU Hack Controversy. The pros and cons of a hack verses a leak verses an advertant release are certainly worth of its own article. Rmonical (talk) 21:59, 20 December 2009 (UTC)