The legal pathway to the story of the century

In June 2013, UK newspaper The Guardian and its US peer The Washington Post broke a story that changed the world. Former NSA contractor Edward Snowden had revealed the scale of mass surveillance by the US National Security Agency [NSA]. GC speaks to Gill Phillips, The Guardian’s director of editorial legal services, about the legal implications of making the story public in the UK.

GC: Obviously the Snowden story was a huge scoop for The Guardian. How did you first hear about it, and what were your initial thoughts?

Gill Phillips (GP): I was actually in Australia as we were in the process of opening our office there. I got a cryptic phone call from Alan Rusbridger [then unieditor-in-chief] one night saying, ‘I can’t really talk about this as using the phone might be unreliable. Could you put me in touch with a US national security lawyer?’ I began to think, ‘Ok, something is going on,’ but I gave him a few names.

Then the Verizon story broke [the revelation that the NSA had been collecting the data of millions of Verizon customers]. At that point I started thinking, ‘Oh, ok! I’m starting to make some links here. I can see why Alan may have wanted some US legal advice.’

A few days later I was due to be flying back to the UK via Hong Kong, and it was suddenly suggested that I might like to spend two or three days in Hong Kong ‘to do with all this’ – that was about as far as it went. When I got there, I was contacted by one of The Guardian’s journalists, Ewen MacAskill, who invited me to take a short trip with him but insisted that I leave all my electronic devices behind. I was thinking, ‘wow, this is like a spy novel!’ He took me to a park and basically filled me in on the details. He told me that the person behind the leaks about the NSA was in Hong Kong, as was Glenn Greenwald. I started to realise what an enormous story it was – both in terms of the story itself but also in terms of the legal implications.

At that point it also became apparent that it wasn’t just a United States security story, but that there were GCHQ [Government Communications Headquarters, a UK security agency] documents involved. That was when I really started engaging with what was going on as general counsel.

When I got back to the UK, we really hit the ground running in terms of the GCHQ stuff and figuring out what we could publish.

GC: What were the main legal implications that you had to deal with straight away?

GP: As an editorial lawyer, my job before we publish any story is to try and make sure that what we publish is legally safe, or if that is not possible, then as low risk as we can make it. For this story, in pre-publication terms, there was quite a lot of overlap with editorial on issues of concern. Some of the things that would worry me, such as the security and safety of individuals and not revealing things that might be damaging to national security (as opposed to embarrassing), were clearly also of high-level editorial concern. But there was also a lot of new law for me – such as what did the [UK] Regulation of Investigatory Powers Act 2000 actually allow GCHQ to do, lawfully? We wanted to be clear that we got these things right, and that we didn’t misunderstand the law in this area.

There were other concerns as well. As this was all about GCHQ, we needed to look at the possible criminal law implications for The Guardian under the [UK] Official Secrets Act, but also at the civil risks of a pre-publication injunction. There’s always an issue when you are dealing with ‘leaked’ (the government will call them ‘stolen’) documents or information of a breach of confidence action, and where there is a breach of confidence, there is always the possibility of injunction. What you’re really looking at is making sure you can get the story out and that you don’t get stopped. This comes particularly into focus when you are deciding whether you should put the key allegations to the relevant parties before publication, as that can tip them off and give them a chance to get into court. You want to avoid that if you can.

Because of the First Amendment, and especially the ‘Pentagon Papers’ case, the Americans don’t really do pre-publication injunctions in the way that the UK does. This has meant that US newspapers generally feel freer to contact parties before publication and, as a consequence, the US government is also much more willing to engage pre-publication in discussions. While both sets of governments had the same ‘give it back, you shouldn’t have it!’ reaction, the US government engaged much more constructively in the early days than the UK government. In a way, that helped with the UK legally, because if things are going to happen in America come what may, it’s a bit pointless trying to close things down in the UK.

Of course, once you have published, with an ongoing story like this, going for an injunction is still a risk and you could still be sued for damages.

In addition to worrying about the Official Secrets and national security implications, there was also the more routine day-to-day stuff that we would look at for any story – privacy, data protection, libel issues – are there any of those lurking in what we’re going to publish?

GC: What do you think were the biggest risks and rewards for The Guardian in running the story?

GP: The biggest risks and the biggest rewards were both reputational. There’s always going to be a lobby (as we know from WikiLeaks) that simply disapproves of this sort of journalism. On the other side of that, there are people who think that this is what journalism is all about, and that you should expose such things in the public interest.

The hardest thing in these stories, editorially as well as legally, is deciding what is in the public interest. Legal can define what public interest is from a legal perspective and that is a significant aspect, but ultimately it’s an editorial call. So discerning in advance where the public interest is was probably the biggest risk: if you get your public interest judgement wrong, one, you’ve got legal risk, but two, you’ve got reputational risk as well.

Looking back, the way that the UK government attacked Alan Rusbridger and the political pressure that was put on The Guardian was really extraordinary. And that’s outside the legal framework. They could have come for us legally, but they didn’t really. There was legal pressure applied behind the scenes, but it was mostly political pressure. You can anticipate that coming, but when it arrives it’s very hard. That continued for a long time, and still does – even some of the other media have accused us of treason, so it’s quite high rhetoric.

GC: What form did the political pressure from the UK government take? Was it quite threatening or more ambiguous?

GP: It ranged from public statements in Parliament, to feeding lines to other media, to meetings being called with us by high-level members of the government and their national security advisers, right wing MPs calling for The Guardian and its editor to be prosecuted, through to what happened with David Miranda being stopped at Heathrow [On 18th August 2013, journalist Glenn Greenwald’s partner, David Miranda, was stopped and detained for nine hours at Heathrow Airport under Schedule 7 of the UK’s Terrorism Act 2000. Miranda had never previously been suspected of links to terrorism and was never charged].

You start feeling paranoid, because you feel that when you engage against government and state security they are actually very, very powerful and you don’t know whether they are tapping your phone, or listening in or following you, and that’s quite a curious state of affairs.

GC: A lot of Snowden��s revelations were related to technology and data gathering. Given that the law is often a few steps behind technological developments, were there issues around interpretation?

GP: There were masses of interpretive issues when you look at the UK’s Regulation of Investigatory Powers Act and the Data Protection Act, both of which are effectively last century. The language and terminology they use is so open to interpretation because it derived from a time when we put letters in envelopes. Communications data is envisaged as the ‘envelope’ – that’s the analogy that it’s all worked on, and of course it’s completely inappropriate these days. There’s a decent amount of content data protection but metadata is very poorly protected.

‘When you engage against government and state security they are actually very, very powerful and you don’t know whether they are tapping your phone, or listening in or following you.’

The whole debate on technology in the digital age, what people can do and what they can access, and how transparent organisations are – all of that came out really because of Snowden. Running alongside is a parallel debate about privacy, freedom of speech and open justice; how all of those issues conflict when you have a government wanting to (quite rightly) protect individuals and society against terrorism and paedophilia. Nobody argues that those aren’t genuine things you need to protect against, but the balance of where you draw the lines and how transparent you are – none of that debate would have happened if Snowden hadn’t done what he did. We’d talked about it around the edges before, and the people in the technical world had been aware of these issues, but they’d never been able to get them properly discussed. Some of the UK’s statutory court reporting restrictions, for example, around what you could report about children involved in criminal cases, were created in the 1930s and 1940s. They were very narrow in that they originally only applied to newspapers – broadcasters were an add-on a few years ago – but they didn’t touch ISPs or social media! It’s taken 50 years for these sorts of laws to be amended to apply to the internet. It’s all about online and recognising that you’ve got to try and encompass the digital age that we now live in.

GC: Did the fact that we’re now in a digital age make running the story easier, in that it would have been easier to stop the piece it if it were just running in print?

GP: Definitely, and strategically. That’s something we learned from WikiLeaks – the power of collaboration. Once upon a time maybe you would have gone for an exclusive. These days, particularly with these big data drops, collaborative journalism and working with other organisations around the world not only allow you to explore the full scope of these things and get the benefit of everybody else’s expertise, but they also give you a better legal card to play strategically.

In the old days, if it had just been The Guardian, in print, the risk of an injunction to stop publication would have been very, very high. In the modern age, where sometimes we don’t even actually have all the data ourselves, trying to injunct The Guardian is like whack-a-mole. You can hit us on the head but The New York Times, or a German newspaper, or a French newspaper or a Spanish newspaper will come up with it. The rules of engagement have definitely been changed forever by that.

GC: Do you think any media organisations other than The Guardian and The Washington Post would have considered running the piece?

GP: I think that’s quite an interesting question. Obviously both The New York Times and ProPublicain the US also ran stories on this, as well as a number of European titles. But in the UK, The Guardian was pretty roundly attacked – and still is – by those on the right wing, who have adopted a pro-government stance in quite a lot of the debate. But ultimately I think all journalists, whatever their allegiance, would have covered this in some shape or form, if Snowden had come to them.

GC: How much did the in-house legal team handle versus outside counsel, and how much resourcing do you have in-house?

GP: We’ve got two legal departments: one handling all the commercial side, and the editorial legal department, which is my area. We collaborate on quite a few things, obviously, but editorial legal deals with all the content-related stuff. We employ the equivalent of about four full-time lawyers and, as with all newspapers, we have night lawyers who come in every day and do some of our pre-publication work because the volume of that is so great these days.

When you’re doing this sort of story there are two aspects to it. One is strategic – the big legal issues – and the other relates to each individual story and the fact and libel checks. On some days you might have five, six or seven stories going out, all of which need to be individually looked at. But we did pretty much all of it ourselves.

We took external advice when we needed to on things like the national security issues and the UK Official Secrets Act. I’m a civil litigation lawyer by training, as indeed are most of us, so when there were calls in Parliament for criminal investigations and threats of criminal prosecution, we would definitely pull in some expert advice on that aspect. We tend to go straight to the Bar. But 95% of the overall work was done in-house, both in terms of strategy and the legal issues involved in getting the stories out.

GC: What do you think have been the most overwhelming and also long-term implications of Snowden’s revelations, both legally and otherwise?

GP: The real long-term legacy is that there has now been a proper public debate about the conflicts between freedom of speech, privacy, security and surveillance in the UK. Who is the proper decision-maker in those processes? What are the processes when government is seeking (for good reason) to derogate from privacy rights or free speech rights? How transparent is the process when it’s being looked at?

By the middle part of this year, we had a report written for the UK’s Royal United Services Institute [RUSI] by a panel that includes three former heads of UK intelligence agencies and calls for an overhaul of existing legislation. We’ve also had other reports basically saying that the current UK legislation is not transparent enough and there’s not enough oversight.

Whether you think Edward Snowden is a traitor or a hero, it seems to me the stuff that has come out, particularly from a newspaper perspective and a legal perspective, but also for civil society, has been really valuable.

‘The real long-term legacy is that there has now been a proper public debate about the conflicts between freedom of speech, privacy, security and surveillance in the UK.’

GC: Do you think that freedom of speech and misuse of data is an area that has been overlooked by in-house counsel? Should your in-house peers be taking notice?

GP: I think the whole legal landscape in the UK has completely changed on one level. When I started in the media back in the 1980s, ‘privacy’ wasn’t a phrase we used at all, and ‘data protection’ wasn’t either. I remember someone doing a seminar on data protection for the Fleet Street lawyers and people saying, ‘why would we need that? What’s that got to do with us?’ Now it is relevant, not only for us, but for everyone.

It impacts in a commercial way. We’re learning that we have to keep data secure at the least. Whether you’re looking at Snowden or Ashley Madison [an infidelity dating service that suffered a high profile hack in 2015], there have been big data breaches. There’s that whole aspect to it. But there’s the free speech aspect to it, and legal privilege as well.

I was reading the other day that there’s an increasing use of employees’ indiscretions on social media to justify dismissal or disciplinary action by employers. What’s creeping up through that is whether the employees have any Article 10 [of the European Convention on Human Rights] free speech rights, and how that has to be balanced out in an employment law context. You suddenly realise that lots of these things that we used to think of in silo terms – privacy’s over there, libel’s over there, free speech is nothing to do with most of us – are all starting to overlap, a bit like a Venn diagram. You can’t just say ‘that’s absolutely nothing to do with me, I don’t need to know about that’ anymore.

If an employee has got some Article 10 free speech rights because they are using social media to express their views, that’s a whole area for employers that they won’t have engaged with at all previously. Then you play into that the fact that there are a lot of problems on social media with abuse and harassment, and you could say that what you’re doing is punishing and criminalising people who don’t know better for being stupid, by sending them to prison for being nasty on social media – is that the right way to treat that sort of thing?

The overlap between all these things suddenly makes it more relevant for all of us. There are some very real issues that have to be addressed about the right to privacy, the right to be forgotten, and where the lines lie. Those are big moral judgements for people to make.