Blog Post

Big Data on Ethical Hacking and Morality

I Do Not Accept The Terms And Conditions (EXPANDED)

by Thomas Moran

 

Unfortunately, I will have to admit that I have not read more than a line or two of  the “user agreement” of any app I have ever downloaded.I suppose this is good incentive to start now. I will explore Pandora Radio’s Terms and Conditions, an app I use almost exclusively for music variation during work outs. I attempted to explore “Robinhood”, a brokerage app’s terms, but was pleasantly surprised to it was more than a disclaimer of ways not to be sued than a list of data they collect on me. So back to Pandora, one way in which they collect information that’s not blatantly obvious is public census and demographic data, “Government or quasi- or pseudo-governmental agencies or organizations that provide or make available, to the public, census and demographics data.” A second data collection method that was surprising was Pandora’s use of alpha-numeric cookies, which they embed from their servers onto your device. A third is Pandora’s right to use the phone GPS to identify your location at any given point.

This technology does not seem very effective though because I still get ads for locales in Greenville, NC when I attended ECU there 2 years ago. The app most likely uses this information to tailor ads specific to local businesses, and uses the cookie to monitor your use and habits of how you use the service. The demographic data I would like to assume helps identify new songs and potential artists you may like based on predictive analytics, but somehow I doubt they are using that solely for the listener’s benefit. The information could be useful to other parties for targeted marketing and advertising. Users that listen to certain songs or live in certain areas might be more susceptible to buy certain items.

I think the process of this information gathering is loosely ethical. In this day and age no one reads terms and conditions, but we also have a general understand that apps do gather information on us. I think using government census data from quasi-government agencies is borderline unethical. I think most users of the technology may not be enraged about this, but they would also not be pleased. I wouldn’t call this hacking. Hacking by definition is illegal. Unfortunately you do not have the option to opt out of the terms and conditions and still use the technology, but at the same time most will willfully accept them. So legally they are not doing anything wrong. Legal hacking might be an interesting synonym to use for their practices.

If I were interested in shedding light on a privatized subject that is morally wrong (in my opinion) to keep hidden from the public I still probably would not do it. I would not do it, not because I think it is ethically wrong (apart from the taking of someone’s private material) but because it is still illegal and I have to take my own life and happiness in consideration. I can only imagine that if I exiled myself on perjury accusations like Edward Snowden, I may live a life of anxiety and regret. However, I do respect even applaud individuals and organizations that expose dirty secrets and corruption. Again, morally and legality are two separate entities. Hacking data from pretty much any organization is going to be illegal, whether or not you are doing it for the right reasons. Breaking into someone’s home to save them from a fire in their sleep is still technically trespassing. The good intent doesn’t always align with the restrictions of a maladjusted legal code.

If I had to put myself in the shoes of a famous hacker such Kevin Mitnick, I would argue that if I had the skills to reveal corruption or dirty secrets hidden by big companies or the government it would be my civic duty to reveal them. Is it your legal right? Absolutely not. I think it is not ethical to put people on trial for evidence that was stolen, in the same way that it is not ethical to include information gathered from someone's home if a warrant was not obtained. Legal and ethical are not always congruent with one another.

For the final, I selected this post to continue my long rant about ethics, Big Data and hacking and the legality, morality and technology that surrounds it. It seemed most appropriate to choose this blog post because I received the most comments on this one. This could have been attributed to the fact that I was the first one to submit it, but I also was very interested in this topic so I am going to pretend that my classmates liked my thoughts on this one. I have also since had a change of heart about ethical hacking.

 

I wanted to expand the reach of this question by asking another question, what is ethical hacking in it’s conceptual definition?

Well..

 

Interestingly enough this was not the definition I was expecting. This is very similar to a white hat hacker. A white hat hacker is a computer security professional who breaks into secure organizations and systems to check and asses their security. White hat hackers use their expertise to increase security by exposing weaknesses before malevolent hackers can detect and abuse them. Although the approaches used are similar, if not identical, to those used by malicious hackers, white hat hackers have consent to employ them against the body that has hired them.

I was expecting something along lines of Edward Snowden, Silver Meikar, Carmen Segarra. All whistleblowers, recent ones for that matter, which used technology to release secrets that they deemed unethical to be concealed from the public.  A specific term for that I cannot find, but I may have to coin Data-Whist blower because it seems most fitting.

For the purpose of this post I wanted to focus in on a specific group: Anonymous.

https://www.youtube.com/watch?v=XnMOpyeOELc (Anonymous' message to Kanye West to "Shape Up")

I will later reveal the connection between this group to terms and conditions, ethical hacking and big data. Anonymous is a roughly related globally connected group of activist.  Multiple sources call them "an Internet gathering" with "a very loose and decentralized command structure that operates on ideas rather than directives". They have become well known and highly effective at targeting agencies, individuals and organizations that they think are corrupt, selfish or unethical. I like to think of them as a modern day group of Robinhoods, even though their activities are still frowned upon. Their motto is, “We never forgive. We never forget. Expect us.” The group became known for a succession of publicity stunts and attacks on government, religious, and corporate websites including MasterCard and Visa.  If you haven’t already check out the video link above where they grill Kanye West.

6

Now are they hacking for a public good, or are they just cyber criminals that are as malevolent as bank robbers? That is the million dollar question. I will use some of the information presented by our groups in class to determine in my own opinion if they are or are not. In the course we came to a concrete definition of public good.

It essentially has to be non-competitive in nature, and has to be accessible to everyone; or at least the vast majority of people with very few barriers to use.

                In 2013 Anonymous attempted to get Kim Jong-un to resign by hacking into government servers and releasing 15,000 usernames and passwords of government employees. They also threatened to wipe out all their data.

                The Westborough Baptist Church is particularly hateful and intolerant. They are judgmental of other religions and preach a message of hate not love. In 2012 Anonymous took down their website.

                In 2006 Anonymous took down White Supremacist talk show host Hal Turner.

                In a 2013 high school rape case. Two football players were charged on incriminating evidence in tweets and emails recovered by hacking.

               

                These are all illegal acts, and can be worthy of physical jail time. Dimitry Guzner, 19, was charged last year for a DDOS attack on the Church of Scientology. The New Jersey native could face 10 years in prison.

                On the opposing side let’s look at the definition for a whistleblower:

 

White blowers are protected under law in the United States by The Whistleblower Protection Act of 1989.  In cases like the hacking of North Korean government websites, United States citizens seem to be under protection of the law. For many of the cases listed above, I would argue that not only is this ethical hacking, but it is the DUTY of those who have the skills to perform these tasks to do so.

How does all of this relate back to Big Data you might ask?

            I’d like to give credit to Informationisbeutiful.net (and to avoid plagiarism) for this beautifully visual display (we can all appreciate rhetorically structured data visualiations) which groups the biggest data leaks over 30,000 records ever recorded. It’s an interactive graph so here is the link.

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data...

Without the encompassing span of Big Data it’s hard to imagine a scenario where shady ventures and borderline illegal acts would make news. It’s only with the application of Big Data, does the sheer scale of this information turn heads. If one person looks at another person’s paper during a test, its worthy of a remark from the professor. If the entire class collaborates together and develops a system of cheating, it becomes newsworthy.  The Panama Papers for instance are an excellent example of something that is not necessary illegal, but sketchy to say the least. The fact that hundreds of high profile global figures were identified in this mass data set, is what makes the news. With the growth of Big Data, it makes opportunities for hackers all the more appealing, but it also creates a pool of data that becomes all the more necessary to protect. Because as we learned in Viktor Meyer-Schonberger’s Big Data book, “First and foremost, Big Data is a commodity.”

 

193

No comments