The thin line – TC2027 Fall 2016

--Originally published at Allow Yourself to fail and learn… and hack

Imagine you’re a super awesome hacker who can access any network, bank account, database and security system in the world. You have so much power in your hands and you can do anything you want with it. What would you do?

Lets just say you’re the Robin Hood kind of guy, you take from the rich and powerful and give to the poor and weak. You take money from the bank account of celebrities and big companies and give it to poor countries or communities that have nothing to eat. You also disclose all of the secret information of all the governments to the public because transparency and freedom of information, right?

You are the savior of the people, the vox populi, the hero, the nightmare of evil… or so you thought, but the money you gave to the poor was not used for food but on drugs and the information you disclosed was used by terrorist organizations to make a more organized attack or you just started World War III. You’re not looking so good now aren’t cha? Or maybe you’re just the Tyler Durden kind of guy and you go straight to WW3 without the poor people part, are your action good, bad, maybe both just to be safe?

Ok, maybe I went a little bit too far with my example so let’s just put a real life one because I know you love them. You’re the chief of IT security within an organization and your job is that unwanted people don’t get in and confidential information doesn’t go out and you can do anything to achieve this (within the legal boundaries). The easiest way to keep information from going out is to spy on worker’s emails and key logs. Would you do it knowing that there are

ways to achieve the same that may take some extra work? The decision is entirely up to you and workers know their mails may be spied on, but does consent mean your action are good? When does the line between privacy and security meet?

Another example will be the case of Edward Snowden disclosing NSA’s classified information. He is portrayed by some as hero and by others as a traitor. He gave this information to some American journalist because he thought that the people should know they were being spied on, heavily compromising the security of the people he wanted to inform, oh the irony… Were his actions good or bad? I can hear kantians and utilitarians fighting in the distance.

Every day security manager need to deal with difficult decision that involve a strong ethical conflict.

This blog post brings a lot of question and not much answers, and the nature of this is that we are dealing with ethics. The purpose of ethics (or at least how we see it) is to find that each individual can answer these questions by themselves.

If we want to use expert and historical example important companies associations are already concerned about ethics for these professions.