Sunday, 16 October 2011

Government hacking


I'll be honest and say that not all of the things in this blog apply to Australia as the cases come from Germany (although I'm lead to believe Australia also purchased the same DVD's as Germany). There’s probably hundreds of other cases like them but these are the two that stick out the most in my mind.

One of the articles I found today on Reddit stated that the German government had recently purchased a few DVD’s containing personal information stolen from banks in Luxemburg in Switzerland. Unsurprisingly (we all know the cliché of Swiss tax havens) the information contained evidence that citizens within Germany were evading paying taxes, and the government is using this information to prosecute people. It has been approved by the High Court in Germany.

The reason this stuck out is that in the past it was also discovered that the German government  commissioned theproduction and release of malware that installs itself on computers and provides them with the ability to observe all actions taken on the computer and even remotely control the PC’s.

Is this legal?

Well one of the key benefits of being a government is that you get to decide whats legal, so the question doesn’t really apply here.

Is this ethical?

It’s a complex matter. Part of this is that government endorsed hacking at the moment is only being obtained to prosecute criminals. If the bank details didn’t contain any illegal information transaction history then no one would have been arrested or convicted, so it was merely the government going through illegal material.

The second part states that this is effectively the government giving approval to hackers. Regardless of the reasoning behind the hackers original motives, be they black, grey or white hat, they hacked into a financial institution and rather than being reprimanded by governments have been given fabulous payments of cash for the data. I can see no way that this could be interpreted as anything other than an incentive to keep doing this sort of thing.

There is a counter argument that can be made that this is preventing the hackers from using the data in immoral ways, such as identity fraud or other operations and is instead being only used to combat crime. This does not preclude the option of the data being used for identity fraud and it could very well also encourage hackers to start collecting as much private information as possible on citizens to sell to the governments, creating a surveillance state.

Further still, this gives no consideration to the other impacts that endorsed hacking or malware may cause to society. One of the key concerns with the governments malware was that it allowed control over the pc it infected, which should lead to two immediate problems. The first is the fear of corruption, in that with access to your computer they can have the pc download illegal content and state that it was you who did so. The second fear is similar in that we do not know the people who will have access to this malware.
The reason this is a separate concern from corruption is that the code that was used in the Malware was poorly created and had a lot of security flaws, to the point that anyone with technical knowledge would have access to it. In fact, one group has now reverse engineered the code and made a simple user interface so even the technical knowledge is unnecessary which means anyone can access your computer, the information on it and also take control over the computer.

In light of these concerns I feel that I could state that these actions are unethical.

However this isn’t something that can be merely concluded by stating that the actions are unethical or not. We are coming to a point where the internet is involved in our lives in progressively complex ways. We do not live out our lives in person as much, but rely on the internet to conduct a large portion of it. With these developments can we should not be surprised that governments are using the internet in ways to solve problems, but rather that they have taken so long to do so. Caution is advised, as although these are mostly isolated incidents in poor decision making it is imperative that the space is watched for further developments as to whether they were merely steps on a learning curve or instead an ominous foreshadowing of government surveillance in the future.

1 comment:

  1. Just because they're government doesn't mean they should be exempt from unethical behaviour. what's to say they keep hacking under a guise like "preventing criminal activity" forever? It's sort of like "The war on terror" is going on just so they can justify they're occupation of Afghanistan. This initiative seems to be bordring on corruption.

    ReplyDelete