Digital privacy and morality.

[Pestcontrol]

This started off with a thought experiment of me in IRC, where i fantasized about being a digital Private detective, eavesdropping on wireless networks (original idea courtesy of KC's neighbors. ) and installing hardware/software to eavesdrop on communications and answer my client's questions. I wondered if one could make a good living with it.

There are two objections to this, firstly a moral one, and second, a legal one:

• Would I want to do this? What are the implications of my acts for other people? Is it right?
• Is it legal what i'm doing, can i be sued and go to jail for it? Am i legally required to report it if i observe criminal activities?

This evolved into a debate on privacy with some interesting turns.

For example, when people bring their machine to me for repairs, or whenever i am working on someone elses machine, i will try to be discrete. I will not look at people's files or e-mail and if i have to for whatever reason i will usually ask first. People appreciate this and discretion is one of the things i emphasize to set myself apart from others. Many people tell me they don't invite the whizzkid next door, tech savvy coworker or geeky nephew because they don't trust them to leave their files alone.

If i were to stumble upon criminal activities, say child porn, i am legally required to report this, if i don't, i have assisted the crime. However, i can probably forget about doing any business in the future if i were to do this. Even people who have nothing to hide, which so far has been everyone as far as i am aware, will think twice after such an event. After all, it means i have on one occasion peeked in someone's files and taken action. Any reputation of discetion will be gone entirely, or even reversed.

I'm wondering, how much of a right is digital privacy? Is it good to be discrete, or bad? What would you do? Should everything that you don't want other people to see be passworded or otherwise restricted, even if you are the only one who uses that computer, and it's all secure from the outside as ElDiablo argued? Can you blame people if they don't?



Thoughts appreciated. (or it wouldn't be a soapbox thread )

 

[BiG D]

I've covered basically all my thoughts earlier today. Monitoring someone's communications as an "investigator" without their consent is simply unethical, and shouldn't happen.

As for reporting illegal activities: if you don't, I can't see you being a good addition to society. If you're so selfish that you can't turn someone in because you're afraid it might hurt your reputation, you deserve to rot in jail alongside the child pornographers.

 

[Macca]

Hmm thats an extremely thought provoking argument you are making there Pest. I think that You should always be as discrete as possible. There is no reason for someone to be looking in files that do not concern them. Even if there may be illegal things on the system, If you don't see them then it is not your job to go looking for them.

However if there was a suspicous file that could be related to something highly illegal - say child pornography - then I personally would take a peak at it and if it was then tell the police, even if it did hurt my rep. It's an ethical issue more than anything . Something like illegally downloaded MP3's I wouldn't bother with.

So to sum up I would not go around looking for illegal things that people have on their system however if I was suspicious and had reasonable evidence I would have a look and turn them in.

Its the same with mail. If your a mailman etc you don't go looking in people's mail to see if theres anything illegal in it. However if there was a peice of mail that looked particularly suspicious you would report it to the head of your department.

I don't know if I am for or against putting passwords on everything I don't want people to see. It would help me if I has personal letter, or Family pictures etc. However it would then also aid the people who would abuse it for locking all their illegal pics or docs etc.

 

[Pestcontrol]

I've covered basically all my thoughts earlier today. Monitoring someone's communications as an "investigator" without their consent is simply unethical, and shouldn't happen.

The Police can do this if they suspect a person of crimes. A Private investigator will do the same, usually also for suspected people, ie husbands suspecting their wives of cheating. Usually things i would personally consider far more rejectable than monitoring someone.

Also, like in real life a lot of what is done digitally is public. A PI will follow a person around to note his or her activities, something anyone can do. Tracing someone to a forum or chatbox anyone can join is much the same.

In principle i'm inclined to agree with you, monitoring someone without consent is a violation of privacy. Sometimes however a suspicion of something far worse can justify this. Just think about it, there'd be a lot less criminals in jail otherwise, because it would be much harder to gather evidence. A judge is often confronted with conflicting rights and plights, and in such a case they will have to weigh the two and decide which one they deem more important. Freedom of speech VS racism is a good example. Privacy vs justice is just the same. That's the essence of the matter.

As for reporting illegal activities: if you don't, I can't see you being a good addition to society. If you're so selfish that you can't turn someone in because you're afraid it might hurt your reputation, you deserve to rot in jail alongside the child pornographers.

But if i do, the actions i am forced to take would mean a bad reputation through no fault of my own. You lose either way. Yes it would make me a bad person, but it seems you're not considering the flip side. I would report it though, no doubt about it.

I know i would feel terribly bad about it if i later learned such a thing was on a computer and i simply had not noticed, because i'm being discrete and not nosey. I'm not sure you can blame a person for that, however.

 

[BiG D]

In principle i'm inclined to agree with you, monitoring someone without consent is a violation of privacy. Sometimes however a suspicion of something far worse can justify this. Just think about it, there'd be a lot less criminals in jail otherwise, because it would be much harder to gather evidence. A judge is often confronted with conflicting rights and plights, and in such a case they will have to weigh the two and decide which one they deem more important. Freedom of speech VS racism is a good example. Privacy vs justice is just the same. That's the essence of the matter.

There's a very big difference between 'we think this guy is conspiring to kill people' and 'I think my husband is cheating on me.' This is what separates the real authorities from private investigators.

 

[Pestcontrol]

But would you think that in the case of cheating, the possible violation of privacy is not justified?

The popular image of PI's is a positive one. Now i don't know what the actual work of a PI would be like, but it's easy to see why the popular image is like that. PI's have the moral right on their side with the work they do. Do you disagree with that?

thats an extremely thought provoking argument you are making there Pest. I think that You should always be as discrete as possible. There is no reason for someone to be looking in files that do not concern them. Even if there may be illegal things on the system, If you don't see them then it is not your job to go looking for them.

Thanks, and well spoken. My thoughts precisely.

Personally, i don't think the "you should use passwords if you don't want other people to see it" argument holds. It may be true in a strict sense, but the word privacy also means that you can trust private information to be safe. In other words, if you have to lock it down, you don't have any privacy anymore, imho.

 

[BiG D]

The popular image of PI's is a positive one. Now i don't know what the actual work of a PI would be like, but it's easy to see why the popular image is like that. PI's have the moral right on their side with the work they do. Do you disagree with that?

Doing the right thing is great, but pushing the limits of what is legal in order to get results isn't. I'll find that article on common PI practices for you sometime; they're basically glorified fraudsters.

EDIT: Here's an article with an exerpt from the interview I was talking about. Not as in depth as the article I wanted, but it covers the basics.

I think there are some cases where a PI isn't in the wrong, but they need to be more of a 'last resort.' Society is way to quick to throw cash at someone to solve problems they should be facing themselves.

Edit again: and for elD, a short essay on anonymity & accountability. That's the point I was trying bring across earlier in irc.

 

[Haven]

I firmly believe that people should control their own information (and be allowed to do so). i.e. you should not be allowed to look through files without permission - in the US they have laws on admissability of evidence obtained without a warrant for instances like these although we are (for once) far less liberal in the UK currently. If you find something illegal whilst maitaining a system then its your own individual stance on the specific information found that will determine what you do with it. i.e. you'd be likely to report child pornography but much less likely to report mp3's or downloaded movies (I'm guessing here).

Unfortunately most people dont value or realise the value of their own information, the majority also do not have the technical know-how or interest to benefit from encryption technologies. The few people who do understand these issues, unfortunately often come across as raving paranoids (just visit slashdot for examples) and don't exactly act as a
rolemodel for the benefits of discretion with information.

The bottom line is obvious - we all have a moral line that we dont cross and for all of us its slightly different. Some uphold the law rigorously to the letter and others ... well lets just say that the law is highly tractable. It depends on where you sit as to what you report and when and also how it will affect your future business.

As for information privacy and awareness - if everyone thought about the information they have and how important or not it is to them then they could make a judgement call on how much that information needs protecting. In todays fast paced world few of us stop to think about such things and without help at hand to talk through the technologies available even fewer get beyond the contemplative stage.

For those who are interested (I'm making the rash assumption that 99% of you are windows users here ) there are some links below (all the software listed is 100% free):

Thunderbird + Enigmail + gnupg = encrypted secure email. For example - I run mail servers and I can read any email that I like regardless of whoever it belongs to if it passes through one of my servers. Email by default is just plain text and can be read in any text editor. Fortunately I'm a nice guy but is the next mail administrator along such a nice guy ? Consider encrypting your email so only the intended recipient can read it - once you've got it setup it is virtually transparent to use.

Related to the above; If you dont like (or dont know anything about) the command line in windows then grab WinPT which is a GUI frontend for gnupg (makes life easier).

If you have a bunch of files that you want to encrypt toegether then I reccomend TrueCrypt. This can encrypt a folder or an entire disk partition (I use it to encrypt a 1GB pendrive). Its easy to use and you have a one time password to remember (there are no encryption keys for you to worry about). Its so easy to use that you should all give it a go at least once!

Finally a quick thought, slightly off topic but worth thinking about. You come home one day and the house is on fire. You've time to grab one thing (not a person or pet - they are all safe), what would it be ?

Or put another way - what information/documentation in your house right now would make your life very difficult if you had to live without it ? i.e. passports, driving licences, birth certificates, pension details, bank details ...

Think about it and then consider scanning that information and storing it securely on a pendrive (or remote server if you have access to such a thing). Its worth a thought even if you dont follow through on it.

 

[DocBot]

As for reporting illegal activities: if you don't, I can't see you being a good addition to society. If you're so selfish that you can't turn someone in because you're afraid it might hurt your reputation, you deserve to rot in jail alongside the child pornographers.

Well let's take that statement and apply it to another situation: Lots of my friends have in the past been using drugs, some of them selling to friends etc. Now according to what you just said I am a bad person(sorry, "not a good addition to society") for not reporting them in. There are lots of examples like this, and I guess more or less everyone I know are bad persons, except for you then... remind me to never tell you anything in confidence.

In the medical profession there is a confidentiality clause that I am bound to, as long as the crime does not carry a penalty of at least 2 years prison, in which case I am instead bound by law to report it. That would definitely mean child pornography. And obviously I would not protect paedophiles...

priests have absolute confidentiality, I believe. That means they are not _allowed_ to report paedophiles (or bank robbers, or what have you) to the authorities. I am of the opinion that this is a good thing. Even sick bastards need someone to talk to. And maybe thats a way out for them, I dunno...

As regards digital privacy, that is being tested here in Sweden, what with the Anti-piracy bureay collectin IP:s of file sharers and filing charges. It looks like were safe for now, because for the police to be able to get the owner of an IP from a provider requires a search warrant, and that in turn requres a crime that has a punishment scale with "prison" on it. So as long as the only punishment for file sharing is fines, we're "safe".

 

[BiG D]

We're talking illegal things you would find on a computer, and filesharing isn't illegal here, so that narrows the possibilities quite a bit. Computers make hiding some illegal activities a whole lot easier, and if you're in a position where you could stop something before it even starts, I think it's your responsibility.

 

[Pestcontrol]

In the case of your friends doing drugs (ditto, although no dealing or harddrugs that i know of. I think dealing drugs to addicts is a very severe crime), you wouldn't report it because it's not something you disapprove of yourself. Most people will benchmark what goes on around them with their own morals, and not the law.

Another issue is the 'damage' you do to yourself.. Reporting someone for the MP3's (OGG's!! ) or illegal software they have on their computer would equal social suicide. Some people are more willing to risk themselves by standing up for something than others.

I had entirely forgotten about priests and the Hippocratic oath. Going over it right now i can see the point of conflict even within the oath itself. According to Wikipedia it states a practising physician should act:

• To avoid violating the morals of my community.
• To keep confidential all private patient information.

I know that personally, it wouldn't feel right to help criminals and not report them, but i could probably live with it as it's hopefully a minor aspect of the profession, well unless you happen to operate in Sicily.

I would definitely not be able to be a lawyer, though. Defending people i know are guilty and who have done something i despise, never ever will i do that. I'm equally appaled with lawyers specialising in criminal defense, getting rich on criminal money. It's a lot worse than being a PI.

For priests, it appears the church weighs confidentiality above all other interests, however a theologist would likely argue God will serve justice upon a person's death, and as such, the priest isn't obliged to inform earthly authorities. It's a good example, but also somewhat apart from the others, because the church will feel the confidentiality does not jeopardise justice.

Haven: Yes, it'd probably be stupid not to protect sensitive information, but most people will do this for pragmatic reasons - they don't want their bank accounts looted. They're not so much personal privacy motives.

Also, you'll have to tell me your GPG key over teamspeak some time. Here's another geek with the same setup. I also think email is hopelessly insecure.
However on the flipside, improved security facilitates criminal activity. Would you be prepared to accept that people may be able to read your personal, but innocent emails, when that means criminals can be caught? I know the question is somewhat moot as criminals can communicate securely anyway, but it's a moral matter. Personally i'd be willing to accept this, on the condition that only certain organisations have access.

TrueCrypt looks like an interesting nifty little program, thanks for the link. Encryption on USB sticks is very worthwhile for the simple pragmatic reason that they can easily be stolen or lost. Not a matter of someone violating your privacy and trust, but a matter of losing control over the information. Preventing someone else from taking control in such a case is a definitely a good idea.

In the same light, and also slightly offtopic, would it be possible for vBulletin to use SSL connections for the user CP and private message system?

One object that i would take from my house, perhaps something for a separate thread, but passports and other documents can be replaced, it would be something personal, something with irreplaceable emotional value.

 

[DocBot]

perhaps i'd better point out I wasn't serious about that "never tell anything in confidence" part... stupid text not having tone of voice...

anyway, so we're only talking about computers here? why do you take this moral stand only when computers are involved? is there something special about "digital crime" that makes not reporting it especially amoral?

 

[BiG D]

It's the nature of the crimes you'd find on a computer more than anything.

 

[Pestcontrol]

That, and because that was the scope of the original discussion on IRC.
It's largely similar to privacy in the real world but still, i feel there are some differences, or rather nuances, too.

But i don't think not reporting digital crime is especially (or less) amoral, except perhaps that it is easier to look away or genuinely miss it because you're not nosing around on someone's system more than you have to.

 

[DeZmond]

As ever I'm a bit late, however... I think the laws regarding Digital Privacy are a joke. Given the amount of laws passed in the EU and other places that allow governments to take a look at everything you do online, it's a case of double standards if they deem prying on electronic information to be unlawful. I would, of course, be interested to see if anyone else shares this view.

Also I've created DeZcrypt if you want to encrypt/decrypt individual files - I can't guarantee security yet as the project is still in the beta stage, however in it's current form you can mess around with different encryption standards until you've found one you're happy with - so it's at least handy with that.