Security News > 2021 > September > Is it OK to use stolen data? What if it's scientific research in the public interest?
There's a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can.
To kick off, Marcello Ienca, a research fellow at the Swiss Federal Institute of Technology, and Effy Vayena, deputy head of the Swiss Institute of Translational Medicine, offered the definition that "Hacked" data is "Data obtained in an unauthorized manner through illicit access to a computer or computer network." They claim it is increasingly being used in scientific research such as conflict modelling studies based on WikiLeaks datasets, and studies on sexual behaviour based on data leaked from Ashley Madison, a dating website whose database was pilfered by a group of attackers calling themselves The Impact Team in 2015.
Basing studies on such ill-gotten datasets presents problems analogous to previous debates on research that uses data of unethical origin, such as data obtained from Nazi medical "Experiments."
On the other hand, using such data may lack consent from people mentioned or implicated in the data, using the data might cause secondary harm, it could represent a privacy breach, and might lower quality of scientific standards.
Can they demonstrate that the leaked data could not have been collected using conventional methods? Next, can they show that their intended research is of high social value, and that the benefits clearly outweigh the possible harms? If hacked data is personally identifiable, researchers should obtain explicit and informed consent from those individuals.
Researchers should clearly state when they have accessed identifiable data without the subjects' consent, and say what they have done to ensure the data subjects' privacy and security.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/17/unethical_data_research/