Follow us on Fifty shades of grey hat hacking

by Dr Adam Henschke
29 July 2015
Exposing people for cheating on their spouses by publishing the details of account holders, a dating site designed to help people have affairs, might be seen as a wrong action to achieve right outcome. Dr Adam Henschke guides us through an ethical exploration of this case and uncovers there’s a lot more to it.
The recent hack of the infidelity dating website raises a series of ethical questions. We often have an intuition something is good or bad, right or wrong. This example though shows us it’s not so black and white – ethics can be complex and our immediate intuitions require a bit of reflection.
The website is explicitly a website for people in relationships who want to cheat. Their marketing slogan is, “Life is short. Have an affair.”
The group who hacked call themselves ‘The Impact Team’. They released a small amount of information to show what they could do and threatened to publish users’ personal details should the site remain active. The content uploaded by users of this site is obviously not meant to be shared with particular people – spouses make the top of a list which might also include family, friends, colleagues and employers. The breach of privacy here is unique in that it is not just personal information like contact details being exposed. It is highly sensitive, sexually intimate, may include revealing photographs, and given the site’s reason for being is to enable people to have affairs, it is capable of breaking up couples, families and other fundamental relationships.
There are at least three sets of people whose actions may prompt some form of ethical intuition here – the users of the site, the service providers of and the hackers. Often, if we have a strong intuition about one set of people, this heavily impacts our judgment of the other people in the ethical equation.
For example, a rapist gets beaten in jail, and as we uniformly criticise rapists, we’ll often think those who beat them are in the right even if we typically hold violent assault to be deeply problematic. Given the complexity of the case, it is likely that some of our intuitions are causing us to pass judgment on others in a way that may not stand up to critical reflection. Think here if it turned out that the hackers were a group of religious fundamentalists who attacked the site with the aim of imposing their beliefs on others. Would this change your view on the naming and shaming of the site’s users?

What if the hackers were a group of religious fundamentalists who attacked the site with the aim of imposing their beliefs on others? Would this change your view on the naming and shaming of the site’s users?

 The site’s users
The first intuition about the site’s users is that they’re all disrespecting or hurting someone else and deserve punishment. Many of us feel an affair is a serious moral wrong and those seeking extramarital dalliances are bad people. However, human relations are complex and some affairs might seem less bad than others.
Imagine a couple, Drew and Sydney, who are deeply in love and seriously committed to each other. Drew is suffering from cancer for a second time. Doctors say Drew will likely survive with chemotherapy treatment that may extend into a period of years. In the past this treatment impacted on the couple’s sexual relationship, diminishing Drew’s drive and causing depression. Sydney still loves Drew. After years without sexual intimacy though, Sydney feels the relationship won’t last.  Sydney knows telling Drew this would cause more suffering at a hugely challenging time. Moreover, Sydney already had a one-off affair. A disclosure was planned for when Drew was in full remission. Sydney believes in honesty – late being better than never – and that Drew will understand. Sydney finally tells Drew out of love and a desire to protect their relationship.
Does the affair in this scenario carry the deep moral wrong that we normally attach to adultery? It seems to me, while still problematic, we come closer to excusing Sydney’s affair than we might for a ‘standard’ adulterer. The point here is that relationships are complex and there may be extenuating circumstances that make it hard to lay a blanket criticism on all people interested in having an affair.
The service provider
The intuition here is that if affairs are bad, then those who provide this service are enabling bad behaviour. However, if history has taught us anything, we ought to be careful about criticisms of sexual relations. It was not so long ago that same-sex relationships were deemed so immoral they were – and in some countries still are – criminalised.
The concern here is about external parties moralising over the sexual behaviours of others. By criticising a site that offers this service we are in effect offering not only criticism about sexual behaviour, but entering into a space where we are implying that some level of external intervention is justified. Which leads me to the hackers.
The hackers
There are probably two common intuitions that people might have about the ‘The Impact Team’ or the hackers. First is they’ve done something wrong – broken the law and destroyed the privacy of users. The contrasting view is that given the immorality of those using the site, they had no legitimate claim to privacy to begin with. Thus the hackers were not only justified, they might even be acting for good.
As far as breaking the law goes, a deeper ethical question might ask if that law should exist in the first place. In terms of privacy, I think it turns on whether one believes (a) that the users were doing something morally wrong to begin with and (b) if so, whether they ever had a right to privacy. Both points require a deep engagement with either the relation between law and ethics, or, what a right to privacy ought to cover.
The Impact Team seem much more like White Hat (or at the very least, Grey Hat hackers), motivated by concerns about the security of a given site or a desire to expose worries about service provision.

The final observation is on the hacker’s motivations. While part of it seems motivated by a desire to express a criticism of the site’s users, one of their stated motivations was that the site itself offered a range of secure services, including a permanent and total deletion of all a user’s information. Wired reports the hackers wanted to expose “what they describe as a dishonest offer from the company to delete users’ information for a $19 fee, when in fact that information was still kept in ALM’s servers”. The Impact Team seem much more like White Hat or at the very least Grey Hat hackers, motivated by concerns about the security of a given site or a desire to expose worries about service provision.

Ethics is typically complex. There’s usually a range of people involved in a given example, and in order to have a reliable set of ethical intuitions on something, we need not only information but a range of points of analysis in order to feel sure of our beliefs. Two wrongs might feel like a right, but a little reflection will take you much further.

Dr Adam Henschke is a National Security College Research Fellow at ANU’s College of Asia and the Pacific. His research interests include applied ethics, cybersecurity and the ethics of new technologies.
Image credit: Fast Company | Daniel Oines