The University of Massachusetts Amherst
Categories
Security Web

Private Data in the Digital Age

Former U.S. spy agency contractor Edward Snowden is wanted by the United States for leaking details of U.S. government intelligence programs
Former U.S. spy agency contractor Edward Snowden is wanted by the United States for leaking details of U.S. government intelligence programs

In a scenario where someone has a file of information stored on a private server with the intent to keep it private, is it ever justified for someone else to expose a security flaw and post the information anonymously on the internet? There exists a fine line where “It depends” on the scenario. But this classification simply does not do the case justice as there are extraneous circumstances where this kind of theft and distribution is justifiable.

One such case is whistle-blowing. Edward Snowden is still a man of much controversy. Exiled for leaking sensitive government documents, some label him a hero, others a traitor. Snowden was former Special Forces and later joined the CIA as a technology specialist. He stole top-secret documents pertaining to the National Security Agency and FBI tapping directly into the central servers of leading U.S Internet companies to extract personal data. Snowden leaked these documents to the Washington Post, exposing the PRISM code, which collected private data from personal servers of American citizens. This program was born out of a failed warrantless domestic surveillance act and kept under lock and key to circumvent the public eye. Americans were unaware and alarmed by the breadth of unwarranted government surveillance programs to collect, store, and search their private data.

Although Snowden illegally distributed classified information, the government was, in effect, doing the same but with personal data of its constituents. I would argue that Snowden is a hero. He educated the American people about the NSA overstepping their bounds and infringing upon American rights. Governments exist to ensure the safety of the populace, but privacy concerns will always be in conflict with government surveillance and threat-prevention. The government should not operate in the shadows; is beholden to its people, and they are entitled to know what is going on.

The United States government charged Snowden with theft, “unauthorized communication of national defense information,” and “willful communication of classified communications intelligence information to an unauthorized person.” The documents that came to light following Snowden’s leaks only pertained to unlawful practices, and did not compromise national security. Therefore, it appears as though the government is trying to cover up their own mistakes. Perhaps this is most telling in one of Edward Snowden’s recent tweets :

“Break classification rules for the public’s benefit, and you could be exiled.
Do it for personal benefit, and you could be President.” – @Snowden

This commentary on Hillary Clinton shows that in the eyes of the government who is right and wrong changes on a case to case basis. In many ways, Snowden’s case mirrors Daniel Ellsberg’s leak of the Pentagon Papers in 1971. The Pentagon Papers contained evidence that the U.S. Government had mislead the public regarding the Vietnam war, strengthening anti-war sentiment among the American populace. In both cases, whistle-blowing was a positive force, educating the public about abuses happening behind their back. While in general practice, stealing private information and distributing it to the public is malpractice, in these cases, the crime of stealing was to expose a larger evil and provide a wake-up call for the general population.

Alternatively, in the vast majority of cases accessing private files via a security flaw is malicious, and the government should pursue charges. While above I advocated for a limited form of “hacktivism,” it was a special case to expose abuses by the government which fundamentally infringed on rights to privacy. In almost all cultures, religions and societies stealing is recognized as wrongdoing and should rightfully be treated as such. Stealing sensitive information and posting it online should be treated in a similar manner. Publishing incriminating files about someone else online can ruin their life chances. For example, during the infamous iCloud hack, thousands of nude or pornographic pictures of celebrities were released online. This was private information which the leaker took advantage of for personal gain. For many female celebrities it was degrading and humiliating. Therefore, the leaker responsible for the iCloud leaks was not justified in  taking and posting the files. While the definition of leaking sensitive information for the “common good” can be in itself a blurred line, but a situation like the iCloud leak evidently did not fit in this category. Hacking Apple’s servers to access and leak inappropriate photos can only be labeled as a malevolent attack on female celebrities, which could have potentially devastating repercussions for their career.

While the iCloud hack was a notorious use of leaking private data in a hateful way, there are more profound ways which posting private data can destroy someone’s life. Most notably, stealing financial information and identification (such as SSID) can have a huge, detrimental effect on someone’s life. My grandmother was a victim of identity theft, where someone she knew and trusted stole her personal information and used it for personal gain. This same scenario plays out online constantly and can drain someone’s life savings, reduce their access to credit and loans, and leave them with a tarnished reputation. Again, we draw a line between leaking something in the public’s interest and exposing a security flaw for the leaker’s benefit. By gaining access to personal files, hackers could wreck havoc and destroy lives. Obviously this type of data breach is unacceptable, and cannot be justified.

Overall, taking sensitive material and posting it anonymously online can generally be regarded as malpractice, however, their are exceptions such as whistle-blowing where the leaker is doing so for the common good. These cases are far and few between, and the “bad cases” have harming repercussions which can follow someone throughout their life. Ultimately, to recall Snowden’s case, everyone has a right to privacy. This is why someone leveraging a security flaw and posting files online is wrong from the get go, because it supersedes personal secrecy. In an increasingly digital world it is difficult to keep anything private, but everyone has a fundamental right to privacy which should not be disrespected or infringed upon.