Ashley Madison hack - the ethical and security implications | by Rob Somerville

| by Rob Somerville

With the latest successful hacking attempt on the edgy Ashley Madison dating site, what are the ethical and security implications as a new thinking infiltrates the deeper and darker sides of human nature?

When the news of the Ashley Madison hack reached the public domain, there are three words that describe the emotions and mental state of a large number of their subscribers. Raw unadulterated fear. One member admits to being so overcome with the threat of exposure and the corresponding shame that could entail that he was physically sick. While much has been made over the years about the potential physical harm that technology can subject our bodies to – from repetitive strain injury and microwave radiation to poor eyesight and short attention spans amongst the social media addicted – this must be one of the first admissions in the mainstream press that the Internet can literally make you ill. Of course, it is easy to take the moral high ground and say “If you don't want the time – don't do the crime” but this ignores the inherent cognitive dissonance that goes along along with all human interaction with technology.

We seem to have lost that thin membrane of ethical and moral judgement that insulates us from making catastrophic decisions normally present in our day to day interactions with colleagues, friends and neighbours. To some, this is an excellent opportunity for exploitation, riches and the furthering of certain ideologies. To others though, access via this dark portal will be costly indeed.

Unfortunately, the problem extends well past singular examples such as Ashley Madison, porn sites, drug deals on Tor or whatever particular moral poison takes your fancy. The technology sector, like many other professional and business sectors, has swallowed whole the concept of situation ethics, where rules are based on context rather than absolutes. This is incredibly ironic, as we all know that the current generation of computers have a brutal form of logic that is simplistic in the extreme – 1 or 0, on or off, true or false. For all the abstraction, the layers of programming and intelligence, it all boils down to binary. And here lies the quandary – Do we live in a universe of absolutes, good versus evil, ying versus yang or is there a grey area in between? No matter whether the underlying architecture of technology is a true representation of moral value or not, the corresponding integration of hyper-efficiency into a society where inefficiency is de rigour spells trouble. All humans have feet of clay. Like a man walking along a cliff edge, each step is one based on faith that the ground will support his weight yet the fool-hardy race along as if stepping on reinforced re-bar concrete.

Somewhere along the way our institutions, our nations, our society, have turned a blind eye to the revolution that is taking place beneath our feet. We are now so much more accountable to the system, to the established order that the slow constriction of our liberties and choices – like the frog being boiled in water – has become a regular part of life to be met with the shrug of our shoulders and a pragmatic acceptance that all will end well. In America, while there still resides a strong movement that is fiercely independent and self sufficient, the cashless, computer based society has virtually consumed society, unlike the rest of the world where electricity and clean water could be considered a luxury. 85% of Americans are now online, and it is becoming clearer that those who are not digitally engaged will be at a major loss. Irrespective of our online status, the current mantra of efficiency, connectedness and online presence has taken root in management culture to such an extent that anyone suggesting a considered approach rather than one based on hype and stakeholder value is regarded as a heretic.

Even as far back as the 1960's, the alarm bells were ringing in popular culture as to the ramifications of computing. The Moody Blues, with the track “In The Beginning” warned us of the potential risk of becoming magnetic ink. The corresponding loss of identity, the tools of dehumanisation and calculated or perceived value under measurement (metrics) always presents a grave danger when handed to those distanced from society and real life. The psychological pathologies which drive dictatorships, fascists naturally cause them to embrace the leverage of control. And so there may be a silver lining to this incident that has morally shaken many.

First of all, the hacking group may well have done the IT community a huge favour by exposing the Achilles heel of data security in terms that the general populace can relate to. In the 1800's, the Luddites were a force to be reckoned with – the British army faced down more rebellions over the mechanical loom than Napoleons troops on mainland Europe. Hopefully, society will begin to address the cognitive dissonance that runs throughout our culture when it comes to technology, it's innovation, management and application for the greater good. Secondly, along with the other high profile attacks that have plagued the US recently, maybe the government and law enforcement will start taking the issue a bit more seriously. Assuming that 50% of the compromised records belong to US citizens, it is estimated that over 60,000 government employees will have been targeted, the same number again with top security clearance. This is a major security risk that makes the likes of the Philby and Maclean or the Profumo affairs pale into minor significance.

While the bean counters, HR drones and PR spinmeisters still have executive privilege, a comfortable window seat and the willing ear of corporate leadership while engineers and technologists are seconded to dusty basements and out of sight, this trend will continue. Data and information security may not be at the top of the agenda quite yet, but I will be very surprised if there are not more than a few CEO's and CTO's who after this incident will be having a private and corporate rethink about the serious matters of risk, strategy and security.

This article was first published in BSD Mag's last issue - check it out here!