Blog RSSBlog.

09/10/2015

Ashley Madison & Using Stolen Data

by Arthur L Caplan, PhD and Charles Seife, MS

This past August, the public was treated to gigabytes of data stolen from the Ashley Madison website, including detailed records on millions of people who had registered for their service. Their service, of course, is a dating site meant to facilitate extra-marital affairs. The message isn’t subtle, as anyone who’s got their upbeat jingle — “I’m looking for someone other than my wife!” — stuck in his head can attest. The Toronto-based Ashley Madison isn’t the only hookup site that’s been attacked by hackers. A few months earlier, Adult FriendFinder suffered a massive data breach, with hackers publishing details of 4 million subscribers on the Web. Nobody knows who’s the next target, but it’s a good guess that porn sites may be high up on the list. With pornography accounting for nearly ten percent of all internet traffic that is a lot of names.

The leaked information is a snapshot of people’s inner lives – and a treasure trove for those who know how to use data to tell stories. Not just journalists, but also social scientists, people doing public health and those doing political research, can put this data to good use. But should they?

The downside of using the data is a steep one. It’s important to keep in mind that these data have caused serious harm to people already. There have been at least three suicides attributed to the Ashley Madison hack http://money.cnn.com/2015/09/08/technology/ashley-madison-suicide/. Many marriages and careers are surely wobbling as a result of the nonconsensual outing of specific identities of sex site users. On top of that, there’s the conundrum caused by the fact that the release of the data in the first place was a criminal act.

When is it justifiable to use this information? For journalists the answer is “it depends.”

Journalists deal with “stolen” data all the time. The Pentagon papers, the Snowden documents, the leaked voice recordings from the Germanwings Flight 9525 crash, and the like , etc. All were stolen but that fact provided no serious moral barrier for the media to use them in reporting. In journalism, ethics in using stolen data is often a judgment about balancing the public good versus private harm. Such decisions however take place in a context of corporate gain and reporter fame as the media wants to attract eyeballs by telling secrets.

So how does this balancing test apply to using information on sex sites?

In naming names the prurient and gossip value is surely high but, more importantly are there any examples where the public good outweighs personal privacy and risk to specific individuals, their families and friends? In the United States, journalists tend to believe that public figures or someone in a sensitive position or a very high government office are fair game but this attitude isn’t universal. Naming names when sex or adultery has a special relevance beyond the mere commission of the indiscretion— outing someone as a hypocrite or fraud — seems to carry justificatory weight as news among media members.

For the press, Josh Duggar fell into the hypocrite category, by virtue of his moral stance and former position as executive director of a political action committee associated the Family Research Council. The purported outing of Hunter Biden, the VP’s son,is harder to justify. He is neither a politician nor a public figure so gossip seems to have triumphed over morality.

Pooled data poses fewer problems. No individual is outed. Even so, when the press reports that x% of employees at the Vatican use sex sites or y% of government employees do there is still stigma that potentially falls on the entire class. So even in this case, it’s worth considering that the revelations might cause harm.

What about using data for social science purposes? Even if the names are already out and available the ethics of respect for individuals requires getting both consent as well as approval from an institutional review board. The most a social scientist might get away with is using non-identified information and even then, approval by an independent review committee would be required.

This is as it should be. No one should serve as an identifiable subject in research that creates risk to their relationships or possible humiliation without their permission. No matter how tempting the data might be, we are not required in America to be research subjects if we don’t want to be. Nor do we give scientists the ability to compel our participation in a study, no matter how valuable the outcome.  The hacking of sex sites is a stark reminder that it is not just medical research that poses concrete risks to subjects and that risk demands consent from them to include them in studies.

So journalism has an easier road to using data than social science. But access is not free even when the data is out there. The reality of damage to identified individuals is real when their sex lives or fantasies are put on display. That ought to give anyone using identified data about sex pause.

This entry was posted in Featured Posts, Privacy, Research Ethics, Science and tagged , , . Posted by Arthur Caplan. Bookmark the permalink.

Comments are closed.