Should we look just because we can?

If there is something online in plain sight (which I define as requiring only clicking on publicly available links), is it OK to take a look? If we suspect that the linked content breaches privacy or confidentiality, but is not illegal, should we still go and take a look?

The first two examples that come to mind both involve stolen information published online. In the case of Rawshark publishing emails stolen from Cameron Slater as an act of vigilantism, is there a public interest defence to take a look? That is certainly not the case with the celebrity photo leaks earlier this year. As a person tweeted, “Remember, when you look at these pictures you are violating these women again and again. It’s not okay.”

This is an everyday moral dilemma with the underbelly of the Web, 4chan (some parts NSFW). You can take a look as the website claims that everything is perfectly legal. The question is, just because you can, should you? At the very least, be warned that you can’t un-see what you see there. On the other hand, it’s a great example of the freedom of speech that (mostly) stays within the letter of the law.

Another one involves Cameron Slater again but on the other side, as an alleged perpetrator with Beehive staffer Jason Ede. The duo (and likely others) went to a website run by the Labour party three years ago after being tipped off by Aaron Bhatnagar and downloaded donor information in plain sight. Was that illegal? It will be interesting to see what the police and courts have to say about that.

If that information was published online by them or others in plain sight, should people go and have a look? What obligations did the National Party and others who got the confidential information have? After all, the Prime Minister’s defence was “if Jason Ede went and had a look at it out of curiosity, fair enough” because it was in plain sight.

Did the subsequent malicious use of the information to attack the Labour party and its supporters colour the original act? Possibly this aspect of intent is what sets it apart from access followed by responsible disclosure, such as the iconic MSD kiosk access by Keith Ng.

All of these questions raise both legal and moral questions with no easy answers. Yet these are the very questions that will increasingly arise and will need to be answered.

Creepy webcam access

All of this ruminating was set off by this recent article about, ostensibly a website that “has been designed in order to show the importance of the security settings” in online cameras:

… images from thousands of internet-connected cameras from all over the world are publicly available, online, and ready for anyone to easily view… From pictures of backyards to schoolyards, detention centres to daycare centers, and even living rooms, you can watch them all.

The website offers thousands of streams of internet-connected cameras that have not had their default username and password changed. These default login details usually can be found in security camera manuals that are often also available online. Because there are apparently thousands of users of cameras who did not change these login details, it was only a matter of time until one website aggregated these cameras for everyone else to tune into.

Signalling security flaws is important. But using those flaws to break through security and infringe the privacy rights of others is less compassionate. Moreover, trying to get access to a computer system by guessing usernames and passwords could be considered an act of hacking in certain jurisdictions.

Another concern is that the person whose life is portrayed on the security camera’s images is not necessarily the person who set up the camera. Should the privacy of kids playing at their daycare center be infringed just because an IT worker forgot to change the password? Ignorance to the Internet of Things lets that happen.

For the curious, there are 122 IP cameras in NZ on the website. Questions: is it illegal to view these? What laws and jurisdictions apply?

Coming law change

Keep in mind that a law change is coming. Tucked away at the end of the Harmful Digital Communications Bill is a proposed amendment to section 6 and 56 of the Privacy Act. IANAL obviously but my reading of the change is that just because personal information is available publicly, it will be illegal to have a look if it is “unfair” or “unreasonable” or “highly offensive to an ordinary reasonable person”.

Hopefully there will be guidance what all of this means once the law is passed. Even then, legal and moral questions about what we can and should do about personal and confidential information in plain sight will continue.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s