Data science hacking and the lives of others
- posted June 29, 2020
The code name of former East German Stasi captain Gerd Wiesler was “HGWXX/7”. His mission was to snoop on playwright Georg Dreyman in East Berlin in the 1980s. Wiesler had Dreyman’s flat bugged and a listening station set up in the attic of the building. It took a great deal of human effort and analogue equipment to conduct such round-the-clock prying and surveillance. This is the fictional story of the film “The Lives of Others”, yet it contains a fairly truthful description of the methods used by a state whose arsenal of weapons included suspicion, surveillance, theft and denunciation.
The techniques used to spy on, silence and ultimately destroy people have now changed fundamentally in the digital age. And certainly not for the better as far as the victims are concerned. Neither do such practices reflect well on the people and organisations pulling the strings in the background.
Alleged benefits and blatant racketeering
The work “hacker” conjures up visions of obscure machinations of individual perpetrators working in the darknet, or maybe of professional groups and government agencies. What they have in common (to varying degrees) is their motives: money, extortion, espionage and sabotage. Amidst all this digital spying, there is little to choose between the individual, criminal group and state agency perpetrators. Some do it for their own benefit, others for the supposed benefit of the state. But in parallel to these familiar stated aims, various companies have been spending the last few years making other preparations. Their intention is, crudely put, simply to make money from data. Not always lawful, or supported or tolerated by their own organisation, some corporate hackers operate in a legal grey area labelled “data science hacking”. It could just as easily come under the category of “corporate crime”.
Welcome to a spying and surveillance industry which operates in an apparently lawless environment due to the lack of controls. A shady market dedicated to keeping tabs on companies and individuals – including everything from their payment behaviour and supplier relationships through to their professional and private communication channels.
The financial services sector (with its fintech companies) but also digital corporations, marketing companies, constitutional protection agencies and scientific research institutions (with a certain proximity to government agencies) are all keen to recruit data science specialists – worldwide.
Sought-after and much-fêted – just don’t use the word “hacker”
The rapidly growing amounts of data have greatly inflated the importance of the collection, evaluation and interpretation of digital information from different sources. This puts data experts with hacking skills in great demand – as even the most cursory of looks at the job portals will bear out. The State and the science and business communities are competing for these masters of digital information, the data experts. Job offers cryptically target “data science specialists”, “data engineers”, “big data analysts” or “computer scientists”. However, the word “hacking” is conspicuous by its absence in the job descriptions. And with good reason because hacking – breaking into computers or computer networks (the main focus of this article) – is a punishable offence in many countries. The term is therefore taboo for the vast majority of companies. And so it is circumscribed and, thanks to the inventiveness of the digital industry, discreetly substituted by other words, even though hacking is exactly what is meant.
Corporate ignorance and infringements
Penalties, compliance and governance regulations and the much-vaunted corporate “Code of Ethics” are often ineffective. After all: no plaintiff – no defendant.
Yet a legal basis for sanctioning hacking already exists here in Germany as well as in the UK and the USA, for example.
By itself, the State, in its role as regulator, is practically powerless, having relinquished digital development almost entirely to the private sector and its lobbyists. As a result, there is a lack not only of knowledge, but also of the resources needed for identifying and prosecuting malpractice. This makes it easy for companies to collect, evaluate and use data for their own purposes or to have external hacking companies do the work for them.
The whole thing is then called “competitive espionage” or “consumer tracking”. That is why “neutral” authorities, such as Wikileaks, Distributed Denial of Secrets (DDoS) or Digitalcourage are important.
They help to uncover abuse in the handling of digital data and sensitise people to the dangers. Such bulwarks assume even greater importance in times when many countries have adopted a one-dimensional approach in dealing with the risks of a multidimensional digital world. Thus, state security is now largely concentrated on protecting companies, for instance when they are threatened from outside by international hacker groups or by state organisations.
By contrast, illegal action which companies may take against their competitors or private individuals is not usually prosecuted – partly because many of the victims remain unaware of the problem. This is how the Max Planck Society described the situation in an article entitled “The competition is not sleeping, it is spying” from December 2018: “20 per cent of companies have no strategy for detecting – or defending themselves against – attacks on their know-how.” It continues: “One in five companies with fewer than 50 employees stated that they had no strategy for combating physical espionage, with only marginally more having any kind of contingency plans for cyber espionage.”
It is not our intention to explore the negative ethical and moral effects of such actions here. It should be mentioned, however, that the Chaos Computer Club (CCC) has concerned itself with the ethical principles of hacking, stating that a line is crossed when people’s data is snooped into. The general precept for the CCC is: “Use public data, protect private data.” Fine words, but that’s all they are at the moment. Or as Johann Wolfgang von Goethe once put it: “The message well I hear, my faith alone is weak.” At least for the time being, because even the Stasi captain Gerd Wiesler, mentioned at the beginning, began to have doubts.
Data science hacking und das Leben der anderen
Wer an Hacker denkt, dem fallen in aller Regel dunkle Machenschaften einzelner Täter im Darknet ein oder es kommen einem professionelle Gruppen und staatliche Stellen in den Sinn. Doch abseits dieser bekannten Ziele bringen sich seit Jahren Unternehmen in Stellung. Ihr Ansinnen liegt plump formuliert darin, mit Daten Geschäfte zu machen.
Eine deutschsprachige Version des Beitrags “Data science hacking und das Leben der anderen” finden Interessenten auf RiskNET.