Latest stories
Digital, People, Smart & Co.

Data science hacking and the lives of others

The code name of former East Ger­man Stasi cap­tain Gerd Wiesler was “HGWXX/7”. His mis­sion was to snoop on play­wright Georg Drey­man in East Ber­lin in the 1980s. Wiesler had Drey­man’s flat bugged and a listen­ing sta­tion set up in the attic of the build­ing. It took a great deal of human effort and ana­logue equip­ment to con­duct such round-the-clock pry­ing and sur­veil­lance. This is the fic­tion­al story of the film “The Lives of Oth­ers”, yet it con­tains a fairly truth­ful descrip­tion of the meth­ods used by a state whose arsen­al of weapons included sus­pi­cion, sur­veil­lance, theft and denun­ci­ation.

The tech­niques used to spy on, silence and ulti­mately des­troy people have now changed fun­da­ment­ally in the digit­al age. And cer­tainly not for the bet­ter as far as the vic­tims are con­cerned. Neither do such prac­tices reflect well on the people and organ­isa­tions pulling the strings in the back­ground.

Alleged bene­fits and blatant rack­et­eer­ing
The work “hack­er” con­jures up vis­ions of obscure mach­in­a­tions of indi­vidu­al per­pet­rat­ors work­ing in the darknet, or maybe of pro­fes­sion­al groups and gov­ern­ment agen­cies. What they have in com­mon (to vary­ing degrees) is their motives: money, extor­tion, espi­on­age and sab­ot­age. Amidst all this digit­al spy­ing, there is little to choose between the indi­vidu­al, crim­in­al group and state agency per­pet­rat­ors. Some do it for their own bene­fit, oth­ers for the sup­posed bene­fit of the state. But in par­al­lel to these famil­i­ar stated aims, vari­ous com­pan­ies have been spend­ing the last few years mak­ing oth­er pre­par­a­tions. Their inten­tion is, crudely put, simply to make money from data. Not always law­ful, or sup­por­ted or tol­er­ated by their own organ­isa­tion, some cor­por­ate hack­ers oper­ate in a leg­al grey area labelled “data sci­ence hack­ing”. It could just as eas­ily come under the cat­egory of “cor­por­ate crime”.

Wel­come to a spy­ing and sur­veil­lance industry which oper­ates in an appar­ently law­less envir­on­ment due to the lack of con­trols. A shady mar­ket ded­ic­ated to keep­ing tabs on com­pan­ies and indi­vidu­als – includ­ing everything from their pay­ment beha­viour and sup­pli­er rela­tion­ships through to their pro­fes­sion­al and private com­mu­nic­a­tion chan­nels.

The fin­an­cial ser­vices sec­tor (with its fintech com­pan­ies) but also digit­al cor­por­a­tions, mar­ket­ing com­pan­ies, con­sti­tu­tion­al pro­tec­tion agen­cies and sci­entif­ic research insti­tu­tions (with a cer­tain prox­im­ity to gov­ern­ment agen­cies) are all keen to recruit data sci­ence spe­cial­ists – world­wide.

Sought-after and much-fêted – just don’t use the word “hack­er”
The rap­idly grow­ing amounts of data have greatly inflated the import­ance of the col­lec­tion, eval­u­ation and inter­pret­a­tion of digit­al inform­a­tion from dif­fer­ent sources. This puts data experts with hack­ing skills in great demand – as even the most curs­ory of looks at the job portals will bear out. The State and the sci­ence and busi­ness com­munit­ies are com­pet­ing for these mas­ters of digit­al inform­a­tion, the data experts. Job offers cryptic­ally tar­get “data sci­ence spe­cial­ists”, “data engin­eers”, “big data ana­lysts” or “com­puter sci­ent­ists”. How­ever, the word “hack­ing” is con­spicu­ous by its absence in the job descrip­tions. And with good reas­on because hack­ing – break­ing into com­puters or com­puter net­works (the main focus of this art­icle) – is a pun­ish­able offence in many coun­tries. The term is there­fore taboo for the vast major­ity of com­pan­ies. And so it is cir­cum­scribed and, thanks to the invent­ive­ness of the digit­al industry, dis­creetly sub­sti­tuted by oth­er words, even though hack­ing is exactly what is meant.

Cor­por­ate ignor­ance and infringe­ments
Pen­al­ties, com­pli­ance and gov­ernance reg­u­la­tions and the much-vaunted cor­por­ate “Code of Eth­ics” are often inef­fect­ive. After all: no plaintiff – no defend­ant.

Yet a leg­al basis for sanc­tion­ing hack­ing already exists here in Ger­many as well as in the UK and the USA, for example.

By itself, the State, in its role as reg­u­lat­or, is prac­tic­ally power­less, hav­ing relin­quished digit­al devel­op­ment almost entirely to the private sec­tor and its lob­by­ists. As a res­ult, there is a lack not only of know­ledge, but also of the resources needed for identi­fy­ing and pro­sec­ut­ing mal­prac­tice. This makes it easy for com­pan­ies to col­lect, eval­u­ate and use data for their own pur­poses or to have extern­al hack­ing com­pan­ies do the work for them.

The whole thing is then called “com­pet­it­ive espi­on­age” or “con­sumer track­ing”. That is why “neut­ral” author­it­ies, such as Wikileaks, Dis­trib­uted Deni­al of Secrets (DDoS) or Digit­alcour­age are import­ant.

They help to uncov­er abuse in the hand­ling of digit­al data and sens­it­ise people to the dangers. Such bul­warks assume even great­er import­ance in times when many coun­tries have adop­ted a one-dimen­sion­al approach in deal­ing with the risks of a mul­ti­di­men­sion­al digit­al world. Thus, state secur­ity is now largely con­cen­trated on pro­tect­ing com­pan­ies, for instance when they are threatened from out­side by inter­na­tion­al hack­er groups or by state organ­isa­tions.

By con­trast, illeg­al action which com­pan­ies may take against their com­pet­it­ors or private indi­vidu­als is not usu­ally pro­sec­uted – partly because many of the vic­tims remain unaware of the prob­lem. This is how the Max Planck Soci­ety described the situ­ation in an art­icle entitled “The com­pet­i­tion is not sleep­ing, it is spy­ing” from Decem­ber 2018: “20 per cent of com­pan­ies have no strategy for detect­ing – or defend­ing them­selves against – attacks on their know-how.” It con­tin­ues: “One in five com­pan­ies with few­er than 50 employ­ees stated that they had no strategy for com­bat­ing phys­ic­al espi­on­age, with only mar­gin­ally more hav­ing any kind of con­tin­gency plans for cyber espi­on­age.”

It is not our inten­tion to explore the neg­at­ive eth­ic­al and mor­al effects of such actions here. It should be men­tioned, how­ever, that the Chaos Com­puter Club (CCC) has con­cerned itself with the eth­ic­al prin­ciples of hack­ing, stat­ing that a line is crossed when people’s data is snooped into. The gen­er­al pre­cept for the CCC is: “Use pub­lic data, pro­tect private data.” Fine words, but that’s all they are at the moment. Or as Johann Wolfgang von Goethe once put it: “The mes­sage well I hear, my faith alone is weak.” At least for the time being, because even the Stasi cap­tain Gerd Wiesler, men­tioned at the begin­ning, began to have doubts.

Ger­man Sum­mary
Data sci­ence hack­ing und das Leben der ander­en
Wer an Hack­er den­kt, dem fallen in aller Regel dunkle Machenschaften ein­zel­ner Täter im Darknet ein oder es kom­men einem pro­fes­sion­elle Grup­pen und staat­liche Stel­len in den Sinn. Doch abseits dieser bekan­nten Ziele brin­g­en sich seit Jahren Unterneh­men in Stel­lung. Ihr Ansinnen liegt plump for­mu­liert dar­in, mit Daten Geschäfte zu machen.

Eine deutschs­prac­hige Ver­sion des Beitrags “Data sci­ence hack­ing und das Leben der ander­en” find­en Interessen­ten auf RiskNET.


error:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close