Security Ethics

May. 15th, 2007 06:14 pm
bryant: (Default)
[personal profile] bryant
Hot rumor: Karl Rove staffers sent email to the wrong address. Instead of mailing whoever@georgewbush.com, they mailed whoever@georgewbush.org. The guy who owns georgewbush.org is apparently not a Bush fan, so the emails are in Greg Palast's hands.

Taking advantage of this, of course, is morally wrong. As one Democratic Senate staffer said:

"They had an obligation to tell each of the people whose files they were intruding upon -- assuming it was an accident -- that that was going on so those people could protect themselves. To keep on getting these files is just beyond the pale."

Yeah, I'm being snarky. That's a quote from the time the Republicans noticed that they had the ability to read Democratic private files by accident. You could make a marginal argument on the premise that the emails were sent, whereas the Republicans had to go get the files from the fileserver, but as a system administrator? I don't buy it.
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Date: 2007-05-15 11:08 pm (UTC)
kodi: (Default)
From: [personal profile] kodi
I'd think the most important difference between the two events would be that in the 2002-03 incident, there was a mutual professional and public relationship between the parties. I see a fiduciary duty in the first case that doesn't exist in the second.

Date: 2007-05-16 01:22 am (UTC)
From: [identity profile] amberley.livejournal.com
<snark>Couldn't they just ask the NSA for a copy of all the emails? </snark>

Date: 2007-05-16 12:26 pm (UTC)
bryant: (Default)
From: [personal profile] bryant
Hm. While I'd agree that there's a greater fiduciary duty, I don't think the circumstances in the current case are such that it's okay to keep the emails.

I get the moral high ground of having been in the position of getting a /lot/ of email that wasn't meant for me, and happily deleting it all, from back when I was postmaster at Netcom. :)

Does context not matter at all?

Date: 2007-05-16 01:28 pm (UTC)
dtm: (Default)
From: [personal profile] dtm
What if the emails contained evidence of a crime?

What if they contained plans for a future crime?

What if the emails were subject to an open subpoena, and the targets of the subpoena publically claimed that the emails were lost and couldn't be produced?

These are not, in this case, theoretical questions. (Okay, maybe the second one is)

Yes, keeping the security breach silent and using it to eavesdrop is unethical, but I am not convinced that instantly deleting the emails in question is the only possible ethical option - is turning the emails over to law enforcement not a viable option?

Re: Does context not matter at all?

Date: 2007-05-16 02:07 pm (UTC)
bryant: (Default)
From: [personal profile] bryant
Hm. You're advocating that any time a system administrator gets a bounced email to postmaster@whatever.com, they should read it to make sure there's no breach of the law?

Date: 2007-05-16 02:13 pm (UTC)
kodi: (Default)
From: [personal profile] kodi
Yeah, I definitely agree that it was wrong to keep the emails - but I'd certainly have been fine with him just deleting them as they came in, without ever notifying the people that their emails were going to the wrong place. In the earlier incident, merely failing to take advantage of the situation wasn't enough - every Senate employee who was aware of it and didn't say something did something wrong.

Date: 2007-05-16 02:15 pm (UTC)
bryant: (Default)
From: [personal profile] bryant
Yeah, I'd agree with that.
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

bryant: (Default)
bryant
Innocence Consulting

October 2025

S M T W T F S
    1234
567891011
12131415161718
19202122232425
2627 28293031 

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 27th, 2026 06:55 pm
Powered by Dreamwidth Studios