On (InfoSec) Ethics

So today I attended to this panel at Hack In The Box Conference 2012 in Kuala Lumpur. Participants were: FX, Van Hauser, The Grugq, Ben Nagy, and BSDaemon. The panel had no real agenda, so the topics varied as the audience posed questions. Interestingly, although the panelists are notoriously technical people, many of the questions the attendees chose to ask seemed to revolve around ethics. WikiLeaks, exploit sales, “Anonymous” & cyber activism, cyber warfare and the role played by nation states in all this… Where should we stand? What is right?

As I watched the polemics ensue, I could not help thinking to myself how I could chew on those subjects for hours without coming to a solid conclusion. In fact, I CANNOT possibly come to any satisfactory conclusion, if I am to be completely rational about this. The problem is that all of these dilemmas depend on our expectations towards other people, when expecting anything from anyone is fundamentally flawed. As human beings, we cannot be reduced to predictive behaviors. In other words, we are not to be trusted. And that makes us fascinating.

You should not be impressed when WikiLeaks starts charging for data [1], you cannot be sure that the attacks by Anonymous never are of a less than “noble” nature, and you cannot be sure that the exploit you sell will only be used in the “rightful” ways, regardless of what you deem noble or right. You may either embrace complete nihilism or accept the fact that most of your ethical standpoints rely on fragile webs of assumptions about human conduct. It suddenly is not about your morality anymore, but other people’s.

My opinion? Do whatever your want. Trust your guts, your humanly feelings, your very limited knowledge. This is best effort. And if someone tries to hold you accountable for taking a stand, do not even try to make sense of the complex set of factors you hopelessly attempted to take into consideration. It just does not boil down to reason.

And if this is not at all comforting, the best consolation I can give is written in the t-shirt I wear today: “All destruction is a creator”.

[1] WikiLeaks Angers Supporters With Donation ‘Paywall’ For Leaked Material

P.S.: As an anti-misinterpretation note, I am not telling you to join Anonymous any more than I am telling you NOT to. I said “best effort”. Your brains and sense of criticism are still there, so you might as well use them.