F. AWARENESS OF PRIVACY, ETHICAL AND LEGAL
CONSIDERATIONS
From an ethical point of view, OSINT must respect the user’s
privacy so as not to harm his private life, as well as the
privacy of his family, friends and co-workers. The fact that
the information is publicly accessible does not mean that it
is not sensitive. Knowing the personal preferences and tastes
of the target can perpetrate in his privacy. Revealing politi-
cal thoughts can have fatal consequences in certain places.
Communicating a sexual orientation can be potentially life
threatening in certain countries. Knowing religious beliefs
can lead to criminal convictions in specific territories. Thus,
the open source information has to be handled carefully, for
legitimate purposes, in the interests of society.
From the legal point of view, OSINT should be used on the
basis of a law and respecting data protection policies. With
the advent of the EU GDPR, the regulation concerning the
personal data has changed [86]. In this sense, personal data
comprise any information which can relate to any citizen.
Moreover, different pieces of information, which collected
together can lead to the identification of an individual, also
constitute personal data, even if the information is encrypted
or anonymized [14]. A possible solution to address such
challenge is to adapt the design of OSINT tools to embed nor-
mative constraints, specially GPDR legal requirements [87].
By definition, OSINT is completely legal due to the public
nature of the data sources it uses. Nevertheless, investigators
must not publish the gathered personal information, even if it
is posted on the web. In addition, the user who applies OSINT
cannot fall into the error of trying to impersonate the target
in order to find more information. It should also be noted that
authentication barriers cannot be broken in order to access
the information we are looking for.
In short, the use of OSINT should be restricted to le-
gal activities and non-malicious purposes. In principle, OS-
INT does not (and should not) violate human freedom and
rights, therefore its previously-mentioned techniques and
services are legal to this extent [88]. It is a really powerful
methodology, but it is also dangerous if misused. Thanks
to OSINT, journalists can provide up-to-date, objective and
quality news. Human resources managers can get to know
the applicants in their job better. Countries’ authorities can
investigate criminal and terrorist groups. A company can
audit its exposure abroad to cyberthreats. However, such
openness to the utilization of OSINT techniques to specific
categories should be always correctly justified [89].
On the downside, the OSINT end-user could be a delin-
quent trying to commit a crime. A cracker could profile the
target to increase the likelihood of success. A thief could
analyze family members to steal from home at the best
time. An extortionist could publish the private and personal
information of the victim if a ransom is not paid.
Developers have to consider the aforementioned aspects
when implementing OSINT tools. In any case, for our sake,
the most powerful tools should be only available to LEAs and
Intelligence Agencies.
Do'stlaringiz bilan baham: |