Background on Snowden

Discuss about the Ethical Issues Of Snowden Effects.

Many people watched the odyssey of the “whistler” Edward Snowden, had the impression that he was a little bird, accidentally flown into the caches of the US National Security Agency (NSA), pecking there the grains with the label “top secret”, and then scattered them in Western European media. In 2010, already working as an NSA contractor, Snowden “went to learn” on a hacker (Abokhodair and Vieweg, 2016). He enrolled in courses that train professional scouts “to think like hackers, to understand their technical trickery” in order to successfully defend the NSA network. These courses were said to have trained “graduated ethical hackers”. Admittedly, a well-bred position or profession! The knowledge that Snowden acquired, becoming an “ethical hacker” was a sword with two blades. “The blade”, which he applied, helped him to invisibly invade the computer system of the NSA and collect top secret documents (Druschel, et al, 2015).

There are people who argue what the word ethics means. For some, ethics means the feeling of right or wrong.  Others define ethics as following of the law.  Ethics is determined by what the society believes is right or wrong.  For example, in the case of Edward Snowden, people have divided opinions on whether he did the right thing by leaking the documents or not. Ever since he leaked the classified information he’s been called both a hero and a traitor. Those who call him a hero do so because he showed that the American government was spying on its own citizen which is a violation of their rights. On the other hand, those who call him a traitor say that his actions were not patriotic (Sarhan, 2017).

It is not good that Snowden has spent a reasonable time having access to confidential information and then go out and disclose it. If indeed the United States could be missing from its citizens and the countries with which it has diplomatic relations, neither did Snowden act responsibly, since it was supposed to know the kind of work that the company for which it worked would do, and to whom that work would be . He did not act in accordance with the deontological codes that protect his profession, which he was obliged to comply with. If it could certainly be argued that Snowden acted freely, on the other hand it would be affirmed that he did not do so responsibly. To be a free man, you must first be responsible.

Ethical Issues Surrounding Snowden’s Actions

When flying from China to Russia, where it is located in a space considered in transit or “no man’s land”, Snowden has generated a diplomatic flicker between the three great powers and Ecuador. China, accused by the United States for letting it escape; Russia, which does not decide to deliver it on the grounds that it has not crossed the border, and Ecuador dragged into the dispute because the young American would have sought asylum from that South American nation, which already have the precedent of protecting Julian Assange for more than a year, the founder of Wiki leaks, persecuted for similar reasons.

In 2013, a CIA systems administrator Edward Snowden leaked confidential government documents to the media about government surveillance activities on its citizen. According to the government officials and legal experts, Snowdens actions violated Espionage Decree of 1917; the decree states that disclosure of state secrets is an act of betrayal. Snowden justified his decision by arguing that he had a moral obligation to act (Claypoole, 2014). The public had the right to be informed about what was being done against them. According to Snowden, he had to expose the government for what it was doing despite breaking the law. Being that Snowden had violated confidentiality agreement in his contract, some people looked at the bigger picture which is the social contract that Snowden had with the public i.e. the social contract that a democracy has with its citizens (Masoodi, 2016). Snowden’s action were supported and condemned in equal measure. Ed Morrissey, who was at the time an editor of the New York Times argued that Snowden had committed a crime because he could have reported via a legal channel. According to Morrissey, Snowden is a criminal and should have been tried for his actions. He violated laws that are aimed at safeguarding legitimate information from national security of the enemies of Americans. The laws were designed to protect Americans (Giffin, et al, 2017)… 

An ethical issue is a situation where an organization or a person is required to choose between alternatives evaluated as right or wrong. One of the ethical issues in this case is Security.  Hackers have found it easy to hack into any computer system as long as it is connected to the internet and get information.  The act of the government to bug or spy on people was wrong to some people because it was infringing on people’s privacy. On the other hand, some may argue that the NSA was right on spying because it would be able to get more intelligence that would enable it to protect its citizens.

Implications on Security

Another issue is whether it was ethical for Snowden to leak the information to the media.  Snowden violated the code of honor that states that one is not supposed to Leak Company’s information to the public.  As every employee knows that leaking a company’s vital information to the public is against the code of ethics and more so because this was matter concerning national security (Smith, 2016).

Snowden did not freeze in the cloak of the rank and file NSA. His responsibility grew parallel to his skill as a hacker and a computer technician. He was already called “system administrator”. And although the exhaustive description of this post is classified, one can guess that Snowden has become an expert on cyber security in the bowels of the NSA. According to the expert on computer security of the Center for Strategic and International Studies James Lewis, if he (Snowden) had the opportunity to look into government networks aimed at penetrating foreign ones, he had a lot of access to these networks.

We live at a time when terabytes of information easily fit into palm-sized devices. It’s not stealing a concert grand piano from a music store. The difficulties faced by the NSA, recruiting hackers, outwardly resemble the problems of the police, who use the services of “bear cubs”. But the NSA is even steeper. He has to hire hackers – a tribe of freedom-loving and idealistic quirks. Snowden, apparently from this nest, although “ethical”. However, the ethics of a double-edged sword.

As an “ethical hacker,” he taught government and corporate organizations how to defend themselves against hacker attacks and how to uncover “shells” in which “hacker snails” hide. The program operated by EC-Council had a “code of honor” , which obliged “ethical hackers” to keep any confidential information obtained during the research of the system on their vulnerability. The president of the NSA claimed that Snowden  violated the “code of honor” by publishing the information that he had collected. But the leaders of the NSA regularly visited hacker gatherings. They advertised their Agency and simultaneously recruited hackers (Savage, et al, 2017). Even the director of the NSA, General Alexander, participated in such advertising and recruitment.. The puncture with Snowden has already begun to be carefully studied in order to “pick up the keys” more thoroughly to recruited hackers.

There were so many parties that were affected by the Snowden leaks. First, there were the relationships that America was left repairing after this explosive dossier emerged. According to Nationals Intelligence officials, Snowdens leaks may have caused more impact on the country’s security Agency.  The national security Agency’s ability to collect intelligence was affected greatly which has put American citizen’s security in jeopardy. The American army serving overseas in countries such as Iraq and Afghanistan now face a greater risk to their security because they can no longer receive credible intelligence information that help them to counter any attack (Munz, et al,2018).

Impact on US Foreign Relations

U.S foreign relations was affected in various ways; The U.S relations with countries such as Brazil, Germany and Many others were affected after Snowdens revelations.   Mexico is yet another country that was annoyed that their president Enrique Pieta and his predecessor was snooped upon. America was also accused of bugging the European Union and the United Nations and has been forced to rebuild trust with some of these nations.

The technology industry was profoundly affected by the Snowden revelations after it emerged that the NSA tapped into information that was held by companies such as Google, AT&T and Cisco.  These companies lost business due to public outcry over their roles in tapping the information by NSA. The cloud based computer industry had lost up to $36 billion by 2016. Companies such as Microsoft have also allowed international customers to store their data in servers outside America due to this  revelations (Quinn, 2014). 

There are so many what if’s . For example, What if an administrator decides to make extra cash by selling company information or source code? What if an administrator deletes or suspends a virtual machine running the organizations payment processing application.  The implication in downtime and cost would be very high. What if an attacker gains credentials of your Vsphere by the use of phishing? This are some of the questions that organizations are asking to mitigate against such effects.

According to the ASC code of ethics, there are several solutions that an organization can put into place. First, the companies can institute the two person rule , or secondary rule policies should be implemented for sensitive administrative processes (Ozkaya and Islam, 2018).  Better yet, the organization should find a tool to automate this process to prevent any actions that may be damaging to the organization.  This prevents any damaging actions from taking place in the first place.

Second, use of encryptions is another solution that can be implemented to solve these problems. A judicial committee presentation on the Snowden matter indicated that encryption technologies should have been employed to increase security on the NSA infrastructure.  When using a public cloud to store data, it is important to build appropriate security measures to that secure key management systems that you control.  This is one of the best methods to ensure that there is data privacy (Horvitz and Mulligan,2015). Encryption makes the default state of the organizations data secure which makes it advantageous.  This means that the organization is able to build a security program from the inside out rather than the other way which enables the organization to protect the data in the first place.

Impact on the Technology Industry

Using data encryption and administrative control hand in hand can go a long way to preventing threats of insider incidents such as the one witnessed during the Snowden moment.  The company should consider defining a group of administrators that will be responsible for securing the organizations virtualized infrastructure (Laudon and Laudon, 2015).  Also , the company should make sure that the appropriate two factor authentification process is in place, monitoring and control policies should be put in place that define and enforce acceptable behavior.  For example, in databases where sensitive information is stored, encryption should be used to prevent any administrator from accessing the data.  Once the data and admin control is locked down , the next step is to build a root of trust down to the hardware level to secure the cloud. 

Given the clear advantages of cloud computing, it is curious that the number of organizations that adopt this form of provisioning of IT services based on data for their employees is not greater. After all, cloud computing means less investment, both in technology and in HR for IT, in addition to taking advantage of the best and innovative IT solutions. In spite of everything, the fears persist.

One of the biggest challenges for banks and financial companies is protecting their data from unauthorized access. In this sense, there is a sincere concern about whether it is possible to keep files encrypted while moving to or from the cloud or sent through cloud services Wahl-(Jorgensen, Bennett, and Taylor,2017). In addition, the confusion about whether a cloud environment can comply with general and industry-specific regulations, not to mention data leakage and access to information from multiple devices, is latent.

Recommendations and Conclusion

The most substantial decision for a company is to carefully choose its cloud provider and make sure that all its employees use an authorized platform. If workers do not have a certified cloud platform, they could use free and insecure cloud environments, without the IT department knowing about it ( Schermerhorn ,et al, 2014). .

Another consideration to consider is the lack of physical control. If you can steal credentials in the cloud, it is difficult for an organization to restrict access to documents retroactively. In the facilities, confidential data is the priority of the company. For cloud providers, the biggest concern is to give 24/7 access to their platforms, even for those who care about security.

Mitigating Similar Situations

This is complicated by the security problems presented by rapidly evolving technologies such as mobility or the Internet of Things (IoT), which access services and data executed in the cloud. Also, the desire to improve their productivity can lead an employee to take advantage of the cloud to, intentionally or not, share their documents with third parties, giving external users access to information that is not allowed. Another challenge is the “Man-in-the-Middle” attacks, where hackers enter secretly and can alter communication between two parties that believe they are safe (Blake,2015).

The encryption linked to a device allows, by encrypting a hard disk or a removable drive, protect the data on the disk. This approach is appropriate if the device is lost or stolen. On the contrary, when a user logs into the device and the data is decrypted while working on a document, not deploying additional protections means that this data could be used (unencrypted) in other applications executed on the device and even left to through the network. In addition, the data could be loaded later – without protection – into other hardware through a cloud platform or email.

To overcome the gaps in device-based encryption, data can be classified by a technique called Data Loss Prevention. DLP, for its acronym in English, ensures that data will not leave the device or the network, based on policies and rules. However, DLP does not stipulate which files can be encrypted, the policy settings and decryption rules or how to apply them properly.

And is that DLP solutions work in a similar way to disk-based encryption; the data is encrypted before leaving the network and reaching the cloud, where the data can not be used if they are encrypted. Therefore, device-based encryption and DLP are adequate techniques to protect local data at rest, but not to secure the files left by the company. At this point, it is convenient to apply a third approach that allows you to always encrypt data, whether they are at rest, in the network or in the cloud.

Similarly, when encrypted data is transferred to the cloud, it would be ideal for employees to access information from the cloud, using other devices and applications to which they have been granted that right. The answer to achieve this goal: combine centralized security rules and controls with the option of giving end users the ability to apply encryption to the files they handle.

References

Abokhodair, N. and Vieweg, S., 2016, June. Privacy & social media in the context of the Arab Gulf. In Proceedings of the 2016 ACM Conference on Designing Interactive Systems (pp. 672-683). ACM.

Blake, M.C., 2015. The Snowden Effect: The Conflict in a Free Society, Who Values Privacy Versus Who Values Security?.

Claypoole, T.F., 2014. Privacy and social media. Bus. L. Today, p.1.

Druschel, P., Rodrigues, R., Post, A., Gehrke, J. and Vahldiek, A.L., Max-Planck-Gesellschaft zur Forderung der Wissenschaften, 2015. Protecting the integrity and privacy of data with storage leases. U.S. Patent 9,165,155.

Giffin, D., Levy, A., Stefan, D., Terei, D., Mazières, D., Mitchell, J. and Russo, A., 2017. Hails: Protecting data privacy in untrusted web applications. Journal of Computer Security, 25(4-5), pp.427-461.

Horvitz, E. and Mulligan, D., 2015. Data, privacy, and the greater good. Science, 349(6245), pp.253-255.

Laudon, K.C. and Laudon, J.P., 2015. Management Information Systems: Managing the Digital Firm Plus MyMISLab with Pearson eText–Access Card Package. Prentice Hall Press.

Masoodi, M.M., 2016. David Lyon, Surveillance after Snowden. International Journal of Communication, 10, p.3.

Munz, R., Eigner, F., Maffei, M., Francis, P. and Garg, D., 2018, April. UniTraX: protecting data privacy with discoverable biases. In International Conference on Principles of Security and Trust (pp. 278-299). Springer, Cham.

Ozkaya, E. and Islam, R., 2018. Privacy in Social Media. In Security and Privacy in Communication Networks: SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings 13 (pp. 3-10). Springer International Publishing.

Smith, C., 2016. The Snowden effect: Three years after Edward Snowden’s mass-surveillance leaks, does the public care how they are watched?. Index on Censorship, 45(3), pp.48-50.

Sarhan, A.Y., 2017. Protecting Sensitive Data in Clouds Using Active Data Bundles and Agent-Based Secure Multi-Party Computation.

Savage, C., Petro, C. and Goldsmith, S., Ponoi Corp, 2017. System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data. U.S. Patent 9,619,632.

Schermerhorn, J., Davidson, P., Poole, D., Woods, P., Simon, A. and McBarron, E., 2014. Management: Foundations and Applications (2nd Asia-Pacific Edition). John Wiley & Sons.

Quinn, M.J., 2014. Ethics for the information age. Boston, MA: Pearson.

Wahl-Jorgensen, K., Bennett, L. and Taylor, G., 2017. The normalization of surveillance and the invisibility of digital citizenship: Media debates after the Snowden revelations. International Journal of Communication, 11, pp.740-762. Wahl-Jorgensen, K., Bennett, L. and Taylor, G., 2017. The normalization of surveillance and the invisibility of digital citizenship: Media debates after the Snowden revelations. International Journal of Communication, 11, pp.740-762.