Ethics and Open Source Intelligence
Data ethics are an obvious concern. Beyond the clear moral imperative to
investigate ethically, GDPR requires organisations to focus on data storage compliance.
However, there are wider ethical considerations when it comes to data collection. It is essential that organisations instil ethics and data privacy within intelligence processes from the start.
As OSINT is generated from publicly available information, it could be said to be more ethical than intelligence gathered from other data sources. OSINT investigations, and the publicly accessible nature of OSD, make it far easier to stay on the right side of the ethics divide.
But there are always more or less ethical concerns facing investigators. Although OSD is publicly accessible, its collection can still be unethical if done to excess. Indiscriminate collection of OSD makes it far more difficult to both adhere to compliance standards and to act on the information contained within, simply because there is too much of it to make sense of.
Always investigate ethically
Mass surveillance and indiscriminate data collection and storage can place your organisation at risk of non-compliance and reputational damage. OSD might be publicly available information, but it still covers personal data that is subject to data privacy regulations in varying degrees. You need to consider legal, financial and PR components, along with their associated risks.
Ethical OSD usage depends on an organisation’s willingness and ability to target their data handling towards specified objectives that limit the flow of information to only valuable information. Effective solutions will offer a simple means of saving source information and collected data, allowing for easy referencing and cross-referencing of investigations. By simplifying and streamlining access to OSD, OSINT solutions provide an opportunity to gain information that might otherwise only be available through more extensive and intrusive forms of intelligence collection. We can move towards toward the ethical collation and distribution of publicly available data for a more targeted and sophisticated approach to investigations. Too much automation with no human involvement can lead to inaccurate, incorrect and unethical decisions. An IA approach that leaves humans in charge of OSINT decision-making reduces the risk of poor and potentially unethical decisions.
The following also have an impact on the extent to which investigations can be considered ethical:
Targeted searches: collect only the information that is relevant to the investigation
Legitimate use cases: collecting data to prevent crime, protect national security or meet regulatory requirements is considered more ethical than collection for marketing or sales purposes
Only public data: using data that is freely available