CYBER SECURITY
This viewpoint is reflected by Amir Saddon , Director of IR Research at Sygnia . “ Although OSINT relies on publicly available data , the use of this data can affect people , both in the organisation and outside of it ,” he describes . “ When collecting this data , organisations should not only consider their investigative needs but also the ethical and regulatory impact of the data . For example , OSINT could be misused to collect information about private social media activities of employees and their surroundings .”
One of the biggest considerations to OSINT is privacy , Skelton asserts . “ Just because information is publicly available doesn ’ t mean it ’ s ethical to collect and use . There must be a clear well-defined purpose , and care must be taken to only use the information in line with that purpose . Additionally , there can be challenges in ensuring accuracy and validity of data collected . Misinterpretation or misuse of information can lead to harmful decisions . It ’ s important for professionals to maintain a clear ethical guideline of what data to collect , how to use it , and , importantly , what not to do .”
To help tackle these risks , Saddon explains that data collection should be limited to a minimum and only necessary to help meet investigation goals without violating the rights of employees or others .
“ Allowing or enabling technology to collect data or scan systems “ on autopilot ” will often result in unethical or illegal data collection , and therefore a key part of ethical OSINT is to ensure data collection is controlled by humans who fully understand privacy issues and ethical concerns .”
48 November 2023