An ethical examination of the Internet Census 2012 dataset: A menlo report case study

In 2012, an anonymous individual used basic techniques such as default or no passwords on Internet access equipment to get unauthorized access and install a scanning botnet on hundreds of thousands of commodity network devices around the world. Making efforts to minimize potential harm, this individual still took actions that would never be sanctioned by an academic ethics review board (and violated computer trespass statutes around the globe), to perform an unprecedented internet-wide scan at a scale and speed never seen before. Then, some results and the raw data were published for anyone to access, raising a host of ethical and legal questions. One central question is whether researchers who, but for the illegally obtained data, could not ethically or legally perform the same experiment or produce the same data themselves should use that data. Might the lack of community condemnation for performing such potentially illegal and unethical experiments create a situation where researchers are effectively encouraging law breaking by those willing to risk getting caught to create data that is otherwise not justifiable to create, simply to allow researchers to get around ethical restrictions? In this paper we examine this event in the context of the guiding principles outlined in the Menlo Report in an attempt to better understand the ethical implications of such actions.