Recently the Philippines’ Commission of Election website was hacked. Data about all the registered voters (essentially the entire population) was stolen and have been made public by LulzSec Pilipinas. The website wehaveyourdata+dot+com made this hard-to-decipher data into a very easily searchable online public database.
I am here not to battle you through the web in this who-has-the-bigger-dick contest but rather, I would like to share my knowledge, experience, wisdom, and professionalism to you. This is about code (ha) of ethics, professionalism, and social responsibility. This post is dedicated to those involved in making the comelec data public. If you have the choice of not making this data public, you are involved and you are responsible. This post is also dedicated to everyone and anyone who are contemplating on committing acts like these. We know you mean well. We know that what you think you’re doing is right. Unfortunately, most people who resort to acts like these do end up causing havoc and endangering other people’s lives. They end up hurting their own cause, reputation, and goals. You owe yourself and to society to be the best you can be, and to be morally good and responsible. If you don’t, you’re not different than the antagonists you are trying to fight. (ps, there’s more money and less criminal records in white hat hacking)
Please take these tips as life lessons or, life tips if you will. It will definitely help you not only in life but also in your web/tech career. We mean these with all the appropriate respect that you deserve.
Moving forward, let’s talk about the technical side of things:
1.) Ease of use: I see that you have some UI (even performance and security) skills kid. You have a promising future ahead of you. The world can use some of that. (ps, I’m web dev too). I really commend you for that. Unfortunately, what you’re missing is the UX of it all. You’re forgetting about your clients the ones that you’re trying to serve: the people. You end up hurting the people you’re trying to protect. By making the sensitive personal information exceptionally easy to access, you’ve basically given permission for strangers to access someone else’s data. I get that you want to prove to individuals that you have credible data but what you could’ve done is provide text fields for first name, last name (and to verify that only the owners of the data can see their own data) ask for the birthday (or any other security questions), then you can dump everything. If you did this, I really would not have minded at all, even if you have all the information.
2.) Almost being responsible: I see your effort in trying to somewhat make us ‘safe’ by hiding our passport details and ‘other docs’. You had the good intent there but you fell short. Basically, all the information you have made public is equally as sensitive, private, and important, as our passport details. You have address (which puts our physical security at risk), fingerprint details (identity theft), birthday, parents, mother’s maiden name ~all of which are used by current IT and security structures to have an organized and secure web experience. I think you know this already sir. If not, it’s time for you to know. The bigger challenges you take on, the bigger responsibilities you have. This affects your professionalism.
Again, you’re hurting the people you’re trying to help and protect here.
3.) Relinquishing of Responsibility: It doesn’t work like that bro (or girl). Not because you stated it means that you’re out of the woods already. Things in this world are all interconnected and for the most part we are all responsible not only for our own actions but for actions and situations that affect/involve us. If a killer asked you to hand a gun/knife to him so that he can kill someone, you can’t say “it’s not your fault, I didn’t pull the trigger”. You have a choice, and inherently as a human being you became responsible of that moment, of those actions, and of the consequences. If you handed the gun, you’ve enabled that person and caused the victim to die. If you didn’t, obv the victim would still be alive. So logically speaking, you’ve made a difference and therefore the only one capable (and responsible) for that decision and outcome. You can’t say you didn’t have a choice. The killer asked you to pass the gun….~you have the gun.
In this scenario sir, you’ve done basically just that. Sure you just ‘forwarded’ the information but essentially enabled criminal acts and endangered the safety of a lot of people. You’ve also taken the extra step of making it user friendly, not to mention secure for your sake. All in all bro…it’s not cool, it’s not professional, ethical, and everything else man. You’ve let us down. You’ve let your cause and your colleagues down as well. I don’t want you to feel bad about it (it would human of you if you do) but I would like you to understand the situation you’ve put everyone through, including you. I would like you to understand how responsibility works for your future endeavours.
I would like to think that you have a higher cause in these acts. It can be the whole “It’s a last resort to show COMELEC how big their security problem is”. We understand that. But it would be nice if you can do this without endangering other people. I also would like to think that you have a moral compass and that you believe in ethics and professionalism. There’s nothing to be done already since the data is out but for your sake and for everyone trying to feel like a web hero and trying to pull a stunt like this… We can do better…We can definitely do better. You know this. Help Philippines, don’t help in destroying it. YOU can do this. YOU literally have the power to do so.”
This article was copied from: