Page 103 - Data Science class 11
P. 103

1.4  Why Do Data sciEntists nEED to UnDErstanD Ethics?

            Definition of Ethics: Ethics examines the rational justification for our moral judgments; it studies what is morally
            right  or  wrong,  just  or  unjust  organisation  must  have  a  policy  to  deal  with  the  data  ethically.  It's  not  merely  a
            legal requirement but essential for long term success of any organisation. Any organisation that deals with a large
            environment and wants to adjust on long term basis, must follow data ethics.
            As data scientists who get access to a vast amount of data in their data analysis, it is rather essential for them to
            adhere to ethical guidelines. The use of protective mechanisms and policies to discourage the mishandling and
            unethical use of data should be made part of best practices.
            You will observe from the examples given below, how unethical data handling resulted into not only loss of reputation
            but also loss of customers. This is because negative scenarios arise if ethical guidelines are disrespected.

            1.4.1 a Few miscreants can do an immense amount of harm

            During year 2010–2020, we have seen many organisations have suffered due to data breaches. Hackers worldwide
            have become very active and are on the lookout to crack through a reputed organisation's firewalls and steal important
            data from their servers. The stolen data-set is then sold out for a hefty sum.
            Adobe reported that in early October 2013, hackers had stolen almost three million encrypted customer credit card
            records and login data for an undetermined number of user accounts. Days later, Adobe increased that estimate to
            include IDs and encrypted passwords for 38 million ‘active users’. Security blogger Brian Krebs then reported that a
            file posted just days earlier “appears to include more than 150 million usernames and hashed password pairs taken
            from Adobe”. Weeks of research showed that the hack had also exposed customer names, password, and debit
            and credit card information. An agreement in August 2015 called for Adobe to pay $1.1 million in legal fees and an
            undisclosed amount to users to settle claims of violating the Customer Records Act and unfair business practices. In
            November 2016, the amount paid to customers was reported to be $1 million.
            Yahoo announced in 2016 that the account information of at least 500 million users was stolen by hackers two years
            ago—this is the biggest known intrusion of a company’s computer network.
            In a statement, Yahoo said that user information—including names, email addresses, telephone numbers, birth dates,
            encrypted passwords and, in some cases, security questions—was compromised in 2014 by what it believed was a
            “state-sponsored actor”.

            While Yahoo did not name the country involved,however the company discovered the hack after nearly two years
            offered a glimpse at the complicated and mysterious world of the underground web.

            Till date, Yahoo holds the title for the largest data breach in the history of the Internet. This data breach had exposed
            the email addresses, names, dates of birth of around three billion people.

            Another example of a data breach is that of Marriott (Starwood) hotel. In 2018, Marriott’s data team had confirmed
            that around 383 million accounts of the guests were hacked two years back (2016). The breach had exposed the
            names, addresses, contact numbers, and passport information of the guests whose accounts were compromised.
            In April 2019, it was revealed that two datasets from Facebook apps had been exposed to the public Internet. The
            information related to more than 530 million Facebook users included phone numbers, account names, and Facebook
            IDs. However, two years later (April 2021), the data was posted for free, indicating new and real criminal intent
            surrounding the data.

            It is doubted that Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and
            encrypted passwords, the company said. But unprotected passwords, payment card data and bank account details did
            not appear to have been compromised, indicating that some of the most useful user data was not taken.


            1.4.2 Lack of consent
            One of the leading social networking sites experimented to elicit a reaction from the users, wherein without consent,
            they purposely fed the users highly extreme point of view and particularly incendiary part of the news in their


                                                                                        Ethics in Data Science  101
   98   99   100   101   102   103   104   105   106   107   108