Is it ethical to use hacked data in scientific research?

Abstract

Hacked data — data obtained in an unauthorized manner through illicit access to a computer or computer network— are increasingly being used in scientific research. Examples include conflict modelling studies based on WikiLeaks datasets, and studies on sexual behaviour based on data leaked from Ashley Madison, a dating website hacked in 2015. Studies of this kind are prima facie lawful because the researchers who processed the data had no involvement in the hack itself, and the hacked datasets were made publicly available. However, research integrity is not simply reducible to lawfulness. We contend that the ethical acceptability of using datasets of illicit origin cannot simply be presumed, but requires ethical justification. Therefore, the scientific community is urged to address a fundamental ethical question: whether, and under which conditions, conducting research using hacked data can be considered a morally justifiable behaviour. This contribution will discuss and critically evaluate the ethical boundaries of research involving hacked data. This emerging ethical dilemma will be examined by analogy with previous debates on the ethics of research using data of unethical origin, such as research with data from Nazi medical experiments. Furthermore, we discuss the compatibility of research involving hacked data with current research ethics guidelines such as the Belmont Report. We posit that research using hacked data should be deemed ethically problematic. However, exceptions may be acknowledged, depending on how the data are processed and the overall value of the study to society. To this end, we propose six ethical and procedural requirements for conducting research with hacked data in an ethically responsible manner.