Back in 2015, I wrote about the Hacking team data breach. Among other things, I wrote:
Police departments are run for public service, Hacking Team is run for profit. Police departments are subject to independent oversight, Hacking Team is not. […} Had they been a company founded in solid morals and ethics, they wouldn’t have found themselves in this situation.
Why am I picking this back up? While I made some assumptions about their morals and ethics back then, subsequent events have shown that I was correct. While they did have a number of customers from the sphere of law enforcement and intelligence, their software has also been used by criminal cartels.
I want to be very clear: I don’t know that the software has actively been sold to criminals, but that is actually irrelevant. As the developer of the software, Hacking team has a moral and ethical obligation to ensure that it isn’t used illegally.
What is the lesson here? From my point of view, the lesson is that such software should be regulated, and anyone dealing in it should be subject to close scrutiny and thorough oversight. If it isn’t, then how can we trust that it isn’t being actively sold to criminals?