How to Conduct an Ethical OSINT Investigation
By Charles Brown
Get the latest news and insights sent straight to your inbox
OSINT Regulations and the Ethics of Data Collection
When it comes to using data, many modern organisations are faced with a dilemma. Failure to use the mountain of information that is increasingly available online can leave them open to risks that could have been easily identifiable. Yet making use of it can lead to ethical concerns and accusations of irresponsible data usage. The use of technology – which allows for more efficient data handling – can also provoke concerns around the ethics of mass data collection.
However, ethical data collection is possible in OSINT investigations, especially if the right principles are implemented. In this article, we’ll explore practical ways of making sure your open source investigations are as ethical as possible.
Tip 1: Use publicly available data where possible
Publicly available data is almost always more ethical than private data. By their very nature, OSINT investigations use open source data – which is publicly available or publicly licensable. This makes life substantially easier (and cheaper) for investigators: the data in question hasn’t been drawn from illicit sources, neither is privileged internal data being used for purposes it wasn’t intended for.
However, as legislation such as GDPR illustrates, public data isn’t inherently ethical unless investigators apply strict rules to the way they collect and store it. The large volumes of public data available can also make it difficult for investigators to collect and analyse it, meaning that technology plays an essential part in improving the efficiency of open source investigations. We’ll examine some of these additional considerations below.
Tip 2: Ensure that investigations are targeted
Collecting huge amounts of data is frowned upon both by regulators and the general public. Indiscriminate data collection can put organisations at risk of both reputational damage and fines for non-compliance with data protection regulations. In order to avoid these risks, investigators need to ensure that their data collection is as targeted as possible.
Setting clear parameters at the start of each investigation, as is stipulated in the Intelligence Cycle, is one way to do this. The Intelligence Cycle is a framework for gathering and interpreting intelligence and is frequently used in government or military contexts but can be applied by any organisation with a need to gather intelligence in a professional, structured manner. The Intelligence Cycle’s first stage is usually considered to be ‘Planning and Direction’ and asks investigators to set out what questions they are trying to answer, what information might be needed to answer it, and where this information might be sourced from. By using this framework, investigators can start an investigation with a clear goal and process in mind. This allows them to target their investigation at exactly what is needed and avoid unnecessary data collection.
Technology can also play a vital role in ensuring ethics in data collection. OSINT solutions often point the investigator in the direction of the most relevant data and allow them to perform far more specific searches than would be possible manually. For example, some solutions will reprioritise data according to context in order to show the investigator the most relevant results first. Many tools also allow automatically categorise data and provide thematic overviews so that it’s easy for the investigator to get to the information they need quickly.
Tip 3: Decisions should be made by humans
Recent proposals for a European Artificial Intelligence Act highlight the increasing nervousness around the impact of decision-making without human input. ‘High risk’ AI solutions are considered to create challenges around unfair decision-making, such as social scoring, that directly impacts human welfare. In most cases, leaving decision-making to humans with the ability to make a nuanced assessment of a situation is unquestionably more ethical.
At the same time, however, technology is an essential means of speeding up investigations – and, sometimes, ensuring that there is enough time for them to take place at all. At Blackdot, we use a concept known as Intelligent Automation to tackle this problem. Intelligent Automation uses technology to automate the most manual parts of investigations, such as collecting data from multiple sources and mapping networks on charts. However, any key decisions are left to the investigator. Ultimately, technology is used to help the investigator get the information they need to make a judgement faster – but human skills and knowledge are still used to ensure that every decision is as ethical as possible.
Tip 4: Record your actions to stay accountable
The benefits of recording exactly what you’ve done at each stage of your investigation are twofold:
Firstly, they allow you to ensure ethics in your data collection by proving that any decisions as a result of your investigation were made ethically by recording all of the processes you undertook and evidence that you identified.
Secondly, it’s possible to prove that you conducted a full and thorough investigation if required by regulators or law enforcement. For example, a financial institution might need to demonstrate to regulators that it’s taking a proactive approach to investigating risk.
However, recording all of the steps of an investigation in an evidential manner (including taking screenshots of findings) is extremely time-consuming and can limit the time available to the investigator for analysis. Technology is also useful here: by automating the capture of each step of the investigation, the human investigator is freed up to give input where they can add more value.
Technology can enhance ethical investigations
In an enterprise context, OSINT investigators can’t rely on the fact that their data is public to make their investigations ethical. Instead, they need to consider all of the above steps to ensure that investigations are proportionate, targeted and explainable. However, following these steps can involve time-consuming, manual processes that make it hard for investigators to conduct effective investigations. Organisations consequently need to invest in automation technologies to ensure ethics in data collection and investigations whilst maximising efficiency. Our solution to this is Videris. Book a demo today, and see for yourself how you can optimise the outcomes of your open source investigations.