HTW Berlin Fachbereich 4 Internationaler Bachelor Studiengang Internationale Medieninformatik (Bachelor) Informatik 3 Winter Term 2023/24
	Info 3: Informatik III Modern Software Engineering

Case 2: Identity Theft

Hans was running a study on the effects of using a well-known anticonvulsant for the treatment of a geriatric condition. He had been able to get 57 patients with various stages of the condition from diverse senior citizen’s homes around the area to participate in the study.

He had collected a lot of data and was currently running statistical analyses to see if he could find a significant lessening of the condition as opposed to the placebo group. The data center administrator in his department, Francis, was a real pain. She insisted on him keeping identifying data separate from the trials results, and she had set up an elaborate system of passwords to make sure that only authorized persons had access to the data.

This exasperated Hans, as he lived a long way away from the institute. He wanted to be analyzing the data, but didn’t want to have to take a long train ride into town every day just to crunch some numbers. After all, he had a laptop that his girlfriend, Rita, had given him last Christmas. He had installed a recent copy of SPSS they had in the lab on the laptop, and he had asked his friend Deniz, a computer wizard, how he could make a copy of the database. Deniz had shown him how to dump the data at work and install a copy of the data on his laptop. He was easily able to fit the data on a memory stick and take it home with him. Deniz helped him remove the password protection from the database, and that make life much easier. Now he could even work weekends or from the café across the street!

Hans was having breakfast and running through some numbers in the café one Monday morning. There were a few other people there with laptops and mobile phones, your typical modern nomadic businessperson. One person, Richard, liked to have a look around at the computers people were using when he was in a public place. Most people didn’t bother with passwords, and many had great gobs of interesting data open for the taking in the folder “Shared Data”.

Today was jackpot day – Richard found Hans' computer wide open for the taking. He opened the database and had a look around. In no time he found the table with the identifying information, including name, address, and birth date. And from the birth dates he could see that these were elderly people – people who wouldn’t know how to fight back against identity theft.

He could sell this data for a good sum of money, maybe even 100 € apiece. Not bad for a morning’s work! Criminals specialized on ordering merchandise in the names of unsuspecting citizens and having it delivered to other addresses would gladly buy such data. By the time the companies started sending dunning letters, the merchandise had been fenced and the people whose data had been used were left facing a very unpleasant situation. 

Questions

• Who are the actors in this scenario? There may be unnamed actors, and not all named actors are truly involved in the case.
• What are the ethical problems (not the legal problems) involved in this scenario?
• Hans didn’t sell the data, so is he in any way at fault when his patients have problems with their identity data?
• Is Francis at any way at fault here?
• As a side issue, if the medicine is indeed effective, is it right to withhold it from some patients?