BBC’s ‘Click’ breaks the law or does it?

The BBC has a technology programme called Click which recently made the news.

“Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime. ”

So basically the guys at the BBC took over a Botnet to show how easy it is, and warned the users that their PCs were infected.

A couple more quotes that get us to the point:

“The programme did not access any personal information on the infected PCs.”

“If this exercise had been done with criminal intent it would be breaking the law.”

Now here is the big debate: is entering someone’s house because the door is ajar and then leaving without stealing anything legal?

Funny thing, I had that same debate last night with my colleague JP. We were discussing web security and if it would be ethical to search sites that are unpatched and try to get into them… with no malicious intent… just as a ‘proof of concept’.

I personally think it comes down to the fact that whenever you access someone’s property, whether it be a house, a web server, a computer etc… without authorization, it is an invasion of privacy.

So, the BBC’s programme may have had good intent, but it was not ethical to do what they did.

Jerome