Ransomware for profit, the opioid scandal, and children enticed into vaping. We need to find a way to stop businesses preying on humanity, argues Jerry Davis
A ransomware attack that shut down a major US oil pipeline in May 2021 highlighted a surprising new business model: ransomware-as-a-service. The attack halted the operations of the Colonial Pipeline, a central supply route for the southeastern United States that provides nearly half of the East Coast’s fuel needs.
DarkSide, the organization behind the hack, did not carry out the attack itself. Instead, it is a business service provider that creates tools for hackers that it makes available for a fee, a sort of Amazon Web Services for extortion. DarkSide’s business model was immediately dubbed “ransomware-as-a-service” (RaaS), paralleling other new business models such as software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS).
Hacking an organization’s servers and holding its data for ransom is not new, although it has become a much bigger business in recent years. But DarkSide stood out for what can only be called its professionalism. It has a help desk for its unwilling “customers” and a detailed interview process to screen its team members and business partners, with whom it splits the proceeds. To ensure that there is honor among thieves, members of the ransom-hacker community apparently rely on escrow accounts and an online “hacker court” to adjudicate business disputes.
Moreover, DarkSide has a code of ethics: no hacks on hospitals, schools, or nonprofit organizations. It also claims to donate some of its profits to charity. In many ways it looks like any other contemporary business service provider. Indeed, some of the most troubling businesses have been among the most generous philanthropists. Tobacco vendors Phillip Morris and R J Reynolds were long-time patrons of the arts; the name Sackler graces countless art galleries, medical facilities, and research institutes around the world thanks to donations from the family whose business developed and marketed the highly addictive painkiller OxyContin, fueling the opioid crisis.
This raises several questions. Are there business models in use that are intrinsically, well, evil? How would we recognize a company that had an intrinsically evil business model? (Let’s call it an EBM.) Is there a clear dividing line between intrinsic and incidental evil? Are some economic systems more prone to EBMs? And is there any amount of “corporate social responsibility” that can absolve an EBM?
Any kind of business can be subject to incidental evil. An enterprise might be in the business of providing delicious chocolate for children, or seafood-flavored food for kittens, and discover that the cacao farms at the start of their supply chain rely on child labor, or the shrimp in their cat food is harvested by enslaved workers. Of course, any responsible business in this situation would quickly move to eliminate such human rights abuses and take steps to ensure that their supplier labor practices meet the highest global standards. Here the problem is not the business model but its implementation. (Unless vending delicious empty calories somehow counts as being compromised.)
And some evaluations of evil change over time. There are many businesses today that would have been regarded as immoral in previous times and places, such as growing and distributing cannabis or Grindr, the geosocial app for LGBTQ+ people. Likewise, there are businesses that were respectable in the past but troublesome today, such as tobacco. And there are surely current businesses that the future will regard as unconscionable, perhaps cattle production or air travel. In these cases, the business model might stay the same, but the moral tinge of the product or service changes.
But are there business models that not only have no redeeming features, but actually make the world worse, while still profiting their practitioners, such as extortion or ransom? How about websites that post names and mugshots harvested from police websites? There are several such sites online, and many of them have excellent search engine optimization, meaning that if you search someone’s name online and they have a mugshot somewhere in their past, it appears high in the search results. Being arrested and having a mugshot taken does not mean that someone has been found guilty of a crime: consider mugshots of Martin Luther King Jr after his arrest at righteous protests. But prospective employers or dates may not make this fine distinction. The revenue model? Charge people to remove their mugshot from the site.
What about pharmaceutical companies that market addictive opioids by persuading pliable physicians to prescribe them for off-label use? Companies adopted variants of this EBM, which has been largely responsible for an unprecedented decline in the life expectancy of Americans over the past generation. According to the New York Times, “Overdoses, fueled by opioids, are the leading cause of death for Americans under 50 years old — killing roughly 64,000 people last year, more than guns or car accidents.” Some entrants into this industry segmentwere very clear from the start that off-label uses of their highly addictive products were essential to their enterprise’s profitability.
Or consider vaping companies that market candy-flavored nicotine pods to teens and tweens by advertising on websites aimed at children. As I write, one in four high schoolers in the US has vaped in the past month, and one in 10 middle schoolers (children aged 11 to 13).
One growth industry during the pandemic was the hosting of a web-based marketplace where students who don’t want to study can find freelancers to complete their assignments and tests for them. This business model may be evil, or merely unethical, but it evidently is not illegal, as there are several competitors offering this service.
There are, it seems, many kinds of business that are difficult to redeem.
Several scholars associated with the British Academy, a fellowship across the humanities and social sciences, have proposed corporate purpose as a way to ensure that corporations are constitutionally bound to pursue human-serving ends. Optimistically, if corporations were required to declare a purpose, “to produce profitable solutions to the problems of people and planet [and] not to profit from producing problems for people or planet”, that might help rule out EBMs.
‘The profit motive, it seems, can often generate businesses that leave the world worse off’
Declaring a purpose that meets these standards might help. Then again, we should never underestimate the sophistry of PR firms in coming up with a plausible-sounding purpose. Surely an opioid producer would state its purpose as “alleviating human suffering”. A producer of hyper-processed foods that incline their consumers toward obesity and diabetes might choose “nourishing the world”. A vaping company could go with “helping wean smokers off cigarettes”. A social media company that hosts genocidal hate groups or insurrectionists? “Enabling people to build community.”
And even DarkSide is attentive to its reputation, claiming: “We are apolitical, we do not participate in geopolitics, do not need [sic] to tie us with a defined government and look for other our motives. Our goal is to make money, and not creating problems for society.” By including this last clause, they would have met the British Academy’s definition of purpose.
The profit motive, it seems, can often generate businesses that leave the world worse off. But are there some economic systems that are more fertile than others when it comes to EBMs? Is there an institutional terroir that is especially conducive to breeding monsters? Authorities investigating the Colonial hack are confident that DarkSide is a Russian organization, with no evident government connection. Prior instances of hacking-for-profit seem to be particularly prevalent in certain Eastern European settings.
But if I had to name a country that seems to specialize in incubating morally troubling business models, there is a different place that stands out. In a recent article entitled Capitalism needs to be re-encapsulated, Amitai Etzioni, the Israeli-American sociologist, lays out the case: rapacious pharmaceutical companies that market their wares with abandon; badly run for-profit prisons, schools, and nursing homes; financial institutions that will securitize anything, including life insurance payoffs of the elderly and terminally ill. A veritable buffet of wrongdoing. Sound familiar? I’ll leave it to you to work out where these particular evils reside.
27 November 2023 • by Michael Skapinker in Magazine
The Church of England has moved away from engagement and sold its fossil fuel shares, but to whose benefit? The shares have most likely been bought by investors who care little about...
Audio available
6 November 2023 • by Sudhanshu Sarronwala in Magazine
Focusing on a company’s ecological and social impact as well as its economic performance has yielded mixed results. However, there is increasing evidence that even legacy companies are now making positive strides....
Audio available
30 October 2023 • by Bali Padda in Magazine
Technology may lead to a more efficient process, but it’s not the best option if it worsens the customer experience – and without due regard to data cleansing the results can be...
Audio available
26 October 2023 • by John Elkington in Magazine
What’s a regenerative business model? It starts with designing companies as if we mean to stay on this planet....
Audio availableExplore first person business intelligence from top minds curated for a global executive audience