By now, you’ve most likely heard that Jennifer Lawrence, Kate Upton, Kirsten Dunst and at least eighteen other female celebrities have had nude and/or salacious photos/videos of them posted online. These photos were allegedly hacked from the celebrities’ phones and posted were intended to be private images for them or their loved ones.
How this hack happened is a source of debate. The leading theory in the press is that a flaw in Apple’s iCloud service allowed a hacker to “brute force” their way into the accounts. However, given that many of the devices weren’t iPhones (or even phones at all), it may not explain the whole of the hack. (Update: Just before publication, Apple denied that iCloud was breached and, instead, said that there was a targeted attack on “certain celebrities”.)
To me, a more likely theory comes from a person claiming to be responsible for the leak, who claims there was no singular hack. Instead, the photos and videos were shared as part of a “deep web” group that specialized in nude celebrities and each person was targeted and breached through a different means over the years. An iCloud hack may have been used in some cases, but other types of hacking, social engineering and revenge pornography also likely played a role.
This explains the variety of devices, the fact some of the photos were supposedly deleted long ago, why some of the photos are reported to be fakes and other issues with the single iCloud hack theory.
Regardless of how it happened, many of those impacted have been fighting back. On the criminal front, the FBI is said to be investigating the leak. On the civil side many of the celebrities involved have been securing removal of many of the sites dedicated to collecting and distributing the leaked photos/videos.
But while that effort may make it more difficult to find the content in the short run, in the long run, the photos are going to land on sites that are out of the reach of reasonable legal efforts and, in the long run, the metaphorical genie isn’t going back in the bottle.
But what does this leak mean for everyone else? What can we expect in terms of our privacy, protection in our work and the security of our content? Is this leak a one-off deal or is a harbinger of a digital dystopia where nothing is private or sacred?
The answer is, unfortunately, not what anyone really wants to hear.
Life in the Cloud
In 2014, the cloud is just a fact of life. Your emails, your photos, likely even your computer backups are all in the cloud. Even if you personally are careful and put nothing on the Internet, photos are taken of you in public places, records created by third parties and more are all online.
This is true even if you’ve never owned a cell phone or computer.
Unfortunately, better security isn’t the solution. Looking back to the iCloud hack theory, which may have impacted some of the celebrities involved, it came from a very simple flaw that allowed an outsider to make unlimited wrong password guesses, thus allowing them to “brute force” the password. While Apple shouldn’t have made the mistake and has since closed the hole, the hack still required knowledge of the celebrity’s email, for them to have an easy-to-crack password and not have enabled two-factor authentication (though the usefulness of the last step is debated).
But even a user had completed all of those steps, it wouldn’t necessarily have been enough. After all, social engineering, revenge pornography or just any security weak point could have undermined all of that effort very easily.
But the bigger issue is that security online comes at the tradeoff convenience. At some point, the burden placed on us by security becomes so onerous that technology ceases making our lives easier and instead just makes it more difficult and more dangerous.
It is completely unreasonable to expect any “average” users to have the skills, patience and dedication to keep out a determined and skilled hacker. Even if they did, their efforts could be easily thwarted by factors outside their control.
In short, simply throwing more security at the problem isn’t the solution. While everyone certainly can and should follow best practices to make themselves more difficult targets, no one is 100% secure. Likewise, we shouldn’t blame those who have their security breached. Just because your lock was easy to pick, doesn’t mean you deserve to have your house broken into.
However, this isn’t the only area where there’s been a great deal of victim blaming.
Blaming the Victim
To me, the most worrisome, but still most expected, response is variations of the “If they didn’t want the photos leaked, they shouldn’t have taken/shared them in the first place.”
This is, to put it simply, victim blaming at its worst.
In 2014, the Internet is as much a part of sex as it is every other part of our lives. We are sexual creatures and we are going to use the Web, our phones and every other piece of technology we can as part of that.
One does not waive their right to privacy by using their phone. In fact, the Supreme Court recently held that police need warrants to search cellphoneswycssszsyfudwdrezqzy of people they arrest and the phones are an extension of our homes and businesses.
In short, we have a reasonable expectation of privacy with our phones and that includes the photos we take with them.
But what’s more worrisome than those who outright blame the victims, is the more subtle examples of it. An article by Scott Mendelson at Forbes pointed out that several major publications, including People and CNN, have referred to the leak as a “scandal”, indicating that the celebrities involved did something wrong.
They didn’t. As Mendelson put it, this is not a scandal, it’s a sex crime.
The fact a person too a sexual image and sent it to someone they love and trust is not tacit permission for that photo to be leaked and shared with the world. To do so without their permission is not just a violation of their copyright and their privacy, but also their right to control their person.
The truth is that sexting is extremely common and a normal part of many relationships, especially those who are young (like many celebrities) that have long spans of time where the members are apart (also like many celebrities).
In short, the celebrities involved did nothing wrong, immoral or even uncommon. They had their privacy violated and are victims in every regard. However, that doesn’t mean they can expect much protection from the law.
The Grim Realities of Nonconsensual Porn
Last year at SXSW I gave a talk entitled “The Grim Reality of Revenge Porn” with my friend Katie Sunstrom. The crux of the talk was simple and remains intact today: The current laws are inadequate to protect victims of revenge or other nonconsensual pornography.
Copyright, currently is the best tool. However, it only protects victims who too their own photos (selfies). The Digital Millennium Copyright Act (DMCA) gives you an easy way to get many of the shared images removed as well as search results pointing to the infringing images.
Copyright law also provides an easy way to file a lawsuit against the person who posted the photos online. However, this requires both a registration with the U.S. Copyright Office to be filed and, more importantly, for the individual to be located and within reach.
Beyond that, the legal landscape is bleak for victims of nonconsensual pornography. Though many states have passed “revenge pornography” laws, they are difficult to apply and may not stand up to first amendment challenges.
For the victims of this latest leak, the hacking element may actually be the most important component legally. By gaining access to their photos without permission, the hackers likely violated the Computer Fraud and Abuse Act. However, if the leading theory is to believed, the hackers and the leaker are not one and the same.
Still, as I discussed earlier this year, there are other laws that may come into play including defamation, privacy and so forth. But applying those laws and getting justice under them will prove difficult. But even if the victims are successful, it won’t repair the damage that’s been done.
The basic outcome of everything is this: If there’s enough interest in something and it exists somewhere online, no matter how locked away, someone will find a way to get it. You can make things more difficult, but you can’t make it impossible.
If major film studios struggle to stop major film leaks, individuals, even famous ones, are going to find it even more difficult, if not impossible.
Fortunately, for most people, there’s little interest in targeting them. However, anyone can be a victim at any time. It only takes one person with the right tools, right skills or the right access to leak private information about someone publicly, if they have the interest.
And that is the scary thing. Today it’s Jennifer Lawrence, tomorrow it could be you, your spouse, your best friend or your child.
Unfortunately, if it is you or someone you love that’s next, the law really isn’t there to protect you and, even if it were, it couldn’t undo the harm and the hurt. The cloud is a fact of life but your privacy on it is flimsy at best.
This leak is most likely just the beginning. If revenge porn, piracy and ad blocking have shown us anything, it’s that if some on the Web want something and can convince themselves they aren’t hurting anyone by getting it, they will take it, legality and ethics be dammed.
Today though, it’s not just copyrights or revenue streams that are at risk, but people’s bodies and their privacy. However, despite the escalation, the reaction from many is the same, to ignore the rights and wishes of others. This is proved by the fact that, as of this writing, the nude celebrity torrent is the number one most popular file on The Pirate Bay.
When the rights and wishes of others are easy to ignore and “because I can” becomes a valid reason to do something, no one is safe.
The Web is a scary place and it got just a little bit more scary this weekend. However, the risks have been there all along, it just took a major celebrity nude photo leak to put it in the headlines.