I know it’s been quite a while since we posted, but given the recent scandal and the discussions that it’s creating, we felt we needed to weigh in.
The celebrity hack that just occurred illustrates some excellent points about the Internet at large, and we would be remiss if we didn’t address them head on, so we’re going to mention a couple specific things.
First off, what happened to these women was a targeted violation, and we agree with Lena Dunham in regard to her statements about looking at these photos. These women do not belong to the public and they did not choose to publish these photos, and as such this is absolutely awful.
With that in mind, however, reddit, twitter, youtube, etc… basically function as morality neutral spaces on the Internet, and in our mind that is fundamentally a good thing for a couple reasons. First, free speech and expression, obviously, but second, and more importantly in our view, we know where these spaces are. They aren’t off in the dark corners, they are front and center and that gives us all the chance to decide for ourselves whether we’ll participate in dialogue there. It also keeps them fairly mainstream. Trust me when I say that there are some dark, dark corners of the Internet and regulating behavior online pushes things there. That’s a bad thing.
This hack has demonstrated pretty clearly that the Internet is not a safe or secure place. The thing that’s so terrible about this is that it doesn’t need to be this unsafe, and a couple of distinct failures led to this particular hack.
- iCloud security: Apple is denying that iCloud security failed, which is probably a fair position. Most of these women were the victims of targeted phishing attacks, where they were emailed directly with password prompts, and login pages that looked like apple logins. That’s how these passwords were obtained. First off, that’s definitely fraud, which is good because it means that there’s something to prosecute these scumbags for (which is not always the case) if we ever catch them. But it also could have been made a lot harder for the hackers if Apple simply required two step verification from the get-go. We all know two step verification; banks use it. It’s where you have to have your phone to login to your account on a computer that isn’t your personal one. Apple didn’t implement it, and given the sensitivity of the material that iCloud accounts contain, they should. As Sascha Meinrath stated during his interview with us, if companies who hosted web services or processed credit card data were fined for every instance of personal data loss, these things would stop overnight. Fundamentally, improving security costs money, and companies won’t do it unless we make them. Apple should have required two step verifitcation and to disclaim responsibility is just a transparent attempt to avoid liability in an upcoming lawsuit. And they’re probably in the clear because…
- These women were using services that they didn’t understand. A couple of celebrities have stated that these photos had long since been deleted. And they were, from their phones, but not from the cloud. Many of these women probably didn’t know that their phones were automatically uploading to their photostreams online. Again though, we’re all guilty of this. We all sign terms of service that we haven’t read, or automatically sync our phones with iCloud or what have you. We do this because terms of service are often 30 pages long, and this stuff is all so easy to do. In some cases, it’s switched on by default. If you don’t know it’s happening you aren’t ignorant, you’re normal. We need an honest conversation about this, because companies these days are putting some pretty grossly violating things in our TOS agreements, and we have no choice but to agree to them to use the service. That seems to be their right but it doesn’t have to be.
The fact is, we’re all guilty of this stuff, we’re just mostly lucky in that people aren’t deliberately targeting us for hacks. There are a couple things that could make all this much harder for hackers moving forward, however, and it’s worth considering legislation to bring those about. First, we could demand better security from the Internet. We deserve a safer Internet, it’s become mainstream and as such it needs to respond to society’s needs. Second, we need a better, clearer way to understand how the services we use work from a literal what is it doing perspective but also legally where our data is involved. Once again, we can demand that from the Internet, if we so choose.
What we can’t do, however, is blame these women for this. These women could have been any of us, they just happened to be famous celebrities, but I guarantee you that no one, except for the very technologically sophisticated, and the very paranoid, could have avoided having this happen to them and we shouldn’t all have to be paranoid.