Naughty Celebrity Photo Leak from iCloud - The Privacy vs. Technology Sh**storm

If you haven’t heard already, a bunch of “naughty” celebrity photos were leaked over the weekend from an apparent security flaw with Apple’s iCloud service. It got a lot of press because some of these celebrities include internet attention magnets like Jennifer Lawrence, Kate Upton, Yvonne Strahovski, and Kirsten Dunst, just to name a few.

The Tech Angle

Apple released a statement today indicating that the leaks were caused not by a security flaw in their code but rather a “very targeted attack on user names, passwords and security questions” – basically that the attackers used a combination of internet research to find personal information and standard password/account reset mechanisms.

Apple’s suggestion is to enable their two-factor authentication. This added level of security asks you to input a randomly generated code when you access your iCloud data from a new device for example. Which is great. Many services like Google, Dropbox, LastPass offer some form of multi-factor authentication (MFA) now and many financial institutions have been doing that for years.

HOWEVER….as Michael Rose points out in a great article on The Unofficial Apple Weblog (TUAW), Apple’s MFA is only triggered by a very specific subset of actions (like logging on to your AppleID management or setting up iTunes or AppStore on a new device). When it comes to your financial information, AppleID is safe….ish. But when it comes to something like photos or bookmarks, access to these types of data do NOT (currently) trigger the MFA requirement and are therefore much more vulnerable. Apple will eventually address this flaw but for now keep this in mind, and delete any photos from your photostream that you might not want made public. And remember that while it was Apple that was hacked this time, it could have been Yahoo, or Microsoft or any other service.

The Privacy/Cultural Angle

OK, this is the tricky part. One the one hand, there are those (possibly the majority) whose first reaction is to blame someone for taking intimate photos of themselves and storing them or sending them electronically. On the opposite end of the spectrum, Forbes and Esquire both have articles that refer to these recent attacks as “sex crimes” or liken it to “stealing of a piece of the soul” and argue against anyone that puts the blame on the victims.

I guess for me personally, I agree to some degree with elements of both arguments. As a red-blooded male, I admire the female body as much as the next guy. However, I have little desire to see private or embarrassing photos of celebrities, but I can understand the titillating appeal for some. It is regrettable that it seems to be human nature to root for the underdog, but once someone has achieved some level of success, we also derive some disturbing enjoyment from tearing them down. This is especially true for celebrities. I guess the anonymity of the Internet strips the humanity from both the viewer and the subject of scandals.

I also agree that the theft, and subsequent broadcast, of these intensely intimate images is inarguably a violation. None of these people expected these images to be made public, and it was absolutely wrong for the individuals involved in the attack to steal and broadcast the images.

On the other hand, and forgive me as I may not be able to explain this clearly, I don’t believe that privacy (or other human rights) should be taken for granted or assumed. I don’t look at private photos of other people because it’s none of my business. But not everyone thinks like that.

I know someone that took revealing pictures of herself for her boyfriend at the time. When they broke up, he told her he’d delete the photos, and for whatever other faults he had, that was the right thing to do. Now I know that many people in similar situations choose to take revenge and publicize such intimate images. It’s not right, but it happens. A lot.

The author of the Esquire article singled out comedian Ricky Gervais as one of the thousands of people publicly stating that the easy way to avoid this problem is to not store potentially embarassing pictures of yourself electronically. I think that this type of statement is overly simplistic, and can come across as blaming the victim of this type of theft rather than the people that clearly broke the law by “hacking” into Apple’s servers.

  • Do you have the right to take naked pictures of yourself? Absolutely.
  • Is it incredibly convenient to take photos with your smartphone? Yup.
  • Is there an inherent risk in storing your private data on an electronic device, especially one that’s connected to the internet? No doubt.

As an adult in a free society you have the right to do a lot of things, just be aware that right or wrong, there might be consequences to the choices you make. That being said, I hope they catch the people responsible for these thefts, but realistically, they will probably never be punished and will instead receive praise in the form of the thousands of people that downloaded copies of the stolen images.

I think people should mind their own business personally, but that’s just me.