Opinion: Ashley Madison hack reveals need for new approach to guard intimate data
Shortly after听independent security reporter Brian Krebs听听the Ashley Madison breach, the hookup site听that encourages听infidelity announced that it was wielding听听against the apparent hackers.
Yes, copyright law.
Ashley Madison's parent company,听Avid Life Media, is听prohibiting the posting of sensitive customer and employee information stolen in the hack 鈥 apparently perpetrated by a group known as the Impact Team 鈥撎齜y issuing takedown notices based on its copyright ownership of this information.
The Impact Team had posted some 40 megabytes of stolen data about Ashley Madison employees and customers. In an e-mail to The Washington Post,听Avid Life Media said it used the听Digital Millennium Copyright Act (DMCA) to get removed wherever they had been posted: "We have always had the confidentiality of our customers鈥 information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter."
While beneficial in this case, this approach is an example of a听systemic problem in the way that our legal system currently addresses privacy and security in digital media. Instead of developing new laws for the Internet Era in order to help people from losing control of their data flows, we鈥檝e thrown overly broad property rights at the problem instead.
Copyright is supposed to protect creative expressions in order to support artists and authors. In听, the Supreme Court found that if one phone book publisher copied a bunch of entries from a phone book published by another phone book publisher, that was just fine. You can鈥檛 copyright facts. And if your business is threatened by听that,听then too bad for your business.
If the hackers are just posting financial information and customers鈥 names, then using the DMCA to issue takedowns is a poor application of copyright because those are not creative expressions. If, however, this data set includes personal conversations or compromising pictures, then this is听补濒蝉辞听a poor application of copyright, for different reasons.
By republishing someone鈥檚 nude selfies, for example, you are not devaluing their creative work. They had no intention to publish those photos, or to have anyone but their intended audience see them. They are copyrightable, and听Avid Life Media听can claim copyright over them in their End-User Licensing Agreement (EULA), but this doesn鈥檛 identify听别颈迟丑别谤听what copyright is supposed to be about听or听what is wrong about publishing someone鈥檚 nude photograph without their consent.
In this case, there are parallels with听revenge porn, the practice of publishing sexually explicit photos of someone without their consent. Sometimes revenge porn includes听the names and addresses of the photographic subjects and is posted on websites that offer to take them down only for a fee.听There鈥檚 currently little legal recourse to be found, unless you took the photo yourself 鈥 such as a revealing selfie 鈥 in which case you can claim copyright and issue a takedown.
Copyright law is supposed to protect creative works in a marketplace so that creating and selling these works can be profitable. Protecting these intimate expressions as goods in a marketplace fails to address what鈥檚 wrong about wrongfully publishing them. It's wrong听because it鈥檚 an invasion of privacy and a violation of trust, not because it threatens someone鈥檚 profits.
It 补濒蝉辞听reinforces and perpetuates a perspective that contributes to the problem: the idea that personal moments and intimate expressions are potentially valuable objects that can be owned.
And here we can connect back to the Impact Team鈥檚 stated听casus belli.听
As Mr. Krebs , 鈥淭he Impact Team said it decided to publish the information in response to听alleged lies ALM told its customers听about a service that allows members to completely erase their profile information for a $19 fee.鈥
Without paying that fee, accounts were hidden but not actually deleted. Therefore, they could听still be accessible by anyone who can figure out the password 鈥 whether a听hacker or suspicious spouse. But the Impact Group claims that even users who听do听pay to have their profiles, conversations, posts, and pictures removed still have personally identifying information such as real names and addresses in the company's databases.
While I'm not defending the group or perpetrator behind the Ashley Madison data breach, the company's practice听of only deleting customers' most intimate data for a fee is strikingly similar to revenge porn. What's more,听Ashley Madison听is able听to protect its users from being exposed听through the DMCA听because it听claims听ownership over users' photos and conversations in order to charge an extortion-like "administrative fee" for a full account delete.
In both cases, and in the case of revenge porn as well, property rights determine whether or not intimate details of people鈥檚 lives can be published against their will.
To protect people in a digital environment, we need to promote legislative approaches that recognize and respect conversations,听sexting, and selfies not as objects but as human activities; as asynchronous and digitally transferrable moments of a person鈥檚 life, deserving of respect and care.
is an assistant professor of philosophy at Old Dominion University, where he teaches on philosophy of technology, digital culture, and computer ethics. He is of six books, including "," and conducts focusing on information ethics and the conduct of personal relationships online.
听
