The recent iCloud celebrities’ nude photo hack (I’m trying really hard not to slip into -gate mode and call this iCloudgate or NudeCelebgate or something equally inane) highlights two issues: privacy in a digital world and Apple’s lagging approach to data security. One of these is particularly challenging, I’ll leave it up to you to decide which.

Digital privacy

We think we know what privacy is but we don’t really have a clear idea. We certainly don’t have consensus in our communities about where the line is that, when crossed, amounts to a breach of our right to privacy. This presents a challenge although what I found most interesting about this story is how people reacted to it. In the past sharing photos of celebrities caught with their pants down (or not wearing them in the first place) was virtually celebrated and the photos have generally attracted tremendous attention.

This time the tone is different. I have seen more people writing that viewing the photos is wrong, a violation of Jennifer Lawrence’s and other celebrities’ rights to privacy. As a community, we have stigmatised this voyeurism to the point where even 4chan, one of the places you visit for just this sort of material, and reddit has taken steps to prevent the spread of these photos. I think this represents a shift in our culture from a sense that “if it is online, it must be ok to look, take and use” to “wait a minute, there is something not quite right about that”. I read a must-read essay by dana boyd recently titled “What is Privacy?” (a response to an equally compelling article by Anil Dash titled “What is Publicity?”) which explores the changing nature of privacy in a world where the lines between publicity and privacy are pretty blurred, if they even exist. One of boyd’s many insights is this one:

People want to be in public, but that doesn’t necessarily mean that they want to be public. There’s a huge difference between the two.

You may be thinking that people like Jennifer Lawrence are celebrities so their lives are public, right? You’d be wrong. As much as we like to think celebrities belong to us and that we are entitled to high definition video of the minutiae of their lives, they have rights to privacy too. When Jennifer Lawrence goes home and closes her front door, you don’t have a right to know what she wears to bed, eats for dinner and watches on TV before going to sleep. That is her private space and this is one of the reasons why tabloid photographers who climb trees to peek inside her bedroom windows can find themselves in jail if court.

Another perspective on the risk the story highlights was expressed by Alastair Fairweather in his article titled “Electronic literacy the only real defence against hacking”:

The answer isn’t “don’t take nude photos” – it’s “know exactly what happens to your photos when you take them”. Photo synchronisation is automatic on the iPhone. If you’re world famous you need a tame techie on retainer to educate you how to keep your data safe at all times.

On one hand this is practical advice and it is premised on the assumption that the cloud is inherently vulnerable to attack. On the other, the concept that we can predict who will become famous and which famous people can afford a tame techie seems a little unrealistic.

But that sounds a lot like we’re blaming the victims for using consumer technology that is increasingly integrated with cloud and sharing services for the providers’ failure to adequately secure those services or, worse, for being a target for hackers. Sound familiar in a different context?

As much as we’d like to see a future where everyone has a good grasp of the technology that underpins their daily lives, it seems slightly optimistic to imagine that it will ever be the case. We simply don’t have time to delve into the ins and outs of the camera security when we buy a phone: we just click and shoot and implicitly trust the company that sold us the phone that it’s going to protect that intimate moment into which its now become part. Steve Jobs didn’t stand on stage in 2011 and introduce iCloud with instructions about best practice security and why you should turn two-factor authentication on: he described it as a problem solver, not a problem creator. A seemless and secure experience we wouldn’t even have to think about.

The cloud is the future of much of what we do. I use the cloud extensively and it seems to be even more secure than more conventional options for many of my daily tasks. We rely on it more and more for good reasons. Remember how director Francis Ford Coppola lost 15 years worth of his films and data in a burglary 7 years ago? He didn’t back up.

Perhaps instead of blaming the victims, its time to grow up a little more as a culture. If you want to stop the hackers, take away from their reason for doing what they do: let’s get over this nudity taboo. As Haji Mohamed Dawjee wrote in her article on Mail & Guardian titled “Jennifer Lawrence has breasts, and they’re not yours”:

Did you know, when we women take our clothes off, we’re allowed to take pictures of ourselves in the nude – in fact, if we so chose, we could have someone else take the picture for us as well. Did you know that this is okay? There’s nothing shocking or horrific about that.

Women have bodies. That can be naked. That can be snapped. With whatever device we want. Hell, if we so choose, we can pay elaborate amounts of money and send texts to artists that request them to “paint me like a French girl”.

We can do whatever we want with these photos. We can keep them to ourselves. We can share them in whichever way we please depending on who we trust. We can even upload them onto a cloud for backup. We’re at liberty to do all of this.

Yes, popular opinion is that you shouldn’t be taking photos of yourself nude, having sex or breast feeding but perhaps we should just get over it already. Sure, understand the risks and that your phone may be uploading to iCloud, Google+, Flickr or Facebook in the background because you enabled the option but, on the other hand, why should that be inherently problematic?

A few words about Apple’s security

Apple conducted a 40 hour investigation into the apparent iCloud hack and concluded that iCloud itself wasn’t inherently vulnerable. Instead these celebrities seem to have been specifically targeted and hacked in a more typical way. That said, Apple announced that it would step up its security measures for its users. According to Re/code:

Within the next two weeks, Apple will start sending emails and alerts to users whenever someone attempts to change an account password or restore iCloud data on a new device. The company also plans to promote use of a security measure known as two-factor authentication, which requires an account holder to enter a password and a separate four-digit code that is sent to a user when they sign into Apple services.

In other words, Apple will begin rolling out security features which Google’s, Twitter’s and Facebook’s users have had for some time. It is almost cute when Apple rolls out new features its executives are “so excited about” months or years after its competitors but it isn’t so cute when Apple decides to adopt security measures which have been pretty standard practice elsewhere in the industry for years.

Apple is expected to announce a number of new things soon, including its HealthKit-based range of apps and services which will collect your health-related data. As an Apple user, I am just a little concerned about how secure that data is and how much Apple enables me to do to protect that data, quite frankly. The fact that I have a penis may not be news to anyone, but I don’t particularly want all my data being exposed because Apple hasn’t stepped up its security enough to let me know when my account has been hacked.

[Photo credit: Photo credit: Lost in Translation by kris krüg, licensed CC BY-SA 2.0]

Paul Jacobson is a digital risk and privacy specialist. His focus areas are digital risk assessment and gap analysis as well as privacy and data processing risks. You can also find him on Twitter at @pauljacobson or on webtechlaw.com.