Celebrity Photo Hack Creates Confusion

As many of you have no doubt heard a hacker has stolen and posted sensitive photos of female celebrities on the Internet. The photos originally appeared on a site called 4Chan. Jennifer Lawrence and Victoria Justice are two of the female actors who’s intimate pictures were stolen and posted for the world to see. How were the pictures stolen and why? Well that is just a few of the questions that are creating so much confusion as the investigation begins. First of all there were actually about 100 celebrities who’s pictures were released. The other actors included Ariana Grande, Kate Upton and singer Jill Scott. All had naked and intimate pictures published online after having their iCloud accounts  hacked.

Before we go any further we need to define exactly what the ‘cloud’ is. The cloud is a network of servers, and each server has a different function. Some servers use computing power to run applications or deliver services online.  Other servers store information such as music, video, documents and in this case still images. Other information you may find on storage servers include emails, email contacts, telephone numbers and full address books, chat logs, home movies, and all sorts of data from all sorts of devices that people want to back up. Its all in the cloud.

Apple’s version of the cloud is known as the iCloud. The hacker(s) who stole and then posted the images online claimed to have stolen the images from the celebrities iCloud accounts. The miscreant(s) demanded  “donations” via PayPal and Bitcoin in exchange for posting them. He, or they, received only 0.2545 BTC in donations. In dollars this amounts to $121.15.

Now here is the first point of confusion. Apple Claims that it’s servers and automatic backup systems were not hacked and are secure.  But when it came to details Apple was not talking except to say that the hack was a ” carefully targeted attack on user names, passwords and security questions.” Apple provided no details as to how the attackers obtained this information from the celebrities. 

But Apple took quick action to repair a vulnerability in the Find My iPhone app that permitted unlimited password attempts. Researchers revealed the flaw. There are hacking tools that can be programmed to perform a brute force attack on passwords until the right password is found. Is this what happened?

Apple did confirm it was investigating along with the FBI to identify the hackers responsible for breaking into the iCloud accounts.

Do you own an iPhone? Are you aware of what it is doing without your knowledge? Let me explain this to you. Your iPhone constantly communicates with Apple and others who have created the apps you have on your phone. The information may include everything from where you are at the moment to who you call, text or email, your device settings, what games you play, coupons you download, your web searches, photos, videos and pretty much everything you do with your phone is recorded somewhere.  All this information goes floating off to the cloud.  All you need for the iCloud to automatically do its thing is a Wi-Fi connnection and a power source. iCloud backs up while it’s turned on and locked. If you plug your phone into charger at bedtime this is whats happening while you sleep.

Now we have the question of whether to shut off the automatic back up for the iPhone. More confusion. Some experts recommend that you do if you want to secure your privacy. Other say it not an issue since it is unlikely that Apple’s servers were hacked.

After this incident why would you not just shut it off? The answer is what is your risk? What is the risk of your cloud account getting hacked or losing your phone?  Let’s face it, hackers are probably not that interested in you.  The chances are much better that you will lose or damage your phone. If that happens, you would probably kiss your pictures, your contact info, calendar and even some e-mail goodbye without a back up. Some of you know how devastating that can be.

If you do lose your phone or someone relieves you of it there is probably a good chance they will get into your pictures and other data anyway. You can wipe the device clean remotely on both Apple devices and Androids. Both use cloud services. Yes, you could turn off the photo backup and use the phone anyway, but wouldn’t it be easier to just secure your cloud account instead? So there is your choice; either use better security for your cloud account including complex pass phrases and two factor authentication or take a chance and turn the back up off. Its really your choice.

Confusion reigns about who actually owns the images. The question sounds simple but is not. Many celebrities are looking to use copyright law to force websites to remove the images. Unfortunately the cat is out of the bag. AACR rule #6 ; Images on the Internet are no longer yours.

In 1998 Congress passed the Digitally Millennium Copyright Act to  govern the online distribution of photos, video and text. The law was intended to preserve the open access and use of the Internet.

Part of this law includes what is known as ‘safe harbor.’ Safe harbor protects websites from legal liability for virtually all content posted on their services. The law requires websites and Internet service providers to remove any content they believe infringes on a copyright after being notified by the copyright owner. Now here is the problem; who owns the images of these celebrities? Is it the celebrity, or the person who owns the device that took the picture? Either way the copyright was violated. 

Some of the stolen photos were not selfies. As such the female celebrities pictured may not technically own the copyright. This creates loopholes that preserve the intimate photos from being completely erased from Internet. Here is another problem for celebrities who have their picture taken thousands of times a day. These images now are on the fan’s and paparazzi’s cameras. Do the images belong to the fan or photographer? Maybe. Can they sell the images? Maybe. Can the celebrity sue for copyright infringement? Maybe. More confusion.