Privacy Leaks: Who is to Blame?

Who's at fault when private information is leaked? The victim, the hacker or the technology? Here are some tips to secure your information.

Over the last 24 hours the Internet has been a-buzz with the leaked nude photos of celebrities including A-List starlet, Jennifer Lawrence.

While leaked celebrity photos wouldn’t normally be our thing (you’ll notice we do not use “sexting” as a use-case for our encrypted communication services), our name has come up due to the level of privacy. The much more relevant fact of the matter is that Silent Circle as a company believes that privacy is a right. These pictures, as far as we know (and as far as Twitter suggests), were never meant for public eyes and this leak therefore directly violates privacy rights. We don’t like that. Yet the privacy rights of every individual are violated every hour of every day simply by the free apps we place on our phones. Yes, this is a much more high profile leak and gets all the buzz words of “sex, nudity, and celebrity,” but it pales in comparison to the massive theft of private information on every commercial device.

The debate on Twitter and in a several articles, including Forbes article mentioned above, presses the question: Who is to blame - the victim, the hacker, or the technology?

For the sake of time - I’ll try to be more direct on this sensitive issue.

The Victim:

Is it the celebrities' fault that they were hacked? We definitely don’t think so. Everyone deserves privacy. While it is easy to conclude that individuals should not take and share nude photos for fear of a leak, a significant change in behavior is not so easy to prescribe. Likewise, it is more beneficial and forward-looking to focus on preventive behavior rather than passing judgment on any individual in hindsight. The alleged source of the images was through an iCloud hack (though we do not speculate and cannot confirm), so a simple preventative measure would be to follow this guide outlined by the Daily Mail to prevent iCloud back-up of your private photos. Get educated on your communication tools to know how you are (or are not) protected.

The Hacker:

Should we blame the individual or collection of individuals responsible for the breach of privacy? Most definitely. If laws were broken to retrieve the images, criminals should be justly prosecuted for their crimes. In many cases, hackers benefit from the monetary gains of selling leaked celebrity photos. While Silent Circle condones responsible “white hat” hacking practices to explore and report vulnerabilities within networks so that fixes can be implemented (which is why we open-source our protocols). We do not condone “Black Hat” practices such as this. But If we are going to blame the hackers here and bring jail-time into the equation, shouldn’t we have similar stances against Facebook, Google, Ad Companies, and freemium apps that don’t tell you about the troves of data they take? It might not be a “hack” that grabs your personal data, but it is clearly a theft of our personal data nonetheless. Where does crime start and where do “business practices” begin? You can see this is no easy to solve topic.

The Technology:

Our most common forms of communication, telephone, emails, and text messages all give us a false security that most people blindly accept. We have no evidence (or at least we didn’t up until a year ago) that our day-to-day communications were the concern of anyone, really. Moreover, smartphones and digital applications have made it even easier to ‘feel’ secure without actually being secure. Perhaps the fault is on the technology. Perhaps the technology perpetuates the confidence in the security of our everyday communication tools when in fact they were never intended to be private or secure. Again, blaming the technology and not the creators and sellers of this technology is an empty argument.

On another note, we also see in the Twittersphere that Mark Cuban has been pitching Cyberdust, his new entry into private communication intended to compete with Snapchat. We welcome any new participants in the privacy space, but would ask that consumers question how data is being protected. For example, Cyberdust FAQs are ambiguous:

“Are my messages encrypted?

Yes! Cyber Dust messages are fully encrypted. We are taking all of the industry standard precautions necessary to make sure your messages are not accessible while they exist.”

So it wouldn’t be a bad idea to ask: ‘”What are the ‘industry standards?’” and “What does ‘fully encrypted’ mean?” Or “who built it and is it open-source for review?” In other words, let’s get past the snake-oil sales pitch and tell us why and how it is secure. Let’s see the proof.

With all of this in mind, here are some (surely debatable) conclusions:

  • We need to encourage young people to become more involved in computer science and open-source software development communities so that we can develop more innovative and secure products that allow users to communicate both privately and effectively without speculation.
  • Technology and telecommunication companies need to be more transparent about what and how they are protecting user data.
  • Individuals need to understand the limitations of their communication providers and have the ability to explore alternatives that provide more intrinsically secure options.