Editor’s note: In the wake of the scandal surrounding the hacking of nude celebrity photos, the CDEP features a series of essays analyzing the actions of the various actors involved. Two weeks ago, Noah Berlatsky considered the ethical responsibility of those who search for and view the hacked photographs. Last week, Nikki Williams argued that leak victims misjudged the expectation of privacy that exists in the cloud. This week, Mary McCarthy addresses the role of Apple in this scandal.
Starting August 31, 2014, the celebrity nude photo scandal dominated news headlines after a post on 4chan leaked a large cache of private pictures of celebrities. The photos were quickly shared on social media sites, most notably Twitter. In one of the early reports on the scandal, Gawker reported, “Posters on 4chan and Reddit claimed that the celebrities were hacked through their iCloud accounts, though that hasn’t been verified, and the method is unclear.” Details were sketchy when the story first broke. Although the photos were removed rather quickly after threats of lawsuits, the viral cycle of social media sharing had already done the damage and the photos were spread widely on the Internet.
Initially, “the Cloud” was blamed for the invasion of Hollywood privacy; the finger-pointing at Apple was a knee-jerk Orwellian response, an Eggers-esque convenience for the masses who clearly don’t understand the technology involved. In fact, no one was as quick to blame the hackers, as they were to blame the devices. But is Apple really responsible for the damage caused by the hackings? PC Magazine reported that security experts were theorizing celebrities were hacked while accessing an open Wi-Fi network at the Emmy Awards event, making their usernames and passwords more vulnerable to an attack.
So Apple didn’t waste time responding. In a statement three days after the photos were published, the company said:
“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source… we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
But the scandal came at a bad time for Apple. With the new iPhone 6 scheduled for a splashy release only a week later, Apple couldn’t take a chance customers would cancel pre-orders for expensive new devices. Just a day before the September 9, 2014 product release announcement, and only ten days after the celebrity photo scandal, Apple added a layer of iCloud security to its devices.
According to Macrumors, Apple had begun sending out email alerts when personal iCloud services were accessed from Internet browsers, so users could be notified when someone unauthorized tried to access their accounts. It seemed clear that Apple was making frantic efforts to pay attention to not only the security of its iCloud services, but also to the public’s level of confidence in them.
In another public relations outreach resulting from the celebrity photo hacks, Apple CEO Tim Cook gave an interview that appeared in the Wall Street Journal of September 5, 2014 to tout the new security measures. He was clearly in defense mode in agreeing to the interview, since typically Apple releases all its own news. Walking the line between blaming celebrities and ensuring Apple wasn’t blamed, Cook made it clear that the breach was a result of hackers obtaining user IDs and passwords, and not from any security failure on the part of Apple and its servers.
Although Apple apparently wasn’t to blame directly for the leaks, it took the road of ensuring and even adding a layer of security for their customers. While Cook noted that Apple added Touch ID fingerprinting password technology when the iPhone 5S came out, he emphasized that the company continues to improve security, requiring multiple layers of sign-in authorizations. Cook stressed that the key issue the company planned to address revolved more around the personal or “human” measures versus simply the technological implications. He admitted the company should be held accountable from the standpoint of making information available to customers so they are aware of how easy it can be for hackers to attack their accounts if not properly protected by excellent passwords.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” He said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
Apple emphasized to a number of media outlets that the company continues to work with law enforcement agencies to identify the hackers and their methods for obtaining the private data. A new round of naked celebrity photos was released on September 21, 2014 in what had evolved into an ongoing FBI investigation after the first breach. There has been little news reported regarding the discovery of the hackers who initiated the large-scale hacking, with no major follow-up articles on case progress or results, and there doesn’t seem to be a clear end to the release of additional photos.
Apple is correct in acknowledging that it has a responsibility not just to protect celebrity nudes, but to distribute information so that all customers know the importance of password protections. It may be the bright side to the hackings: the public recognition that “the Cloud” needs to do more to protect privacy. The public has a right to know that the devices on which it spends hundreds and sometimes thousands of dollars in a given year are safe from being violated by savvy digital predators. Children use these devices. Adults should be able to use them in whatever way they wish without concern for privacy invasion. It’s reminiscent of the Spiderman philosophy: “With great power comes great responsibility.” Apple can and should do everything in its power to ensure the privacy of its loyal consumers.
Mary McCarthy is Senior Editor at SpliceToday.com and the creator of pajamasandcoffee.com. She has been a professional writer for over 20 years for newspapers, magazines, and the Internet. She teaches classes at The Writer’s Center in Bethesda, Maryland and guest-lectures at the University of Maryland’s Philip Merrill College of Journalism. Her first novel The Scarlet Letter Society debuted this year and her second novel releases in 2015.