On stolen pictures and victim-blaming
This: https://gist.github.com/seanhandley/3e0b0a548fc7635843f1 dropped into my Twitter feed last night. It deals with the breach in iCloud accounts that allowed the intimate pictures of celebrity women to be stolen and passed around. I disagree with practically everything in it, so what follows is a step-by-step refutation of it.
Before I begin, I have no doubt met Sean at one of Manchester’s Startup events, but I’m terrible with names. What follows is neither an attack on him personally (I don’t tend to follow people I dislike, so the fact he’s in my follow list is probably an endorsement) nor an attempt to white-knight in the vague hope some Hollywood startlet sees my post and decides to throw herself at my lovely mind. It’s simply an explanation of why this particular post from Sean is misguided.
Dealing with the initial premise first; that those not wanting nudes stolen should not take them and store them online; we confront an argument that seems at first reading to make sense – if you don’t want A to happen, don’t put conditions in place where A is possible. However, this is obviously nonsense, and puts the blame on the victim. Don’t want money to be stolen? Don’t put it in a bank. Don’t want your property to be stolen? Don’t keep it at your house. Indeed, the concept that the blame is somehow to be placed on the person whose private property was STOLEN (and yes, the emphasis is important) because they possessed that property is ridiculous. It tends towards the worst examples of victim-blaming and slut-shaming. The fact that these women have appeared on screen is irrelevant. They’re human beings, they are *not* at fault if their private property is stolen through the malice of one third party, and the ineptitude of another.
So, that being said, let’s move on to specifics. Sean discusses:
1. Nudity in our society
This we can safely ignore. Discussions about the legal / societal impact of the naked form aren’t particularly applicable in an issue dealing with an invasion of privacy and theft.
Here I agree, the status of the victim is irrelevant.
3. Patriarchal control of women
See #1. Not applicable.
4. Privacy and protection of property
Now we’re getting somewhere. Except that Sean is seemingly arguing that due to the permanence of data, and the possibility of government spy agencies compromising encryption that he won’t store sensitive information online. Unfortunately I think he’s missed a couple of things here.
First; These individuals didn’t store anything online alone, Apple was also party. Secondly that the sensitivity of the information isn’t relevant- forget for a minute that it is image files of women. Pretend it’s other files. Say email conversations, telephone numbers, or pizza topping information. Information of this type is commonly stored, used and retrieved every minute of every hour. The *type* of information stored isn’t important, simply that there was a company with which several individuals had contracts (explicit or by deed) warranting that a degree of security would be applied to their personal property. Apple’s failure, and the malicious actions of those that found it and exploited it are the problems, in the same way they would be if Sean’s email provider or bank or even a cosmetic retailer (http://www.theguardian.com/money/2011/jan/21/lush-website-hack-customers-fraud) failed to implement adequate security leading to his accounts being raided.
Certainly there might not be the same prurient interest if it was email exchanges with an agent, or even *possibly* credit card numbers, but again that’s not the fault of the victim. It’s ludicrous to say that given the interest in accessing images of these women, they’re being irresponsible by taking them, in the same way it would be to say that it’s their fault if their homes were raided and Polaroids stolen. It’s tantamount to arguing that given the interest in possessing gold, if your bank vault is broken into due to a weak lock, it’s somehow your fault for storing it in a bank vault, or even having any gold in the first place.
Sean then moves to an analogy about placing a vase on a table. If you place it close to the edge it’s likely to get smashed. Unfortunately he’s neither following his own previous argument, nor presenting a cogent new one. Let’s visit it regardless -
Sean states: I possess a vase. I don’t want it smashed. I place it in the centre of a table to reduce that chance. So far so good, except previously he was suggesting that if you don’t want a smashed vase, the fault is yours for even OWNING a vase. Certainly the logic is undeniable, but nonsense as per the paragraph on the initial premise. Indeed, the analogy is not even well constructed. What happened here is someone bought a vase, entrusted it to a 3rd party to safely place in the centre of a table, then discovered that not only had it not been so placed, the placer had allowed the vase to be deliberately smashed by someone that shouldn’t have been in close proximity to it. That doesn’t strike me as the fault of the vase-owner.
Sean then goes on to suggest that since digital security isn’t absolute, and it shouldn’t be trusted. However: snail mail? Not secure, someone could open it. Don’t trust letters (indeed, this is precisely what happened with Walsingham under the reign of Elizabeth, but that’s for another time)! You can of course continue this line of thought ad absurdam. NO security is absolute. Not digital, not physical, not even mental (since that can be extracted by interrogation by state agencies – don your tinfoil hat now).
The bottom line here is that Apple have a duty of care to ensure the product they’re selling (directly or as part of a package) is able to withstand systemic attack. If it’s not, it shouldn’t be sold, particularly if this was an absence of brute-force protection. That those accessing computer systems to which they do not have permission are committing a crime. It is NOT that women wanting to avoid their sensitive information being stolen should seek not to create it.
Lastly, unlike Sean, the women I’ve spoken to AND the men I’ve spoken to have placed no blame on the victim of the crime. Anecdotal evidence is fun.
I think this article raised my ire specifically partly since it was authored so close to home, partly because it’s victim blaming disguised as caring. What this means for the victims, perpetrators and Apple is still in the hands of the FBI, but they will only be pursuing the criminals — since they were the only wrongdoers.