NudeGate: When the cloud becomes a storm

There's already been a lot said about the recent celebrity nude photo leak, now known as NudeGate. Jennifer Lawrence, Kate Upton , Brie Larson and Kayley Cuoco have all had their privacy violated, among others, through the dissemination of illicitly obtained photographs depicting these actresses in various stages of undress.

The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to CyberShack as a publication.

There's already been a lot said about the recent celebrity nude photo leak, now known as NudeGate. Jennifer Lawrence, Kate Upton , Brie Larson and Kayley Cuoco have all had their privacy violated, among others, through the dissemination of illicitly obtained photographs depicting these actresses in various stages of undress.

Regardless of the means these photos were obtained by, this is a horrible crime. Despite the rampant discussion of privacy, both internationally and locally, in regards to issues such as global surveillance and metadata retention, it is shocking that individuals would so easily and thoughtlessly share these photos, without regards for the actresses' own privacy.

But in the case of this situation, the means is why I'm writing about NudeGate on CyberShack: a vulnerability in Apple's iCloud has been named the culprit. Rather than a complete breach of the iCloud service, it appears that the hacker gained access to access to iCloud accounts through a brute-force attack using an exploit in Apple's Find My Phone Software. Apple have since patched this vulnerability. It should also be noted that these photos weren't all obtained on one day, it's not like Kim Kardashian has a Dropbox where all the other celebrities upload their naked selfies too. Allegedly, the pictures were harvested over several months.

So why were these photos in the cloud in the first place? From iOS5 onward, iPhones have backed up a user's photos iCloud by default, provided a user is signed into their Apple ID. If I had to hazard a guess, most iPhone users would be unaware that their photos are automatically backed up to the cloud, or the implications.

Whether or not you think it's a good idea to take naked photos of yourself or a significant other is irrelevant. Jennifer Lawrence took these photos assuming only a certain person or people would see them. Is that a silly assumption? Not necessarily. She put faith in her phone and the services it's connected to, and for one reason or another, she was let down.

It comes down to trust – we put faith in the devices and services we use, and legally, companies are required to setup security safeguards when they store personal information. Under the Privacy Act, Australian entities are required to take "reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure". These guidelines are similar around the world, and are based on OECD principles about privacy protection.

If we use an iPhone, an Android handset, a Windows Phone device or even just Dropbox for storage, we don't have a choice but to trust the manufacturer. When using a device or service, there's an expectation our privacy is being protected and respected by the company providing it. Sending a naked photo isn't just a covenant between two people, it's between three – but the third's a corporation.

Blaming the victim ignores the fact that sharing explicit photos is becoming increasingly commonplace. There's several apps available that appear to be designed explicitly for the very purpose. And there's nothing wrong with that, provided it's between two consenting adults.

A recent study undertaken by the Pew Research Centre found that 44% of teens reported sending or receiving a sexually explicit text, and the number of users among all age groups who have received a nude photo is now one in five. A separate study from Purdue University corroborates these findings; 46% of 21 year olds had sent a naked selfie. In addition, a report from security firm McAfee found that half of the adults surveyed had used their phone to send and receive "intimate content".

NudeGate could have happened to anyone. It could have just as easily been photos of your partner, your daughter, your son, your sister, your brother or even you. But since we aren't celebrities, we're fortunate enough to not have huge targets painted on our backs. But let's take a step back, think about how much data you have in the cloud. Not just naked photos, but addresses, emails, phone numbers and taxes.

The cloud is common place – every smartphone, tablet and PC is designed to sync with it, it's meant to make our lives easier. On top of this, almost every single app and device encourages us to share. The CyberShack email server isn't hosted by us – that means we're not the masters of our own fate. We don't know if the server's received the latest patch, we don't know if the firewall is constantly on. We hope so, but we don't know for sure.

We also use cloud storage for a lot of documents we wouldn't want getting into anyone's hands – invoices, account statements, information under NDA, business plans. We've taken all the appropriate security precautions, as I imagine many of those who had their photos stolen did. But as we've seen, a breach is still possible. Would it be our fault if we were hacked? There's certainly no naked photos of Charlie in CyberShack's cloud (although I did find an interview he did with Snoop Dogg a couple of years ago), but it's private information nonetheless. It might not destroy CyberShack, but it could tarnish our reputation.

Avoiding the cloud all together is not the answer. It's part of both modern computing and modern life, and it won't be going away any time soon. Unless we want to want to go back to the stone-age, we need to trust someone. What NudeGate highlights is that at the end of the day, using any connected device can put us at risk. And it's not just cloud; an email can be intercepted, privacy settings on Facebook can be compromised, a flash drive can be stolen.

If we can't rely on our software, hardware and services, is privacy now deprecated? Is the assumption of privacy in 2014 fundamentally flawed? Since Monday, I've received countless press releases with the words "assume everything is public". It's starting to sound like a broken record: "don't send anything that you wouldn't want seen publicly".

As NudeGate has proven, we seem to live in a world where it's possible for any electronic communication, no matter how old, to resurface and bite us in the ass. And then we'll get told we've got no one but ourselves to blame.

If this is the case should we give up on smartphones? Should we take naked photos using a Polaroid camera and deliver them by hand? Should we go back to using handwritten address books and keeping our taxes in big steel filing cabinets? Should snide comments only ever be whispered? Should we give up on social media, the cloud and sharing? Should we embrace our old Nokia 3320s again and use outdated technology in a Battlestar Galactica-esque attempt to avoid the Cylons? Is it time to disconnect entirely?

In case you're wondering, the answer is no, that would be stupid. I'm not giving up my smartphone. I'm not going to stop putting files in the cloud. And I doubt anyone else will. Instead, how about we treat these kind of incidents as the crime they are and vilify the perpetrator rather than blaming the victim? Let's not say "she shouldn't have taken that photo". Let's put our money where our mouth is, and respect other people's in the same way we want ours respected.

Source: The Verge, SMH, OECD, AIC

Leave a Reply