Celebrity iCloud Hack. Each week, Educating Modern Learners will pick one interesting current event – whether it’s news about education, technology, politics, business, science, or culture – and help put it in context for school leaders, explaining why the news matters and how it might affect teaching and learning (in the short or in the long run). This week (the week of September 1), Audrey Watters looks at the theft of celebrities’ photos stored in their personal iCloud accounts.
Over the weekend, hundreds of intimate pictures of mostly female celebrities were posted to the anonymous message board 4chan. Celebrities whose photos were stolen included actresses Jennifer Lawrence, Kate Upton, Kirsten Dunst, Mary Elizabeth Winstead, US gymnast McKayla Maroney, singer Rihanna, and US women’s football player Hope Solo.
The images were taken from the celebrities’ personal collections, and it appears that Apple’s iCloud was the culprit. In response, Apple issued a statement:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
The FBI also says it is investigating the issue, and several publicists for the celebrities involved have indicated they would sue those who were distributing the images.
What Do Schools Need to Consider: Privacy and Personal Data
Although many celebrities have been quite vocal condemning the theft and the sharing of the photos, there has been plenty of victim-blaming this week, suggesting that somehow the women involved were responsible for the violation of their privacy. As Girls writer Lena Dunham quipped, alluding to the ways in which women are blamed when they are sexually assaulted, “The ‘don’t take naked pics if you don’t want them online’ argument is the ‘she was wearing a short skirt’ of the web. Ugh.”
Indeed, the bigger question here — and the question that school leaders will have to face — isn’t about celebrities’ behavior. It’s about how all of us are going to negotiate security and privacy. This seems particularly important too as Apple is poised to add a new medical “data locker” called HealthKit. But it’s also important as schools increasingly outsource data management and storage to cloud-based, third-party providers – like Apple.
Some publications, including Forbes, have suggested in response that people stop using iCloud to back up their data, and while that is probably not necessary, no doubt, the theft of these photos highlights the risks associated with cloud-based services. These are risks that schools need to assess; but they’re also risks that schools need to help students understand as well. It isn’t as simple as updating privacy laws either (although if there was a US version of the EU’s “right to be forgotten,” the victims here would have another recourse).
Apple suggests that users create strong passwords (that is, unique passwords that use a combination letters — upper and lowercase, numbers, and symbols) and turn on two-factor authentication. Do not use the same password for multiple websites.
Some Internet security specialists suggest that Apple is not entirely blameless here. Researcher Christopher Soghoian pointed to possible vulnerabilities in Apple’s own security: “If the celebs’ iCloud account passwords were brute forced, the problem seems to be lack of rate limiting by Apple, not lack of crypto.” That is, it may be that hackers were able to run programs that tried multiple times (many many many times) to crack a password, and there were no systems in place at Apple to flag these attempts.
What Do Schools Need to Consider: Ethics and New Media
It is, perhaps, not that hard to condemn the theft and the distribution of intimate photos. But the celebrity nudes are not the only photos in circulation in recent weeks that raise questions about what people should and shouldn’t look at on the Internet. There’s the graphic footage of the beheadings of journalists James Foley and Steven Sotloff by the militant group ISIL, for example. Sites like Twitter and YouTube have pulled down and blocked accounts for sharing this footage, but some journalists have questioned whether or not that decision should be left to technology companies.
Filters block much of this from ever showing up on a school network or a school computer. But the images are out there on the open Internet. How do we help students navigate the ethics and the politics behind all this?
Image credits: Carlos