It’s been an interesting summer for those of us who study the legal and cultural developments surrounding mobile devices. At the end of June, the US Supreme Court unanimously(!) ruled that law enforcement officials must get a search warrant before reviewing the contents of of a cellphone seized during an arrest. [See Riley v. California, 573 U.S. ___ (2014)]. This may well have been the most important pro-privacy decision in the past 45 years, and it deserved far more attention and celebration than it received.
The discussion of the Court’s cellphone decision, however inadequate, was utterly swamped by the media monsoon following the news that nude photos of numerous celebrities (perhaps more than 100, including such cultural icons such Jennifer Lawrence, Kate Upton, Mary E. Winstead, and Kirsten Dunst) had been hacked from their Apple iCloud accounts. Wholly apart from sucking the oxygen out of the global news cycle for the better part of a week, the massive celebrity hack made it clear that when it comes to privacy, nothing sells like sex.
These two developments may not seem to have much to do with each other, but they are in fact two well-established sides of the same privacy coin. The Riley decision was handed down from the august marble halls of the Supreme Court, and set welcome limits on the ability of law enforcement to sift through increasingly large aspects of our lives if they happen to seize a cellphone (particularly a smartphone) during an arrest. Despite initial fears to the contrary, the Court unequivocally recognized the important role that mobile devices play in our lives. As Chief Justice John Roberts correctly noted, “Even the most basic phones that sell for less than $20 might hold photographs, picture messages, text messages, Internet browsing history, a calendar, a thousand-entry phone book, and so on. ... We expect that the gulf between physical practicality and digital capacity will only continue to widen in the future.”
The Court did not deign to discuss the possibility that seized cellphones might contain nude “cellfies,” but certainly that would have added weight to its argument. Given law enforcement’s fondness for unnecessary strip searches, the allure of possibly finding nude photographs would be too great a temptation without a bright-line rule limiting the casual inspection of phones.
But while the Court can impose constitutional limits on the actions of federal and state law enforcement, it can’t do anything to protect us from ourselves. Ever since the invention of the camera, roughly 170 years ago, people quickly have found ways to use virtually every new communications technology for the production and distribution of sexual content (the two most notable exceptions being the telegraph and its transmissive cousin, the fax). But nothing approaches the cellphone for its convenience, speed, and efficiency in capturing nude images and distributing them to a global audience.
Let’s be perfectly clear: as individuals and adults, celebrities absolutely have the right to take nude photos of themselves if they wish to do so. Celebrities may perhaps be somewhat more narcissistic than the bulk of humanity (which is understandable), but they also have long-distance romances with loved ones, hope to spice things up with provocative personal photos, and sometimes just goof around. In this respect, celebrities are not all that different from the rest of us (except their cellfies probably look substantially better). The criticism directed at celebrities (particularly women) from some quarters for taking nude photos is the grown-up version of the slut-shaming bullying that has helped drive some young teenagers to suicide. It’s mean, sanctimonious, and in many cases, probably hypocritical as well.
If there is one legitimate criticism that can be directed to the hacked celebrities (and the rest of us), it is that we don’t take the time to thoroughly understand how our glitzy new technology works and just how easily we can lose control over digital information. This celebrity photo hack traveled well-worn ground: it was made possible by the combination of human error (weak passwords) and a defect in the software designed to protect private information from unauthorized eyes (in this case, the Apple iCloud storage system).
To be clear, hackers did not break into the servers on which iCloud data is stored; Apple’s own security measures have so far prevented direct breaches of users’ confidential data. But Apple did make one important error: it failed to limit the number of times an iCloud user could attempt to log into his or her account before being denied access. By allowing users to make an unlimited number of guesses, Apple made it possible for hackers to employ what is known as a “brute force” attack, in which hacking software repeatedly attempts to guess a person’s username and password. With enough time, hacking software can easily try millions of different combinations; if the password happens to be a word found in a dictionary or even a predictable proper noun, then the odds are good that the hacker can log in to a user’s account and gain unfettered access to whatever is stored there.
And here’s where celebrities are more vulnerable than the vast majority of people: there are veritable troves of information about celebrities available on the Internet, and a diligent researcher can easily compile a detailed list of possible words, names, and dates that a particular celebrity might use as passwords. A hacker once gained access to Paris Hilton’s cellphone, for instance, by reading Wikipedia and discovering that the name of her pet Chihuahua was “Tinkerbell,” which she had used as her password.
As most of us know all too well, it can be difficult to remember of all the passwords that we use on a daily basis, and sometimes we need a two or three tries to get it right. That’s perhaps the main reason that so many of us (including celebrities) unwisely reuse our passwords and/or choose easy-to-remember (and easy-to-guess) terms. But it’s really not that different from using the same key to unlock your front door, turn your ignition, and open a storage locker. If someone can get their hands on that key, they’ve got access to an important chunk of your life.
So what are we left with at the end a summer of interesting mobile legal developments? The Supreme Court reaffirmed our right to privacy vis a vis the government, but hackers reminded us that on a day-to-day basis, we have the primary responsibility for protecting the information that is important to us.
Here are the basic Internet principles that should be memorized by everyone, A-list or not:
- If a digital image is created, it almost certainly will be hacked, stolen, or sold (or some combination of all three);
- People will spend an inordinate amount of time trying to locate nude or explicit images, particularly of female celebrities;
- People are foolish to rely on large organizations to protect their privacy;
- People are often careless about the passwords they choose;
- “Deleted” is not the same thing as “destroyed”; and
- The very nature of the Internet is to facilitate the distribution of information, regardless of how sensitive or private someone may think it is.
And yes, the reality is that the most private digital image is the one that is never taken in the first place. That’s not a statement of morality but of practicality. The next best option is to use a digital camera and local (non-Internet-connected) storage. After that, all bets are off. The instant you transmit a digital image away from the device that took it, you are relying on someone else’s competence and integrity to keep it private.
To paraphrase Aaron Sorkin’s great speech at the end of The American President, “Privacy isn’t easy. Privacy is advanced citizenship. You gotta want it bad, because it’s gonna put up a fight.” Best of luck.
Frederick Lane is an author, attorney, educational consultant, expert witness, and lecturer who has appeared on The Daily Show with Jon Stewart, CNN, NBC, ABC, CBS, the BBC, and MSNBC. He has written seven books, including American Privacy and Cybertraps for the Young (NTI Upstream, 2011). All of his books are available on Amazon.com or through his Web site.