By Zachariah Parry
When news broke earlier this week that a hacker claimed to have nude photos of over 100 celebrities obtained through their private iCloud accounts, the initial response was skepticism even when the hacker supposedly substantiated his claim by publishing a handful of these photos. It was not until some of the celebrities featured in the photographs confirmed the photos’ authenticity — including Academy Award winner Jennifer Lawrence and Sports Illustrated favorite Kate Upton — that the hacker’s claim was given widespread credence.
Since then, news media outlets have almost universally condemned the hacker, describing him as “creepy” and his actions “despicable.” This is a justified reaction that will hopefully end with the hacker — a sex offender — identified and behind bars. Unfortunately, the hacker sex offender’s crime is not unprecedented.
Some may recall a similar story that ended in 2012 when hacker Christopher Chaney was imprisoned as a result of actions similarly perverse.
Chaney used his computer to acquire and distribute private photographs of several women, some of them celebrities, including Scarlett Johansson and Mila Kunis. The FBI were able to identify and arrest Chaney, who originally pleaded not guilty. He eventually changed his plea and admitted guilt for over nine counts, including wiretapping, unauthorized access and damage to a protected computer, and identity theft. After hearing tearful videotaped testimony of Scarlett Johansson, a federal judge sentenced Chaney to ten years in prison.
The FBI is reportedly investigating this most recent hack to identify the person or persons responsible for obtaining and disclosing private photographs (the hacker claimed to be one of a larger group of people who share the same goals). As the story unfolds, the media should focus its attention on the hacker sex offender and his or her co-conspirators instead of on the victims.
In addition to their castigation of the hacker sex offender, many media outlets are blaming Apple for security vulnerabilities, and some
with an online voice are going so far as to blame the victims themselves. What has not been capturing the attention of the media, however, is the culpability of the Internet consumers who seek out the photographs and use this pornographic windfall for their own gratification, heedless of its effect on the celebrity victims.
That raises an important question—other than the hacker sex offender(s), whose criminal liability is incontestable, what other parties might be liable for their role in the exploitation of female celebrity victims? Is Apple Potentially Liable for the Publication of Private Information?
Besides the hacker sex offender, most finger pointing has been done at Apple, whose cloud-based storage service was cited by the hacker sex
offender as the source of the photographs.
Although Apple probably has not committed any crime, it could face some civil liability, and certainly represents the deepest pocketed of the potential defendants should any of the victims file suit. However, after the initial shock of the story had broken and follow-up stories (i.e. stories based more on information than speculation) began to hit the presses, doubts began to surface about Apple’s role.
For one thing, some of the celebrities whose photos had been compromised use Android-based devices, which do not store their data on Apple servers. For another, the software exploit that was originally blamed (Apple’s Find My iPhone feature) was not publically known until after some of the captured pictures were taken (that exploit was remedied quickly by Apple).
Although still early to reach any decisive conclusion, Apple nonetheless has made a public announcement resulting from forty hours of intense investigation that the compromised celebrity accounts were accessed “by a very targeted attack on user names, passwords, and security questions,” which Apple points out is “a practice that has become all too common on the Internet.”
If what Apple says is true, then this was not a vulnerability of iCloud itself, but rather a vulnerability resulting from common practices like using the same password across different accounts, using easy-to-guess passwords or easy-to-guess security question answers, and falling victim to convincing-looking counterfeit emails asking for account information.
At best, Apple may be liable for a breach of contract (failing to protect private information) or negligence (failure to use reasonable care in devising and maintaining security protocols), but given the facts that have been disclosed to date, this seems fairly unlikely.
Are Consumers of the Leaked Photos Putting Themselves at Risk Just for Viewing the Leaked Photographs?
The more difficult question—not only legally but for its societal implications—is whether those who seek out and consume leaked photographs can be criminally or civilly liable.
In Nevada, it is a crime to enter another’s property “with the intent to surreptitiously conceal himself… and peer, peep or spy through a[n]… opening of a building…” Depending on the circumstances, such actions can constitute a misdemeanor, gross misdemeanor, or felony.
This law appears to apply only to Peeping Toms who enter another’s property, though there is no practical difference between gazing through a peephole and using Google as a scope. There is at least one other criminal law that may apply.
Nevada also criminalizes the distribution, disclosure, display, transmission, or publication of any “image of the private area of another person” that was captured without consent under circumstances where the depicted person has a reasonable expectation of privacy.
This statute, NRS 200.604, applies regardless of whether the person displaying the image actually took the photograph.
In addition to potential criminal liability, there is at least one tort in Nevada that could hold viewers of stolen private photographs accountable. Those in Nevada who have intentionally intruded (which specifically includes nonphysical intrusion) on the solitude or seclusion of another in a manner that is highly offensive can be civilly liable, which instead of a fine or imprisonment, would result in an award of money damages.
Regardless of the potential criminal and civil consequences facing “innocent” consumers of invaded and captured privacy, the harm to the
victims is the same if the invasion occurs through a window, a telescope, or a computer monitor. As a civil society, we would be best
served by extinguishing our own lurid curiosity for the preservation of the most intimate and private moments of others.
Zachariah B. Parry is a civil litigation attorney and partner at his firm, Pickard Parry. He can be reached at 702-910-4300, through his
firm’s website at www. pickardparry.com, or his direct email, email@example.com.