You've probably seen the headlines by now. It seems that some of the low-life scum from 4chan's /b/ sector, known to civilized society as "the depths of the Internet's filthiest sewer", bashed in the front door of Apple's iCloud service to steal the private photographs of a number of prominent celebrities.
Now that the headline (yes, it's click-bait) is out of the way, let's consider this a bit more carefully.
I'll refer you to Ars Technica if you want the gory technical details. In short, the criminals exploited a security flaw in Apple's iCloud system, apparently located in the application programming interface for the "Find My iPhone" tool. The flaw let them hammer away at iCloud in a brute-force fashion, trying combination after combination of username and password until they found one that worked. Once in, the attackers had the same access to the iCloud account as its legitimate owner would.
This being 4chan, they specifically targeted popular and beautiful women, and rifled through each account for the most private, intimate images they could find. And, since iPhones silently and automatically back up most of their contents to iCloud, that data dump would include everything the phone's owners had photographed.
Who's At Fault?
The natural tendency of today's media is to assign blame first and investigate later. In the process, important details can be missed. Keeping those details in mind, then, who's really at fault here?
Well, duh. Obviously it's the hackers' fault. And it's with good reason that the FBI is now on their case.
Simply blaming the perp, though, is so easy and so obvious that it's tempting to look deeper, and the next thing that usually happens is to blame....
"If you don't want nude photos out there, don't take them in the first place."
"She's asking for it, if she puts it on her phone."
"Think of the extra publicity these actresses will get now. It's good for them."
BZZT. Wrong. Go directly to jail, do not pass go, do not collect $200.
The thing is, none of the celebrities involved did anything wrong. There's no "celebrity scandal" here. Sexy selfies are not deviant, dangerous behaviour – they're just a normal part of human sexuality. They have been since at least the days of Polaroids, and intimate (non-selfie) photos date back to... well, to around the time we invented cameras in the first place. Just about everyone with a partner (or partners) and a camera tries it at some point, and for better or for worse, it's become a normal mode of social interaction for the under-25 crowd. In modern North American culture, taking, keeping and (selectively) sharing nude photos is quite acceptable, maybe even expected. It's only the broad, uncontrolled distribution of them that's condemned.
Fully conscious of the tabloid media's love of salacious sexiness, everyone involved here kept their private images in what was clearly designated as a secure, private place. Exactly as personal security "best practices" of the time dictated.
We can nail Apple on two counts here.
One, they completely failed to adequately secure iCloud (the specific attack that was used here was almost brand new, but the basic technique and the corresponding defence strategy are decades old.)
Two, they nevertheless marketed iCloud as being safe, secure and trustworthy. (I've commented before that "cloud" just means "someone else's computers".) Average users simply trusted Apple, having no way to know that iCloud was neither safe nor secure.
Other cloud providers, such as Dropbox and Google, are taking note. They're not invulnerable either.
If it weren't for the frenzy of attention that the mass media give to every such incident that comes up, perhaps these crimes wouldn't happen so frequently.
The media are certainly not blameless. "Celebrity scandal" is such a great click-baiting, ad-revenue-driving headline that all but the most reputable media outlets are bound to leap at it, even when the facts say it's just a sad sociopathic criminal breaking servers from his basement.
Ultimately, though, the root cause falls on all of us, collectively, as a society.
We simultaneously love and condemn celebrity sexuality, in a twisted kind of doublethink that drives sociologists mad with confusion.
We rant about how evil and despicable the criminal who stole the images must be, then we go ask Google where we can download them.
We *like* this kind of thing. We click on headlines that mention it, we make a fuss over it, we make snap judgments about people we don't know based on information we don't understand. The resulting online firestorms are exactly the kind of fuel that trolls and small-time cyber criminals thrive on.
Surely, we cannot expect a criminal or a two-bit gossip rag to be held to a higher standard than that to which we hold ourselves.
What do we do next?
We should re-think our security, for one. It's prudent to keep your private stuff on your own disks that are under your own physical control. Or, failing that, in encrypted files to which only you have the key. If you're going to trust a third party (such as Apple, Dropbox, Google, etc.) then make sure you're comfortable with the risk vs. convenience trade-off.
We should start a serious discussion about what privacy means in the modern age. Data thefts are only going to get bigger and more revealing in the next few years. We can, with effort, elevate our society above this kind of thing; respect must regain its rightful place as a core principle in our lives.
Of course, we could also go with this one (from @amandapalmer on Twitter):
It's hard to get excited about "scandal" when there's no taboo to be broken.