Blog Post

Ashley Madison hack raises bigger privacy, legal issues

August 24, 2015 | by NCC Staff

The hacking incident involving the infidelity web site Ashley Madison shows how perilous privacy expectations are in the digital age, leading one Washington Post writer to label the incident as the “Pandora’s box” of Internet privacy cases.

ashley madison“Amid the gloating on Tuesday night, a few people recognized the Ashley Madison leak as something much bigger than a chance to snicker: a turning point for American society, the Internet and maybe even marriage itself,” said Michael E. Miller, the foreign affairs reporter for the Post.

Miller and others are discussing the potentially big impact the scandal could have on the concept of Internet privacy and the current state of protections and safeguards for Internet users in the United States, and also Canada, where the website is based.

For example, Miller points to an analysis from John Herman at The Awl that looks at how the publicly available hacked data has far-reaching impacts.

“If the data becomes as public and available as seems likely right now, we’re talking about tens of millions of people who will be publicly confronted with choices they thought they made in private (or, in some cases, didn’t: Ashley Madison does not validate all email addresses). The result won’t just be getting caught, it will be getting caught in an incredibly visible way that could conceivably follow victims around the Internet for years,” Herman said on The Awl web site.

The incident could also spark a new debate in the U.S. about the controversial European legal concept of “the right to be forgotten,” which allows EU citizens to ask Google and other search providers remove links to unflattering stories about them from their search services.

In the United States, Internet users facing a potentially embarrassing situation have fewer options. Strictly, the Fourth Amendment pertains to the government’s desire to obtain your personal information; it doesn’t offer privacy protections in civil matters. In the case of Ashley Madison, the private web publisher now faces lawsuits over the hacks – if the people suing Ashley Madison want to risk facing more publicity.

In Canada, two lawyers filed a $578 million class-action lawsuit against the Toronto-based website's parent company. A lawsuit seeking $5 million has been filed in Missouri.

Ashley Madison’s parent company, Avid Life Media, is trying a unique tactic to limit access to the stolen databases online in the U.S., by pursuing take down requests under the Digital Millennium Copyright Act, or DMCA. The DMCA allows people and companies who claim to own a copyright to content to have that content removed from the Internet if it is used without their permission. There is also a resolution process if there is a disagreement over ownership.

The websites Gizmodo and Politico have reported that Avid Life Media sent out DMCA takedown requests to web sites made the databases searchable, or showed images of the database content.

Technology journalist Joseph Cox provided one of the take down requests to Politico. “A spokesperson for Avid Life Media did not return requests for comment, but the firm told Twitter that Cox’s tweets should be taken down because ‘Avid owns all intellectual property in the data,’ according to the takedown request provided to POLITICO by Cox,” the website reported.

Some experts were skeptical that Avid could claim the databases were subject to copyright protections. “Ashley Madison is using the DMCA in a way that it was never designed to be used in order to suppress reporting on the issue,” Andy Sellars from Harvard Law told Gizmodo.

As of Friday, the Washington Post and other media outlets had stories with links to two active Ashley Madison databases. Even the reporting of the existence of the databases has led to controversy over journalism and ethics, since Ashley Madison didn’t use a process to verify email addresses linked to accounts.

Some media outlets reported names in the Ashley Madison database, while other didn’t. Harvard’s Sellers told Boston.com that traditional journalism outlets were walking a fine line in how they reported the story.

“You’re walking them to the line and you’re doing so knowing that there are these services out there allowing them to search the database,” Sellars said. “How much are you actually protecting identity here if you’re giving them all but the name?”

But as Fortune.com’s Matthew Ingram pointed out, the Ashley Madison story is one being defined beyond traditional media.

“Ultimately, it may not even matter what choices mainstream media outlets make about what is newsworthy and what isn’t. In an age of ubiquitous publishing platforms like Twitter and Facebook, not to mention websites like Reddit and 4chan, anyone with a computer or a phone and an Internet connection is effectively a member of the media, whether they admit it or not,” Ingram wrote.