Over the weekend, news broke that the Ashley Madison website was hacked. I would like to think that most people did not know what Ashley Madison was before this weekend, because I want to believe that people do not actually use sites like Ashley Madison, which is one that allows married people to meet strangers and cheat on their spouses. However, perhaps I am a little too optimistic because the site boasts 37 million users.
The site was hacked by an entity that calls itself the Impact Team. The Impact Team threatened to expose the names and financial information of users unless the site was taken down. Ashley Madison believes that the hack was an inside job, orchestrated by someone who had prior access to the information.
The Impact Team pointed out that although Ashley Madison offered a “paid delete” feature, where a user could have all of his or her activity deleted from the site for $19, even those who have tried to scrub their existence from the site are not safe because their payment of the $19 was not erased. Ashley Madison denies that this is true.
Obviously, any time your information is hacked is a cause for concern. But the concern is usually for identity theft type reasons. In this case, the users are adulterers and the mere release of their identities, even without the financial information, would probably do some severe damage to their personal lives. There is speculation that there are some powerful people who use the site and being linked to Ashley Madison will surely hurt their careers.
Ashley Madison has sort of put a band-aid on the problem, for now. Its parent company, Avid Life Media, released the following statement: Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed all posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.”
Apparently, a list of some of the users was released by the Impact Team on at least 6 different websites and taken down by Ashley Madison’s efforts before the leak was even made public on Sunday. Close call for those users who were included in the first batch of leaked names.
But how long will the users’ identities be protected? Ashley Madison cites to the DMCA, but does not explain what it is or how it is being used. The DMCA is a copyright law that was created to help entities like movie studios stop the spread of their pirated materials. For example, if Disney finds out that someone has uploaded a pirated copy of The Little Mermaid on YouTube, Disney can demand that YouTube remove the content or YouTube can be on the hook for a copyright lawsuit.
However, you can’t just claim you have a copyright in any material and expect sites to just take that material down. You have to have an actual legally recognizable valid copyright in the material. That’s an interesting question in this case. Does Ashley Madison have a valid copyright in the users’ profiles? It seems unlikely. It would make more sense to argue that each user has a copyright for his or her own profile.
It is probable that the sites only took the information down to avoid the headache of a lawsuit. Whether the sites would have lost those lawsuits is a much different question. And whether other sites will take the risk and publish the information in the future is what should have Ashley Madison users worried. Think about it – Ashley Madison will basically have to monitor the internet for any publication of the users’ information and send a cease and desist notice to any and all websites that post the materials. Policing the internet is not exactly the most effective way to protect private information. Ask Jennifer Lawrence. She used the same strategy by demanding sites remove her leaked naked photos a few years back. I doubt that she was able to get all of her pictures removed from the internet (and I will not check because I refuse to participate in such a massive invasion of a person’s privacy).
Ashley Madison is now temporarily offering users the “paid delete” option of their profiles for free in light of the hack. I suspect that this is not going to do much to help users sleep at night.