In recent years, hacking has infiltrated the retail industry. Hacking has infiltrated the healthcare industry. Hacking has infiltrated the sports industry. And now, hacking has now infiltrated the most personal (some would say immoral) activities we engage in on the Internet.
Last week, Ashley Madison, an international website that facilitates adultery, publicly announced that it was hacked and that significant amounts of customer information were stolen as a result. Worse, it was allegedly hacked by an Ashley Madison customer.
The incident takes the traditional motivations for hacking – high-profile chaos and high-profile money – to new heights. Namely…extortion. The hacker(s) are apparently not asking for a monetary payout. They are threatening to release names and personal information of other Ashley Madison customers, unless the entire site permanently shuts down operations. If the headlines are accurate, the hackers’ motivation is discontent with a service offered by the website that supposedly wipes clean any trace of a soon-to-be former customers’ affiliation with the service. (That service used to cost $19 and now costs $0.)
I have to scratch the back of my head each time I remind myself that this “front page news” is in connection with a website based on adultery, and one advertising a slogan that encourages marital affairs and which displays prominently on its home page a seductive female with her finger over her lips in typical “shhh” fashion. The woman also sports a stereotypical male wedding band. Front. Page. News. While the headlines are likely being driven by prurient interest, there are real public policy and legal issues at stake here. We should be concerned with this new form of “insider hacking,” where one customer holds another customer’s information hostage—and where the threat of public disclosure (and implicit threat of the lawsuits that could follow) forces businesses to meet hacker demands.
Whether or not one agrees with the premise of Ashley Madison is irrelevant. And whether or not the motivation behind any alleged hacking is revenge or spite is irrelevant. If a current or former customer of a service itself perpetrated the hack, then we find ourselves in a place where not only are professional sports, retail giants, and banks vulnerable to potential hacking, but every individual consumer is vulnerable to the potential hacking capabilities of fellow consumers.
Who among us hasn’t been frustrated by a website’s service before? Ever try to unsubscribe from a mailing list, only to be told it could take up to a week to process your request (even though it took you a nanosecond to “sign up” in the first place)? Most of us would never take that frustration to the next level. Most of us wouldn’t seek revenge, and even if we did, we wouldn’t take it out on our fellow customers. “Living well is the best revenge,” they say. But all it takes is one person – maybe the guy (or gal) in the cubicle next to you – to disagree.
And with the Ashley Madison hack, the stakes are high for those fellow customers. Courts have wavered on whether being the victim of a data breach constitutes harm sufficient to confer standing to sue. You can cancel your cards, you can monitor your credit, but once you’ve been outed as a cheater, you can’t put that toothpaste back in the tube. Agree or disagree with the premise of the site, it’s hard to deny that revealing that someone is an Ashley Madison user could potentially damage his or her reputation (perhaps, some would argue, deservedly so). If the information goes public, will there be a lawsuit? By a show of ring-fingered hands, who is going to line up to join the putative class? The law in this area is in flux, there are many kinks to work out, and this hack may have added a new wrinkle. Beyond the prurient interest, there are many reasons to watch as this story unfolds – and for your sake, I hope you are just watching from the sidelines.