Who is to blame when iCloud is 'hacked' – you or Apple?

Sep 03, 2014 by Grant Bollmer, The Conversation
Jennifer Lawrence’s naked photos were released online. Credit: EPA/Claudio Onorati

A hacker's release of personal photos of actress Jennifer Lawrence and other female celebrities on the internet on the weekend has again drawn our attention to the security of our personal information online. Are we really aware of what we upload? And how can we make sure the information we intend for private viewing remains private?

With new devices incorporating features for recording personal data, such as the health monitoring technologies used in Samsung's Gear and the Apple Health app, should we be even more concerned about our ability to control our private data?

Most of the hacked images were reportedly obtained through Apple's iCloud service which can automatically back up personal data from Apple products to its servers.

Cloud confusion

How iCloud works is baffling even to some computer security experts.

The response from Apple has been unequivocal. While the tech giant said it was "outraged", the official response noted:

None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone.

So individual users were responsible for any failure to take the proper precautions to make sure personal data remains in .

The blame game

Like those who defend the hackers of stolen photos, Apple is blaming the victims of the attack without acknowledging the role its service plays in opening up to these attacks. This position is indefensible for several reasons.

Back in 2011, then Apple CEO Steve Jobs unveiled iCloud as a way to allow Apple users to automatically sync their information with any compatible Apple device. Credit: EPA Monoca M DAvey

Social media and services such as iCloud present us with countless examples of personal data doing things that seem counter to the will of the individual.

In a study I published last year, Facebook users sometimes feared their data to have a "life" that does not correspond to that of the person who "owns" the data generated.

Like our Facebook profiles, we assume what we backup with any cloud services to be "our" data. Yet the Terms and Conditions of whatever you upload to iCloud state:

[…] you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display.

These words mirror similar statements in Facebook's Terms of Service.

At the same time, Apple is clear to claim:

[…] you, and not Apple, are solely responsible for any Content you upload, download, post, email, transmit, store or otherwise make available through your use of the Service.

Merely using iCloud means that Apple can do what it wants with your data, but you – and only you – are responsible with what happens to that data.

Placing the blame on the individual, as Apple does, results in a common response whenever data are thought to be beyond the control of the user: delete all of your online, shared intentionally or not.

This response simply is not good enough given how operate. They make multiple copies in multiple locations, stored on multiple servers and hard drives across the globe.

These files are uploaded automatically and are built into new features of our mobile devices. When an individual deletes a file, this does not mean that it is actually deleted, simply by virtue of how computer storage works.

All about trust

Apple may wish to absolve itself of responsibility when individuals lose control of their . In legal terms, Apple places all burden on the individual for the management of their data.

Yet understanding the control of data as a personal matter disregards how these services actually operate. If Apple and other cloud-based services want our trust, then they have to acknowledge the role their products play in perpetuating anxieties of data-out-of-control.

They must refuse to place sole responsibility on their users – the victims of these attacks.

Explore further: Celebrity hack puts focus on Internet 'cloud' (Update)

add to favorites email to friend print save as pdf

Related Stories

In light of celebrity hacks, how to protect data (Update)

Sep 02, 2014

The circulation of nude photographs stolen from celebrities' online accounts has thrown a spotlight on the security of cloud computing, a system used by a growing number of Americans to store personal information over the ...

Recommended for you

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

rp142
not rated yet Sep 03, 2014
While not a simple problem, the broader awareness of the issues that a high profile breach brings can be a positive for the security of the average user. Sadly, most people seem to be more interested in the lives of celebrities that anything real. This will bring security and privacy issues to the attention of people that would not normally take an interest.

More awareness of secure passwords, control of the private data, default settings that upload data with consent and excessive trust in cloud services is just what is needed.
supamark23
not rated yet Sep 03, 2014
Well, the user is to blame for putting sensitive stuff in the cloud (which is stupid) and Apple is responsible for making their cloud service really easy to hack into.