Who is to blame when iCloud is 'hacked' – you or Apple?

September 3, 2014 by Grant Bollmer, The Conversation
Jennifer Lawrence’s naked photos were released online. Credit: EPA/Claudio Onorati

A hacker's release of personal photos of actress Jennifer Lawrence and other female celebrities on the internet on the weekend has again drawn our attention to the security of our personal information online. Are we really aware of what we upload? And how can we make sure the information we intend for private viewing remains private?

With new devices incorporating features for recording personal data, such as the health monitoring technologies used in Samsung's Gear and the Apple Health app, should we be even more concerned about our ability to control our private data?

Most of the hacked images were reportedly obtained through Apple's iCloud service which can automatically back up personal data from Apple products to its servers.

Cloud confusion

How iCloud works is baffling even to some computer security experts.

The response from Apple has been unequivocal. While the tech giant said it was "outraged", the official response noted:

None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone.

So individual users were responsible for any failure to take the proper precautions to make sure personal data remains in .

The blame game

Like those who defend the hackers of stolen photos, Apple is blaming the victims of the attack without acknowledging the role its service plays in opening up to these attacks. This position is indefensible for several reasons.

Back in 2011, then Apple CEO Steve Jobs unveiled iCloud as a way to allow Apple users to automatically sync their information with any compatible Apple device. Credit: EPA Monoca M DAvey

Social media and services such as iCloud present us with countless examples of personal data doing things that seem counter to the will of the individual.

In a study I published last year, Facebook users sometimes feared their data to have a "life" that does not correspond to that of the person who "owns" the data generated.

Like our Facebook profiles, we assume what we backup with any cloud services to be "our" data. Yet the Terms and Conditions of whatever you upload to iCloud state:

[…] you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display.

These words mirror similar statements in Facebook's Terms of Service.

At the same time, Apple is clear to claim:

[…] you, and not Apple, are solely responsible for any Content you upload, download, post, email, transmit, store or otherwise make available through your use of the Service.

Merely using iCloud means that Apple can do what it wants with your data, but you – and only you – are responsible with what happens to that data.

Placing the blame on the individual, as Apple does, results in a common response whenever data are thought to be beyond the control of the user: delete all of your online, shared intentionally or not.

This response simply is not good enough given how operate. They make multiple copies in multiple locations, stored on multiple servers and hard drives across the globe.

These files are uploaded automatically and are built into new features of our mobile devices. When an individual deletes a file, this does not mean that it is actually deleted, simply by virtue of how computer storage works.

All about trust

Apple may wish to absolve itself of responsibility when individuals lose control of their . In legal terms, Apple places all burden on the individual for the management of their data.

Yet understanding the control of data as a personal matter disregards how these services actually operate. If Apple and other cloud-based services want our trust, then they have to acknowledge the role their products play in perpetuating anxieties of data-out-of-control.

They must refuse to place sole responsibility on their users – the victims of these attacks.

Explore further: Celebrity hack puts focus on Internet 'cloud' (Update)

Related Stories

In light of celebrity hacks, how to protect data (Update)

September 2, 2014

The circulation of nude photographs stolen from celebrities' online accounts has thrown a spotlight on the security of cloud computing, a system used by a growing number of Americans to store personal information over the ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Sep 03, 2014
While not a simple problem, the broader awareness of the issues that a high profile breach brings can be a positive for the security of the average user. Sadly, most people seem to be more interested in the lives of celebrities that anything real. This will bring security and privacy issues to the attention of people that would not normally take an interest.

More awareness of secure passwords, control of the private data, default settings that upload data with consent and excessive trust in cloud services is just what is needed.
not rated yet Sep 03, 2014
Well, the user is to blame for putting sensitive stuff in the cloud (which is stupid) and Apple is responsible for making their cloud service really easy to hack into.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.