I have zero sympathy for self-described hypocrites like Josh Duggar whose personal data from the online cheating site Ashley Madison was hacked and disclosed. (Both men and women used the site, although most media reports have focused on cheating husbands like Duggar.) It isn’t that I judge them for their choices — except for myself and my husband, I don’t care who does what in bed, or who they do it with.
But I admit to being somewhat judgemental about anyone who thinks that posting personal details about their most private thoughts online is a good idea. While I felt sorry for those who simply used a credit card at a Target store and got caught up in a data breach, I didn’t feel much sympathy for Ashley Madison’s customers for the simple reason that if you don’t want the details of your sex life made public, you shouldn’t post them on the Internet.
No matter how “secure” a site claims to be, or what kind of false identity you hide behind, once you post it online, your chances of having it remain private are vanishingly small. These people shared their most intimate thoughts, fantasies, and personal details with an “anonymous” corporate-owned website. Ashley Madison is based in Canada, but over 80% of Ashley Madison’s customers are outside of Canada. How many of those bothered to find out what country’s laws applied to the site — or how their data would be protected?
While some of them attempted to shield their identities with email addresses created specifically for that purpose, most of them seem to have used their own business, work, or personal email addresses and personal details (name, address, phone, credit card or bank details).
What were they thinking? They weren’t. So when the news broke, I simply shrugged and thought, “Another day, another data hack.” But the story got much more interesting to me when Avid Life media (the company behind Ashley Madison) decided to try an unconventional use of the Digital Millennium Copyright Act (DMCA) in an attempt to stop the leaks. According to The Guardian, the hacked extramarital dating service is trying to prevent dissemination of its stolen database by sending copyright takedown notices to social networks and file-sharing sites. They’ve evidently had a bit of success, too.
Joseph Cox, a writer for tech site Motherboard, reported that Avid Media filed a copyright takedown notice for three of his tweets, each of which contained screenshots of information contained within the Ashley Madison breach.
The deleted tweet contained an image of the company’s floor plan. In addition, a Reddit subforum devoted to sharing the dump also got deleted almost immediately by the site (A second subreddit is still live, but had to promise not to share direct links to the data).
Can Customer Data be Protected by Copyright?
The hacked dating website dedicated to helping married people have affairs is trying to stop the spread of its customers’ data by going after people who have posted or shared links leading to the leaked information. The question is whether or not a customer’s private data can be protected by a company’s copyright claim — especially when no copyright registration was ever filed.
I have to wonder if the 32 million customers who used the site believed that their names, credit card information, and sexual preferences were the “intellectual property” of Ashley Madison — or whether they assumed that data belonged to them. If it belonged to the individual users, can individual users use the DMCA to protect it through a copyright claim? And if it belongs to Avid media, what does that mean for all the other companies that collect personally identifiable information online? Why haven’t any of those companies used the same defense against hackers who threatened to post it as part of an extortion attempt?
No one seems to know exactly what the courts will say about Ashley Madison’s attempts to use the copyright laws in this instance, and it’s sparked a lot of online discussion. The Detroit Free Press quoted lawyer Scott Vernick, a partner and head of the data security and privacy practice at Fox Rothschild in Philadelphia, as saying that by law, the entire database belongs to Avid Life Media, the company that owns the Ashley Madison site. Downloading it is legally the same as downloading a pirated movie, Vernick says.
The developers of CheckAshleyMadison.com shut down their search tool after being served with a DMCA takedown request too. The site claimed its purpose was to “help Ashley Madison users find out if their personal and financial information was released”. Seems to me that if you didn’t cheat, and you didn’t use the site, you have nothing to worry about — so instead of helping Ashley Madison users, the site seems to me to have been a boon to journalists and spouses (like this poor Australian woman, who learned about her husband’s Ashley Madison account live on a radio broadcast).
“We hope that Avid Life Media (the Canadian company behind Ashley Madison) will follow-up in the coming days with some sort of help to their user base and a formal apology, rather than try to sweep it under the rug,” wrote the Check Ashley Madison creators on the website.
Personally, I hope that the Canadian government will use its Personal Information Protection and Electronic Documents Act (“PIPEDA”) to penalize both Avid Life Media for failing to protect the data, and the hackers who stole and posted it for releasing personally identifiable data.
I also hope that at least a few of the cheaters caught up in the scandal will learn a harsh lesson about the cost of marital infidelity. Even more importantly, I hope that many people will recognize the stupidity of posting private information online. If that means a windfall for divorce lawyers, that’s fine by me.
I’m not so sure that I will be happy if turns into a bonanza for copyright lawyers, though. What do you think? Can a database of customer data be protected by copyright?