Originally Published 2015-07-25 09:27:10 Published on Jul 25, 2015
Immoral hacktivism could set cyber security debate back by years

Last week, Avid Life Media, the Canadian firm which owns cheating website AshleyMadison.com (slogan: ‘Life is Short. Have an Affair’) was hacked. Personal information, credit card details, sexual fantasies and potentially explicit chat logs of almost 40 million users have reportedly been compromised.

The website confirmed the hack, saying it was likely perpetrated by an insider. But this was not just another hack leaking random financial information. These hackers (or hacker), calling themselves ‘The Impact Team’ were on a mission to get Ashley Madison and its sister website, Established Men, shut down.

Why Ashley Madison? The nature of the website has led to assumptions that this was a hack by digital do-gooders, outing and punishing the unfaithful. There was a certain lack of remorse for the victims in the message left by the hackers: “Too bad for men, they’re cheating dirtbags…”, but the main reason for targeting Ashley Madison seems to be the way the website handles former users’ data.

The website had a controversial ‘full delete’ feature, which required a payment for all personal and purchase details to be erased. In fact, the hackers claim that the company retains this information even after deletion – and that’s what’s allegedly been stolen.

What Anonymity?

Many of Ashley Madison’s users may only have dared to dabble in infidelity because of the discretion the website claimed to provide. Inhibitions tend to be reduced when you are behind a computer screen, whether you’re posting comments on YouTube or chatting up a potential date. The availability of services and features provided by the internet combined with the potential for anonymity makes for a heady cocktail. The mistake that many users seem to be making is assuming that the secrecy provided by websites like Ashley Madison is equivalent to privacy – in the real world or online.

So, what does the Ashley Madison hack mean for online privacy? The hack stands out among other privacy leaks of the recent past in its apparent lack of malice. It is different from other invasive hacks like doxing where people’s personal information is dumped on the internet with the intent of harming the person. It seems to be aimed at rectifying the company’s practice of wrongfully retaining users’ personal information.

But that does not detract from the equally damaging effect of this attack. In fact, the damage is more pronounced because The Impact Team is allegedly a group of ‘privacy hacktivists’ threatening a massive privacy breach – a breach that will not only affect Ashley Madison users personally but will breach the associational privacy of their spouses and have financial consequences.

Earlier, privacy was erroneously conflated with a complete lack of access to one’s personal information. This has proved increasingly difficult to reconcile in a world where data is currency and entire economies are sustained on the cloud. Privacy debates have moved away from that conception. Now, informational privacy is increasingly seen as retaining control over data about oneself. This is what the hackers seem to be addressing: That the website does not allow users control over permanently deleting data that they created.

Perceived Dangers

However, informational privacy also includes the right to determine how information about oneself is used and appropriated. The fact that these hacktivists have resorted to misusing other peoples’ information to drive home a point only strengthens the increasing paranoia about an open internet and sets the privacy discourse back by years.

In fact, it is the unreliability of traditional cyber systems that drives people towards the darker corners of the internet like the deep web. The deep web has long served as an online hub for some of humanity’s darkest indulgences – from drugs to child pornography. It only seems natural that, with time, clandestine activities like online adultery will move towards these dark corners. But even that is only a temporary relief.

The deep web is not absolutely secure. The advent of newer technologies like quantum computing will render privacy safeguards redundant in the next decade or so. It is only a matter of time before another hack like this threatens to destroy companies and ruin their customers’ lives and we see a rerun of this tale of two victims.

This article originally appeared in The Quint

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

Editor

Cledwyn Fernandez

Cledwyn Fernandez

Cledwyn Fernandez Fellow Indian Council for Research on International Economic Relations

Read More +