How will the “hacker” who stole celebrity nude photos be prosecuted?
Hacking is nothing new, scores of American businesses face it everyday. People could care less unless it is their own data that has been breached. But, when celebrities are involved — and nude photos of celebrities at that — it is a much different story.
Now everybody cares. Everybody is all of a sudden interested in hacking, right? Yeah … sure, ok. Or is it that their deep-seeded voyeuristic curiosity has them more interested in seeing the nude photos of these celebrities (GO AHEAD, LOOK HERE!).
So, since you now feel like a pervert and since everyone is so interested in this hack, let’s talk about the law of the hack. That is, what law will most likely be used to prosecute the hacker who stole these photos?
Yep, you guessed right — the Computer Fraud and Abuse Act (CFAA), of course!
Generally speaking, the CFAA prohibits the unauthorized access of data that is stored on a protected computer. A protected computer is generally considered to be any computer that is connected to the Internet.
As more information comes out about this “hack” it seems this is how it was carried out:
- the photos were stored on the celebrity’s own personal accounts on Apple’s iCloud, just as many of us store our own personal information on iCloud if we use an iPhone, iPad, or Mac;
- the accounts were “protected” by passwords that were either (a) very weak (i.e., the most popular password of all — 1, 2, 3, 4 …), (b) had passwords that could be easily guessed based upon information commonly known about the individual, or (c) had “challenge questions” for passwords where the answers could be found based upon publicly known information about the individual; [Read Deb McAlister’s excellent post about how to keep this from happening to you: Proper Passwords Protect Your Pictures (and Your Reputation)]
- the hacker obtained the passwords to the individuals’ iCloud accounts, logged into their accounts and then searched for images that were then obtained and you know the rest of the story.
The photographs are considered the type of data or information that is protected by the CFAA and Apple’s iCloud is essentially a network of computer servers connected to the Internet which makes iCloud a “protected computer” under the CFAA.
Technically speaking, the language of the CFAA prohibits an intentional access of a protected computer “without authorization”; by having their photographs stored on their own personal iCloud accounts, with some of password to keep them from being open to the public, the individuals showed an intention to keep their photographs private and not make them accessible to the public (regardless of how weak their passwords were).
By circumventing those passwords, by guessing or by any other means, the hacker then accessed those accounts and obtained data from them “without authorization” and that is why he (or she) will likely be prosecuted under the CFAA. But, let me ask you this: do you know why, even though this was likely a criminal violation, the individuals whose photos were stolen will probably not be able to bring a civil CFAA claim against the hacker? (click HERE for photos of nude celebrities! … just kidding … click there for the answer).
Revenge Porn-King Hunter Moore’s case is precedent for prosecuting a photo hacker under the CFAA
Earlier this year the infamous Revenge-Porn King Hunter Moore was indicted for violating the CFAA for conspiring with others to steal nude photos of individuals by hacking their email accounts. He is currently waiting for trial which is scheduled for November of this year. You can read more about his case here: Hunter Moore or Aaron Swartz: Do we hate the CFAA? Do we love the CFAA? Do we even have a clue?
So, now you can stop feeling like a pervert and be glad that you learned a little law today — which feels better, feeling like a pervert or feeling like a lawyer … don’t answer that!
About the author
Shawn Tuma is a lawyer who is experienced in representing and advising clients on digital business risk which includes complex digital information law and intellectual property issues. This includes things such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act; helping companies with data security issues from assessing their data security strengths and vulnerabilities, helping them implement policies and procedures for better securing their data, preparing data breach incident response plans, leading them through responses to a data breach, and litigating disputes that have arisen from data breaches. Shawn is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as throughout the nation pro hac vice). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.
1 thought on “Expect the Celebrity Nude Photo Hacker to be Prosecuted Under CFAA–Just Like Revenge-Porn King Hunter Moore”