Stolen celebrity nudes are another reason we shouldn’t trust the cloud

Many commentators have been searching for someone to blame after last week’s celebrity photo thefts, in which hackers posted intimate images of more than a dozen starlets on sites such as 4chan and Reddit. While the culprits remain unidentified and the scope and timeline of the intrusions are still hazy, it seems clear that a major point of failure was Apple’s iCloud, one of the massive corporate data clusters we now use to remotely store our files, photos and other digital property.

The timing is awkward for Apple, which is expected to announce its latest iPhone and a new smartwatch today at an event in Cupertino, California. The company released a statement claiming that iCloud did not suffer a systemic breach, but it did not explicitly deny that the attackers exploited specific vulnerabilities. Security researchers pointed out that the stolen images came from a large and mysterious porn-hacking underworld whose members utilize various methods to rip photos from private file lockers — many of which would not have worked had Apple rectified longstanding security oversights in iCloud. In other words, whether or not you call it a breach, Apple’s outdated security practices appear to be at least partly at fault for the stolen pictures.

And yet as the story broke, misogyny-laced voices began blaming the breach’s mostly female victims, declaring that they shouldn’t have taken nude photos of themselves in the first place and, further, that they were foolish to trust their photos to the cloud. The first argument is a nonstarter: Women have a right to take as many nude selfies as they please, and they should have the sole authority to delegate which (consenting) adults do and do not have access to those photos. But what about the latter statement? Can anyone — celebrity or civilian — really be blamed for trusting cloud services with intimate data? Or should we simply accept that people want the cloud and work to replace it with something that gives us more control of our data without sacrificing convenience?

Over the last decade, the tech industry has consistently overstated the promise of cloud computing, and one can’t really fault consumers for buying into it. The public has embraced cloud storage because it’s easy and convenient to simply put things online and not have to worry about corrupted files and failing hard drives. While companies such as Google and Dropbox tout the cloud as safe, secure and reliable, they are rarely up front about the risks of remote storage — nor are they usually held accountable when intrusions occur. That needs to change. But in the long term, we should also start thinking about life beyond the cloud and demand alternatives to the current system of centralized corporate stewardship.

It’s easier said than done. Today the boundaries between what is “online” and what is “offline” have become virtually nonexistent. Our lives now unfold as much on Facebook and Twitter as they do in what some insist on calling the real world, and actions in one inevitably produce consequences in the other. Storing data in the cloud has become a perfunctory activity, and much of what we do on our devices is kept online for the sake of convenience (and in the case of data-driven behemoths such as Google, to be scanned and analyzed for the purpose of generating revenue from targeted ads).

A major factor in the celebrity photo thefts was the fact that unless a user opts out, all photos taken on an iPhone are automatically backed up to iCloud — nude selfies and all. Even if you delete photos from your phone, copies remain on Apple’s servers. Apple does not make users aware of this. And even if it did, it has frequently been established that users tend not to change default settings.

Such defaults used to distinguish Apple’s views on privacy from Google’s and Facebook’s, at least momentarily when Steve Jobs was in charge. “Privacy means people know what they’re signing up for. In plain English and repeatedly,” Jobs said in a 2010 interview with Walt Mossberg. “Some people want to share more data than other people do. Ask them. Ask them every time … Let them know precisely what you’re going to do with their data.”

Jobs was right: People can’t be expected to intuitively understand what’s happening to their data. Once it enters a corporate cloud, after all, that data is at the mercy of those who administer it. We trust that the companies’ security will repel hackers and criminals, even as they allow known vulnerabilities to go unpatched for months. In May it was revealed that Apple’s Find My iPhone feature does not limit login attempts, allowing hackers to run brute force attacks — a crude technique that uses automated scripts to try millions of password combinations until access is achieved. Many suspected this was a significant factor in the celebrity photo theft, but it wasn’t until after the story broke that Apple implemented changes. (The company has since patched the exploit but claimed it found no evidence the hackers had used it.)

There’s also the problem of those insufficient security questions used for password resets, which attackers can often guess by doing research on the target. Even worse, for iCloud, Apple didn’t enable two-factor authentication, a common security measure that defeats many forms of intrusion by having users input a second access code. The company also failed to notify users when backup files were accessed from an unrecognized machine. Ars Technica warned about this as far back as May of 2013; Apple finally implemented the changes on Friday.

Even then, there are privacy problems beyond companies’ control. National Security Agency whistleblower Edward Snowden’s revelations have illustrated as much. We now know that using the cloud requires that we forgo legal protections against warrantless government searches, our Fourth Amendment rights effectively suspended the moment our data is sent to a third-party server, whether that’s a website or a storage locker like iCloud. This despite the fact that, as noted by Supreme Court Justice Sonia Sotomayor, most data is now generated and transferred as a byproduct of carrying out mundane tasks, from hailing a cab to checking email — a far cry from the 1980s, when electronic privacy laws were last updated.

Telling consumers to stop using the cloud isn’t the answer. The cloud is undeniably useful. Unexpected data loss can be catastrophic, and automatic backups are often crucial; a reporter or protester capturing evidence of misconduct might have her device seized or destroyed by the police, for example. One solution, proposed by ACLU technologist Chris Soghoian, is to give cellphone cameras a kind of privacy mode — similar to the incognito option in Web browsers that disables the recording of a user’s Web history — which would prevent photos from being automatically uploaded.

Solutions such as these encourage consumers to protect their privacy without sacrificing convenience. In the same vein, a loose-knit group of programmers has been working to replace cloud services with a new generation of peer-to-peer software designed to keep data fully under the user’s control. Apps such as OwnCloud and BitTorrent Sync challenge cloud storage companies such as Dropbox by giving users their own personal clouds and syncing data only between machines they control. Others such as Space Monkey re-envision the cloud as a truly distributed storage network, in which backup files are broken up into tiny encrypted pieces, copied to dozens or hundreds of other users’ machines and reassembled only when provided with the proper encryption key.

To be clear, none of these solutions have been perfected, and you won’t see Jennifer Lawrence or Kate Upton using them anytime soon. The challenge lies in making cloud alternatives attractive products — as appealing, if not more so, than the cloud services they aim to replace. Improving the security of home networks, phones and laptops (endpoints, as they’re called in the security world) is crucial, since it generally isn’t as robust as a corporate data center’s. In other words, replacing the cloud would make gathering data en masse much harder for criminal hackers and intelligence agencies, but it wouldn’t stop a determined adversary from hitting you where you live.

Still, research I’ve done in the course of writing about these technologies suggests there is reason to be optimistic. We deserve — and should demand — an alternative to putting our data under the dubious protection of corporate cloud overlords. The blame for the events of the past week should be placed squarely on the criminals who stole and distributed private photos. But it should also serve as a portrait of our precarious reliance on distant databanks and a window into what we can gain by getting our digital property back into our own hands.