вторник, 25 августа 2015 г.

Why The Stolen Ashley Madison Data Is (Legally) Fair Game For The Internet

klinkerbud

ashleymadison-580x370
If your credit card information gets stolen in a data breach, there are certain rules in place that limit your liability and protect you from fraud. But if a hack makes personal, potentially very embarrassing, information public — as in, say, the Ashley Madison hack — there’s not much anyone can do to stop others from seeing or writing about it.

It’s been a bad week for Avid Life Media, parent company of infidelity-centered dating site Ashley Madison. Since the site was hacked a month ago, huge volumes of personal and site data have been released into the wild.

Ashley Madison is doing everything they can to stem this leak, like the proverbial child with his finger against a hole in the dam. It is, of course, far too late for that; to extend (and torture) the metaphor, the dam, the kid, and everything else have already been flooded out and are swimming around in a brand new, very deep lake. Filled with sharks.

It’s Time To Try The Old D-M-C-A…
One of the few tools available to the beleaguered company as they try to put the toothpaste back in the tube is the Digital Millennium Copyright Act.

As CNN and Motherboard have both explained, Ashley Madison is filing DMCA requests left and right, claiming that as they own copyright on the leaked materials, it is unlawful to redistribute or look at them. The claims are basically the same sort of takedown requests a film studio would file to get as-yet-unreleased movies pulled offline.

Whether they have a leg to stand on with those claims, however, is another story.

Motherboard delved into a lengthy explanation about what’s copyrightable and what’s not after Ashley Madison challenged a tweet from one of their staff writers. The TL;DR version of the law, which is important here, is that you can copyright original works, but not lists of facts.

The famous case setting that law is Feist v. Rural Telephone Service. One phone book company, Feist, used the listings held in another phone book company’s (Rural’s) book, when they printed and released their own book. Rural sued, and eventually the whole affair ended up before the Supreme Court. The Court ended up ruling that the information was not copyrightable, and so lists of facts are not considered to be copyrighted information.

Parts of the Ashley Madison data dump are copyrightable information. The source code for their websites, for example, is original work. Any advertising copy they published on their sites is, likewise, original to them. (And the source code for all of Avid Life’s sites has, indeed, been leaked, so they have some grounds there.)

But a big fat *.csv file full of data? That’s a set of facts, and as such, not a thing that is subject to being copyrighted.

Plenty of other information Ashley Madison has or had access to is also subject to copyright: anything the users write on their profiles, and the images they share. But the account-holders — all 30-odd million of them — are the ones who own that material. That’s been how leaked or stolen material has been successfully taken down before, for example when celebrities’ private photos were stolen from their phones in 2014. Google and other companies did comply with requests to take the images down, because those individuals owned their images and had grounds to request their removal.

You Can’t Put The Toothpaste Back In The Tube
As much as Ashley Madison and all its users wish it were not so, not only is the data probably not subject to copyright claims… but also even if it were, the media can still talk about it as much as they want.

The hackers absolutely broke laws when they stole information from inside Avid Life Media. But media who report on the information are not breaking laws. National security concerns aside (that’s covered by different law), the press can basically run with any information given to them innocently, even if the person giving it to them obtained it illegally.

That’s courtesy of another Supreme Court case, Bartnicki v. Vopper. In that case, a radio station broadcast a recording that had been given to them. The recording itself was in violation of federal wiretapping laws, but the radio station was found not to be liable.

If a media outlet hired a hacker, or paid a hacker, or said, “someone please hack this company for us,” it would be a different story. But in the case of the Ashley Madison breach, as far as we know, the hackers had their own motivations, and were not acting at the suggestion or behest of any particular outlet (or anyone else at all).

When the hackers put their mountains of information on the internet for anyone to use, the contents of those files became fair game for all media to report on and use, from mobile apps and websites through print papers and radio stations.

That’s the same principle that was at play in the wake of the Sony Pictures hack. Sony tried to get reporters to stop reporting; reporters said no. Sony also threatened to sue Twitter if they didn’t suspend a particular user, because he was posting material from the hack. (Eight months later, that user’s account is still up and active.)

What Is Illegal?
It is clearly against the law to try to extort or blackmail anyone based on information from the leak. Those are crimes in and of themselves, and can be prosecuted as such.

The information from the breach is, likewise, absolutely stolen, and the hackers can face a whole boatload of penalties for accessing systems and grabbing information…. if anyone can find them. Avid Life is offering a half-million (Canadian) dollars as a reward for information that leads to catching the thieves, and so far nobody has indicated any particular leads.

Sadly, in the wake of the breach multiple users of the site are reported to have committed suicide. Although it is not yet known if their deaths were directly related to the breach, it is under investigation.

Criminal matters aside, though, Avid Life is still, predictably, in for a whole world of legal hurt.

Users whose data was included in the hack, even though they paid to have it all deleted from the site, are understandably displeased with the company, as are plenty of their other customers. The company’s already facing a lawsuit on its home turf in Canada, and at least four lawsuits against Ashley Madison have been filed in U.S. federal courts, with a class action not unlikely to follow.

tm

by macaleo kalkins via bugreg mobile version site

in vladimir

Комментариев нет:

Отправить комментарий