Blog Post

Hacked celebrities were “stupid”, says incoming EU digital economy and society chief

Günther Oettinger, the guy who’s set to become Europe’s new “digital economy and society” chief, had a confirmation hearing late Monday and while the process seemed to go smoothly, he said something that should set off alarm bells.

While talking about digital risks and opportunities, Oettinger chose to bring up the recent hacking of various celebrities’ naked selfies, which appear to have been stolen from cloud storage services such as [company]Apple[/company]’s iCloud.

Oettinger spoke in German throughout the hearing, but here’s Euractiv’s translation of his “semi-serious” take on this incident:

It simply cannot be, that complaints are rising over the naked photos of celebrities who took ‘selfies’… [Whoever] is stupid enough to put a naked photo of themselves on the internet, cannot expect us to protect them.

For a start, it’s not like these celebrities put naked pictures of themselves on [company]Twitter[/company]. They used a cloud storage system that, yes, is “on the internet”, but that is a widely-used service promising security and privacy to those that use it. Someone entered this vault illegally. These celebrities were not exhibitionists; they were victims of data robbery. Chances are, they didn’t even know they were syncing their phone-stored data to “the internet” at all.

What’s more, this could – and does – happen to regular people too. I strongly recommend that Oettinger read this great post by “SwiftOnSecurity” to see what we’re talking about here. Regular people, celebrities included, get hacked. There are many ways for this to happen, and many motivations for doing so. Regular people are not tech-savvy, they have neither the time nor the inclination to become tech-savvy, and they should not be punished for this.

Nobody’s expecting EU commissioners to be proficient in the intricacies of cryptography UX design, but Europeans should expect them to: a) broadly understand how regular people use technology; and b) be on the side of theft victims, rather than sneering at them for using what is very mainstream tech.

Not a good start, Oettinger, not a good start at all.

The YouTube ID of l109UH8sgGs?rel=0 is invalid.

P.S. – Trade commissioner-designate Cecilia Malmström also had her confirmation hearing on Monday, and she was repeatedly asked about the allegations that she helped to undermine Europe’s new privacy laws by secretly working with the U.S. during their formulation. She responded angrily, denouncing the claims as “misconceptions and lies” and referring to the smoking-gun email (a U.S. Department of Commerce internal email) as both “lies” and a “leak”. Access, the digital rights group that retrieved the email through a U.S. freedom-of-information request, has now written an open letter to Malmström asking whether she is “accusing Access or the U.S. Department of Commerce of having falsified a document.”

12 Responses to “Hacked celebrities were “stupid”, says incoming EU digital economy and society chief”

  1. Sorry but no you don’t put sensitive data on an internet connected device and even less so on some remote server.
    That’s as basic as not taking candy from a stranger and regular people should know that much (you included).
    People that care about privacy don’t even upload the average personal pics even if encrypted to the cloud.
    If you store your money as a pile in the middle of your yard ,chances are not much will be there the next day and celebs got a rather large pile. The money analogy is very fitting.The more valuable something is the more secure the place we store it in.Those naked pics require Fort Knox not a pile in the middle of the yard.
    And the average person should know basic security precautions, just like they know how to cross the street or not to shoot themselves in the foot or not to keep 20k in cash in their pockets.
    Not even sure what you want here, there is no way to achieve safety. Ofc for the avg Joe the risks are lower but for high profile targets it is simply moronic.
    Govs don’t keep their most sensitive data on the internet for a reason, celebs should know better, they are equally high value targets.
    Sure the attacker is still a criminal, just because the victim makes it easy, it doesn’t exonerate him in any way.
    A couple of years ago there was a report that some 19% of Americans don’t have an antivirus on their PCs. That’s not ok either and just because people are doing it, it doesn’t mean we should pretend it’s ok instead of educating them.
    Saying what you are saying is rather dangerous, you are suggesting that people should keep doing it because somehow someone should make it safe.People should be educated,if they need to, they need to learn how to stay safe.
    You can’t tell kinds that God will protect them , i actually know someone that did and a stupid kid jumped in front of a car to test it. You need to teach them how to navigate the world. Smartphones brought a lot of new people online and they need to be taught how to survive . Tech companies should do more too, but instead they do everything to make users think they are safe, because that sells their products and services. Maybe mandatory warnings would not be a bad thing.
    Dangers are everywhere ,the digital world is not any different and the lack of education is a huge problem.

    PS: NSA should start running recruitment ads with “We had them first” (the pics obviously)

    • David Meyer

      This wasn’t a pile in the middle of the yard. It was a leading private storage service. Why on earth would a normal person (by which I mean someone who doesn’t spend time thinking about crypto) not trust that?

      I agree there should be warnings about such things. And that’s why we need politicians who get this stuff, or who can at least stop victim-blaming long enough to learn the difference between entrusting data to a commercial storage service and publishing it.

      • Anonymous

        “Kids shouldn’t have to look both ways before crossing the street. Don’t tell them NOT to take candy from strangers – tell strangers to NOT offer them candy!”

        Learning how to AVOID bad scenarios is not “victim blaming”. You sound like the feminists who scream ” Teach men not to rape.”

        Last I checked, even convicts hate rapists and rapists are constantly beaten and raped by CRIMINALS. That should tell you enough that most men are completely against rape and rapists.

        But telling you how to TAKE STEPS TO PROTECT YOURSELF is NOT the same as BLAMING YOU IF IT HAPPENS.

        Telling you “don’t upload to an internet based cloud if you don’t want the images on the internet” is not blaming you. It’s advice on not having your information on the internet. Step 1: Don’t put it on the internet if you don’t want it on the internet. Step 2: Don’t trust anyone else with your data (sadly this has long been forgotten on the internet, where people throw around their data left and right)

        • David Meyer

          I am a feminist who says “teach men not to rape”. But I dislike the equation of this hack with rape, as some have done, even though there was a clear sexual element. It is more like theft, because it is theft.

  2. >> Chances are, they didn’t even know they were syncing their phone-stored data to “the internet” at all.

    Lack of knowledge about something they use anyway, blindly trusting the product/service with their data? “Stupid” seems to be the right word to describe that behavior.

    >> Regular people are not tech-savvy, they have neither the time nor the inclination to become tech-savvy…

    And not having a care about something they use anyway, blindly trusting the product/service with their data? Again, “stupid” fits the mold.

    Not understanding that you actually wrote that these celebrities comprise the very definition of stupid with your own words? … Uhhh… Also, stupid, perhaps?

    Before driving a car, one must get a driver’s license, which requires one to be knowledgeable of the rules of the road, and the dangers therein. Driving instructor says: “And this is why we wear seatbelts. It will help protect you from dying in a car crash. It’s not 100% secure in saving your life, and this is why we must learn how to drive safely to improve our chances. There are a lot of bad drivers and dangers out there, so drive with caution, but always wear your seatbelt. Nevertheless, if you don’t ever want to be exposed to the risk of being in a car crash, don’t get in a car and stay clear from all roads and all cars.”
    Isn’t a driver’s license required before you can purchase a car from a dealership?

    Perhaps Apple sales reps should be required to give a test to people who must pass before they can purchase an iPhone.

    “And this is why we use strong passwords, turn on encryption, and always are suspicious of emails asking us to click on a link and log in, especially if we were not expecting the email. These practices are not 100% secure in protecting your information, and this is why we must learn how to properly use any device with Internet connectivity and take care of putting any sensitive information on it that could end up on the Internet. Nevertheless, if you don’t ever want to be exposed to the risk of having your sensitive information stolen, don’t use any device with Internet connectivity and stay clear from all such devices if you see them. This includes iPhones.”

    • David Meyer

      Again, I recommend reading the SwiftOnSecurity post I link to in this article. Uninformed does not mean stupid.

      When the celebrity hacking incident occurred, I also began by thinking “they should have been more careful.” Then I remembered that I work in the technology field and most people don’t, and that I know a lot of people outside the field who are in fact highly intelligent, but are nonetheless not tech-savvy. They know things I don’t; I know things they don’t. That’s how specialist knowledge works — and it’s ultimately the responsibility of vendors, not users, to design safe products.

      • But you didn’t say these people were simply uninformed. You suggested they did not have an inclination to become informed: “Regular people are not tech-savvy, they have neither the time nor the inclination to become tech-savvy…”

        To not have an inclination to do something that requires you to make decisions that affect what you consider sacred means they willfully choose not to learn, or they just don’t care. If they consider it (e.g. nude photos of themselves) sacred (and apparently they do, as seen in their response to the hack), they there were indeed stupid to not take appropriate action to protect themselves.

        >> That’s how specialist knowledge works — and it’s ultimately the responsibility of vendors, not users, to design safe products.

        I strongly disagree. The ultimate responsibility is with the buyer. We don’t live in a “It’s not my fault, so let’s blame the vendor” world. Take responsibilities for yourself and make wise decisions with what you consider sacred.

        Obvious Example 1: Do you trust your hard drive vendor in making sure that the data stored on your hard drive is safe? I think not. Ultimately, it’s up to you to make sure you back up your data. I’m 100% percent certain you agree with me on this fact that it is the responsibility of the user, and not the vendor, to protect the data that the user deems sacred to them that is stored on a hard drive.

        Obvious Example 2: Would you blindly trust a brain surgeon to perform surgery on your child without doing your due diligence first? True, surgeons are experts in their respective fields, and likewise I am ignorant in the field of brain surgery, but I would be STUPID to not do my due diligence and learn 1) is surgery necessary? 2) who is this doctor? 3) what is this procedure 4) if we move forward, what are the risks? 5) how should I care for my child afterwards?

        The celebrities were stupid if they just took photos on an Internet connected device and just went “meh” and shrugged their shoulders without thinking twice about having those nude photos snapped.

        • David Meyer

          Not having the inclination to learn about something in depth is fair enough. That is the whole point of modern UX design. Normal people have other things to think about, and expect to use these tools as they would appliances.

          • >> Normal people have other things to think about, and expect to use these tools as they would appliances.

            Hmm. I see that you are not challenging my argument in any of your responses. Perhaps you should rethink your article.

            To emphasize again:

            “Sure, let’s take a drive without our seat belts and not worry about the consequences if I end up dead in the future. Why? Well, because I don’t have the time to learn about cars in depth to the extent of what risks they introduce to me (e.g. physical damage (or even death) to my self that would cause great concern if I am in a car crash). Nahh, I have other things to worry about. So hop in and let’s go!” => STUPID.

            “Sure, let’s take a nude photo with a camera (iPhone or Polaroid, no matter) and not worry about the consequences if it is ever discovered in the future. Why? Well, because I don’t have the time to learn about cameras in depth to the extent of what risk they introduce to me (e.g. photos of my nude self that would cause great concern if leaked). Nahh. I have other things to worry about. So grab that camera and start snappin’!” => also STUPID.

            Expecting a tool to perform like an appliance => even more STUPID. Who expects a drill to perform like a washing machine? No one. Mind the simple things that could hurt you. If you don’t understand how to circumvent the obvious risks of the tool or appliance, learn how to use it, or don’t use it at all.

            iPhone or Polaroid, the celebrities should have known better. Just not knowing is ignorant. But not caring or not having an inclination is stupid. And that was Oettinger’s point. There’s nothing you can do to help someone when that someone doesn’t care to be helped at the time they needed the help, and especially if they should have known better but did nothing about it.

  3. I don’t understand the criticism of this guy since he is simply stating the obvious. If the NSA debacle has done anything, its confirmed the notion that privacy on the internet is nothing more than an illusion. These celebrities, or anyone else who is foolish enough to post sensitive material online in the hopes that it will remain private are ignorant of how safe their data really is.