Op-Ed: FBI moves on celebrity pics leaks — Cloud security farce exposed

Posted Sep 2, 2014 by Paul Wallis
The FBI is investigating the leaks of “intimate” pictures of celebrities. While this may be a more valuable exercise than it looks and expose Cloud security weaknesses, the level of priority has to be questioned.
Top model Kate Upton at the "Charles James: Beyond Fashion" Costume Institute Gala at the ...
Top model Kate Upton at the "Charles James: Beyond Fashion" Costume Institute Gala at the Metropolitan Museum of Art on May 5, 2014 in New York
Mike Coppola, Getty/AFP/File
The FBI is looking into allegations that intimate pictures of celebrities have been stolen and posted online.
About 20 personalities, including the US actress Jennifer Lawrence, have had images of themselves leaked over the Internet.
It is understood some of the images were obtained from services such as Apple iCloud that back up content from devices on to the internet.
Apple says it is investigating whether iCloud accounts have been hacked.
The pictures are alleged to contain nude photos of celebrities, and other supposedly hard-to-get information. If you check out nude+celebrities on a Google search, you will find that this information isn’t exactly uncommon. Pictures, varying from the semi-pornographic to the merely annoying, include fakes, heads pasted onto other bodies, and what may be termed a global Photoshop exercise for infants. These pictures, like many “wardrobe malfunctions” are generally suspected to be publicity, rather than an invasion of privacy.
The celebrities affected by the iCloud leaks, in fairness, appear to be genuinely upset about these photos circulating. Many of these photos were allegedly obtained from iPhones, which does indicate a possible security risk affecting many consumers.
Security and liability issues
Selfies, particularly among annoying multimillionaires who are otherwise totally irrelevant to anyone and anything, is a sufficiently nauseating subject. The issue of iCloud security, however, is definitely important.
"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," said Ken Westin, security analyst at Tripwire.
"Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest.
"If you can view the image in the cloud service, so can a hacker."
Experts have also been saying for years that the greatest weakness in the Cloud is security. The fact that it has taken this incident to create a public profile for investigating the issue is no credit to anybody.
To start with –
Encryption is no guarantee of security. It’s more likely that SSL-like security will be required to make the Cloud actually secure.
Security protocols can be quite easily introduced at multiple levels, in fact, if the boner-brained Cloud companies get off their backsides. So much hype has been put into Cloud potentials that apparently nobody has bothered to manage the nuts and bolts issues.
Consumers should also be able to have a lockout option, something to ensure that their materials are kept private. This is already the case in standard security procedure for banks, well understood, and easy to manage. The wheel does not need to be reinvented at all, in this case.
The issue of phone hacking, despite the News of the World case, has also apparently been left to moulder. So much money is being made out of phone sales, that you would think that someone would pay attention to possible security liabilities.
Apparently, that isn’t the case. Phone companies may well be liable for security breaches, depending on privacy and personal security implications. The fact that major corporations are obviously not paying attention to these issues may reflect either contempt for consumers or good old-fashioned incompetence.
This is litigation fodder of the highest order, and even celebrities can sue phone companies, if someone holds the crayons for them. These leaks may entitle those affected to damages, and those damages could be significant.
If the Cloud is going to perform and be credible in the marketplace, this issue has to be addressed. It really is inexcusable that Cloud security at such a basic level has been so easily breached. On this basis, can anybody trust Cloud security? Obviously not.
Then maybe, the FBI can get back to its real work, which is not based on managing low grade masturbation materials. Maybe they can even get on with managing actual threats to civilization, and other trivial issues. Won’t that be nice?
Jennifer Lawrence | FindTheBest