Disclaimer: this article discusses the usage of cloud storage in consumer imaging in relation to the recent leak of a batch private images of public figures. The article focuses on this from a technological perspective – examining the shift from data stored personally to the cloud. I have not reviewed the images myself and refer to their character as described in media reports.
What is it?
Over the course of this week (beginning 1st September 2014) a large-scale leak of images were released into the public domain. The images that were distributed were the personal photos of over one-hundred figures of public interest; featuring the individuals in compromising positions of nudity. Many of the images distributed appear to be self-taken and would presumably have been created to be distributed to intimate and trusted individuals. As such, the leak represents a gross violation of the privacy of these individuals – which is further complicated by their position as figures of public interest.
It is alleged that the images were originally sourced through an individual on the internet community 4Chan – where then the images then became widely distributed over subsequent networks. It has been reported that the leak occurred as a consequence of an exploit in Apple’s iCloud storage and “Find my iPhone” services.
Here a password generator was reportedly used to generate correct passwords for the individual’s accounts. Where other services “lock” person out of their accounts if a password is guessed incorrectly a number of times – it is reported that iCloud allowed an infinite amount of “guesses” to be entered by the generator. In conjunction with social engineering techniques this purportedly allowed full access to the individual’s stored information.
It is reported that only users of Apple’s iCloud service was affected by this breach – and that all of the compromising images were obtained from this source. On the 2nd of September Apple acknowledged the breach but denied that it was a consequence of a vulnerability in their software.
As of writing – no individual has accepted responsibility or been identified as the source of the leak. It is reported that the FBI are currently involved in an investigation to identify and prosecute the individual who was the source of the leaks. A similar case involving compromising images of another singular public figure resulted in the perpetrator being handed a sentence of 10 years in custody.
Why is it important?
From the perspective of this research blog this example draws attention to the increased use of cloud storage as a principle means of storing smartphone data.
To understand how this has occurred – and its potentially problematic nature – there is a requirement to understand how the widespread adoption of cloud computing represents a paradigmatic shift in our relationship to our own information (and indeed images).
Cloud computing operates on the principle that computing becomes a service provided by a company remotely (over a network), rather than a product. This can be seen in many different aspects of computing such as software with functions being remotely accessed such as Google Docs. However its earliest successes and can be observed in data storage.
Early cloud data storage models such as Dropbox allowed users to forgo filling up space on their own hard-drives. This has many benefits – firstly allowing for users to store increasingly large amounts of data without having to buy additional physical drives, and secondly allowing people to access their files on any machine. A further benefit of allowing people to send files to each other without need to transfer data peer-to-peer, or physically via USB pens or HDDs.
This has resulted in a proliferation of cloud services including major technology companies (Microsoft SkyDrive, Google Drive and Apple iCloud). These solutions became increasingly interconnected and holistic – with many cloud storage solutions now automatically backing up users’ files over a range of devices (e.g. smartphone, tablet, personal computers). This may be seen to be of particular use in smartphones which tend to have limited storage space – allowing users to retain all of their files whilst keeping their devices operating efficiently
For the most part cloud storage has now become an intrinsic part of siloed ecosystems such as Google Android and Apples iOS – for many of the reasons stated above. Despite the clear benefits of increased efficiency and ubiquity of access to files – use of cloud storage represents a significant transformation in the relationship between users and their data that may be worth reviewing critically.
How might it affect the Social Camera?
A material difference in access and security
In the aforementioned case where a large amount of sensitive information was obtained and distributed through unauthorised access to iCloud services – such a crime could not be accomplished in the same manner prior to the use of ubiquitous data services.
Before cloud computing was the de facto method of backing up information, such a breach would have had to be completed by obtaining or compromising storage hardware on an individual to individual basis. The systematic nature of this breach and the repeated use of a singular exploit may have unfortunately allowed for a far more significant leak to occur than was possible before cloud storage.
Of particular note is the manner in which some of these services automatically back up files to cloud storage by default. For example, my personal Android device backs up any image that is stored on my device to Google Drive – where it instantly can be used on my desktop over a range of Google services. Whether this may have been the case for those affected by the above breach remains to be seen. I am unsure however that the individuals in question would explicitly back up these kind of sensitive images for later review – despite the fact that this should not be a worry to users when using secure cloud storage at all.
Whilst previously there has not been any cause for concern in relation to storing our information remotely in this way – these events may result in a distrust of such services in privately managing our more sensitive files and images.
This post refers to nudity and compromising images – despite this there is of course a degree to which all the images we create should subject to secure measures, whether they detail the loved ones in our lives or are our professional outputs.
The immaterial cloud and us leasing access to our stuff (an afterthought)
Whilst many cloud services allow us a generous amount of free storage – most operate upon a subscription model for premium services. Here the user pays a yearly fee for access to a larger amount of storage.
This is quite shrewd as a business model as it can allow users to “fill up” a cloud drive and then find themselves in the position where they become reliant upon the service and have to pay in order to be able to continue to access their data.
When compared to the notion of simply having an external hard-drive which will last for the most part indefinitely – this seems a strange purchasing decision to make.
Crucially – all of the above may result in a distinction being made by users between personal and cloud drives moving forwards which may be interesting to explore with users.
What do you think though? Leave a comment or start a conversation with me on Twitter at @mdhendry
Martin Douglas Hendry 
Leave a comment