We should say: We can mitigate or even eliminate some risks. But like with any technology, you can’t exclude all risks. I’ll give an example. This may be a little, um… semi-serious. The fact that recently there have been an increasing number of public lamentations about nude photos of celebrities who took selfies – I just can’t believe it! If someone is dumb enough to as a celebrity take a nude photo of themselves and put it online, they surely can’t expect us to protect them. I mean, stupidity is something you can not – or only partly – save people from.
—Günther Oettinger, designated EU Commissioner for the Digital Economy and Society

Günther Oettinger is a German politician who, despite having no notable background in this area, is designated to take over the continent’s top internet policy job in November. If the European Parliament votes to approve the new Commission he is a member of, he will be responsible for drafting policy on internet issues for over 500 million people. He made the above statement in his hearing before the Parliament yesterday.

Let’s recap the incident he’s referring to: Recently, private photos of female celebrities were published against their will. Far from what Oettinger is suggesting, they didn’t “put the photos online”. The most likely sources of the photos were cloud-based phone backups. The women might not even have been aware of the backups’ existence, since they are created automatically in the background on many phones. It appears that attackers were able to break their encryption due to security failures, like a service allowing an unlimited number of different passwords to be tried out in rapid succession or granting access after posing “security questions” with guessable or obtainable anwers. One of the victims was underage when the published photos were taken.

Privacy protection isn’t for (1) famous (2) women and (3) their sexuality?Tweet this!

If you manage to look beyond the tabloid celebrity/sex angle, the statement is unbelievable: The person applying to be in charge of shoring up trust in the internet so that Europeans do more business online just victim-blamed people whose personal data was accessed and spread without authorization. He placed the moral blame for that crime squarely on the victims rather than the perpetrators.

In that respect, it is reminiscent of when the CEO of Google said:

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” —Eric Schmidt

The privilege to be half-serious

What is presented as paternalistic advice is actually a point of view only someone privileged enough to be utterly unaffected by the problem and lacking any sense of empathy for its victims could express. Oettinger might have been only “half-serious” – but the people affected by such fundamental violations of their privacy don’t have that luxury.

The expectation that everyone’s human rights are protected is neither dumb nor stupid
Tweet this!

Celebrities are not “fair game” who have given up their human rights just because they are in the spotlight. These rights apply to everyone and yes, everyone should absolutely be able to “expect us” to create an environment in which they are as protected as possible. That expectation is neither dumb nor stupid.

And in fact, what happened to these famous people happens to regular people every day – it just doesn’t make the news. There are online forums full of people hacking the phone backups and online accounts of women who are not well-known every day in search of naked pictures to trade amongst themselves or publish online.

Does Oettinger feel as lightly about their exploitation? Or do we need to shift the scenario to stolen trade secrets to make it familiar enough to trigger his empathy? Where, really, is the difference?

There are many lessons to be learned from the celebrity photo incident that are politically relevant, for example about cloud security, digital literacy, software usability, and society’s sexism. It’s only to those unfamiliar with any of these topics that it’s just a (half-)joke.

Sexism makes it okay

Consciously or not, Oettingers comment reflects worrying patterns of sexism that are wide-spread in society. Women are disproportionately affected by online harassment and are still frequently being attacked for their sexuality in ways men generally aren’t.

Blaming victims of abuse rather than the perpetrators is part of what has been termed “rape culture“. This is when transgressions against women are seemingly accepted as “just the way the world is”. Instead of being outraged and fighting to change it, society generally expects women to adjust their behavior according to that fact: Of course someone would access and spread your intimate photos, it’s your fault for not taking counter-measures or even provoking it.

Womens’ autonomy over their sexuality is downplayed when the insinuation is made that the people affected have to justify to somebody why they took these private pictures in the first place – and that their sheer existance in any way explains or even legitimizes their public distribution.

And of course, the fact that only female celebrities were targeted (even though men have reportedly been in some pictures) tells us something about the general power balance between the genders in society: About who is frequently objectified, in this case even to the point that their intimate photos are seen as entertainment the people who accessed them may even feel entitled to.

(Another sexist comment was made in a previous Parliamentary hearing that same day: A German conservative felt the need to inform the Commission candidate Cecilia Malmström that “women like you make me weak”. Meanwhile Miguel Cañete, the current Commission candidate from Spain, earlier this year tried to explain his lacking performance in a television debate by claiming that he had just wanted to avoid being seen as ‘cornering a defenceless woman’ by ‘abus[ing] his intellectual superiority’.)

Our answer to these issues can’t be to tell victimized people to turn off their smartphones and get off the internet. We need to do better than an “abstinence education” approach to protecting people online:

We must build a culture that takes seriously everyone’s autonomy over their data and their sexual self-expression as well as their right to confidential communication.Tweet this!

It’s not that he doesn’t have a point

The larger point Oettinger was trying to make is valid: There are risks inherent in technology that we need to be aware of.

And it is quite possible that Oettinger was misinformed about the facts of the celebrity photo incident and that there was no conscious malicious intent behind his words.

But by picking this example to make that point despite lacking an understanding of the facts, by making a mockery of what he should recognize as a serious problem and by doing it in this aloof and insulting tone, Günther Oettinger is seriously calling into question whether he is qualified for the job of shaping our digital society for the next five years.

Maybe it’s not their supposed stupidity people need saving from, but an Internet Commissioner from another time and age. Tweet this!

To the extent possible under law, the creator has waived all copyright and related or neighboring rights to this work.

16 comments

  1. 1
    PiratDavid

    Thank you, Julia for helping us spot the bad policy makers! I’m proud to be a pirate when reading articles like this! Keep up the good work!

  2. 2

    To be honest though: if I’d be a person of public interest, I’d never be dumb (yes, dumb) enough to store anything “in the cloud” (ok, even if you’re not a celebrity you shouldn’t store anything in the cloud). And while “cloud” is just the latest buzzword for technologies we know for decades already, the concept of giving up ownership of the hard- and software of the systems storing your personal information is newer – and really dumb (no matter what gender you are and whether you like to take risqué pictures of yourself or not).

    I don’t want to defend Öttinger, but to some extent, I’d say he’s correct in saying: don’t put everything into systems you can’t control (yeah, I’m pretty sure he didn’t mean that and he didn’t understand, that “cloud storage” is not necessarily the same as putting it into the public). It certainly is never ok to hack into a system to gain access to other peoples data, but that doesn’t help in making the few well-known places with large quantities of personal data a less likely target for criminals (private and governmental alike).

  3. 3

    Yes. Clouds are bad. By design. A lazy solution. Giving up your freedom for convenience. Datenschutz is important here. Illegal to hack other peoples accounts and getting access to their data.

    The copyright monopolists (obviously) see this as a chance as to try and brand copy-rights as a form of privacy protection. Of course they are wrong – and we must point this out. It is entirely possible to have Datenschutz in the law for both celebrities and non-celebrities and still not have any economic monopoly on the manufacturing of copies.

  4. 4
    Postfuture

    I have to disagree with the writer. The politician is correct, and he is correct about the majority of the Internet using population. Once it is digital and TOUCHES the Internet, it is, by definition, public domain. The very foundation of the Internet is public commons. That is why it works. If you put data online it is in the public domain. Vast swaths of the population are just figuring this out. Ask the government employees of the Manning and Snowden cases if they learned the lesson. Once it is on a network you have seceded ownership. I don’t care if that if right, because it cannot be changed unless we scrap the foundation of the Internet. This isn’t a question of right or wrong, but reality. So, yes, people who don’t want to face reality are dumb. Is that victim shaming? Would it be victim shaming if you pointed out the edge of a cliff and someone walked off it anyway? Personal responsibility is required in the digital world. Encrypt your personal data, and demand client side encryption from your personal technology, NOT server side.

    • Christopher Clay

      By advising “encrypt your personal data and demand client side encryption” you seem to be disproving your own statement “once it is on a network you have seceded ownership”. There are ways to keep data reasonably secure, they’re just hard to fully understand and get entirely right — we’re not talking about an obvious edge of a cliff here. It’s perfectly fine to argue for more digital literacy. But it’s just too easy to call people “stupid” for not fully understanding the difference between client side and server side encryption or how to estimate whether Apple’s security measures are sufficient.
      By demanding this level of knowledge from people to protect their basic human rights online, we are asserting that the web is really only for a small geek elite. That’s just not good enough.

      • Detta Walker

        If you drove a car without a driver’s license and got into an accident, would you blame the car manufacturer? Or the “victim” that didn’t know of the dangers of driving a car? Navigating the internet safely requires knowledge & training, just like driving a car. In both cases the information is available for us to consume, either in the shape of driving & theory lessons, or, for the internet, university courses on cyber security, or for the less in depth knowledge requirement: articles in newspapers, magazines and advice from SMEs. If you don’t know how to drive a car, but need to use one, you ask somebody you know to drive you or hire a taxi. If you don’t know how to use the internet, ask a trusted friend for advice or hire a consultant. I am sure celebrities with a great interest of protecting their privacy have all the funds available they need to understand the dangers of using the internet, or, have someone they hire know it for them. And even they should know that “password123” probably isn’t the safest one to chose, and in some cases the celebrity nude pics weren’t “hacked” by breaching apple’s security mechanisms, but by guessing the user’s password.
        As for it not being an obvious cliff:
        Nude pics of celebrities not being safe on the internet, be it on cloud storage, the CMS of a website or simply sending it peer to peer unencrypted via email is common knowledge for anyone who cares to read the news. Nude pics or any other sensitive information “leaking” has been widely published in the media over the last 2 decades. As you have stated yourself clearly, data can only ever be “reasonably secure”. And as such, uploading your files to the cloud needs to be hand in hand with a risk versus benefit analysis: What benefit do I gain from backing up my nude pictures in the cloud? What potential downside could a leak of these pictures have for me personally? Is it worth the risk?
        I would also strongly disagree that you need to be part of a geek elite to use the internet. If you don’t understand what happens to the information you upload to the cloud, ASK!! It is your information and your responsibility to understand the consequences of your actions. If you are unsure about what happens: Don’t do it until you understand it.
        Personally I use cloud storage. I don’t care about google reading my emails. If they think my correspondence to my mother about cooking recipes is of particular interest, be my guest. I don’t upload pictures i don’t want the world to see (potentially) and I expect similar maturity from a celebrity. There are exceptions to this of course, such as children. But that, as with keeping them away from knives, fires and other hazards, is the responsibility of their parents first. Any help from the government is welcome.

        In the case of celebrity nude pictures leaking? Well, it really seems to boil down to one of two choices: Did they do something “stupid” by setting up an easy to guess user password & upload nude pictures to the cloud, or did it happen intentionally for reasons I wouldn’t want to speculate on…?

  5. 5

    Ottinger is basically right in what he says, and I think you’re being very naive to think that there is 100% security obtainable in ANY storage system, whether that be cloud or otherwise. Any storage system is capable of being hacked; it’s what hackers do and keeping practising doing until they succeed. There is truth also in Googleman’s statement that if you don’t want people to see it, don’t put it up there is the first place; that’s not an admission of failure, but plain speaking. If yiu stick to the speed limit in your car, you’ll never get a ticket; don’t drink and drive and your licence is secure in that area.
    I think also we have to look at responsibility here; you’re trying to say that everyone else has the responsibility to keep (dodgy) data safe once you’ve posted it online. But once you’ve pressed “send”, it’s gone; its out there and in the public domain, if only because you’ve chosen to publish as opposed to retain that which shouldn’t be seen by all and sundry. I totally agree that storage should be safe, but we all know that’s unlikely to be 100% guaranteed, so why bother entertaining the risk of proving failure and potential (huge) embarrassment?

    • Christopher Clay

      Thanks for your post, but it reflects several wrong assumptions. Julia didn’t state anywhere that she thinks 100% security is obtainable. Eric Schmidt didn’t say “don’t put it up”, he said “don’t even do it”. The celebrities whose photos were spread never pressed a button labeled “send” or “chose to publish”.

      This is less “stick to the speed limit” than saying to people who got robbed “it’s your fault for leaving your house” instead of working to fight and warn about robbery, knowing full well you can never prevent every case.

      • Detta Walker

        iCloud is an apple service that needs to actively enabled (subscribed to). You also control which apps get to use this service, and which to keep private. Check the apple support page. So while they didn’t hit “send” or “publish”, the feature itself was enabled, and permission given to back-up your data to the cloud, with all the consequences. If you don’t know what a feature does, ask – or don’t enable it.

  6. 6

    Julia, though I have sympathy for your case I am afraid that in this case you are perhaps misrepresenting Oettinger’s point. I do not believe that he implies that data protection is not important in this case nor that the victims should not receive any protection. However there is a lot of truth to the statement that celebs, as well as ordinary people, should be very wary of placing private pictures on any online/cloud storage facility, and ignoring the risks simply put, is dumb. Not being aware that your phone sends your pictures to an online storage facility is not a defence.
    There are clearly societal, security and legal issues that need to be addressed here of which I would like to think he is aware of but his off the cuff comment, imho is perfectly acceptable.

    • Christopher Clay

      The point is: Why would your first impulse be to pick on the users being “dumb” rather than, for example, Apple’s security or usability engineers… or, you know, the people who attacked these celebrities in a targeted hack?
      You can bet that if Oettinger’s email account was broken into he (and others) wouldn’t first blame him for being so “dumb” to store his communications online.

      • Well, his communications would not be anywhere near as interesting as some of the pictures discussed and definetely not as embarrassing. If he kept sensitive information on public cloud servers and the data was stolen then we should be calling him dumb too.

        I am not saying that if you keep your data on cloud services you deserve to lose it, on the contrary security needs to be beefed up, legislation needs to protect our data from criminals and goverments, and culprits should be punished. But it is an imature technology and I would also say that you would be dumb to trust sensitive and very personal data to cloud services.

  7. 7

    Perhaps these celebrities are not ‘dumb’, per se, but they were certainly foolish. Everyone knows that you never put anything on the internet or into networked storage that you wouldn’t be okay with the world seeing. This is as basic as looking both ways before you cross the street. Being famous only makes the problem worse, by making your data that much more desireable. The celebrities are right to feel violated – but they are wrong to be surprised, or to be offended for being described as what they were – foolish.

  8. 8

    There are a few things I’d like to say on the issue. Firstly he seemed as though he didn’t understand what had actually happened which is a huge problem if he’s going to become the next lawmaker on the subject in the next EU commission. However why do these people think using an iPhone is a good idea in the first place. Free software activists OFTEN get ridiculed for saying people should use free/libre software only, by Apple fanboys, Microsofties and Googletards BUT it doesn’t mean the free software activists are in the wrong. So yes I think they ARE dumb, because if they were ‘smart’ they’d know that proprietary software is bad. Funnily enough I bet these ‘not-dumb’ people will STILL buy their new MacBook Pro’s and their new iBads etc. Also let me be clear, I’m not being sexist here, I rail against plenty of celebrities. Justin Bieber is usually the one being ridiculed.

  9. 9

    “Was denkst du?” What do I think?
    After having read both Julia Reda’s railing against Günther Oettinger’s semi-serious remarks, and the readers’ reactions to her post so far (I am writing this on Friday 03 October 2014 at 00:06 CEST), I think Julia Reda must feel quite disappointed by discovering that her point of view seems not to be shared by the majority of her readers.

  10. 10

    I completely agree with you Julia. Oettinger’s comments alluding to the ‘celebgate’ outlined his confusion and lack of knowledge about the issues at stake: cloud accounts, open Internet, security, cyber-attacks and internet literacy. But even if he revealed himself an expert on those issues, the ‘half-serious’ approach and the inappropriate remarks concerning the victims of the hacking made very clear that he isn’t fit for the role of a commissioner. His comments were undoubtedly sexists and in line with what seems to be the understanding of a vast amount of Internet users. According to these moralists, if female celebrities (or, should I say: women, in general) choose to take intimate pictures of themselves intended to remain private, they are the only ones to blame if the pictures are published following a hacking attack. Just because they took the pictures in the first place! The focus is not put in the attack itself, as if it was a secondary element. It is the act of taking the picture which is primarily condemned. How strange it is that, in the middle of all the challenges that technological progress brings, one still has to face sexism and gender discrimination. Indeed, as far as I am aware, no victim of banking information theft or any other personal data breach has suffered such similar blaming. And while everybody is discussing these pictures, the big picture is just overlooked: no data is completely safe. Women might be the main targets of attacks (even online) aiming to shame them, but everyone can be a victim of attacks with other purposes and with far-reaching consequences.