Kelly Brook amongst celebrities who had pictures exposed
Nude photos of celebrities were made available online yesterday by a Russian hacker who managed to find a flaw in the Apple “iCloud” service which backs up the content on iPhones and iPads. It took him just two hours to find the weakness and break into accounts to download the naked images.
Quite apart from the issue as to why famous people are having naked pictures of themselves taken on their iPhones, this situation lays bare a significant problem with technology. And it is a problem that can just as easily affect online businesses as celebrities.
The problem is not that programmers leave holes in their software allowing hackers in. Nor is it that there are evil people around trying to break into accounts and steal things. The real issue is trust.
We trust Apple. That trust was clearly misplaced because a mistake in its software allowed its customers’ private images to be stolen.
You doubtless have lots of technology which you trust. Do you know what your laptop actually does to secure your data and information? Has the manufacturer installed some kind of so-called security system which enables you to log-in so that no-one else can get into your system? If they have, what data does it store on its web servers? What information of yours is “in the cloud” to enable such security systems to work?
Similarly, are you completely, totally, 100% certain that the cloud backup service you use is trustworthy and that it has no flaws?
Or is your smartphone so secure that no-one can log into it using, say, Bluetooth, when you are in their vicinity?
Technical mumbo jumbo
The problem is confounded by the fact that most technical firms speak to us in a foreign language. They explain their services in jargon-rich pages which our eyes gloss over and which does not get understood. Instead, we assume that they are doing the right thing and that their massive brand means they will be safe. We don’t even understand what the machine or software is doing, we just know what it does for us.
The result is that people have no real idea as to what the technology they use is capable of, or where its weaknesses may lie.
Legal mumbo jumbo
On top of all this, when you sign up for a service you are faced with thousands of words of legal jargon which you have to accept if you wish to use the service. Have you read the 14 pages of A4 of just one of the privacy agreements which you have “signed” and accepted from Facebook? Do you realise, for instance, that as a user of Facebook you have agreed that they can retain data about you, transfer their “rights” in that data to any future owner of the company and use that data in any way they wish including in ways that have not yet been invented. Yes, that’s what everyone on Facebook has to accept to use it. It is “explained” in that 14 pages of legal stuff.
What this kind of thing means – together with technical information that only makes sense to a computer scientist – is that the general user of online services simply uses the features that they find beneficial and trust the brand will do everything “right”. But many of these big brands assume you know the technicalities and assume you have read the legal stuff.
Your business is at risk
Online, your business data is at the same level of risk as a nude picture of Kelly Brook. You will have “agreed” to let any number of companies upload your information, store it and use it in some way. You might not even be aware that this is happening. Nor are you probably aware of what you can do technically to stop it. Most people just click on the “agree” box and start to use whatever online service it is.
Here’s what we should demand from the high tech industry:
- Explanations and help files written for a reading age of around 9 years old. Currently, much of what they write is degree level stuff. In order for us to “get” what they are doing, it needs to be easily accessible when we read in a hurry and that means the reading age of a tabloid newspaper.
- Legal agreements that are less than 100 words and which are also written with a low reading age.
In other words, we need information and agreements that are “human”, devoid of jargon and understandable by everyone. The web and tech industries think they make things simple – but all they have really done is lower things from PhD level to around Masters level. They have a long, long way to go before people truly understand what is happening and what rights are being assumed.
High tech firms are hiding behind the mumbo jumbo they perpetuate leaving us with the only option of trusting companies because of their brand. But as the nude picture incident shows, even the world’s top brand could not be trusted to protect its customers, leaving a gaping hole in its security which was blown open in a morning.
Just because we trust a brand, does not mean our data is safe with them. It’s about time they started to earn their trust and that means they need to dramatically improve their clarity of communication.