Question

The Problem

Launched in 2001, Ashley Madison is an online dating and social network service based in Canada. Unlike most dating services, Ashley Madison marketed specifically to people who are married or in a committed relationship but are seeking an outside relationship. In mid-2015, the site claimed 39 million members in 53 countries, and it generated an estimated $115 million in annual revenue.

Significantly, Ashley Madison purportedly allowed users to hide their account profiles for free. Users who wanted to delete their accounts had to pay a $19 fee. Ashley Madison assured its users that its “full delete option” removed all relevant data from the site: user profiles, all messages sent and received, site usage history, personally identifiable information, and photos.

On July 15, 2015, Ashley Madison was hacked by a group called “The Impact Team.” The hackers claimed to have stolen personal information about the site's users, and it threatened to release names, addresses, search histories, and credit card numbers if the site did not immediately cease operations. The Impact Team claimed their demand was caused by Ashley Madison's failure to delete users' personal information following their invoiced requests to do so.

When Ashley Madison ignored the demand, The Impact Team launched its first data release on August 18, followed by a second release three days later. The second batch of data included Ashley Madison CEO Noel Biderman's personal e-mails.

The data, which initially appeared on the Dark Web, were copied and made public on the open Web. The Dark Web is the World Wide Web content that exists on networks that require encryption, specific software, or authorization to access. The Dark Web is not indexed by search engines, and it can be accessed only through a browser called Tor. The Dark Web is used today for a wide range of anonymous activities including communication by dissidents in authoritarian countries who wish to access the Internet. It has also emerged as a platform for illegal activities such as cybercrime, child pornography, and drug trafficking.

Ashley Madison's Attempts at a Solution

Immediately following The Impact Team's announcement, CEO Biderman confirmed the hack and asserted that the company was “working diligently and feverishly” to try and stop the spread of the leaked data. Ashley Madison released the following statement: “We are actively monitoring and investigating this situation to determine the validity of any information posted online … We will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.” In addition, the company issued copyright takedown notices under the 1998 Digital Millennium Copyright Act (DMCA) to multiple sites, claiming that “intellectual property in the data” was being infringed upon. Many of the sites complied with these requests.

Ashley Madison subsequently announced that it had secured its site. It labeled the hack an act of “cyberterrorism,” and it apologized to its users. The company offered $500,000 (Canadian) to anyone with information that leads to the identification of the hackers. Finally, the site announced that in the future it would delete user information free of charge, thus eliminating the $19 fee.

The Results

By late August 2015, more than $1 billion in lawsuits had been filed against Ashley Madison. On August 28, CEO Biderman stepped down. According to the official press release, the senior management team currently in place will continue to lead the company.

Meanwhile, both the site and its users experienced further fallout from the breach. For example, spammers quickly began to extort people whose information was made public. One group, for example, sent e-mails to Ashley Madison users demanding one bitcoin (approximately $225) to prevent their information from being shared. The group gave the users seven days before it exposed them. In addition to extortion, victims of the breach risk identity theft as well. Meanwhile, in 2015, Ashley Madison had announced that it hoped to raise $200 million in an initial public offering in London after it had failed in a previous IPO attempt in Canada. Those plans are now in jeopardy. In fact, as of late 2015, Ashley Madison's very survival is questionable.

While the moral and ethical outrage surrounding the Ashley Madison hack has received most of the headlines, industry analysts maintain that the real issues are the assault on consumer privacy and the inability of businesses to protect their customers' data. Analysts further predict that in the future businesses will likely be held far more accountable for data security than they have been in the past.

From a different perspective, private investigation startup Trustify capitalized on the Ashley Madison breach by launching a service just after the attack that let anyone search the data dump from the hackers. Trustify advertised its services to suspicious partners who were concerned by a name that they found on the list.

Questions
1.Discuss the legality and the ethicality of the Ashley Madison Web site.
2.Discuss the legality and the ethicality of the actions of the hackers who attacked the Ashley Madison Web site.
3.Discuss the legality and ethicality of the actions of people who copied the Ashley Madison data from the Dark Web and then made the data available on the open Web.
4.Discuss the legality and ethicality of the reporters who used hacked (stolen) information in their stories.
5.Discuss the legality and ethicality of the actions of Trustify.
6.Are there differences in your answers to the first five questions? If so, then describe them. How do you account for them?
7.What are the implications of the Ashley Madison breach for general privacy concerns regarding digital data?

Answer 1

Ans. 1: Legality and the ethicality of the Ashley Madison Web site:

* This type of sites should not be in operations even.

* Government should ban these types of sites by amending laws if needed.

* Ashley Madison should not demand any fees from people's for deleting there own accounts and hence earning money.

Ans. 2: Legality and the ethicality of the actions of the hackers who attacked the Ashley Madison Web site:

* Hackers should be punished as leaking someone personal information is breach of person information.

* These hackers should be punished under cyber crimes.

Ans. 3: Legality and ethicality of the actions of people who copied the Ashley Madison data from the Dark Web and then made the data available on the open Web:

* These peoples are also categorised in hackers category only and should be punished.

* As they helped the hackers in their prime motive of sharing someone's personal information.

Ans. 4: Legality and ethicality of the reporters who used hacked (stolen) information in their stories:

* Through publishing the personal information in stories, reporters are also a part of crime.

* This is what making fun of someone feelings.

Ans. 5: Actions of trustify were also not in public favour.

Ans. 6: There are not so much difference in above five questions as all answers lead to disclosure of someone personal information.

Accountability:

* Breach of someone personal information should not be done.

* As per my understanding, these types of sites should not be operational even.

Ans. 7: Implications of the Ashley Madison breach for general privacy concerns regarding digital data:

* Personal data should be kept secure with utmost care. These types of hacking can impact very adversely. And can even take someone's life if disclosed.