The Bigger Question Never Asked in Apple’s Celebrity Photo Hack Scandal

Several weeks ago, personal nude photographs of 100 celebrities were released by hackers onto the Internet for everyone to see. The hackers were able to get the photos mainly through Apple’s weak question/answer security system. But from all the discussion conducted through our dysfunctional media, the most important question was not asked: How did these photographs get on the Internet (Apple’s cloud) in the first place?

It’s assumed these celebrities uploaded their nude photos themselves, that they were just not very smart and should have known better. But I suggest that this is not what happened. Around late 2013, Apple began to automatically upload copies of photographs users’ took on their iPhones to Apple’s cloud service (a.k.a. part of the Internet). And here is the real kicker, Apple never bothered to tell its users it was doing this!

The bigger question is why was Apple allowed to upload users’ photographs onto the Internet—without telling them?

I say, “without telling them” because most people who have an iPhone don't realize that by default every photo they take is now being automatically uploaded to the Internet, albeit, in a “safe” password-protected place … ahem … where hackers will not be able to get them. …

Apple is not the only one who started this new policy. I also learned early in 2014 that Google was also uploading my photographs onto the Internet from my Android device—without me knowing until after the fact. I eventually deleted these personal photos that I never intended to put on the Internet, only after going through a maze of websites to figure out how to delete them and how to turn off this new feature. But there they were one day, displayed on the Internet in my Google account, only steps from being displayed to the public or stolen by a hacker. Not only did it create a potential security breach, but it took several hours out of my day to figure out how to prevent Google from doing this again.

I don't have nude photos of myself nor am I a celebrity, but that does not mean that one day I won't read online hackers were able to get all of users' data from Google … or that a new application has been created to use my personal data, which Google decided to sell without my permission. If they decided to upload photographs I take without me knowing, why wouldn't it be probable that they will eventually sell my data? Or a better way to put it: They've done this before (Facebook, etc.), why wouldn't they do it again?

If the true intent of this new policy is to create backups in case your smartphone is damaged or stolen, it’s a pretty weak argument. The fact is most people make backups of their photographs and other data, or have their devices set up to automatically create backups on their personal computers. It’s only a small minority that does not do this. There is already software that has been used for years that automatically syncs your photographs from your device to your personal computer. Why do I need to make a third backup, not to mention creating a new potential security breach?

Which gets back to why we as a society are not asking the important questions that are begging to be asked? Why are we allowing Apple, Google, and others to take our private data now without us knowing? If anything, this feature should only be turned on when the user is informed of the potential consequences of moving their private photos to a "secured" part of the Internet?

I think we have definitely reached a stage in software development that an ethics course be required for software developers.

Also, over the past several years, I've noticed a proliferation of useless, lame software features. It seems software companies are now just creating features (regardless of their usefulness) just so they can sell a new version. Often these features are not only useless, they are often annoying, not to mention, they create new security breaches. So, it wouldn't hurt to also re-educate developers on KISS (Keep It Simple, Stupid).