Fighting back against celebrity hacking

With the development of smart phones and cloud storage has come a new and increasingly familiar phenomenon; the hacking, theft, and dissemination of private images of female celebrities.

Perhaps the most high profile example was the hacking of iCloud accounts of such A-list actors as Jennifer Lawrence in 2014. Despite the enormous resources at the disposal of these Hollywood stars, the images quickly spread from the dark web to mainstream online media.

Lawrence, who had to endure the distress and embarrassment of her naked images becoming so widely available, described those who viewed them as having committed a ‘sexual offence’ and that they should ‘cower with shame’. Most recently, Emma Watson, Micha Barton, Amanda Seyfried, and Holly Willoughby have reportedly joined Pippa Middleton, Rihanna, and Jessica Brown Findlay in the lengthening roll call of victims.

Prevention is better than the cure and with private images there is no putting the genie back in the bottle once the images have had even a short time to disseminate. So, being wise after the event, effective security for mobile devices and data storage must become an urgent priority for those in the public eye. Sometimes, a better password or simply applying the available security settings will be enough to deter hackers.

In terms of English civil law, the injunction obtained last year by Pippa Middleton and her fiancée James Matthews stands as a good example of a pro-active step to prevent the wider availability of hacked images. They sought an urgent injunction against ‘persons unknown’ described in the application as those ‘who has or have appropriated, obtained, and/or offered or intend to offer for sale and/or publication images contained in [Ms Middleton’s] iCloud account’.

The injunction was sought on the grounds that there had been a misuse of private information, a breach of confidence, an infringement of copyright, and a breach of statutory obligations under the Data Protection Act. The injunction was granted and could be enforced against the original hacker and in the event that the images were being published by others. As far as I am aware, the images have not become widely available, although this may be as much a consequence of the original hacker’s conduct as the enforcement of the injunction.

In Ms Middleton’s case, there has also been the application of criminal law. Increasingly, the police on both sides of the Atlantic appear to be recognising that these offences must be prosecuted. The media reported that in the case of Ms Middleton’s hacking, arrests were made on the grounds of conspiracy to commit fraud, the possession of a false identity document with improper intent, and offences under the Computer Misuse Act.

Likewise, the hacker of Jennifer Lawrence’s iCloud account was sentenced to nine months in a US prison for unauthorised access to a protected computer to obtain information. Returning to the concept of prevention, effective prosecution and tough sentences in all jurisdictions must play their part in deterring future hackers together with more effective data security strategies to protect personal information.

Dominic Crossley is a partner in the privacy and media law team at Payne Hicks Beach