Bree Fowler of AP explains why victims of the AshleyMadison.com breach may have a tough time trying to sue Avid Life Media over the breach. Citing one lawyer’s opinion, Fowler reports:
Regardless, Vernick says most courts have ruled that people can’t sue breached companies just because they face the possibility of becoming victims of credit card fraud or identity theft. At the same time, the humiliation that could result from a person’s Ashley Madison membership becoming public probably isn’t a big enough deal in the eyes of the courts to allow a lawsuit to go forward, he says.
Embarrassment isn’t a “big enough deal?” If a person’s sexual fantasies and preferences are exposed to colleagues and employers, that’s not a big enough deal? How about if marriages break up? If children’s beliefs about their father or mother are wrecked? If people in the military are found to have breached military code of conduct and their military career or security clearance is impacted?
What’s a “big enough” non-financial harm that courts will recognize in data breaches?
And is it possible that non-financial claims might stand a better chance than suits in which consumers suffer no actual financial harm because banks reimburse them for any fraudulent activity on payment cards? Is there a stronger case for social harm/injury than for worry and time spent being vigilant over credit reports?
Scott Vernick may be right, but in a perfect world (as defined by ME), he shouldn’t be right. Those harms are significant and need to be considered. Not everything is about financial fraud.
Of course, there are those who will claim that any plaintiffs assumed the risk by signing up for this type of site. But that defense should be considered later – after the issue of standing – shouldn’t it?
Read more on Thai Visa.
In the meantime, Avid Life Media has lawyered up. And as part of their strategy, they seem to be trying to use DMCA takedown notices to get data removed the web and even from news stories or tweets. Trying to claim copyright over the hacked material is not sitting well with some:
Ashley Madison still stretching copyright law to save face? Looks like they’ve sent DMCA notices to http://t.co/FVoZt4Wdjo
— Evan Brown (@internetcases) August 19, 2015
.@internetcases @PogoWasRight wow, their lawyers have learned nothing from past 512(f) caselaw like OPG v. Diebold?!
— Joseph Lorenzo Hall (@JoeBeOne) August 19, 2015
I think more of these lawsuits would win if they concentrated on obtaining funds for more than one year of Identity Theft protection. I think 3-5 years worth of coverage per incident which can be cumulative in nature is a good round figure that should protect most potential victims.
Greed will get you now where in the Justice system. You have to show that the information that was leaked was directly tied to you losing something significant. The other side can use the bad evidence on their side as well, saying that a “flaw” in the email system would allow anyone to signup your email accounts and thus provide an unauthorized account in your behalf. Unless some sort of CC transaction ties you to the site and to your account, your fighting a very difficult uphill battle every step of the way.
The other side can also claim that it is your personal choice to sign up for such a service, and since you opted in, it is not responsible for your actions which resulted in a potential divorce or splitting up of significant others.
Their actions are way too late. Literally hundreds of thousands of people have downloaded these files and are digging through them as we type. As one is ripped down, four or five others emerge.
What I find interesting about some of the generic comments out there is that there were a lot less female clientele than what AM advertised. Alot of the female profiles were created by men, but it wasn’t clear if this was done from the inside or outside. Again, not having any email user validation what so ever is absolutely ludicrous for this type of website. If this was overlooked or just not implemented, it was the first of many potential issues that might pop up in the tearing apart of this site. Salted Hash over at CSO Online has an article that was dug out of the AM files which interviewed most of the senior leadership, and the more common comments were about security, data breach/leak and employee issues/insider threats.
Commmon, if your a company that is hosting a controversial website(s), and you read the news about all of the breaches that have happened the last few years and you “dont think” your going to be on some ones hit list, you either need to be revived, or find another job. Obviously the security and incident response of this site is the pits, and in the end, the dire truth comes out – Only the people who have signed up for this…… “service” are the ones that are going to have to explain / endure what fallout will come from all of this.
Might all come down to jurisdictions maybe. no clue honestly. What may pass in Canada may not pass in the US. What may not pass in both Canada and the US, may pass in Quebec. We need opinions from lawyers in many different jurisdictions. I see many multiple class actions on the horizon.
Also, there appears to be another data dump. This time 20-gigs of data instead of 10. Can anyone verify?
Per the CBC:
http://www.cbc.ca/news/technology/ashley-madison-data-1.3198101
It appears some gov institutions are looking at the emails of their employee’s that were dumped and verifying if they misused gov computers. This means logs are being looked at.
So while AM/Avid may say:
“..the personal details exposed in the initial data leak can’t be used to prove the infidelity of their clients.”
The gov sure as hell is after proving it, and it appears to be looking at misuse.
No harm?
I’ve posted a bit about the second data dump. It’s likely genuine, but still in the process of downloading it.
Seems the US military is may go after people as well:
http://www.torontosun.com/2015/08/20/emails-sent-ashley-madisons-founder-leaked-online-report
“”I’m aware of it. Of course it’s an issue because conduct is very important. We expect good conduct on the part of our people,” Carter said. “The services are looking into it, as well they should be, absolutely.”
U.S. military culture emphasizes faithfulness to family and family life, values seen as particularly important in an environment where troops often have to spend months deployed away from their spouses and children.
Adultery is a violation of military law, punishable under the Uniform Code of Military Justice, but it is difficult to prosecute because of the high standards of evidence required and sometimes shows up instead as conduct unbecoming an officer.”
HA! All the so-called person has to say is, some one else signed them up for the service. There is NO email vailidation system whatsoever. Do you honestly think AM is going to provide any outside investigation teams information to prosecute people from the website? All the people have to say is, how do they know the dump is still intact? Was there any tampering of the data? Who knows…. You can’t trust the word of the hacker(s) that performed the issue, and AM is not going to willingly give anyone outside any information what so ever.
This is more of a publicity “shock and awe” tactic for political face time and to squelch the press, as well any who may want to utilize these types of services.