The hacking of Ashley Madison, the social network for adulterers, has a lot in common with other massive breaches. A hefty amount of data was stolen—the personal information of 37 million users is likely compromised by every 10-gigabyte release. In comparison, a 2014 attack on eBay exposed 145 million users, and the 2013 hack on Evernote impacted 50 million, according to a visualization of hacks by Information Is Beautiful. This latest leak is also continuing to flow: The anonymous hackers, who call themselves Impact Team, released another 20 gigabytes on Thursday, which seems to include the email archives of Ashley Madison CEO Noel Biderman.
But the hack stands apart in just how public it has become, as well as the transparency of the data, all with regards to victims who aren't public figures. "We have explained the fraud, deceit, and stupidity of [parent company Avid Life Media] and their members. Now everyone gets to see their data," reads a message that came with Impact Team's initial release.
Motivated by a kind of moral outrage—the hackers are angry that Ashley Madison charged its users to delete their information, and then failed to delete it—the attacks and subsequent data dumps carry an air of vengeance. Where a credit card or password leak is more likely to surface in an illicit, criminal forum, the Ashley Madison hack instead turns its victims into theoretical social criminals by exposing their participation on the platform, which is something of an illicit space itself.
With this leak, we're collectively embarrassed by our own inability to comply with social norms. Its technology itself as a scarlet letter.
There's a simple way of finding out if someone appears in the Ashley Madison data dump. Enter an email address into a text field, just like Google, and a single-service website will spit back a yes or no. An affirmative is the digital equivalent of Hester Prynne's scarlet A—public proof, and subsequent public shaming, that the named at least aspired to adultery. Never mind that this doesn't tell the full story of an account—we don't know how active accounts were, or how many were simply mistaken email inputs, or done as a joke—the hacked data has become suddenly, blatantly visible.
Hence our collective shock. The Internet immediately filled with writers confronting their exes about having accounts on the site, and the hack already resulted in a public apology from reality star and religious conservative Josh Duggar, whose account was uncovered by Gawker (the statement has since been heavily edited). While the Sony leaks may have displayed a similar level of intrusion in uncovering embarrassing and distasteful emails among professionals, the Ashley Madison incident has made the exposure personal and intimate for everyday people, whose secrets are only an email address away.
At one time, we felt betrayed by our technology's inability to keep our secrets, the abstract permeability of databases and vulnerability of server farms to hacking. In the context of the National Security Agency or overly aggressive tech companies, the technology itself was failing to protect us. But the Ashley Madison hack might be closer to the truth. Beyond faulty server security, it's the users who are insecure, prone to error. With this leak, we're collectively embarrassed by our own inability to comply with social norms. It's technology itself as a scarlet letter.
The larger question is, how do we proceed from here? It's clear from users' reactions to the leak that many are feeling shame and fear that their activities will be exposed to friends or partners. One man told Fusion he was "horrified that the leak may wind up hurting people around him."
However tempting it is to look, what's on the screen is not the whole story.
Yet public sentiment also seems to be turning away from this hacker attempt at vigilante justice. Most commentators don't recommend looking up exes or loved ones in an attempt to discover if they've been unfaithful. While the hack might be much more public than most, details and context are still scarce because the data can't reveal everything. As in the case of Hillary Clinton's email, we tend to expect the intimate details of mundane digital files to be revelatory, but they often hide more than they show. However tempting it is to look, what's on the screen is not the whole story.
Impact Team is correct in arguing that Ashley Madison itself must shoulder some of the blame. After all, the company offered to sell its users the ability to delete their data, and clearly couldn't guarantee any such service. In practice, ensuring data is completely deleted is next to impossible. One lesson we might draw from the hack is that users should have closer control over their data, specifically the ability to make it disappear.
Hence the enduring appeal of Europe's "right to be forgotten," a legal precedent that can force Internet companies to remove data permanently. Such a ruling in the United States would ensure that, when accounts are deleted, they don't show up in leaks years later. But the Ashley Madison incident is stuck in a strange paradox. This isn't a celebrity issue; average people with no other public presence are being impacted. We can usually agree that hacking is wrong and breaches of privacy are transgressive. And yet we still want to see the data, to enter a name into the search engine.
This points toward the real conclusion—that the leak isn't about technology exposing us, but of imperfect users exposing themselves, and an audience wanting to see some digital blood drawn. Both Ashley Madison and the hackers are intermediaries for a deeper, very human impulse: to extract public shame from those who wander outside of society's lines.
Disruptions is Kyle Chayka's weekly column for Pacific Standard about personal technology and the way it influences our daily lives.