It was the celebrity scandal of 2014, the crime that sent hundreds to their computers, either to look at the stolen goods or to re-assure themselves that, for now, their own nude photographs were safely tucked away in the depths of the cloud. In August 2014, over 500 celebrity photos were stolen from 50 iCloud accounts and 72 Gmail accounts and quickly leaked across the Internet. Now, one of the people behind "Celebgate" is facing prison time for his role in obtaining the photos.
Ryan Collins had a simple scheme: He sent fake Google and Apple security alerts to celebrities and those close to them in an effort to trick victims into giving up their passwords. He will plead guilty to the charges against him in an effort to reduce his sentence. Collins isn't the only one involved in Celebgate (two men in Chicago have also been investigated), but he is the first to be charged in connection to the crime.
In a Department of Justice press release, Eileen M. Decker, United States attorney for the central district of California, was quoted as saying: "Today, people store important private information in their online accounts and in their digital devices. Lawless unauthorized access to such private information is a criminal offense. My Office remains committed to protecting sensitive and personal information from the malicious actions of sophisticated hackers and cyber criminals."
Actress Jennifer Lawrence, who was one of the victims, echoed those sentiments in a 2014 interview with Vanity Fair.
"It is not a scandal. It is a sex crime. It is a sexual violation," she said. "It's disgusting. The law needs to be changed, and we need to change."
Indeed, Collins isn't being charged with a sex crime. In fact, he's being charged with violation of the Computer Fraud and Abuse Act, which carries a maximum penalty of five years of jail time, although the prosecution has recommended an 18-month term.
Why such a low penalty for someone accused of violating the privacy of dozens of women?
As Kyle Chayka explained for Pacific Standard in 2014, the legal precedent goes all the way back to 1925, when Gabrielle Darley Melvin, a former prostitute who had murdered her pimp in 1918, unsuccessfully tried suing a group of filmmakers who made a movie based on her life. The judge in the 1925 lawsuit ruled that "when the incidents of a life are so public as to be spread upon a public record they come within the knowledge and into the possession of the public and cease to be private."
When it comes to online content, we're using the same standards as we did in 1925: The Internet is a public place, and there's no way for someone like Lawrence to assert ownership over images once they're in the public sphere.
What can we do about this situation? The European Union is rolling out a set of laws that enshrine the "Right to Be Forgotten"—an ability to request that inappropriate information be removed from the Internet, or at least made harder to access via public listings. If this existed in the U.S., Lawrence and others would have recourse not only to go after the hackers who made their private data public but to fight their actual proliferation online as well. Until then, no one, celebrity or civilian, is particularly safe.
Even now, a simple Google search will take you to the stolen photos. Until we have the right to be forgotten, the Internet will always remember.