August 4, 2015
A recent cyber-attack against Ashley Madison.com, a dating website for people looking to have an affair, has resulted in the release of confidential information of its users. This raised questions about online security and what legal recourse is available to users where personal data has been stolen and/or leaked. More importantly this incident has become the most recent example, in a string, where current outmoded legislation has no effect on the ever changing digital environment.
Many online businesses, including Ashley Madison, are built around the notion of safeguarding user information. Still, as citizens of the internet we must nonetheless assume that, despite assurances to the contrary, our data may be leaked and/or misused. Hence, the push from the public has been to force service providers to provide better security and transparency of use over user data.
However, is all of the above moot? Service providers are not interested in transparency as it undercuts their profitability, and online security cannot be guaranteed given the sophistication displayed by hackers. Instead service providers, like Ashley Madison, have turned to a cheaper legal approach in dealing with the foregoing issues. In summary, they avoid dealing with them.
Ashley Madison’s End User Licence Agreements (“EULA”) includes the following provision:
7. User Submitted Content and Copyrighted Material; Prohibited Uses of Submissions and Ashley Madison and Third-party Materials
By submitting any content (including without limitation, your photograph) to our Site, you represent and warrant to us that the content, including your photograph, is posted by you and that you are the exclusive author of the content, including your photograph, and use of your content by us will not infringe or violate the rights of any third party. You waive absolutely any and all moral rights to be identified as the author of the content, including your photograph, and any similar rights in any jurisdiction in the world. By submitting any content (including without limitation your photograph) to our Site, you automatically grant, and you represent and warrant that you have the right to grant, to us, and our licensees, affiliates and successors, a perpetual, worldwide, exclusive, royalty-free right and license to use, reproduce, display, and modify such content or incorporate into other works such content, and to grant and to authorize sub-licenses of the foregoing.
By the operation of the EULA, the user has absolutely granted their copyright and authorship over “any content” as submitted to Ashley Madison. Ashley Madison, as the grantee, can then choose to protect and use the copyright in any way it sees fit. Users, as a consequence, are left with no simple legal recourse if that copyright is left unprotected and/or misused.
Online service providers, by using copyright in this manner, have corrupted the intention of the law and have been able to skirt responsibility to users. Ashley Madison, outside the ultimate success of its business model and any potential misrepresentations it made, may not owe a duty of care to its users given that it is the ultimate owner and author of said data.
Whether or not the courts have or will address these issues, the continued misuse of the law in this manner by service providers further reinforces and perpetuates the idea that personal information can be owned, and misused. The lack of legislation establishing a legal framework fosters the belief that service providers can own what users upload (including pictures) without any duty, obligation, and/or responsibility to the person to whom that information is intrinsically tied. Such unregulated forces, solely driven by service providers, oblige users to assume all the risk inherent in the use of online services and create a new norm whereby it is accepted that the service providers themselves take no responsibility when the user data they store and collect is misused and/or leaked.