Skip to main content

Keep nude photos offline? Here's a better idea

By Woodrow Hartzog
September 4, 2014 -- Updated 1837 GMT (0237 HKT)
  • Hartzog: It's misguided to think key to Internet privacy is keeping things offline
  • We should demand security from companies that handle our online information, he says
  • We should insist on design features, notifications that let us safeguard our own information
  • Hartzog: Companies that don't protect data must be held accountable by law

Editor's note: Woodrow Hartzog is an associate professor at Samford University's Cumberland School of Law and an affiliate scholar at the Center for Internet and Society at Stanford Law School. The opinions expressed in this commentary are solely those of the author.

(CNN) -- "If you want to keep something private, keep it offline."

This has been a popular reaction to stories about the targeted attack on celebrities' cloud storage accounts that resulted in the publication of intimate photos. There's something intuitive in this way of thinking. After all, folks can't wrongfully access data that doesn't exist. But it's simplistic logic, and misguided when viewed as the ethic that should guide digital age conduct.

Blaming the victims of these attacks distracts us from the greater importance of people and companies working together to protect online information.

Woody Hartzog
Woody Hartzog

We should not, of course, be reckless about what we share online and whom we share it with. But keeping sensitive information off the Internet is no cure-all response to these attacks. Taken to its logical conclusion, the "keep it to yourself" mindset would require that we virtually give up using the Internet.

Most of the things we share online leave us all exposed in some way, even if the vulnerability is incremental. And, let's face it, even if it were possible for people to stay off the Internet and still function in society, we generally can't keep others from sharing our personal information online.

Putting all the responsibility on people to "keep it offline" ignores the responsibility of companies entrusted with our personal information. Instead of becoming digital recluses, we should demand reasonable security from companies, as well as design features and notifications that will empower us to protect our own information in reasonable ways.

Not everyone (though more than some might think) can relate to sending or storing intimate photos and videos online. But most of us have shared or stored something online in such a way that would be quite hurtful if widely publicized. For example, we commonly share credit card numbers, health information, emails to loved ones, and photos that, if taken out of context, might be misinterpreted in harmful ways.

Even innocuous information in the aggregate can reveal deeply personal and private things about all of us. Does this mean we should have kept all these photos, emails, and documents offline? For most people, using the Internet is a virtual necessity to participate in modern society.

Admittedly, data security can never be perfect. There is a some risk inherent in using any technology. But the burden of predicting an infinite number of speculative harms each time every one of us sends an email, stores a photo online, or makes a commercial transaction using the Internet is simply too great for any of us to bear alone.

So what can we do? In the short term, we can insist on better security protections from companies. At this point, every important online service should probably offer two-factor authentication.

Opinion: Who's at fault over J-Law's nude photo hack?

Conan's embarrassing celeb photos
FBI's role in celeb hack investigation

Two-factor authentication is an account verification technique that requires more than just a password. It usually requires both "something you know" (like a password) and "something you have" (like your phone). The way it usually works is that once you've activated the feature and given the service your cell phone number, when you want to access your account, you'll have to provide both your password and an automatically generated code that is sent to your phone. This protects your account from people who can guess your password but don't have your phone.

Some have suggested a "private photo" mode for phones that would prevent pictures from being uploaded to the Internet.

But creating these protections won't be enough. Companies must continually notify users these protections exist, make them easy to find and use, and quickly let users know of any potentially unexpected vulnerabilities. For example, many were surprised to learn that the celebrities' nude photos contained location information.

Ultimately, companies that fail to provide industry-standard data security practices should be held accountable by law. The Federal Trade Commission and other administrative agencies and laws designed to protect consumers must continue to ensure that companies entrusted with personal information respect the process of data security.

Working together, we can avoid having to choose between "enter at your own risk" and living a life disconnected from the modern world.

Read CNNOpinion's new Flipboard magazine.

Follow us on Twitter @CNNOpinion.

Join us on

Part of complete coverage on
November 24, 2014 -- Updated 2310 GMT (0710 HKT)
If Obama thinks pushing out Hagel will be seen as the housecleaning many have eyed for his national security process, he'll be disappointed, says David Rothkopf.
November 25, 2014 -- Updated 1311 GMT (2111 HKT)
The decision by the St. Louis County prosecuting attorney to announce the Ferguson grand jury decision at night was dangerous, says Jeff Toobin.
November 25, 2014 -- Updated 0857 GMT (1657 HKT)
China's influence in Latin America is nothing new. Beijing has a voracious appetite for natural resources and deep pockets, says Frida Ghitis.
November 24, 2014 -- Updated 2151 GMT (0551 HKT)
Iranian President Hassan Rouhani speaks during a press conference in the capital Tehran on June 14, 2014.
The decision to extend the deadline for talks over Iran's nuclear program doesn't change Tehran's dubious history on the issue, writes Michael Rubin.
November 21, 2014 -- Updated 1925 GMT (0325 HKT)
Maria Cardona says Republicans should appreciate President Obama's executive action on immigration.
November 21, 2014 -- Updated 1244 GMT (2044 HKT)
Van Jones says the Hunger Games is a more sweeping critique of wealth inequality than Elizabeth Warren's speech.
November 20, 2014 -- Updated 2329 GMT (0729 HKT)
obama immigration
David Gergen: It's deeply troubling to grant legal safe haven to unauthorized immigrants by executive order.
November 21, 2014 -- Updated 0134 GMT (0934 HKT)
Charles Kaiser recalls a four-hour lunch that offered insight into the famed director's genius.
November 20, 2014 -- Updated 2012 GMT (0412 HKT)
The plan by President Obama to provide legal status to millions of undocumented adults living in the U.S. leaves Republicans in a political quandary.
November 21, 2014 -- Updated 0313 GMT (1113 HKT)
Despite criticism from those on the right, Obama's expected immigration plans won't make much difference to deportation numbers, says Ruben Navarette.
November 21, 2014 -- Updated 0121 GMT (0921 HKT)
As new information and accusers against Bill Cosby are brought to light, we are reminded of an unshakable feature of American life: rape culture.
November 20, 2014 -- Updated 2256 GMT (0656 HKT)
When black people protest against police violence in Ferguson, Missouri, they're thought of as a "mob."
November 19, 2014 -- Updated 2011 GMT (0411 HKT)
Lost in much of the coverage of ISIS brutality is how successful the group has been at attracting other groups, says Peter Bergen.
November 19, 2014 -- Updated 1345 GMT (2145 HKT)
Do recent developments mean that full legalization of pot is inevitable? Not necessarily, but one would hope so, says Jeffrey Miron.
November 19, 2014 -- Updated 1319 GMT (2119 HKT)
We don't know what Bill Cosby did or did not do, but these allegations should not be easily dismissed, says Leslie Morgan Steiner.
November 19, 2014 -- Updated 1519 GMT (2319 HKT)
Does Palestinian leader Mahmoud Abbas have the influence to bring stability to Jerusalem?
November 19, 2014 -- Updated 1759 GMT (0159 HKT)
Even though there are far fewer people being stopped, does continued use of "broken windows" strategy mean minorities are still the target of undue police enforcement?
November 18, 2014 -- Updated 0258 GMT (1058 HKT)
The truth is, we ran away from the best progressive persuasion voice in our times because the ghost of our country's original sin still haunts us, writes Cornell Belcher.
November 18, 2014 -- Updated 2141 GMT (0541 HKT)
Children living in the Syrian city of Aleppo watch the sky. Not for signs of winter's approach, although the cold winds are already blowing, but for barrel bombs.
November 17, 2014 -- Updated 1321 GMT (2121 HKT)
We're stuck in a kind of Middle East Bermuda Triangle where messy outcomes are more likely than neat solutions, says Aaron David Miller.
November 17, 2014 -- Updated 1216 GMT (2016 HKT)
In the midst of the fight against Islamist rebels seeking to turn the clock back, a Kurdish region in Syria has approved a law ordering equality for women. Take that, ISIS!
November 17, 2014 -- Updated 0407 GMT (1207 HKT)
Ruben Navarrette says President Obama would be justified in acting on his own to limit deportations