Skip to main content

Keep nude photos offline? Here's a better idea

By Woodrow Hartzog
September 4, 2014 -- Updated 1837 GMT (0237 HKT)
  • Hartzog: It's misguided to think key to Internet privacy is keeping things offline
  • We should demand security from companies that handle our online information, he says
  • We should insist on design features, notifications that let us safeguard our own information
  • Hartzog: Companies that don't protect data must be held accountable by law

Editor's note: Woodrow Hartzog is an associate professor at Samford University's Cumberland School of Law and an affiliate scholar at the Center for Internet and Society at Stanford Law School. The opinions expressed in this commentary are solely those of the author.

(CNN) -- "If you want to keep something private, keep it offline."

This has been a popular reaction to stories about the targeted attack on celebrities' cloud storage accounts that resulted in the publication of intimate photos. There's something intuitive in this way of thinking. After all, folks can't wrongfully access data that doesn't exist. But it's simplistic logic, and misguided when viewed as the ethic that should guide digital age conduct.

Blaming the victims of these attacks distracts us from the greater importance of people and companies working together to protect online information.

Woody Hartzog
Woody Hartzog

We should not, of course, be reckless about what we share online and whom we share it with. But keeping sensitive information off the Internet is no cure-all response to these attacks. Taken to its logical conclusion, the "keep it to yourself" mindset would require that we virtually give up using the Internet.

Most of the things we share online leave us all exposed in some way, even if the vulnerability is incremental. And, let's face it, even if it were possible for people to stay off the Internet and still function in society, we generally can't keep others from sharing our personal information online.

Putting all the responsibility on people to "keep it offline" ignores the responsibility of companies entrusted with our personal information. Instead of becoming digital recluses, we should demand reasonable security from companies, as well as design features and notifications that will empower us to protect our own information in reasonable ways.

Not everyone (though more than some might think) can relate to sending or storing intimate photos and videos online. But most of us have shared or stored something online in such a way that would be quite hurtful if widely publicized. For example, we commonly share credit card numbers, health information, emails to loved ones, and photos that, if taken out of context, might be misinterpreted in harmful ways.

Even innocuous information in the aggregate can reveal deeply personal and private things about all of us. Does this mean we should have kept all these photos, emails, and documents offline? For most people, using the Internet is a virtual necessity to participate in modern society.

Admittedly, data security can never be perfect. There is a some risk inherent in using any technology. But the burden of predicting an infinite number of speculative harms each time every one of us sends an email, stores a photo online, or makes a commercial transaction using the Internet is simply too great for any of us to bear alone.

So what can we do? In the short term, we can insist on better security protections from companies. At this point, every important online service should probably offer two-factor authentication.

Opinion: Who's at fault over J-Law's nude photo hack?

Conan's embarrassing celeb photos
FBI's role in celeb hack investigation

Two-factor authentication is an account verification technique that requires more than just a password. It usually requires both "something you know" (like a password) and "something you have" (like your phone). The way it usually works is that once you've activated the feature and given the service your cell phone number, when you want to access your account, you'll have to provide both your password and an automatically generated code that is sent to your phone. This protects your account from people who can guess your password but don't have your phone.

Some have suggested a "private photo" mode for phones that would prevent pictures from being uploaded to the Internet.

But creating these protections won't be enough. Companies must continually notify users these protections exist, make them easy to find and use, and quickly let users know of any potentially unexpected vulnerabilities. For example, many were surprised to learn that the celebrities' nude photos contained location information.

Ultimately, companies that fail to provide industry-standard data security practices should be held accountable by law. The Federal Trade Commission and other administrative agencies and laws designed to protect consumers must continue to ensure that companies entrusted with personal information respect the process of data security.

Working together, we can avoid having to choose between "enter at your own risk" and living a life disconnected from the modern world.

Read CNNOpinion's new Flipboard magazine.

Follow us on Twitter @CNNOpinion.

Join us on

Part of complete coverage on
December 20, 2014 -- Updated 0242 GMT (1042 HKT)
Conservatives know easing the trade embargo with Cuba is good for America. They should just admit it, says Fareed Zakaria.
December 20, 2014 -- Updated 0112 GMT (0912 HKT)
We're a world away from Pakistan in geography, but not in sentiment, writes Donna Brazile.
December 19, 2014 -- Updated 1709 GMT (0109 HKT)
How about a world where we have murderers but no murders? The police still chase down criminals who commit murder, we have trials and justice is handed out...but no one dies.
December 18, 2014 -- Updated 2345 GMT (0745 HKT)
The U.S. must respond to North Korea's alleged hacking of Sony, says Christian Whiton. Failing to do so will only embolden it.
December 19, 2014 -- Updated 2134 GMT (0534 HKT)
President Obama has been flexing his executive muscles lately despite Democrat's losses, writes Gloria Borger
December 18, 2014 -- Updated 1951 GMT (0351 HKT)
Jeff Yang says the film industry's surrender will have lasting implications.
December 18, 2014 -- Updated 2113 GMT (0513 HKT)
Newt Gingrich: No one should underestimate the historic importance of the collapse of American defenses in the Sony Pictures attack.
December 10, 2014 -- Updated 1255 GMT (2055 HKT)
Dean Obeidallah asks how the genuine Stephen Colbert will do, compared to "Stephen Colbert"
December 18, 2014 -- Updated 1734 GMT (0134 HKT)
Some GOP politicians want drug tests for welfare recipients; Eric Liu says bailed-out execs should get equal treatment
December 18, 2014 -- Updated 1342 GMT (2142 HKT)
Louis Perez: Obama introduced a long-absent element of lucidity into U.S. policy on Cuba.
December 16, 2014 -- Updated 1740 GMT (0140 HKT)
The slaughter of more than 130 children by the Pakistani Taliban may prove as pivotal to Pakistan's security policy as the 9/11 attacks were for the U.S., says Peter Bergen.
December 17, 2014 -- Updated 1600 GMT (0000 HKT)
The Internet is an online extension of our own neighborhoods. It's time for us to take their protection just as seriously, says Arun Vishwanath.
December 16, 2014 -- Updated 2154 GMT (0554 HKT)
Gayle Lemmon says we must speak out for the right of children to education -- and peace
December 17, 2014 -- Updated 1023 GMT (1823 HKT)
Russia's economic woes just seem to be getting worse. How will President Vladimir Putin respond? Frida Ghitis gives her take.
December 17, 2014 -- Updated 0639 GMT (1439 HKT)
Australia has generally seen itself as detached from the threat of terrorism. The hostage incident this week may change that, writes Max Barry.
December 12, 2014 -- Updated 2020 GMT (0420 HKT)
Thomas Maier says the trove of letters the Kennedy family has tried to guard from public view gives insight into the Kennedy legacy and the history of era.
December 15, 2014 -- Updated 1456 GMT (2256 HKT)
Will Congress reform the CIA? It's probably best not to expect much from Washington. This is not the 1970s, and the chances for substantive reform are not good.
December 15, 2014 -- Updated 2101 GMT (0501 HKT)
From superstorms to droughts, not a week goes by without a major disruption somewhere in the U.S. But with the right planning, natural disasters don't have to be devastating.
December 15, 2014 -- Updated 1453 GMT (2253 HKT)
Would you rather be sexy or smart? Carol Costello says she hates this dumb question.
December 14, 2014 -- Updated 2253 GMT (0653 HKT)
A story about Pope Francis allegedly saying animals can go to heaven went viral late last week. The problem is that it wasn't true. Heidi Schlumpf looks at the discussion.
December 14, 2014 -- Updated 1550 GMT (2350 HKT)
Democratic leaders should wake up to the reality that the party's path to electoral power runs through the streets, where part of the party's base has been marching for months, says Errol Louis
December 13, 2014 -- Updated 2123 GMT (0523 HKT)
David Gergen: John Brennan deserves a national salute for his efforts to put the report about the CIA in perspective
December 12, 2014 -- Updated 1426 GMT (2226 HKT)
Anwar Sanders says that in some ways, cops and protesters are on the same side
December 11, 2014 -- Updated 1439 GMT (2239 HKT)
A view by Samir Naji, a Yemeni who was accused of serving in Osama bin Laden's security detail and imprisoned for nearly 13 years without charge in Guantanamo Bay
December 14, 2014 -- Updated 1738 GMT (0138 HKT)
S.E. Cupp asks: How much reality do you really want in your escapist TV fare?