Skip to main content

Keep nude photos offline? Here's a better idea

By Woodrow Hartzog
September 4, 2014 -- Updated 1837 GMT (0237 HKT)
  • Hartzog: It's misguided to think key to Internet privacy is keeping things offline
  • We should demand security from companies that handle our online information, he says
  • We should insist on design features, notifications that let us safeguard our own information
  • Hartzog: Companies that don't protect data must be held accountable by law

Editor's note: Woodrow Hartzog is an associate professor at Samford University's Cumberland School of Law and an affiliate scholar at the Center for Internet and Society at Stanford Law School. The opinions expressed in this commentary are solely those of the author.

(CNN) -- "If you want to keep something private, keep it offline."

This has been a popular reaction to stories about the targeted attack on celebrities' cloud storage accounts that resulted in the publication of intimate photos. There's something intuitive in this way of thinking. After all, folks can't wrongfully access data that doesn't exist. But it's simplistic logic, and misguided when viewed as the ethic that should guide digital age conduct.

Blaming the victims of these attacks distracts us from the greater importance of people and companies working together to protect online information.

Woody Hartzog
Woody Hartzog

We should not, of course, be reckless about what we share online and whom we share it with. But keeping sensitive information off the Internet is no cure-all response to these attacks. Taken to its logical conclusion, the "keep it to yourself" mindset would require that we virtually give up using the Internet.

Most of the things we share online leave us all exposed in some way, even if the vulnerability is incremental. And, let's face it, even if it were possible for people to stay off the Internet and still function in society, we generally can't keep others from sharing our personal information online.

Putting all the responsibility on people to "keep it offline" ignores the responsibility of companies entrusted with our personal information. Instead of becoming digital recluses, we should demand reasonable security from companies, as well as design features and notifications that will empower us to protect our own information in reasonable ways.

Not everyone (though more than some might think) can relate to sending or storing intimate photos and videos online. But most of us have shared or stored something online in such a way that would be quite hurtful if widely publicized. For example, we commonly share credit card numbers, health information, emails to loved ones, and photos that, if taken out of context, might be misinterpreted in harmful ways.

Even innocuous information in the aggregate can reveal deeply personal and private things about all of us. Does this mean we should have kept all these photos, emails, and documents offline? For most people, using the Internet is a virtual necessity to participate in modern society.

Admittedly, data security can never be perfect. There is a some risk inherent in using any technology. But the burden of predicting an infinite number of speculative harms each time every one of us sends an email, stores a photo online, or makes a commercial transaction using the Internet is simply too great for any of us to bear alone.

So what can we do? In the short term, we can insist on better security protections from companies. At this point, every important online service should probably offer two-factor authentication.

Opinion: Who's at fault over J-Law's nude photo hack?

Conan's embarrassing celeb photos
FBI's role in celeb hack investigation

Two-factor authentication is an account verification technique that requires more than just a password. It usually requires both "something you know" (like a password) and "something you have" (like your phone). The way it usually works is that once you've activated the feature and given the service your cell phone number, when you want to access your account, you'll have to provide both your password and an automatically generated code that is sent to your phone. This protects your account from people who can guess your password but don't have your phone.

Some have suggested a "private photo" mode for phones that would prevent pictures from being uploaded to the Internet.

But creating these protections won't be enough. Companies must continually notify users these protections exist, make them easy to find and use, and quickly let users know of any potentially unexpected vulnerabilities. For example, many were surprised to learn that the celebrities' nude photos contained location information.

Ultimately, companies that fail to provide industry-standard data security practices should be held accountable by law. The Federal Trade Commission and other administrative agencies and laws designed to protect consumers must continue to ensure that companies entrusted with personal information respect the process of data security.

Working together, we can avoid having to choose between "enter at your own risk" and living a life disconnected from the modern world.

Read CNNOpinion's new Flipboard magazine.

Follow us on Twitter @CNNOpinion.

Join us on

Part of complete coverage on
October 17, 2014 -- Updated 2334 GMT (0734 HKT)
The world's response to Ebola is its own sort of tragedy, writes John Sutter
October 17, 2014 -- Updated 2033 GMT (0433 HKT)
Hidden away in Russian orphanages are thousands of children with disabilities who aren't orphans, whose harmful treatment has long been hidden from public view, writes Andrea Mazzarino
October 18, 2014 -- Updated 1722 GMT (0122 HKT)
When you hear "trick or treat" this year, think "nudge," writes John Bare
October 18, 2014 -- Updated 0442 GMT (1242 HKT)
The more than 200 kidnapped Nigerian schoolgirls have become pawns in a larger drama, writes Richard Joseph.
October 17, 2014 -- Updated 1345 GMT (2145 HKT)
Peggy Drexler said Amal Alamuddin was accused of buying into the patriarchy when she changed her name to Clooney. But that was her choice.
October 16, 2014 -- Updated 2043 GMT (0443 HKT)
Ford Vox says the CDC's Thomas Frieden is a good man with a stellar resume who has shown he lacks the unique talents and vision needed to confront the Ebola crisis
October 18, 2014 -- Updated 0858 GMT (1658 HKT)
How can such a numerically small force as ISIS take control of vast swathes of Syria and Iraq?
October 17, 2014 -- Updated 1342 GMT (2142 HKT)
How big a threat do foreign fighters in Syria and Iraq pose to the West? It's a question that has been much on the mind of policymakers and commentators.
October 17, 2014 -- Updated 1221 GMT (2021 HKT)
More than a quarter-million American women served honorably in the Iraq and Afghanistan wars. Now they are home, we have an obligation to help them transition back to civilian life.
October 16, 2014 -- Updated 2027 GMT (0427 HKT)
Paul Begala says Rick Scott's deeply weird refusal to begin a debate because rival Charlie Crist had a fan under his podium spells disaster for the Florida governor--delighting Crist
October 16, 2014 -- Updated 0407 GMT (1207 HKT)
The longer we wait to engage on Ebola, the more limited our options will become, says Marco Rubio.
October 15, 2014 -- Updated 1153 GMT (1953 HKT)
Democratic candidates who run from President Obama in red states where he is unpopular are making a big mistake, says Donna Brazile
October 16, 2014 -- Updated 0429 GMT (1229 HKT)
At some 7 billion people, the world can sometimes seem like a crowded place. But if the latest estimates are to be believed, then in less than a century it is going to feel even more so -- about 50% more crowded, says Evan Fraser
October 16, 2014 -- Updated 1938 GMT (0338 HKT)
Paul Callan says the Ebola situation is pointing up the need for better leadership
October 15, 2014 -- Updated 2245 GMT (0645 HKT)
Nurses are the unsung heroes of the Ebola outbreak. Yet, there are troubling signs we're failing them, says John Sutter
October 15, 2014 -- Updated 1700 GMT (0100 HKT)
Dean Obeidallah says it's a mistake to give up a business name you've invested energy in, just because of a new terrorist group
October 15, 2014 -- Updated 2301 GMT (0701 HKT)
Fear of Ebola is contagious, writes Mel Robbins; but it's time to put the disease in perspective
October 14, 2014 -- Updated 1744 GMT (0144 HKT)
Oliver Kershaw says that if Big Tobacco is given monopoly of e-cigarette products, public health will suffer.
October 18, 2014 -- Updated 1335 GMT (2135 HKT)
Stop thinking your job will make you happy.
October 15, 2014 -- Updated 0208 GMT (1008 HKT)
Ruben Navarrette says it's time to deal with another scandal involving the Secret Service — one that leads directly into the White House.
October 14, 2014 -- Updated 1125 GMT (1925 HKT)
Americans who choose to fight for militant groups or support them are young and likely to be active in jihadist social media, says Peter Bergen
October 13, 2014 -- Updated 1303 GMT (2103 HKT)
Stephanie Coontz says 11 years ago only one state allowed same sex marriage. Soon, some 60% of Americans will live where gays can marry. How did attitudes change so quickly?
October 14, 2014 -- Updated 2004 GMT (0404 HKT)
Legalizing assisted suicide seems acceptable when focusing on individuals. But such laws would put many at risk of immense harm, writes Marilyn Golden.
October 13, 2014 -- Updated 1307 GMT (2107 HKT)
Julian Zelizer says the issues are huge, but both parties are wrestling with problems that alienate voters
October 13, 2014 -- Updated 2250 GMT (0650 HKT)
Mel Robbins says the town's school chief was right to cancel the season, but that's just the beginning of what needs to be done
October 11, 2014 -- Updated 1543 GMT (2343 HKT)
He didn't discover that the world was round, David Perry writes. So what did he do?