Celebrity Hacking Scandal Invokes New Cyber Security Concerns
By Maria Cheung
Reviewed by Jennifer Williams
Federal authorities arrested Christopher Chaney, 35, on Wednesday, October 12th for allegedly hacking into the email accounts of various Hollywood starlets including Scarlett Johansson, Mila Kunis and Christina Aguilera, and then posting the personal information he found including nude photos, on the internet. Chaney was arrested at his Jacksonville, Florida, residence by Federal Bureau of Investigation agents and subsequently charged with 26 counts of computer hacking, wiretapping and aggravated identity theft. According to U.S. Attorney André Birotte Jr., Chaney illegally accessed the personal email accounts of more than 50 individuals within the entertainment industry between November 2010 and February 2011.
Mr. Birotte said that authorities had “no information to suggest that [Chaney] profited” from the illegally obtained information. If convicted on all counts, Chaney faces a maximum of 121 years in federal prison. Authorities conducted an 11-month investigation before they arrested Chaney, who allegedly used publicly available information about the victims such as the names of their pets, their favorite movies, an old address, and a sibling’s nickname to guess their passwords and security questions, gaining access to and eventually commandeering their accounts. Once Chaney gained access to the accounts, he allegedly activated a forwarding feature in the accounts that forwarded all of the victims’ emails to his own email account. Thus, he could view his victims’ correspondence even if the victims changed their passwords. The stolen information included movie scripts, financial information, personal messages and even nude photos.
Chaney’s arrest follows a series of high-profile cyber break-ins this summer that targeted major companies, government institutions and law-enforcement authorities. In one particular case, Sony Corp.’s online videogame-services unit was breached, compromising more than 100 million user accounts. In another case, hackers broke into the computer system of an Arizona police department and posted some officers’ personal information on the web.
This case raises awareness about the immense problems plaguing cyber security today. Many of us have our entire lives in our personal email accounts including bank statements, personal conversations, chat histories, work information and even medical information. How can we be sure our information is truly safe from hackers? Of course, we can change our passwords frequently or create stronger passwords but that will only solve the problems temporarily. If hackers want to gain access to personal email accounts, the tragic truth is that they probably can. This is especially true for celebrities, who use the internet to connect with their fans. Some stars, including Ashton Kutcher, Demi Moore and Kim Kardashian, have millions of Twitter followers and are constantly sending out details of their daily lives. Entertainment shows, blog posts and even twitter feeds discuss celebrities’ birthdays, their families’ names and other personal information. Websites such as Wikipedia and imdb.com also serve as an important source of information for hackers.
In my opinion, this case demonstrates why it is important to have more legislation and case law in this area. Although Chaney is a private individual and the Bill of Rights does not apply to his actions (it only applies to the federal government and the states through the 14th Amendment), I believe a strong argument can be made that email accounts should be protected under the 4th Amendment, which protects against unreasonable search and seizures. The text of the 4th Amendment reads: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” I think papers in the statute can be read to include emails, like it can include personal postal mail. Furthermore, in the landmark Supreme Court decision Katz v. United States, in which the government wiretapped a telephone booth, the court ruled that a search occurs only when a person has a reasonable expectation of privacy in the object that is searched. Thus, this inquiry has become a threshold question in 4th Amendment jurisprudence. In this case, these celebrities had a reasonable expectation of privacy in their email accounts and if the government had hacked into their emails instead of Chaney, the hacking would have certainly violated the 4th Amendment. I think legislatures and courts should take this analysis into account and remember the constitutional standards when creating new legislation and ordering court decisions on cyber security. As the internet and electronic communication continues to evolve, the issues of cyber security and cyber privacy will only increase and become more important.