This has, without doubt, been the weirdest week and a bit of my professional career. This topic has drowned out all others for so many reasons; its scale, the hunt for the hackers and of course the salaciousness of the topic which always rates well in headlines. But there was something else that really got to me and it’s this – the human impact.
Because of my involvement in Have I been pwned? (HIBP) and my consequent blogs on the hack, I got an insane number of emails from those impacted by the attack. I’m talking hundreds every day from people having the worst time of their lives, everything from marriage breakdowns to thoughts of suicide. Earlier this week I wrote Here’s what Ashley Madison members have told me where I tried to illustrate just what this event was doing to real peoples’ lives and I strongly encourage you to read that if perhaps you’re feeling a little unsympathetic or don’t quite see what the big fuss is.
But here’s what got me thinking today: technology decisions were made which lead to the attack being possible in the first place and then exacerbated the impact of it. Most of the time in our industry, bad technology decisions lead to little more than some downtime or loss or revenue (notable examples like medical devices and aviation aside). But there are times when the paths we choose can seriously impact peoples’ lives, even if we’re “just” talking about a website.
For example, Ashley Madison offered a “full delete” service, that is they charged people somewhere in the order of $20 if they wanted to have their data removed (you can imagine how many people later thought better of their decision on a site like that). Expect when they said “full”, what they really meant was “partial” and the very thing people paid to prevent – that is the discovery of their membership on the site – was now on public display. Whilst the membership records were purged, the payment records remained thus giving the game away.
A lot of people asked me why this would happen – I mean isn’t it cheaper for Ashley Madison not to have the data anyway? The problem is that storage is cheap and humans are expensive; it would have been easier for them not to purge payment records and pay for the extra storage then to implement the features to kill all traces of the data.
Another good example is the way they stored IP addresses. They had IP addresses on membership records and IP addresses on payment records and whilst yes, this provides some value in terms of fraud detection and other troubleshooting, it doesn’t do a lot for anonymity and discretion which was what the site promoted itself on. As a result, even entirely “anonymous” profiles leave a paper trail back to the individual.
Same again with capturing the latitude and longitude down to 5 decimal places. The premise of anonymity is great until you geotag someone’s precise house because very uniquely identifiable data about them was captured! Now yes, you need some geographic data in order to match people with those in close proximity, but that doesn’t need to pinpoint people to precise locations and is a great illustration of exactly what I’m talking about.
When these decisions were made by the folks building out the Ashley Madison service, I doubt they stopped to think “could this detriment their ability to get a job in the future”? Or perhaps “might this decision cause someone to lose their family if things go wrong – or far worse”? I probably wouldn’t have thought that myself before this incident and I suspect neither would you. I encourage everyone to read through what Ashley Madison members have told me if for no other reason than to understand that our decisions as technology professionals can have serious real world consequences.