Anonymous Plaintiffs File Misguided Lawsuit Against Amazon, GoDaddy, Others Over Ashley Madison Hack

from the more-angry-than-right dept

Given the sensitive nature of the data obtained in the Ashley Madison hack, it was inevitable that lawsuits would follow. The company seemed less interested in protecting its users' privacy and more interested in selling them the "privilege" of deleting their accounts and the information contained therein, should they suddenly have a crisis of conscience. (And that information appears to not have actually been deleted, despite the company's promise to do so.)

And, given the sensitive nature of the data, it was inevitable that a lawsuit would be filed that focused less on coherent legal arguments than the plaintiffs' anger at being included in a data breach that would also expose their extramarital endeavors. Alexander J. Martin of The Register has obtained a filing from just such a lawsuit.

Three John Doe plaintiffs have filed a complaint (PDF) against Amazon Web Services, GoDaddy, and 20 John Roes (anonymous defendants), in the Arizona District Court, for "intentionally inflicting emotional distress upon Ashley Madison users."

The plaintiffs want not less than $3m in damages or losses, and a jury trial to boot, and complain that the hack has resulted in them becoming victims to threats and extortion.
The misguided arguments begin almost immediately. As noted above, the plaintiffs have named Amazon and GoDaddy as defendants (referring to them as "internet service providers"), solely because copies of the "stolen data" are hosted at sites serviced by both.
While at least one class action has been filed by users against Ashley Madison for its failure to property [sic] secure the hacked information, this action deals with a different injury inflicted upon Ashley Madison users by persons and entities who have obtained the stolen data, repurposed it such that it is more readily accessible and searchable by the media and curious Internet users, and actively distributed it for their own gain. While these persons and entities may labor under the belief that their actions are entrepreneurial rather than criminal, the fact remains that they are in willful possession of stolen property.
Section 230 should see both these parties dumped from the lawsuit shortly after their responses are filed. Neither can be held responsible for copies of Ashley Madison user data uploaded to websites/online storage by third parties, and no amount of indignation is going to change that.

This would leave the plaintiffs in the position of trying to unmask the following unknown entities, none of which are tied directly to the hacking, much less hosting the stolen data central to the plaintiffs' arguments.
John Roe 1, the owner/operator of ashleymadisonpowersearch.com and adulterysearch.com
John Roe 2 the owner/operator of ashleymadisoninvestigations.com
John Roe 3 the owner/operator of greyhatpro.com
John Roes 4-20 who "are unknown at this time, but are believed to be, among other persons or entities, additional Internet service providers and website operators trafficking in the Stolen Data"
As for the first Roe, the website notes (multiple times) that it doesn't host the data, nor has it requested any ISP host it on its behalf. Ashley Madison Investigations also points out that it hosts no copies of the hacked data, but rather pulls its information from "public databases." Greyhat Pro is the only site that offers no disclaimer about the location of the database it's using in its search.

Unless the plaintiffs and their lawyers have access to information proving otherwise, this claim is likely false:
Roe 1, Roe 2, and Roe 3 each own and/or operate a website within this cottage industry, wherein the Roe Defendant has copied a portion and/or all of the Stolen Data and made it searchable through the Roe Defendant’s website (collectively, the “Roe Websites”). As such, each of these Roe Defendants is in willful and knowing possession of stolen property—namely, the Stolen Data.
Screenshots of the websites are included in the filing, but notably none of them include snapshots of the statements pointing out that two of the Roe defendants are not in direct possession of the data.

Ashley Madison Power Search/AdulterySearch:


Ashley Madison Investigations:


So, the prognosis for this lawsuit isn't good. As if to buttress the likelihood of failure, the filing -- which relies heavily on California statutes -- cites a Canadian court decision in support of its overall argument.
Indeed, in recognition of the fact that Ashley Madison data contains confidential information and constitutes stolen property, a Canadian court, the Ontario Superior Court of Justice, issued a restraining order requiring several websites and Internet service providers to immediately disable the Ashley Madison data, deeming it “offence related property in respect of which order of forfeiture may be made under the [Ontario] Criminal Code.”
Canadian law has no Section 230 equivalent, which greatly assists in its courts coming to these sorts of conclusions. And, it must be noted, it cannot order US-based sites to comply with its directives.

Basically, the suit hopes to hold all of these parties accountable for the digital equivalent of receiving and selling stolen goods, plus additional damages for emotional distress. It also attempts to portray the reputation repair/protection services offered by these sites as a violation of the CFAA, citing the following sections of that law.
(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—

[...]

(B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or

(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion
All of the sites mentioned offer people the (very dubious) opportunity to find out if their information is contained in the data, along with other details (whether it includes credit card data, etc.). The transaction is voluntary and none of the sites make any threats about publishing sensitive data if potential customers decide not to take advantage of the offered services. Considering the information is available elsewhere, these offers are generally worthless. They're unsavory and opportunistic, but they aren't extortion.

While I do have some sympathy for those whose lives have been negatively affected by the dissemination of this data, a lawsuit pursuing anyone but Ashley Madison or those behind the hacking is little more than casting about wildly in hopes that someone will recompense them for the wrongs they've suffered, while being willing to let any "someone" pay for the actions of others.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ashley madison hack, hack, lawsuit, section 230
Companies: amazon, ashley madison, avid life media, godaddy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 9 Sep 2015 @ 11:08am

    Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"

    "The developers at Ashley Madison created their first artificial woman sometime in early 2002."

    Ashley Madison began as total scam. All this Techdirt piece does is divert attention from the criminals who knowingly scammed millions of idiots for tens of millions of dollars.


    On side note, just noticed huge ID leak in a Linux: the network tray gadget has check box (set ON by default) that gives "permission" to query icanhazip.com for my real external IP address!

    Besides that, just getting TD's front page downloads around TWO megabytes, mostly javascript trying to uniquely identify.

    Everywhere you turn, people, especially where and when you don't suspect, you are the monetized product, like sausage!

    link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 9 Sep 2015 @ 11:11am

    While I do have some sympathy for those whose lives have been negatively affected by the dissemination of this data,

    ...why should you? People using that site knew what they were doing, and that it involved risk. The risk of negative consequences for being caught cheating is as old as cheating itself, and attempting to portray someone who knowingly, willingly takes risks with their eyes wide open and then ends up failing as some sort of victim worthy of sympathy is incredibly disingenuous.

    link to this | view in chronology ]

    • icon
      murgatroyd (profile), 9 Sep 2015 @ 11:47am

      When I read that sentence, my thought was for the unsuspecting SOs of the people using the site, who were suddenly dropped into a world where anybody (friends, relatives, neighbors) could easily find out that someone they trusted (presumably) was "stepping out".

      link to this | view in chronology ]

    • icon
      Ehud Gavron (profile), 9 Sep 2015 @ 12:32pm

      Re:

      ...why should you? People using that site knew what they were doing, and that it involved risk. The risk of negative consequences for being caught cheating is as old as cheating itself...


      Very well said.

      E

      link to this | view in chronology ]

    • icon
      tqk (profile), 9 Sep 2015 @ 4:44pm

      Re:

      While I do have some sympathy for those whose lives have been negatively affected by the dissemination of this data,

      ...why should you? People using that site knew what they were doing, and that it involved risk.

      Those negatively affected were not only the users of the site. I'm the front of the line calling them and their users dirtbags, but their innocent SOs who were (perhaps against their wishes or even under duress ("for the children")) standing by their vows to "honour and obey", and their offspring have been hit by a bolt out of the blue not of their making ("Ha haaaa, your {mom|dad}'s a cheater! Ha haaaa.").

      I can understand the "hackers" wanting to take down ALM for being the !@#$s they are/were, but there's lots of friendly fire and innocent non-combatants in the line of fire here too. They do not deserve becoming involved in their mess.

      We don't publish the names of parents who abuse their children, to avoid further abusing the children by the justice system and the news media.

      I hope ALM and its principals pay dearly for this mess. I hope their victims learn from it. I hope their "hackers" have got their jollies and are satisfied to fade into obscurity.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 9 Sep 2015 @ 11:11am

    Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"

    "The developers at Ashley Madison created their first artificial woman sometime in early 2002."

    Ashley Madison began as total scam. All this Techdirt piece does is divert attention from the criminals who knowingly scammed millions of idiots for tens of millions of dollars.


    On side note, just noticed huge ID leak in a Linux: the network tray gadget has check box (set ON by default) that gives "permission" to query icanhazip.com for my real external IP address!

    Besides that, just getting TD's front page downloads around TWO megabytes, mostly javascript trying to uniquely identify.

    Everywhere you turn, people, especially where and when you don't suspect, you are the monetized product, like sausage!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Sep 2015 @ 11:19am

      Re: Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"

      im confused, how is that an id leak? If ur using a vpn, then it would report ur vpns id

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Sep 2015 @ 11:34am

      Re: Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"

      It's almost like there can be more than one story on a given subject!

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Sep 2015 @ 12:21pm

      Re: Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"

      On side note, just noticed huge ID leak in a Linux: the network tray gadget has check box (set ON by default) that gives "permission" to query icanhazip.com for my real external IP address!

      1) What distro and network manager, as it is not present in PCLinuxOS, Mint, Debian or Manjaro, checked as of now, and yes I have all 4 running now.
      2) It is not an information leak unless, as any website you connect to will get that information anyhow, and can put it in their cookies if they so want. A scripted use of that service, generating a text message or email can be useful if you want to be able to ssh into your home system, or use it as a VPN.

      link to this | view in chronology ]

    • icon
      tqk (profile), 9 Sep 2015 @ 5:25pm

      Re: Meanwhile, the real story is on Gizmodo

      That is a reasonably good article. I especially enjoyed reading about them dancing with legal counsel about their ToS and how they blatantly lied to the California AG's reports of fraudulent activity against their users.
      Ashley Madison began as total scam.

      Yes, yet with millions of users, there's a market for it out there. Dating sites are not a new thing. ALM may just be one of the scammiest of them ever "outed." I don't approve of malicious "hacking", but ALM certainly deserved this mess.
      All this Techdirt piece does is divert attention from the criminals who knowingly scammed millions of idiots for tens of millions of dollars.

      This TD piece is just reporting on a very weak lawsuit. Going after Amazon and GoDaddy for hosting the hack data and websites offering to search it for victims is ridiculous.
      On side note, just noticed huge ID leak in a Linux: the network tray gadget has check box (set ON by default) that gives "permission" to query icanhazip.com for my real external IP address!

      Not in my "network tray gadget." What are you using?
      Besides that, just getting TD's front page downloads around TWO megabytes, mostly javascript trying to uniquely identify.

      Really? I don't see that on my system (Debian testing/stretch). It sounds to me that you need to hire someone to secure your system (as you're apparently incapable of doing so yourself).
      Everywhere you turn, people, especially where and when you don't suspect, you are the monetized product, like sausage!

      If you're not paying for it, you are the product. Why (for you) that translates into TD hate is something I can't be bothered to speculate about. Don't care.

      PS. Consider avoiding Gizmodo. They don't appear to know how to serve the web. Even after pages were finished loading, both of my CPU cores were blasting away at 40% utilization. Perhaps that's your real problem. Did you close that tab before coming to TD? I suspect not. I won't be back there soon.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Sep 2015 @ 11:43am

    Why are they John "Roes" instead of "Does"?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Sep 2015 @ 2:03pm

      Re:

      Because the plaintiffs are filing as John Does. It would just be confusing if the defendants were also John Does.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Sep 2015 @ 4:54pm

      Re:

      Because they are fishing

      link to this | view in chronology ]

  • icon
    Roger Strong (profile), 9 Sep 2015 @ 11:50am

    Three John Doe plaintiffs have filed a complaint...

    Will the three - having used the site to violate their marriage oaths - and having then lost their anonymity - but nevertheless filing as John Joe plaintiffs - be required to testify under oath?

    link to this | view in chronology ]

  • icon
    Padpaw (profile), 9 Sep 2015 @ 3:29pm

    Let me guess it goes something like this "it's not my fault I cheat on my wife, it's the websites fault for not protecting the secret nature of my misdeeds better. Why should I be held accountable for my actions when I can blame someone else."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Sep 2015 @ 4:51pm

    What I would like to know is if "Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators" " is correct how did the real Does and Rows meet up?

    link to this | view in chronology ]

    • icon
      tqk (profile), 9 Sep 2015 @ 5:50pm

      Re:

      ...how did the real Does and Rows meet up?

      I don't know that there's any evidence that any "meet ups" ever actually took place, outside of hearsay reports. I do know lots of credit card activity took place, which was enough for ALM to look forward to floating an IPO later this year, assuming this mess never happened (aka, "blew up in their face").

      Again, I don't approve of malicious "hacking", but I've got to admit this's evidence of one seriously, righteously, peed off and motivated "hacker."

      Golf clap, I guess.

      link to this | view in chronology ]

  • identicon
    Joe Miller, 12 Sep 2015 @ 12:16pm

    Amazon and GoDaddy dropped from lawsuit

    Amazon and GoDaddy were dropped from the lawsuit yesterday, and the plaintiffs are applying for a temporary restraining order to shut down the websites they're suing.

    Adulterysearch.com, one of the websites named, already has a statement out: http://www.adulterysearch.com/note-to-law-enforcement-and-attorneys.html

    link to this | view in chronology ]

    • icon
      tqk (profile), 12 Sep 2015 @ 1:28pm

      Re: Amazon and GoDaddy dropped from lawsuit

      Closing the barn door after the horses have bolted? I wonder how many copies of this data are already out there, burned to DVD, mirrored, torrented, ...

      People who don't understand the net should go back and start reading RFCs. They might then learn what they're up against and realize it would be a waste of their time, effort, and money to attempt to stick their noses in trying to stop it. "The Internet interprets censorship as damage, and routes around it."

      "Can't stop the message, Mal."

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.