Anonymous Plaintiffs File Misguided Lawsuit Against Amazon, GoDaddy, Others Over Ashley Madison Hack
from the more-angry-than-right dept
Given the sensitive nature of the data obtained in the Ashley Madison hack, it was inevitable that lawsuits would follow. The company seemed less interested in protecting its users' privacy and more interested in selling them the "privilege" of deleting their accounts and the information contained therein, should they suddenly have a crisis of conscience. (And that information appears to not have actually been deleted, despite the company's promise to do so.)
And, given the sensitive nature of the data, it was inevitable that a lawsuit would be filed that focused less on coherent legal arguments than the plaintiffs' anger at being included in a data breach that would also expose their extramarital endeavors. Alexander J. Martin of The Register has obtained a filing from just such a lawsuit.
Three John Doe plaintiffs have filed a complaint (PDF) against Amazon Web Services, GoDaddy, and 20 John Roes (anonymous defendants), in the Arizona District Court, for "intentionally inflicting emotional distress upon Ashley Madison users."The misguided arguments begin almost immediately. As noted above, the plaintiffs have named Amazon and GoDaddy as defendants (referring to them as "internet service providers"), solely because copies of the "stolen data" are hosted at sites serviced by both.
The plaintiffs want not less than $3m in damages or losses, and a jury trial to boot, and complain that the hack has resulted in them becoming victims to threats and extortion.
While at least one class action has been filed by users against Ashley Madison for its failure to property [sic] secure the hacked information, this action deals with a different injury inflicted upon Ashley Madison users by persons and entities who have obtained the stolen data, repurposed it such that it is more readily accessible and searchable by the media and curious Internet users, and actively distributed it for their own gain. While these persons and entities may labor under the belief that their actions are entrepreneurial rather than criminal, the fact remains that they are in willful possession of stolen property.Section 230 should see both these parties dumped from the lawsuit shortly after their responses are filed. Neither can be held responsible for copies of Ashley Madison user data uploaded to websites/online storage by third parties, and no amount of indignation is going to change that.
This would leave the plaintiffs in the position of trying to unmask the following unknown entities, none of which are tied directly to the hacking, much less hosting the stolen data central to the plaintiffs' arguments.
John Roe 1, the owner/operator of ashleymadisonpowersearch.com and adulterysearch.comAs for the first Roe, the website notes (multiple times) that it doesn't host the data, nor has it requested any ISP host it on its behalf. Ashley Madison Investigations also points out that it hosts no copies of the hacked data, but rather pulls its information from "public databases." Greyhat Pro is the only site that offers no disclaimer about the location of the database it's using in its search.
John Roe 2 the owner/operator of ashleymadisoninvestigations.com
John Roe 3 the owner/operator of greyhatpro.com
John Roes 4-20 who "are unknown at this time, but are believed to be, among other persons or entities, additional Internet service providers and website operators trafficking in the Stolen Data"
Unless the plaintiffs and their lawyers have access to information proving otherwise, this claim is likely false:
Roe 1, Roe 2, and Roe 3 each own and/or operate a website within this cottage industry, wherein the Roe Defendant has copied a portion and/or all of the Stolen Data and made it searchable through the Roe Defendant’s website (collectively, the “Roe Websites”). As such, each of these Roe Defendants is in willful and knowing possession of stolen property—namely, the Stolen Data.Screenshots of the websites are included in the filing, but notably none of them include snapshots of the statements pointing out that two of the Roe defendants are not in direct possession of the data.
Ashley Madison Power Search/AdulterySearch:
Ashley Madison Investigations:
So, the prognosis for this lawsuit isn't good. As if to buttress the likelihood of failure, the filing -- which relies heavily on California statutes -- cites a Canadian court decision in support of its overall argument.
Indeed, in recognition of the fact that Ashley Madison data contains confidential information and constitutes stolen property, a Canadian court, the Ontario Superior Court of Justice, issued a restraining order requiring several websites and Internet service providers to immediately disable the Ashley Madison data, deeming it “offence related property in respect of which order of forfeiture may be made under the [Ontario] Criminal Code.”Canadian law has no Section 230 equivalent, which greatly assists in its courts coming to these sorts of conclusions. And, it must be noted, it cannot order US-based sites to comply with its directives.
Basically, the suit hopes to hold all of these parties accountable for the digital equivalent of receiving and selling stolen goods, plus additional damages for emotional distress. It also attempts to portray the reputation repair/protection services offered by these sites as a violation of the CFAA, citing the following sections of that law.
(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—All of the sites mentioned offer people the (very dubious) opportunity to find out if their information is contained in the data, along with other details (whether it includes credit card data, etc.). The transaction is voluntary and none of the sites make any threats about publishing sensitive data if potential customers decide not to take advantage of the offered services. Considering the information is available elsewhere, these offers are generally worthless. They're unsavory and opportunistic, but they aren't extortion.
[...]
(B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion
While I do have some sympathy for those whose lives have been negatively affected by the dissemination of this data, a lawsuit pursuing anyone but Ashley Madison or those behind the hacking is little more than casting about wildly in hopes that someone will recompense them for the wrongs they've suffered, while being willing to let any "someone" pay for the actions of others.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ashley madison hack, hack, lawsuit, section 230
Companies: amazon, ashley madison, avid life media, godaddy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"
Ashley Madison began as total scam. All this Techdirt piece does is divert attention from the criminals who knowingly scammed millions of idiots for tens of millions of dollars.
On side note, just noticed huge ID leak in a Linux: the network tray gadget has check box (set ON by default) that gives "permission" to query icanhazip.com for my real external IP address!
Besides that, just getting TD's front page downloads around TWO megabytes, mostly javascript trying to uniquely identify.
Everywhere you turn, people, especially where and when you don't suspect, you are the monetized product, like sausage!
[ link to this | view in chronology ]
...why should you? People using that site knew what they were doing, and that it involved risk. The risk of negative consequences for being caught cheating is as old as cheating itself, and attempting to portray someone who knowingly, willingly takes risks with their eyes wide open and then ends up failing as some sort of victim worthy of sympathy is incredibly disingenuous.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Very well said.
E
[ link to this | view in chronology ]
Re:
Those negatively affected were not only the users of the site. I'm the front of the line calling them and their users dirtbags, but their innocent SOs who were (perhaps against their wishes or even under duress ("for the children")) standing by their vows to "honour and obey", and their offspring have been hit by a bolt out of the blue not of their making ("Ha haaaa, your {mom|dad}'s a cheater! Ha haaaa.").
I can understand the "hackers" wanting to take down ALM for being the !@#$s they are/were, but there's lots of friendly fire and innocent non-combatants in the line of fire here too. They do not deserve becoming involved in their mess.
We don't publish the names of parents who abuse their children, to avoid further abusing the children by the justice system and the news media.
I hope ALM and its principals pay dearly for this mess. I hope their victims learn from it. I hope their "hackers" have got their jollies and are satisfied to fade into obscurity.
[ link to this | view in chronology ]
Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"
Ashley Madison began as total scam. All this Techdirt piece does is divert attention from the criminals who knowingly scammed millions of idiots for tens of millions of dollars.
On side note, just noticed huge ID leak in a Linux: the network tray gadget has check box (set ON by default) that gives "permission" to query icanhazip.com for my real external IP address!
Besides that, just getting TD's front page downloads around TWO megabytes, mostly javascript trying to uniquely identify.
Everywhere you turn, people, especially where and when you don't suspect, you are the monetized product, like sausage!
[ link to this | view in chronology ]
Re: Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"
[ link to this | view in chronology ]
Re: Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"
[ link to this | view in chronology ]
Re: Meanwhile, the real story is on Gizmodo: "How Ashley Madison Hid Its Fembot Con From Users and Investigators"
1) What distro and network manager, as it is not present in PCLinuxOS, Mint, Debian or Manjaro, checked as of now, and yes I have all 4 running now.
2) It is not an information leak unless, as any website you connect to will get that information anyhow, and can put it in their cookies if they so want. A scripted use of that service, generating a text message or email can be useful if you want to be able to ssh into your home system, or use it as a VPN.
[ link to this | view in chronology ]
Re: Meanwhile, the real story is on Gizmodo
Yes, yet with millions of users, there's a market for it out there. Dating sites are not a new thing. ALM may just be one of the scammiest of them ever "outed." I don't approve of malicious "hacking", but ALM certainly deserved this mess.
This TD piece is just reporting on a very weak lawsuit. Going after Amazon and GoDaddy for hosting the hack data and websites offering to search it for victims is ridiculous.
Not in my "network tray gadget." What are you using?
Really? I don't see that on my system (Debian testing/stretch). It sounds to me that you need to hire someone to secure your system (as you're apparently incapable of doing so yourself).
If you're not paying for it, you are the product. Why (for you) that translates into TD hate is something I can't be bothered to speculate about. Don't care.
PS. Consider avoiding Gizmodo. They don't appear to know how to serve the web. Even after pages were finished loading, both of my CPU cores were blasting away at 40% utilization. Perhaps that's your real problem. Did you close that tab before coming to TD? I suspect not. I won't be back there soon.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Will the three - having used the site to violate their marriage oaths - and having then lost their anonymity - but nevertheless filing as John Joe plaintiffs - be required to testify under oath?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I don't know that there's any evidence that any "meet ups" ever actually took place, outside of hearsay reports. I do know lots of credit card activity took place, which was enough for ALM to look forward to floating an IPO later this year, assuming this mess never happened (aka, "blew up in their face").
Again, I don't approve of malicious "hacking", but I've got to admit this's evidence of one seriously, righteously, peed off and motivated "hacker."
Golf clap, I guess.
[ link to this | view in chronology ]
Amazon and GoDaddy dropped from lawsuit
Adulterysearch.com, one of the websites named, already has a statement out: http://www.adulterysearch.com/note-to-law-enforcement-and-attorneys.html
[ link to this | view in chronology ]
Re: Amazon and GoDaddy dropped from lawsuit
People who don't understand the net should go back and start reading RFCs. They might then learn what they're up against and realize it would be a waste of their time, effort, and money to attempt to stick their noses in trying to stop it. "The Internet interprets censorship as damage, and routes around it."
"Can't stop the message, Mal."
[ link to this | view in chronology ]