It’s time to pay up.
Ashley Madison is not having a good year. As the target of one of the biggest, most cataclysmic corporate hacks in recent memory—one that leaked millions of users’ anonymous info for the entire Internet to see—the affair-arranging service has hit rock bottom in terms of consumer trust and confidence. But Ashley Madison is facing a new challenge on the horizon—a number of potentially devastating class action lawsuits. One prime example, filed in Canada in late August, is gunning for more than $500 million.
The outcome could have big implications for how websites are held liable when their users’ data gets leaked, and as such, any company that regularly handles sensitive data might have a genuine rooting interest in seeing Ashley Madison prevail. I, however, have no such interest, and taking full measure of the situation, I’d like to see these suits send Ashley Madison spiraling into oblivion.
It sounds pretty punitive, I know. But let me be clear: I have no problem whatsoever with any of the people who used the site, just those who promoted the idea of Ashley Madison as a safe space, when it was clearly anything but. The true victims in this are the users, not the company that failed to secure data they clearly understood was red hot. That company deserves to be held responsible, especially when the blowback has had such devastating effects on the site’s users. Toronto police report that two area residents have taken their own lives in connection with the hack.
From the moment the hackers made the data publicly available online, the cost to the company’s reputation wasn’t nearly as dire as what it meant to countless relationships. Even if you think that people have an absolute right to know if they’re being cheated on, this goes way past that—it’s not only that my theoretical dentist’s wife knows he’s cheating on her, it’s that I know it, too. The cat isn’t just out of the bag; the bag was ripped to shreds from the inside, while the cat’s tortured, feral cries pierced through the night, waking the neighbors.
The true victims in this are the users, not the company that failed to secure data they clearly understood was red hot.
Thus, it’s no surprise that Ashley Madison is facing litigation, especially considering the fact that the site was selling a lie to its users—particularly men. In yet another cruel twist of fate, the data hack revealed that drastically fewer women than men were actually registered with the site, and many of the female accounts on Ashley Madison were set up by admins to entice men to join. According to Gizmodo’s Annalee Newitz, up to 70,000 female accounts appear to have been bots, ones that sent male users millions of messages.
Although some women did use the site, it’s a rather different image from the free-for-all erotic gateway that Ashley Madison sold itself as. A lot of the men who got outed as users of the site—effectively branded cheaters in the public eye—probably never so much as got a smooch out of the service.
What makes the fallout from the hack particularly egregious is that for many Ashley Madison users, it wasn’t about cheating—despite the website’s branding. These are people in open relationships or those in sexless but otherwise happy marriages who want to acknowledge their partner’s needs. In the case of Eliot Shore, the plaintiff in the recent class-action filing against Avid Life Media in Canada, he insists that he only registered on Ashley Madison after his wife’s death, didn’t use it for long, and never met anybody as a result.
Whether or not the site’s users were engaged in actual affairs, Wired’s Kim Zetter reports that it’s somewhat beside the point. The plaintiffs in the U.S. suit allege that Ashley Madison is “in breach of contract, engaged in negligence in protecting customer data and violated various state privacy laws.” They more than have a point: CEO Noel Biderman repeatedly talked up the website’s security, despite internal communications about security risks leaked by the hackers.In a 2013 interview with the Daily Dot, Biderman claimed that users who deleted their accounts were effectively removing any trace of their presence there. “You’re a ghost,” he told the Daily Dot’s Gaby Dunn.“It never existed.” Noel Biderman also claimed that the service was ”far and away the best” discreet hookup app on the Web in terms of security, although we now know that not to be true.
The cat isn’t just out of the bag; the bag was ripped to shreds from the inside, while the cat’s tortured, feral cries pierced through the night, waking the neighbors.
This turned out to be untrue. Ashley Madison accounts, even post-deletion, left more than enough financial information left behind for hackers to blow the whole thing open. In fact, as the Guardian noted last month, even some accounts that used the site’s “paid delete“ option still left information behind. If throwing down extra money to get your account super-extra-deleted doesn’t work, things start to sound pretty actionable.
It’s in stark contrast to what Biderman told CNBC as recently as May: “If you want to leave no trace you were here, we can recall everything—every image, text message you ever sent. To us, the perfect affair was not like meeting of the minds—it was about not getting discovered.”
Although Biderman resigned as CEO on August 28, the statement he made during a 2012 Reddit AMA may continue to haunt the company. Noel Biderman argued that because the site never asks for personal information from users—also untrue—it would be difficult to hold the company liable in court. “People threaten to sue us, but it would be like trying to sue Howard Johnson for renting rooms to people who cheat,” he claimed. “It’s just a conduit for affairs. Because of that, we’re not even subpoenaed.”
What people like Biderman need to understand is that protecting user privacy is about more than public braggadocio. If you’re telling people that you’re the Internet’s Fort Knox in public, while sweating behind closed doors, you’ve splashed a big target on your back not only for future lawsuits but for hackers. Hacktivist groups–which Avid Life Media denies are responsible, calling it an act of “criminality”—never seem happier than when a hypocrite is being exposed or a boastful claim is being thrown back in somebody’s face.
Ashley Madison will get what’s coming to it, one way or another. Whether they’re done in by individual or class action lawsuits—or simply by the staggeringly bad public relations fallout—there’s no real path forward. In a year littered with high-profile hacks of public entities ranging from Sony Pictures to the federal government, the impending demise of Ashley Madison should be a rude awakening. Because the victims of the Ashley Madison hack deserve more than $500 million—they deserve an Internet that won’t allow things like this to happen again.
Chris Tognotti is a writer at Bustle and a contributor to the Daily Dot. Chris tweets at @ctognotti.
Illustration by Fernando Alfonso III