Ashley Madison suicides: Punishing users for site's bad security is evil

Judgmental glee over the Ashley Madison disclosure is widespread. But Canadian police reported today that two people outed in the hack have committed suicide.

The BBC reported this morning that Canadian police have stated that two Ashley Madison clients have committed suicide after their details were published. Police gave no further information about the deaths.

In a note posted with the data dump, the hackers said:

Find yourself in here? It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it.

Well, at least two people won't get over it, will they? Nor will their families and loved ones, who will never be able to make amends, accept apologies, and try to rebuild their lives and relationships.

But these won't be the last suicides from this hack. Some people live in countries much less tolerant of extramarital relationships than the US and Canada. For example, in Saudi Arabia, adultery is punishable by death. Does Impact Team want those people dead?

Ready, Fire, Aim

As Henry David Thoreau noted in Walden:

The mass of men lead lives of quiet desperation. What is called resignation is confirmed desperation.

Ashley Madison - and many other social sites - offer a lifeline to resigned people the world over who want to connect with others or express their secret desires - which might be for freedom, understanding, or, yes, extramarital sex. The Chinese government's efforts to control Internet access underscores the power of the sharing and communication the web enables.

Taking the Impact Team's motives at face value - that they were angry over AM's bogus data erasure service and poor security - it's clear that they are punishing the wrong people, the users, and not AM's management team. Impact Team, you've done wrong.

Poor data security puts much more at risk than than some individual reputations. What if a foreign power uses private information to blackmail individuals in sensitive jobs? Or drug cartels go after law enforcement? The possibilities are endless.

What is clear is that judgmental, self-righteous jerks - be they hackers, televangelists, ISIS, or some co-workers - take unseemly joy in exposing others to shame, ridicule or worse, while remaining cloaked in anonymity, prestige, or state power themselves. While no one was forced to join AM, we can't know that every email address is legit, what agreements they might have with their spouse, or that they're single.

Security professionals should be working to make the Internet safe for everyone, starting with their customers. In the meantime, ethical hackers - as Impact Team pretends to be - should think seriously about how their actions affect innocent people, such as the families of today's suicides.

Comments welcome, of course.