Ashley Madison: An affair may be morally wrong, but can we justify vigilante punishment based on sexual morality?

21 August 2015

A deep concern about the hack and subsequent release of information is that the hackers are seeking to punish people who they know next to nothing about.

Looks like the group that hacked into the infidelity website AshleyMadison.com and posted users' personal information online wanted to punish the site's owners and its users too.

Hackers are threatening to expose the identities of 37 million people signed up on marital cheating website Ashley Madison.

On Tuesday, nearly 10G of user information was posted online after an announcement that the website that describes itself as "the most famous name in infidelity" and offers members the ability to arrange affairs, had been hacked in July. A group called Impact Team claimed responsibility, saying it wanted to highlight the site's alleged fraudulent business practices and the immoral practices it encouraged and enabled. Now that the user information has been  released, it seems a core motivation of the hackers was to punish the site's owners, Avid Life Media (ALM), and its users.

In order to know if the punishment was justified we need to know what crimes have been committed. The site's particular niche is people in serious relationships who are interested in having affairs. So, at first glance, the crime of the users seems obvious - most of us would consider that someone in a serious relationship who has sex outside the relationship without their partner's consent is doing something morally wrong.  In most countries such infidelity is not a legal crime. A moral wrong perhaps, but we have long since abandoned the notion of criminalising  most sexual behaviour between adults.

A deep concern about the hack and subsequent release of information is that the hackers are seeking to punish people who they know next to nothing about. Beyond the fact that people have signed up to the site, the exact nature of what they did, what they intended to do and the reasons for such actions remain opaque. As a number of commentators have pointed out, making such personally explosive information public could open up individuals to blackmail or place them at risk of suicide. The Impact Team absolves itself of any responsibility for the impact of its decisions on the site's users: "Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it." If mere embarrassment was the only outcome then this would be a reasonable claim, but suspicion or proof of infidelity is likely to have impacts far beyond mere embarrassment.

Supporters of the hackers would no doubt reply that those who signed up to the site did so of their free will. The hack and subsequent release simply show the moral failings of the site's users: they are the ones who did wrong and thus deserve what's coming to them. The concern is that the hackers are vigilantes for sexual morality. Vigilantism is frowned upon because vigilantes often lack reliable information, and punishments they  mete out are either inappropriate or disproportionate to the crime.  Implicit in the actions of the hackers is that they have moved from simply passing judgment on possible infidelity to meting out some form of mob justice.

The other target of the hack is the site's host, ALM. The Impact Team states  "Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data." The motivation seems that of a 'white hat' hacker: An ethical hacker seeking to expose security weaknesses, motivated by a desire to strengthen such weaknesses.

ALM offered a series of services and guarantees about information security which the hackers saw as fraudulent and stupid. On this, the hackers  are likely to be on more solid ground, morally speaking. An internet site that offers a service so dedicated to such sensitive personal information, and makes promises around those services, must be able to back up those promises.

By offering such services, ALM may have placed many people at risk. And, if what The Impact Team says is correct: that "the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male", then the site's owners have been engaged in practices that are morally dubious at best. Though this moral criticism is not targeted at the type of service offered by AshleyMadison, rather it is at ALM's information security failures, promises and deceit in creating fake profiles.

That said, looking again at the hackers' actions, their desire to punish ALM has put tens of thousands of users at risk. If their motivation was truly or simply ALM's information security failures, then the escalation from threat of release to a full information dump has undermined that purpose.

While we might fairly judge an affair or infidelity as worthy of moral condemnation, and commend hackers for exposing questionable business practices, the spectre of vigilante punishment drawn out of sexual morality is much harder to justify.

Dr Adam Henschke is a research fellow at the Australian National University's National Security College. His areas of expertise include information theory, ethics of technology and military ethics. He is  co-editing a book on the ethics of cyberwarfare for Oxford University Press.