This may be the author’s version of a work that was submitted/accepted for publication in the following source:

Cross, Cassandra, Parker, Megan,& Sansom, Daniel (2019) Media discourses surrounding ’non-ideal’ victims: The case of the Ashley Madison data breach. International Review of Victimology, 25(1), pp. 53-69.

This file was downloaded from: https://eprints.qut.edu.au/119373/

c Consult author(s) regarding copyright matters

This work is covered by copyright. Unless the document is being made available under a Creative Commons Licence, you must assume that re-use is limited to personal use and that permission from the copyright owner must be obtained for all other uses. If the docu- ment is available under a Creative Commons License (or other specified license) then refer to the Licence for details of permitted re-use. It is a condition of access that users recog- nise and abide by the legal requirements associated with these rights. If you believe that this work infringes copyright please provide details by email to [email protected]

Notice: Please note that this document may not be the Version of Record (i.e. published version) of the work. Author manuscript versions (as Sub- mitted for peer review or as Accepted for publication after peer review) can be identified by an absence of publisher branding and/or typeset appear- ance. If there is any doubt, please refer to the published source. https://doi.org/10.1177/0269758017752410 Media discourses surrounding ‘non- ideal’ victims: The case of the Ashley Madison data breach

Abstract

Data breaches are an increasingly common event across businesses globally. Many companies have been subject to large-scale breaches. Consequently, the exposure of 37 million customers of the Ashley

Madison website is not an extraordinary event in and of itself. However, Ashley Madison is an online dating website predominantly known for facilitating extramarital affairs. Therefore, the nature of this website (and business) is very different to those who have previously been breached. This article examines one of the media discourses surrounding the victims of the Ashely Madison data breach. It particular, it illustrates examples of victim blaming evident in the print media towards individuals (or customers) who had their personal details exposed. Importantly, it highlights the emerging tension within this particular case, of the strong victim blaming narrative contrasted against those who attempted to challenge this discourse and refocus attentions on the actual offenders, and the criminality of the act. The article concludes that victims of this data breach were exposed to victim blaming, based on the perceived immorality of the website they were connected to and their actions in subscribing, rather than focusing on the data breach itself, and the blatant criminality of the offenders who exposed the sensitive information.

1

Keywords

Data breach, victim blaming, hacking, security, victims

Introduction

In July 2015, a team of hackers calling themselves ‘The Impact Team’ broke into the customer database of the ‘Ashley Madison’ website. They stole internal company documents of Avid Life Media (ALM), company emails, and more importantly, the personal details of over 37 million customers, who were at one point, subscribed to the website. The incident was first reported on the 19 July, through making available a 40GB file of these documents and customer credit card details on the internet (Krebs, 2015).

While data breaches such as this are by no means a unique event (for example, there have been prominent business breaches of Sony, Target, Home Depot, JP Morgan, Anthem as well as government departments in the United States of America, Turkey and the Philippines (McCandless, 2016)), this data breach was a significant event based on the character of the website and the sensitive nature of data released. Ashley Madison is a well-known website which facilitates extramarital affairs, and had the tagline of ‘Life is short. Have an affair’ (it has since rebranded to “Find your moment”). The alleged motive behind the data breach concerned the infidelity promoted and enabled by the website and the perceived immorality of subscribers. The Impact Team released a statement with the initial data dump, threatening to expose further, more personal and sensitive details of Ashley Madison customers, unless the website was shut down (Impact Team, 2015). Management at ALM refused, and on the 18 August a second data file was posted on the dark web, containing 9.7GB of personal details of Ashley Madison customers (Bisson, 2015). This was soon made available on the open internet and searchable by any individual.

2

While the data breach in and of itself was not unique, the nature of the data exposed was significantly more sensitive. Rather than just credit card details and demographic information of victims (such as name and address), the Impact Team released information specific to a dating website, which included data on the customer’s sexuality, sexual preferences, sexual fantasies and compromising photographs.

The severe personal impact of this data breach on individual victims became apparent in the weeks following the incident, whereby media reports linked this event to the suicide of a small number of victims exposed in the breach as well as an increasing number of blackmail and extortion attempts targeted at individuals within the files (BBC, 2015, Netsafe NZ, 2015). The nature of these threats was focused on the exposure of individuals to their family, friends, work colleagues and others.

The reporting of the Ashley Madison data breach provides an interesting case study on how these incidents are reported in the mainstream print news media. In contrast to the many previous companies and victims affected by a data breach, the focus of this incident was very different. Given that Ashley

Madison is known for its adulterous nature, the focus of this incident appeared to rest squarely on the victims themselves. This was not for the reason that they had experienced a large breach of privacy and security of their personal details, rather the focus was fixed on the adulterous nature of the website and being labelled a “cheat” and morally corrupt. However, it is important to note that having an email address associated with the website was not necessarily an indication that a person had actually subscribed. Ashley Madison did not attempt to verify the email addresses of any account holders, and therefore a person could subscribe with any given email address. The inability to confirm if those who were exposed had genuinely subscribed to the website was largely ignored in the media coverage surrounding this incident. As will be demonstrated, guilt was implied firstly by association to the website, and second, of the perceived actions taken on the website (namely cheating).

3

On one hand, it is not surprising that this data breach received such substantial media attention, based on the nature of the Ashley Madison website. Media outlets cover a variety of scandals, with ‘sex scandals possess[ing] particular appeal’ (Lonie and Toffoletti, 2012). Such scandals are commonplace and derive great public interest as well as defining various moral narratives (see Gamson, 2001 for an example of this related to public figures and prostitution). Thompson (1997: 39) argues that scandals involve the contravention of “certain values, norms or moral codes”. In this instance, the focus of the

Ashley Madison data breach was squarely centred on the adulterous nature of the website and the breach of sensitive, personal information appeared to of secondary concern (if at all). However, this article challenges this focus and highlights the consequences of this narrative.

Consequently, this article examines one of the victim discourses that accompanied the Ashley Madison data breach. Through an analysis of the print news media across two countries (Australia and Canada), this article presents evidence of how a victim blaming discourse operated in the aftermath of the incident. It also presents a second somewhat contrasting discourse, which sought to refocus attention from the perceived guilt and immorality of the victims, onto the actual offenders who perpetrated such criminal activity. However, it will be argued that there was still an inherent tension in this second narrative, which still subscribed to a level of victim blaming, albeit in a much more subtle way. Drawing from Christie’s (1986) concept of the ideal victim, this article will highlight how the Ashley Madison case is an example of victim blaming. The media play a prominent role in shaping and influencing the ideas of members of society and the attitudes and perceptions they hold on certain issues (Croteau and Hoynes,

2014). On this basis, overall this article will demonstrate that the victim blaming discourse across print news media was prominent based on the perceived immorality of the website that individuals were connected to, rather than focusing on the data breach itself, or the blatant criminality of the offenders

4 who had exposed the sensitive information. The implications arising from these two discourses on those exposed and on society as a whole will then be discussed.

Data breaches

In a world where business, communication, and everyday life are increasingly conducted in an online environment (through cloud computing, the internet of things to name a few), it is inevitable that possibilities have arisen for new criminal opportunities. Across society, there is a push towards the collection of endless amounts of information and as a consequence, society is driven and consumed by

‘big data’ (Kitchin, 2014). This has led to tensions and strong debates on the threat posed by big data to the privacy and security of both individuals and businesses and the ability and need to put adequate measures in place to protect it. Cybersecurity has emerged as one of the biggest threats and challenges in today’s society, and there appear to be endless ways in which motivated offenders can target this information.

Reports of data breaches are commonplace in the news, with instances of ‘new electronic breaches or hacking incidents’ occurring on a weekly basis (Elhai and Hall, 2016: 180). The frequency with which this occurs saw the Director of the Federal Bureau of Investigation, Robert Mueller, state in a 2012 address,

‘I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again’ (Mueller, 2012). While there are debates over whether this is an exaggeration which could lead to a moral panic about the real threat posed by cybersecurity (see Wall 2010 and Yar 2013 for a discussion about the social construction of cybercrime), it points to the seriousness of the issue and its pervasiveness in the current world. Several top companies have been subjected to hacking and data breaches. This includes previously cited businesses such as Target, Home Depot, and Sony Films (Elhai

5 and Hall, 2016). These actions also do not discriminate, with high profile individuals such as Twitter CEO

Jack Dorsey and Facebook founder Mark Zuckerberg, subject to their accounts being compromised

(Hern, 2016). Barack Obama revealed that during his presidential campaign, his computer networks and email accounts were breached (Kelly, 2012: 1664). In addition, millions of individual consumers are the victims of hacking and data compromises daily, with one American report citing that ‘nearly one half of people were victim to such internet hacking in the past year [2013], with unauthorised access to personal data such as names, credit card details, birthdates and addresses’ (Pagliery cited in Elhai and

Hall, 2016: 180). The most recent high profile data breach pertains to Yahoo, where it was revealed that over one billion email accounts were believed to be compromised in 2013, which at this point in time, is the biggest known data breach in history (Thielman, 2016).

Data breaches can occur in a number of ways, as the result of either an external or internal attack. They can be the result of targeted, malicious actions by individuals, or they can be exposed through inaction, negligence or carelessness of individuals. There are countless examples where employee actions have led to significant data breaches (for example, where an employee loses an USB stick with sensitive information on it, see Ilascu, 2015). There is a growing recognition that insider threats pose a substantial risk to many companies (Wall, 2013). There is also the more traditional external hacker, exemplified through groups such as Anonymous. The motivations behind any attacks or data breaches can vary, from an individual level (such as an aggrieved current/ex-employee), to those who seek to compromise systems as a political statement, to those who attempt to break into systems for the pleasure and thrill that it invokes (Yar, 2013).

In terms of the current case study, while the data breach was claimed by a hacking group called the

‘Impact Team’, the identity of these individuals remains unknown. There are suggestions that the data breach was a result of an insider, either an employee or contractor who had access to the servers

6

(Lamont, 2016). There was an earlier allegation on the individual identity of the hacker (Krebs, 2015), but this was never verified. Regardless of who was behind the data compromise, the end result was the same. Millions of individuals whose email addresses were associated with the website had personal information compromised and exposed to the public, and became the focus of media coverage following the incident. The following section examines the theoretical underpinnings of victimology, and the factors which influence the way in which victims are understood and portrayed, which is critical to understanding the discourses presented by the current example of Ashely Madison.

A note on victims

Once a forgotten person in the criminal justice system, over recent decades, victims of crime have gained recognition and acknowledgment within various aspects of the system (Spalek, 2006). Victims now play a more visible role, for example, through the ability to provide a victim impact statement at the sentencing of an offender (Spalek, 2006). Further, many countries have also implemented official means that prescribes a set of minimum standards and requirements for victims interacting with the criminal justice system (for example, Crime Victims’ Rights Act 2004 (USA), Canadian Victims Bill of

Rights (Canada), and Code of Practice for Victims of Crime (UK), and several victim charters in Australia).

While there are still difficulties and challenges in accessing some of these rights and in reality, not all victims are treated equally or with the respect mandated, the acknowledgment of victims across the criminal justice system has progressed significantly.

However challenges remain for certain groups of victims to legitimately claim ‘victim status’ and gain an appropriate recognition of the harm and trauma associated with their victimisation. This has been heavily focused in the area of rape and sexual assault (see Bieneck and Krahé, 2011; Thapar-Björket and

Morgan, 2010; Suarez and Gadalla, 2010) with more recent research exploring online fraud (Cross,

7

2015b; Cross et al. 2016). Victims of these particular criminal acts, face substantial barriers in being able to claim legitimate ‘victim’ status. Further to this, the overlap between individuals who are both victims and offenders has also garnered attention based on the the existence of a victim blaming attitude that attempts to negate their victimisation (Heber, 2014; Mancini and Pickett, 2017). There are several underlying factors which influence this.

In an attempt to understand who becomes a victim and how victimisation occurs, researchers have focused heavily on the role of the victim in the offence and the resulting harm they incurred (Dignan,

2005; Walklate, 2012). For example, victim precipitation theory frames the analysis through understanding the role of the victim in their circumstances, and how (if) they contributed to the incident. As such, ‘behaviour by the victim that initiates subsequent behaviour of the victimizer’ is understood as ‘victim precipitation’ (Muftic, 2008: 739). However, the use of victim precipitation theory has widely been used as vehicle in which to blame the victim for their resulting victimisation, and focus attention on perceived actions that the victim should have taken to protect themselves, rather than focusing on the unacceptable nature of the actions of the offender. A number of established victim typologies exist surrounding the role of the victim in their victimisation, and these operate on what can be viewed as a continuum of blame, with those who are completely innocent at one end, and those who are fully culpable at the other end, as witnessed in the work of Mendelsohn (Burgess et al. 2013). In addition to this, other early researchers such as Wolfgang, Amir, von Hentig and Schafer focused their attention on the relationship between the victim and the offender, in order to determine the level of responsibility of victims in their situations (Dignan, 2005; Burgess et al. 2013). Wolfgang (1967) and Amir

(1967) based their work from cases of homicide and rape respectively, while the others looked at victims more broadly to determine their classifications. For example, Schafer proposed a typology that included seven categories of victims and was premised on the notion of precipitation: unrelated victims,

8 provocative victims, precipitative victims, biologically weak victims, socially weak victims, self-victimizing victims and political victims (Schafer, 1968). Combined, these analyses suggested that those with existing or prior relationships to the offender were seen to be more culpable than those who were victimised through the actions of a complete stranger.

Theorising from within a victim precipitation framework which is premised on notions of guilt and responsibility is highly problematic and is argued to have been conflated with the legal notion of provocation (Muftic, 2008). When used this way, the theories act to question the actions (or inactions of victims) rather than focusing attention on the offender and recognising their offending behaviour.

Consequently, victim blaming has become a common and somewhat acceptable lens in which to view victims of certain crimes. This forms one of the most severe barriers that victims of these types of crime need to overcome and continues today (for example, see Cross et al. 2016).

This differential recognition of victims is exemplified in the work of Christie (1986). He states that ‘being a victim is not a thing, an objective phenomenon. It will not be the same to all people… It has to do with the participants’ definition of the situation’ (Christie, 1986: 18). To further illustrate this, Christie (1986) outlined the characteristics of what he called the ‘ideal victim’, or where the legitimate status of ‘victim’ is most likely to be ascribed. Christie (1986: 19) outlines five specific characteristics of an ideal victim: the victim is weak; the victim is carrying out a respectable project; the victim is where they could not possibly be blamed for being; the offender is big and bad; and the offender is unknown with no existing relationship to the victim. The example proffered by Christie (1986: 18-19) to support these characteristics is that of a little old lady, who is robbed by an unknown man on her way home in the middle of the day after having cared for her sick sister. This example meets the five criteria previously detailed and enables the old lady to claim victim status without question.

9

It is inevitable that not all victims are seen as ideal, and fit within these prescribed notions of innocence.

Rather, there are many circumstances where the focus on the victim is largely directed at their actions

(or inactions) and their role in the circumstances that have led to their victimisation, as cited previously with rape, sexual assault and online fraud. As will be demonstrated within further sections of this article, the victims of the Ashley Madison data breach do not fit within the characteristics of Christie’s ideal victim. Rather, they are largely seen as culpable in their victimisation, through the subscription to the website, premised on its adulterous nature. Thus, these individuals are seen to be ‘non-ideal’ victims. This will be further developed throughout the remainder of the article. First, the article turns to provide details on how the subsequent analysis was undertaken.

Methodology

This article presents research findings from a qualitative analysis of stories that appeared in the print news media after the Ashley Madison data breach. The database Factiva was used to search for articles which appeared across two countries (Australia and Canada). Factiva is an online database which allows for the searching of news articles from print media across the world. The current project was restricted to both Australia and Canada, based on the sheer volume of articles that were published globally on this incident. The parent company of Ashley Madison (ALM) is a Canadian based company, therefore the dataset sought to gain the insights of two distinct countries. However, for the purpose of the current article, the location of the article was not a differentiating factor, with articles across both countries containing multiple relevant examples on the victim blaming discourse.

The search terms ‘Ashley Madison’ and ‘hack*’ were used to find relevant articles which mentioned the incident. The truncation of hack allowed for articles which contained ‘hacking’, ‘hackers’ or any other derivatives to be included. In addition, there was a requirement that the words ‘Ashley’ and ‘Madison’

10 were next to each other, to ensure that the article was specific to the website ‘Ashley Madison’. The search was restricted to articles that appeared between 19 July 2015 and 31 August 2015. This timeframe was selected as the story first broke about the incident on July 19 therefore any previous coverage would not be related to this specific event. An approximate six week timeframe was employed as this encompassed major coverage of the incident and returned a dataset that was manageable for the research team. It is also acknowledged that there is speculation on who perpetrated the data breach, and if it was an insider rather than an external hacker. However, for the purposes of the data collection, the term ‘hack’ was employed as this was the terminology used within the media to refer to this incident.

Duplicate articles were removed from the search results (there were instances where the same article ran across different news outlets) and this left 204 distinct articles for the Australian sample and 405 distinct articles for the Canadian sample, totalling 609 distinct articles across the two countries. The length of the story was not factored into the search terms for this study nor the main focus of the article, acknowledging that some articles may only mention the Ashley Madison incident in passing (for example in a brief summary of news headlines and are therefore not relevant to the current analysis), whereas other articles examined the incident in depth. All articles were downloaded into pdf files and uploaded into NVivo, which is a qualitative analysis software tool.

Coding was undertaken by all three authors, and involved a combination of open, axial and selective coding. Open coding creates high level categories, while axial coding further develops these categories and establishes sub-categories, and selective coding continues the process of integration and refinement of the nodes (Wolfswinkel et al. 2013: 51). The authors developed a framework for coding during and following the collection of data, but also as noted, coded the articles for themes that emerged during this phase. The focus of the current article emerged during the initial coding.

11

Consequently, existing nodes were recoded into new nodes relevant to this argument, and the two main categories which underpin the analysis in this article were created (being examples of exclusively blaming the victim compared with examples of attempting to refocus on the security breach).

The type of newspaper or ownership of the source was not explored for this particular article. Factiva draws from a range of print media sources that include the Dow Jones newswires, Reuters Newswires, press releases and many major news and business sources. The current article draws from all articles which were relevant to the search parameters outlined earlier and which appeared in the search results.

It may be beneficial to do further analysis in the future as to correlate the source or ownership of the source, with the focus and details of their specific coverage. However the current article was concerned with both discourses as a whole across all print news media. In addition, the current article contains limited quantitative data to support the discourses. The clear focus of this article was on the qualitative nature of the two discourses evident in the dataset.

The subsequent analysis uses examples taken from the dataset to illustrate the two dominant discourses that targeted victims of the Ashley Madison data breach. The first is that of victim blaming, whereby the victims of the Ashely Madison data breach are not seen to be victims, based on the fact that they were at one point subscribed to a ‘cheating’ website. The second discourse attempts to challenge this victim blaming, by attempting to shift the focus back to the offenders and the criminality of the events which took place, however it is still tainted with a degree of victim blaming residual from the first discourse. As one would expect by the scandalous nature of the incident, it attracted much media attention in the form of editorial and opinion pieces, which allow for a clear dialogue to be articulated and which will become apparent throughout the analysis. It is largely these pieces that the current analysis is drawn upon. A large number of other articles in the dataset contained only a passing reference to the Ashley

Madison incident or reported the facts in a neutral way. With this as a basis, the following section

12 outlines the two identified discourses in turn, before turning to a discussion on the implications that arise from this analysis, and what it means in a broader context for victims of data breaches.

Blaming the victim

It has been established that not all victims are seen to be equal, and not all victims will be able to claim legitimate ‘victim’ status in response to a criminal act perpetrated against them. Rather, depending on the nature of the offence and the characteristics of both the victim and the offender, there is potential that victims will be blamed and held responsible for any harm or loss suffered. The Ashley Madison data breach is a prime example of this, with a strong victim blaming discourse evident in the print media response to this incident. Overall, there were 67 distinct articles that has specific examples of a victim blaming discourse, 41 articles that discussed the morality of those exposed in the Ashley Madison breach (usually in a negative way and linked with victim blaming), and 50 articles that sought to trivialise the incident and the exposure of those involved (noting that there was some overlap across these categories). It is from these articles that the following observations can be made.

Several journalists illustrate the victim blaming attitude against those involved in the incident which seeks to further disable the status of victim to individuals involved. This was at times despite an acknowledgement of the circumstances of the data breach.

There is a delicious irony in the prospect of the personal details of more than 35 million

[sic] cheating spouses being exposed by hackers. While two wrongs never make a right, in

this case, we’re not so sure (Fraser Coast Chronicle, 22 July).

The entire hacking and revelation case has, naturally, given us a pristine example of

schadenfreude if ever there was one. Legions of armchair ethicists are now sitting back

and nodding their heads in self-righteous condemnation and indignation. Serves them

13

right, they are saying, these people were asking for it, this is the price for betrayal. And, to

an extent, they have a point (Winnipeg Free Press, 20 August).

We do love to be titillated, don't we? On learning that hackers breached Ashley Madison's

website and stole personal data from people using the service to orchestrate infidelity, it

didn't take long for the voyeurs to congregate. Adulterers getting outed - what's not to

like? (The Hamilton Spectator, 25 August).

These journalist’s comments emphasise the fact that these individuals should not be seen as victims in this situation, as they have directly contributed to their own circumstances through subscribing to the website in the first place. Further to this, there was direct support noted by some, congratulating the hackers for their success in exposing alleged cheaters.

Good on the hackers exposing the details of spouses looking to cheat on their partners

through the extremely distasteful website, Ashley Madison… The only way to close this

site down is to get to its core and destroy its claims it is ‘discreet’ by exposing the details

of those who joined. To the hackers who achieved this, well done. (Sunshine Coast Daily,

21 August).

In addition to disallowing those involved in the Ashley Madison data breach to be identified as victims through their own actions, there were also comments which sought to attack the personal characteristics those who had subscribed to the site.

There were reports in The Australian yesterday of 800 Australian Ashley Madison

customers using government email accounts. This is a new level of stupid and introduces

the intriguing psychological concept of a desire for self-inflicted harm… It is the internet

version of a ‘Kick Me’ sign stuck roughly to one’s backside (The Australian, 21 August).

14

Get used to it, all you cheating dirtbags and anyone else looking for love by the byte.

Hacking is to websites what cellphone cameras were to Rob Ford -- impossible to avoid.

Hackers have hobbled NATO, NASA, the UN, The New York Times, the Canadian

government, the CIA and entire nations such as Estonia. So what chance do a bunch of

adulterers stand? Their online photos, fantasies and financial records are hacker heaven.

Ashley Madison is not the first target and won't be the last (The Calgary Sun, 21 July).

Some commentators continue to moralise that the attack [as] a worthwhile thing in

exposing the kind of people cheaters are — about half a step removed from monkeys,

apparently (Herald Sun, 23 August).

For Christ's sake, if you're going to cheat don't do it online and leave yourself open…

Unless you've been living in a cave for the past few years and not reading a paper or

receiving any TV signal, it should be obvious that everything is hackable (Waterloo Region

Record, 20 July).

These comments indicate how the personal characteristics of those involved were also called into question. Through a devaluing of their intelligence and humiliation, those who were exposed in the data compromise are again seen to be deserving of the actions of the hackers. This time it is not simply the act of perceived adultery, but by their naivety and ‘stupidity’ at signing up in the first place, often with their real names, and in many cases, work email addresses. Even those who acknowledge the criminal act which took place, still focused on the implied foolishness of the individual.

Inasmuch as the clients of Ashley Madison are the victims of criminals -- the theft of that

data is a crime, no matter how you slice it -- the first question I want to ask is, ‘Just how

many kinds of stupid are you people?’ (Niagara Falls Review, 22 August).

15

This victim blaming attitude of readers towards those involved in the Ashley Madison incident was acknowledged by journalists across a number of the articles, who made the following observations.

If you cheat on your partner, should you expect any sympathy when you’re caught out?

Apparently not, according to Sunshine Coast Daily readers who reacted strongly to news

that customer details of a website dedicated to cheating partners had been exposed

(Sunshine Coast Daily, 21 August).

There is a perverse ‘sucked-in’ tone to much of the debate around this episode, with many

people (who may or may not be lifelong and loyal partners themselves) taking smug

delight in the fact that so many others were foolish enough to entrust their personal

details to a website with the sleazy catchcry of ‘Life’s Short. Have an Affair’ (The

Advertiser, 23 August).

These comments summarise the strong reactions that many had to the incident, where they focused solely on the nature of the website and its adulterous nature as a justification for ignoring the consequences of the breach that occurred. There was an assumption that the alleged cheating of a partner overrode any right to privacy or security of data. The publishing of these comments by several news outlets and the framing of these comments as facts by some journalist, reiterates the victim blaming attitude that was so clearly associated with this incident. It legitimises the justification of those exposed by the Ashley Madison data breach as non-ideal victims based on their perceived immorality in being associated to the website, both as an alleged subscriber and potentially a ‘cheat’.

While this section has examined the victim blaming discourse that was evident in the print news media coverage of the Ashley Madison data breach, there was a second narrative that emerged which sought to refocus attention to the criminality of those involved and draw attention to the nature of the

16 exposure, however it was still influenced by the victim blaming narrative. It is this second discourse that the paper now turns.

Refocusing on the data breach

The above analysis has demonstrated the ways in which the print media presented coverage of the

Ashley Madison data breach, and the overwhelming ascription of guilt and culpability focused on the individuals themselves. The exposure of alleged ‘cheaters’ was justified by many through their actions in subscribing to a well-known adulterous website. This action meant that they were denied any victim status in the incident, despite having their personal details compromised in an obvious breach of their privacy and security. Rather, they were seen to be responsible for their own demise and any consequences which arose.

However, despite this strong victim blaming discourse, there was also evidence to demonstrate a second discourse, in that several journalists started to challenge the focus on the individual actions of those exposed in the breach, and instead sought to draw attention to the hackers and their blatant act of criminality which instigated this incident. Overall, there were 33 articles that sought to defend the victim in some way (noting that there was an overlap at times with nine articles both blaming and defending the victim in the one piece). In these instances, some journalists recognised the victim blaming which was occurring and sought to name it as such.

But as enjoyable as schadenfreude is to the scorned, the mass scale of the hack attack

has to be recognised for what it is: a gross invasion of privacy. Whatever is discussed by

whoever is on that site, the personal content now in the possession of the hackers is the

consented sexual conversations of adults to which no one else was invited, and mocking

their situation amounts to victim-blaming (The Guardian, 22 July).

17

There were journalists who clearly called for the public to recognise the act of criminality which had occurred rather than being caught up in the salacious nature of the website and the moral judgements levelled towards those who had subscribed. This was evident in the following.

The hackers aren't public-spirited activists who should be admired. A major crime has

been committed that has the potential to ruin reputations and lives, many of them

innocent (Victoria Times Colonist, 21 August).

They should have known better, right? Maybe the people embarrassed (and worse) by the

data theft are just getting what they deserve? You play with fire, you run the risk of

getting burned, yes? Maybe. Or maybe not. Once you get past the prurient interest in the

story and look at the fallout, it starts to seem more like what it really is: serious, harmful,

criminal and, in some cases, deadly behaviour (Hamilton Spectator, 25 August).

However, despite the call to refocus on the security breach of those subscribed to the website, it was also evident that there were cases whereby the journalist was somewhat conflicted about the events and the focus on the culpability of those who were exposed. The call for recognition of the criminality of the event was explicitly not condoning the potential adulterous actions of the website’s users. For example,

The general reaction from the public seems to be that these cheaters are getting their

comeuppance. MSNBC reported on the story barely holding back smiles and laughter,

nearly every comment on Twitter and Facebook about it is revelling in the fact that the

site's users are ‘so busted’ and CNN and the Huffington post have both posted articles

blaming Ashley Madison and it's users for ruining marriages. But where is the blame for

the hackers? I'll admit seeing people getting exploited for cheating on their spouses is

quite satisfying. I have almost no sympathy for people who are too cowardly to try to fix

18

their marriages or end them respectfully and choose to lie to and deceive their partners

instead, but why does nobody seem to care about the clear invasion of privacy here?

(Seaforth Huron Expositor, 26 August, 2015).

Several of those challenging the victim blaming discourse sought to do this in a way which questioned society on a broader level, and the voyeuristic nature of this particular incident.

I know we live in a culture where the salacious trumps the consequential and people are

obsessed with the private lives of others. But I've always found a fixation on what other

people do behind closed doors to be rather uncivilized (Niagara Falls Review, 22 August).

No one has the moral high ground here: not the cheaters, not the hackers, not those

watching gleefully from the sidelines, deaf to their own moral failings. If there's a lesson

here, it's that we should probably keep our noses out of other people's bedrooms

(Postmedia Breaking News, 25 August).

Further to this, several journalists based their objections to the victim blaming drawing on the themes of morality, righteousness and judgement, questioning the ability of the hackers to take this upon themselves as arbiters of those subscribed to the site.

While much of the commentary proffered little sympathy for a business encouraging

adultery and a great deal of moralising and judgment was levelled towards users, the

hackers appear to have got off lightly. You have to wonder what sort of world we’ve

created when we’re invited to side with either ‘hackers’ or ‘cheaters’ (The Courier Mail, 27

July).

The whole Ashley Madison affair is disturbing. The international website was hacked this

month and the details of all members released online for all to see. Ashley Madison is a

website that marketed itself as a place to have an affair. People paid money for a

19

relationship. They also paid for security and privacy. And it was breached. For many

people, it didn't matter that people's lives were turned upside down due to this security

breach. Why? Because everyone on there were cheaters. Therefore, karma has come to

the party. I have major concerns with this theory and people's response (The Advocate, 30

August).

Typically, it's about stealing credit card numbers. The Ashley Madison situation goes

further: exposing intimate personal interactions. The hackers say they wanted to reveal

duplicitous business practices and a client base involved in morally objectionable

behaviour. Neither was their judgment to make (The Globe and Mail, 26 August).

It is evident that the print news media coverage of the Ashley Madison data breach demonstrates the tension that was created through this particular example of a hacking incident. The focus of the Ashley

Madison incident was firmly placed upon those who had their data exposed and were predominantly held responsible and seen to be deserving of the consequences. While this section has presented a second narrative which sought to shift away from the explicit victim blaming that was evident in some print media outlets, there is still an inability of journalists to identify with those affected as ‘victims’.

Even those who sought to draw attention to the criminality of the hackers and focus on the blatant breach of security and privacy of those subscribed to the Ashley Madison website, still exhibited a conflict based on the nature of the website and its established ‘cheating’ mandate. Further, several of the articles that sought to refocus the argument on the breach and criminality of the offender also promoted the victim blaming discourse as part of their overall piece. Only 24 of the 33 articles that attempted to refocus the debate on the data breach itself, did so without also engaging in some form of victim blaming in the overall piece. None of the above examples use the term ‘victim’ for those who were exposed, and their perception of the harm experienced by those exposed is still tainted by their

20 association with the website in the first place. The implications for these findings are examined in the following section.

Discussion

The above sections have demonstrated two discourses that were evident in the print news media surrounding the Ashley Madison hack. The media are a prominent body in helping to shape and influence the attitudes and perceptions of society towards various topics, and in this instance, their coverage has clearly portrayed a strong and somewhat consistent narrative regarding those who were exposed in the Ashley Madison data breach, premised on two distinct but interrelated discourses. The first was premised on a victim blaming attitude. In contrast, the second discourse sought to refocus the attention of the incident on the hacking itself, and the violation of privacy and security that was experienced by the 37 million individuals who at some stage, had their email address associated with the website. While this discourse acknowledged the criminality of the breach which took place, there remained evidence of a conflict held by some journalists, who were still challenged by the actions of those who were exposed by the website. Again, this was premised on a victim blaming attitude, albeit, not as strong and not as straightforward as the first discourse.

There are several implications to arise from this analysis. First, it is evident that those who were exposed through the Ashley Madison breach were seen to contravene Christie’s notion of the ‘ideal victim’.

Christie (1986) argues that the ‘ideal victim’ is one who is not seen to be blameworthy in any way for their victimisation, in that they are engaged in a legitimate activity and in a space where no one can question them. It is clear that those who were exposed in the Ashley Madison incident are seen quite vehemently to have violated these attributes. Rather, they were engaged in potentially adulterous behaviour and were connected to a website which explicitly facilitated affairs. Neither of these is seen

21 to be blameless or innocent, hence none of those exposed are seen to be entitled to claim ‘victim’ status. In this case, the actions of those who were exposed are seen to overrule any claim to victim status by these individuals. As a result, individuals in the current case study were exclusively framed as

‘non-ideal’ victims and this was portrayed as an acceptable narrative through the journalist’s comments as well as those of their readers.

Further to this, both discourses highlight the nature through which the culpability of those exposed was dominant across the media coverage. The typologies which understand the role of the victim on a continuum from entirely innocent to entirely responsible, in this case, focused very heavily on the notion of guilt and responsibility. The victim typologies advocated by those such as Schaefer are clearly still evident in attitudes towards victims. The notion of victim precipitation (Wilcox, 2010) which examines the role of the victim in their victimisation, is highlighted in this incident with a dominant focus on the actions of those exposed being on the website in the first place. If those individuals were not seeking an affair and had not allegedly subscribed to the website, then there would have been no issue.

However, in focusing all of the print media attention on the action of those who were exposed, labelled commonly as ‘cheaters’, this largely ignores the role of the offenders in this situation. The strength and dominance of the victim blaming discourse largely excludes discussion of those who perpetrated the hack and to some degree, seeks to condone the actions of the hackers. This was evident through several comments which congratulated the hackers based on notions of upholding assumed common morality, and doing society a service through exposing these individuals for their adulterous behaviours. In some ways, this portrays the hackers as ‘heroes’ or moral crusaders, whose actions can be understood and somewhat forgiven for the greater good.

22

There was very little recognition of those who were exposed in this breach as victims. Despite having their personal information exposed by hackers in what was largely understood as a criminal act, there were few examples which explicitly acknowledged this. This has similarities with some of the existing discourse surrounding identity theft and the notion of the ‘prudential citizen’ (Whitson and Haggerty,

2008; Monahan, 2009). Prudentialism broadly advocates that individuals should be responsible for their own actions and take actions to reduce the likelihood of a negative outcome (Cross, 2015a; Kemshall,

2002; Kemshall, 2006). The notion of a prudential citizen is strong within narratives surrounding identity theft and the expectation that individuals will be responsible for their own actions and will take whatever steps necessary to protect their identity. This firmly places responsibility for any subsequent breach on the victim themselves, for not taking appropriate actions to prevent the incident from occurring. In the context of the Ashley Madison breach, there are clear similarities. The victim blaming discourse is premised on an assumption that the individuals themselves should have acted in a way which would not allow for compromise of their data (meaning not subscribed to the website in the first place). It is premised on an expectation that those exposed should have foreseen this as a possibility and therefore taken steps to avoid its occurrence. Therefore signing up to the website is a clear violation of this and disregards prudential ideals. This prudential citizen narrative fits with the victim blaming attitude already observed.

The more sinister consequence resulting from the focus on victim blaming, centres on the ability of criminals to perpetrate further actions against those who were exposed in the initial data breach – namely through extortion and blackmail. Individuals with email addresses contained within the data breach were contacted by offenders, threatening to ‘out’ them directly to family, friends and others if the victim did not pay an amount of money. Several papers reported these incidents where individuals were further targeted by those seeking to capitalise on the high level of victim blaming and shame

23 evident in the media surrounding the incident (Netsafe NZ, 2015; Ragan, 2015). The success of any extortion or blackmail attempts on those who were exposed, is premised on their unwillingness to disclose their involvement on the site to those around them, and also decreases the likelihood they will report to the police. Criminal behaviour can flourish if unchecked in such an environment.

The dominance of the victim blaming discourse and its unrequited brutality in some cases, can be understood as a significant barrier to prevent those exposed from disclosing to family and friends about their involvement on the website. The shame associated with this data breach acted as a mechanism to ensure both the isolation and humiliation of millions of people worldwide. This allowed for further criminal activity to thrive. Again, the criminal actions of those perpetrating these offences appear to have been condoned and somewhat justified based on this same sense of perceived morality and lack of acceptance for infidelity. There appears to be no regard or consideration for the individuals who had their data exposed and were subjected to further harm. Tragically, the consequences for a small number of those exposed in the Ashley Madison incident were fatal. There were confirmed suicide reports of a

New Orleans pastor, and a Texas police chief while the Toronto Police Service held a press conference which gave details of two further unconfirmed reports (Lamont, 2016; Malm, 2015; Segall, 2015;

Thomson, 2015).

The morality aspect of this debate prompts the need for some important discussions beyond the scope of this paper. Involvement on the Ashley Madison website was in some ways viewed as the equivalent to a contemporary understanding of the ‘scarlet letter’ (Hawthorne, 1892) through ‘a symbolic badge of shame’ (Murphy et al. 2011: 104) or ‘an indelible stain on [one’s] character’ (Wright, 2015), which labelled the wearer as adulterous and unworthy. The focus on morality as a justification for the breach in privacy and the exposure of such personal and sensitive information opens up the need for further discussions about the influence of morality and its relationship to marriage in contemporary society. In

24 this case, the morality (or rather perceived immorality) of the individual was amplified over the severity of the compromise to their personal data that they experienced. Further analysis of this particular aspect of the print media coverage would generate useful insights to accompany the current study.

Conclusion

The Ashley Madison incident is ‘an episode that has challenged how the public and media reacts to gross invasions of privacy when the victims are people some have little sympathy for’ (Sydney Morning Herald,

25 July). The analysis within this article has clearly demonstrated the strength and dominance of a victim blaming discourse directed at those who were allegedly subscribed to the Ashley Madison website.

Rather than focusing media attention on the blatant act of criminality perpetrated through the exposure of personal and sensitive data of over 37 million people, the prevailing discourse centred predominantly on the actions of those exposed and their perceived guilt and culpability in being associated to the website and the assumptions inherent in this. There were clear arguments put forward which sought to justify the data breach by focusing on the actions of the ‘cheaters’ for being on the website in the first place. These people violated the notion of the ‘ideal victim’ and their degree of involvement in the breach was foremost across the print news media coverage.

While there was a second discourse which attempted to refocus attention to the criminality of the act, this was not as persuasive and at times, still subscribed to victim blaming attitudes, albeit at much lower levels. It is clear that this particular example was difficult for many people to reconcile, based purely on the nature of the Ashley Madison website, as opposed to any other factor. Those exposed in this incident were not seen to be victims in any sense and were denied that label and any empathy or understanding which would accompany victim status. The nature of the media coverage helps to shape

25 everyday understandings of data breaches and the lack of engagement with the explicit notion of this incident as a criminal incident has significant implications, as outlined.

Data breaches are increasingly a common occurrence and it is likely that future breaches may also expose other areas of sensitive personal information. A possible example relates to medical records and health information (Mearian, 2016). There is immense value in the obtaining of health records and medical histories of individuals which could expose them to blackmail and extortion similar to that witnessed with the Ashley Madison incident. Individuals may have illnesses or have had medical procedures that they have kept secret from family, friends, work colleagues and others for a variety of reasons. If the same victim blaming discourse were to exist for those who had medical data breached, and the focus was on the individual for their illness or medical procedure, this potentially opens up further opportunities for offenders to exploit victims at will, knowing that any challenge or reporting to authorities is unlikely based on the nature of the data breach. The Ashley Madison case presents a dangerous precedent that focuses the blame on the victim rather than acknowledging the criminal activity behind the data breach. There needs to be a clear separation between the context of the data breach (in this case an adulterous website) and the actual data breach itself (in this case, exposing sensitive personal information that included aspects of the sexuality of individuals). The blurring of the boundaries between the context and the breach itself can be highly detrimental to those whose personal details are exposed, as is evident in the current Ashley Madison example.

The implications from this example provide a dark precedent for the future. This example demonstrates how the criminality of offenders can be ignored by the actions of the victim based on a belief that they brought upon themselves any consequences. It highlights the difficulties and challenges faced by those in this situation, who were labelled as unworthy and therefore deserving of exposure and its aftermath.

26

Whether or not these individuals were engaged in adulterous activities through the website, it does not ignore the fact that they experienced an extreme breach of their privacy and security of their data through a deliberate, criminal act, intended to cause harm. It is critical that the print news media coverage of any future incidents of this nature recognise this in order to provide public recognition that the perpetration of these data breaches is not legitimised or condoned under any circumstances.

Unfortunately, the Ashley Madison case provides many lessons to be drawn upon for future events.

27

References

Amir M (1967) Victim precipitated forcible rape. The Journal of Criminal Law 58: 493-502.

BBC (2015) Ashley Madison hack victims receive blackmail letters. BBC News: Technology, 15 December.

Available at: http://www.bbc.com/news/technology-35101662 (accessed 16 September 2016).

Bieneck S and Krahe B (2011) Blaming the victim and exonerating the perpetrator in cases of rape and

robbery: Is there a double standard? Journal of Interpersonal Violence 26(9): 1785–1797.

Bisson D (2015) The Ashley Madison hack – A timeline (updated 9/10/15). Available at:

http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-ashley-

madison-hack-a-timeline/ (accessed 16 September 2016).

Burgess A, Regehr C and Roberts A (2013) Victimology Theories and Applications (2nd ed). Burlington:

Jones and Bartlett Learning.

Christie N (1986) The Ideal Victim. In Fattah E (ed) From Crime Policy to Victim Policy. New York: St.

Martin’s Press, pp.17-30.

Croteau D and Hoynes W (2014) Media/Society: Industries, Images and Audiences. Thousand Oaks,

California: Sage.

Cross C (2015a) 'But I've never sent them any personal details apart from my driver's licence number...':

Exploring seniors' attitudes towards identity crime. Security Journal Online First. DOI:

10.1057/sj.2015.23.

Cross C (2015b) No laughing matter: Blaming the victim of fraud. International Review of Victimology

21(2): 187-204. DOI: 10.1177/0269758015571471.

Cross C, Richards K and Smith RG (2016) The reporting experiences and support needs of victims of

online fraud. Trends and Issues in Criminal Justice no 518. Australian Institute of Criminology:

Canberra.

28

Dignan J (2005) Understanding Victims and Restorative Justice. Berkshire: Open University Press.

Elhai J and Hall B (2016) Anxiety about internet hacking: Results from a community sample. Computers

in Human Behaviour 54: 180-185. DOI: 10.1016/j.chb.2015.07.057.

Gamson J (2001) Normal Sins: Sex Scandal Narratives as Institutional Morality Tales. Social Problems

48(2): 185-205.

Hawthorne N (1892). The scarlet letter. Philadelphia, PA: John B. Alden.

Heber A (2014) Good versys bad? Victims, offenders abd victim-offenders in Swedish crime policy

European Journal of Criminology 11(4): 410-428.

Hern A (2016) Twitter CEO Jack Dorsey’s account hacked. The Guardian. Available at:

https://www.theguardian.com/technology/2016/jul/11/twitter-ceo-jack-dorsey-account-

hacked-ourmine-security (accessed 16 September 2016).

Ilascu I (2015) Apple American Group loses USB drive, employees SSNs exposed. Available at:

http://news.softpedia.com/news/Apple-American-Group-Loses-USB-Drive-Employee-SSNs-

Exposed-476051.shtml (accessed 16 September 2016).

Kelly B (2012) Investing in a centralized cybersecurity infrastructure: Why ‘hacktivism’ can and should

influence cybersecurity reform. Boston Law Review 92: 1663-1711.

Kemshall H (2002) Effective practice in probation: An example of ‘advanced liberal’ responsibilisation?

The Howard Journal 41(1): 41–58.

Kemshall H (2006) Social policy and risk. In: Mythen G and Walklate S (eds) Beyond the Risk Society:

Critical Reflections on Risk and Human Society. Berkshire, UK: McGraw-Hill Education, pp.60–

76.

Kitchin R (2014) Big Data, new epistemologies and paradigm shifts. Big Data and Society April-June: 1-

12. DOI: 0.1177/2053951714528481.

29

Krebs B (2015) Online cheating site Ashley Madison hacked. KrebsonSecurity, 19 July. Available at:

http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ (accessed 16

September 2016).

Krebs B (2015) Who hacked Ashley Madison? KrebsonSecurity. 26 August. Available at:

https://krebsonsecurity.com/2015/08/who-hacked-ashley-madison/ (accessed September

2016).

Lamont T (2016) Who hacked Ashley Madison and why? The Advertiser. Available at:

http://www.adelaidenow.com.au/lifestyle/sa-lifestyle/a-shared-affair-life-after-the-ashley-

madison-hack/news-story/5adc4ff69bc559f0de525f7b855ca734 (accessed 16 September

2016).

Lonie K and Toffoletti K (2012) The Place of Scandal: Lara Bingle & Brendan Fevola. Outskirts: Feminisms

along the edge 26: 1-12.

Malm S (2015) Two suicides are linked to Ashley Madison leak. Daily Mail UK, August 24. Available at:

http://www.dailymail.co.uk/news/article-3208907/The-Ashley-Madison-suicide-Texas-police-

chief-takes-life-just-days-email-leaked-cheating-website-hack.html (accessed 16 September

2016).

Mancini C and Pickett J (2017) Reaping what they sow? Victim-offender overlap percpetions and victim

blaming attitudes. Victims and Offenders: An International Journal of Evidence-based Research,

Policy and Practice 12(3): 434-466.

McCandless J (2016) World’s biggest data breaches. Available at:

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

(accessed 16 September 2016).

30

Mearian L (2016) Hackers are coming for your health records – here’s why. Available at:

http://www.computerworld.com/article/3090566/healthcare-it/hackers-are-coming-for-your-

healthcare-records-heres-why.html (accessed 17 January 2017).

Monahan T (2009) Identity theft vulnerability: Neoliberal governance through crime construction.

Theoretical Criminology 13(2): 155–176.

Mueller R (2012) Speeches. Available at: https://www.fbi.gov/news/speeches/combating-threats-in-the-

cyber-world-outsmarting-terrorists-hackers-and-spies (accessed 16 September 2016).

Muftic L (2008) Victim precipitation theories. In Renzetti C and Edleson J (eds) Encyclopedia of

Interpersonal Violence. London: Sage, pp. 739-740.

Murphy D, Fuleihan B, Richards S and Jones R (2011) The electronic ‘scarlet letter’: Criminal

backgrounding and a perpetual spoiled identity. Journal of Offender Rehabilitation 50(3): 101-

118.

Netsafe NZ (2015) What can I do about Ashley Madison blackmail emails? Available at:

https://www.netsafe.org.nz/what-can-i-do-about-ashley-madison-blackmail-emails/ (accessed

16 September 2016).

Ragan S (2015) DDoS scammers collect $20,000 with Ashley Madison extortion. Available at:

http://www.csoonline.com/article/2996614/cyber-attacks-espionage/ddos-scammers-collect-

20-000-with-ashley-madison-extortion.html (accessed 16 September 2016).

Schafer S (1968) The victim and his criminal: A study in functional responsibility. New York: Random

House.

Segall L (2015) Pastor outed on Ashley Madison commits suicide. CNN Money, September 8. Available

at: http://money.cnn.com/2015/09/08/technology/ashley-madison-suicide/ (accessed 16

September 2016).

31

Spalek B (2006) Crime victims: Theory, policy and practice. Basingstoke, Hampshire: Palgrave Macmillan.

Suarez E and Gadalla T (2010) Stop blaming the victim: A meta-analysis on rape myths. Journal of

Interpersonal Violence 25(11): 2010–2035.

Thapar-Bjorkert S and Morgan K (2010) ‘But sometimes I think . . . they put themselves in the situation’.

Exploring blame and responsibility in interpersonal violence. Violence against Women 16(1):

32–59.

Thielman S (2016) Yahoo hack: 1bn accounts compromised by biggest data breach in history. Available

at: https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-

billion-accounts-breached (accessed 17 January 2017).

Thomson I (2015) More deaths linked to Ashley Madison hack as scammers move in. The Register, 24

August. Available at: http://www.theregister.co.uk/2015/08/24/death_toll_ashley_madison/

Walklate S (2012) Who is the victim of crime? Paying homage to the work of Richard Quinney. Crime

Media Culture 8(2): 173–184.

Wall D (2010) Policing Cybercrimes: responding to the transnational challenges of cybercrime. Available

at: http://www.ists.dartmouth.edu/docs/davidwallpresentation.pdf (accessed 16 September

2016).

Wall D (2013) Enemies within: Redefining the insider threat in organisational security policy. Security

Journal 26(2): 107-124. DOI: 10.1057/sj.2012.1.

Whitson J and Haggerty K (2008) Identity theft and the care of the virtual self. Economy and Society

37(4): 572–594.

Wilcox P (2010) Theories of victimisation. In: Fisher B and Lab S (eds) Encyclopedia of Victimology and

Crime Prevention. Thousand Oaks: SAGE, pp.977–985.

Wolfgang M (1967) Studies in Homicide. New York: Harper and Row.

32

Wolfswinkel J, Furtmueller E and Wilderom C (2013) Using grounded theory as a method for rigorously

reviewing literature. European Journal of Information Systems 22: 45-55. DOI:

10.1057/ejis.2011.51.

Wright M (2015) The Ashley Madison suicides: It’s the hackers who should feel shame. Available at:

http://thenextweb.com/media/2015/09/09/the-lives-of-others/#gref (accessed 16 September

2016).

Yar M (2013) Cybercrime and Society. London: Sage.

Urback R (2015) Josh Duggar and Ashley Madison hackers – both preoccupied with other people’s

bedrooms. Postmedia Breaking News, 25 August.

33