(This post was first published on Medium.com)

About a week ago, I posted the following tweet:

I have such complicated thoughts about the Ashley Madison hack, much of which comes down to “schadenfreude is ugly and unworthy of us”.

August 18, 2015 at 08:04PM (since deleted)

In the week since a lot of new information has come to light. There has been a second, larger dump with source code and the CEO’s email. We know about “family values” activist Josh Duggar’s account on the site (for which he seems to be more apologetic than, you know, molesting his sisters). We know about women and members of the LGBTQ population living in repressive regimes whose lives have been put at serious risk because of the leak. We know there are already mercenary “security experts” that are using the public’s fear to harvest email addresses for scams. We are starting to see real-world fall-out, including at least two possible suicides that have been linked to this.

In other words, things have gotten a lot more complicated.

This issue is about much more than infidelity. It’s about our vicious delight in negativity, the inevitable failure of computer security and computer literacy, the collateral damage of schadenfreude, the normalization of vigilante justice, and a collective desire for black-and-white judgments.

This is going to get long. Bear with me.

Morality is hard, you guys

I thought about titling this entire post “Ashley Madison: morality is really hard”. Because let’s face it: morality is really, really hard. As much as we’d like to pretend that there are black-and-white, with-us-or-against-us answers for humanity’s multitudes, reality is rarely that clean.

One of my favourite quotes is from the novel The Daughter of Smoke and Bone by Laini Taylor:

“It is a condition of monsters that they do not perceive themselves as such. The dragon, you know, hunkered in the village devouring maidens, heard the townsfolk cry ‘Monster!’ and looked behind him.”

The only criticism I have of that quote is that it charges the crime of being un-self-aware only onto “monsters”, as though there were a clear delineation between who is and isn’t objectively a monster, and which group ought to learn the truth of their own monstrosity. I would amend it to say that it’s the human condition that none of us perceive ourselves as monsters even when we are engaged in acts that may be monstrous, because few of us think of any individual moment in our lives as being the sole representation of our person.

The one thing you can accurately say about someone who has chosen to cheat on a partner in a monogamous relationship is that they reneged on their promise of monogamy to their partner. That is the only information we have about that person, absenting additional context. And yet, even the language we use—to “cheat”—immediately attaches a judgment of dishonesty and malicious intent to the act, fairly or not. In many parts of the world and in many religions, the bond of marriage is considered sacrosanct, so it’s no wonder we’re primed to instinctively abhor and mistrust those who violate that bond even when we don’t have all the facts.

I won’t pretend that cheating is something that happens accidentally. There are always a series of conscious decisions that lead to infidelity, and I don’t believe anybody when they say that they “couldn’t help it”.

What I am going to say, however, is that infidelity is not always an indicator of moral depravity. It’s not even always an indicator of poor decision-making for that individual. Few people enter a relationship with the intent of betraying their partner’s trust, but fewer people still can predict the future. I genuinely believe that the vast majority of people are trying to do the best they can, the best they know how.

Sometimes people turn to infidelity because they were in abusive relationships, and that external influence is what gave them the strength to get out. Sometimes people turn to infidelity because they are in social environments that do not allow them to be open with their sexuality - closeted LGBTQ folks, women in repressive religious environments who married young, people in all sorts of social contexts where divorce is socially stigmatized. Sometimes people turn to infidelity because they are trying desperately to stay in a failed marriage for the sake of kids or elderly parents. Are they all terrible people?

And sure, sometimes people turn to infidelity because they have poor coping mechanisms, don’t know how to address problems in their primary relationship, are too afraid or too complacent to end things, or are simply selfishly prioritizing a momentary desire over the trust of their partner. Sometimes people really are mean-spirited and selfish towards their loved ones, and give no care to the hurt they cause. Still, does this mean that they deserve to have their privacy breached and their financial information aired, without due process? Do their names get put on some infidelity registry so that they are tainted forever by past mistakes, denied the chance to self-reflect and improve?

Should future employers be able to search for this information and use it to disqualify someone from employment? Should current employers be able to fire you for what you do in your private life? How Orwellian do we go?

Collateral damage

We already know that this hack is not a victimless crime. We already know that there are people whose lives are endangered by this. We know that there are fake accounts created by vindictive exes, because Ashley Madison doesn’t ask for email verification upon sign-up. We know there are people who signed up on a lark years ago and who never communicated with anyone. We know there are people who signed up while they were single. We know there are divorce attorneys, academic researchers, and journalists on there.

Hell, we even know that there are people who signed up for Ashley Madison to check up on a spouse they suspected of cheating. Talk about insult upon injury, right?

Let’s say we don’t care about any of those people. Let’s say that we assume that anyone whose information has been leaked truly deserves their fate.

What about their loved ones?

What about their partners, past and present? Do they deserve to have their names and lives dragged through the mud because of their partner’s indiscretions? Do they deserve to be confronted with the gut-punch of their partner’s past mistakes, now pulled to the present? What if their partner has genuinely, truly changed? What if their partner had cheated on someone else, and never them? Do we have the right to decide to destroy all these relationships in the name of vindictive schadenfreude?

What about their kids, associated with a billing address and a zip code and a last name? Do they deserve to be tarnished with this, too?

Hell, even in Josh Duggar’s situation there are victims:

Anna Duggar followed the rules that were imposed on her from the get-go and this is what she got in reward- a husband who she found out, in the span of 6 months, not only molested his own sisters, but was unfaithful to her in the most humiliating way possible […] What is Anna Duggar supposed to do? She can’t divorce because the religious environment she was brought up would blame her and ostracize her for it. Even if she would risk that, she has no education and no work experience to fall back on, so how does she support her kids?

And that’s the problem with vigilante justice, especially of the sort meted out by amoral hacker groups claiming to stand for social progress. It’s blind in the worst possible way. The Impact Group claims to be motivated by Avid Life Media’s admittedly atrocious behaviour towards customers data, and they did give ALM a chance to shut down the websites before the user data was posted publicly.

And yet, if your goal is to name and shame corporate practices regarding data security, it seems like maybe victimizing the people who rely on that security isn’t the best way to go. If you’re mad at ALM for treating their customers poorly, the best way to get back at them is probably not to hurt all of those customers and their family and friends. But when all you have is a security vulnerability hammer, everything looks like a data breach nail.

Thanks, patriarchy

We know that men and women cheat at approximately the same rates (warning: autoplay video), but the majority of users on Ashley Madison and Established Men were male. There’s a lot to unpack here in terms of gendered relationship models and who has the social and financial capital to initiate affairs, but I’d wager there’s just as much to unpack regarding the socialization of male mental health.

A study from the New England Research Institute showed that 66% of men rely on spouses as primary social support, and 10% of men have no such support at all1. This is in large part because most men have not been trained (and expected) since boyhood to perform the kind of emotional labour that results in lasting emotional bonds. After all, men aren’t supposed to have emotions. Widowers and male divorcees are much more socially disconnected than their female counterparts, having grown used to their partners managing their social life for them, and this isolation has profound implications on their physical health.

Under this toxic model of masculinity that discourages men from expressing emotional dissatisfaction and which deprives them of the tools to work through that dissatisfaction, we have to consider that in 66% of heterosexual relationships, the female party carries the burden of being the male party’s sole source of emotional support. Moreover, in 76% of all relationships, men don’t have anyone to turn to if their relationships go south. So what happens when we raise generations of men who don’t know how to process their emotions or ask for help, tell them that their masculinity is hinged upon their sexual prowess, push them all towards traditional social institutions whose main measure of success is their longevity, with partners who are expected to carry the emotional burden for two people?

Gee, I wonder.

Are the majority-male users of Ashley Madison blameless in their decisions to cheat? Are they helpless victims of their social environment? No, of course not. But social context matters, especially when peeling apart antisocial behaviour, and it’s really, really not as simple as “men are cheating bastards”.

Security and liberty and we who have neither

Troy Hunt is the mensch behind Have I Been Pwned, a website that lets you input your email address to see whether or not your information has been leaked in one of the many large-scale data breaches in the last handful of years. Yours is probably in there. Mine was: I was among Adobe’s network of 153 million users when hackers took down their database in 2013.

Unsurprisingly, his users have turned to him in desperation in this crisis. Hunt has put together an incredibly detailed and heartbreaking summary of the emails he’s been getting for the past week. If you have ten minutes, it’s worth the read.

The one thing that keeps coming up in Hunt’s analysis of Ashley Madison users is just how bewildered and confused many of them are. They don’t understand Tor, they don’t really understand how the internet works, they definitely don’t grok data permanence, they haven’t read the terms of the websites they have signed up to (who could blame them), they’re concerned about everything affiliated with the email they used for AM (as well they should be), and for the most part they’re just terrified.

The Ashley Madison leak isn’t even the canary in the coal mine anymore when it comes to cybersecurity. At this point, canaries are at risk of extinction, all birds have fled the general area, and there’s a growing mountain of avian carcasses piling up at the entrance of the coal mine that we keep throwing a tarp over.

We are apparently entering an age where the question “what will happen to my information when this site gets hacked” is a very legitimate question you need to ask yourself every time you sign up for a new service, and the vast majority of us–myself included–are not equipped to answer that question.

There’s a major lack of computer literacy at play, here. It’s analogous to how many of us learn how to drive without ever learning how to change the oil…except if someone else could come siphon your engine oil and thereby somehow also gain access to all your mail and banking information. And also our governments demand that engine oil tanks be manufactured with a built-in leak so that they know where we are at all times. (I am full of terrible metaphors today.)

It’s especially interesting that this coincides with the recent controversy about Windows 10 automatically monitoring children’s internet traffic and sending the parents a summary report. On one hand, that feature seems like a creepy draconian intrusion of children’s privacy that could endanger–once again–LGBTQ youth and children in abusive homes. On the other hand, in an environment that prizes deregulation of speech, it’s up to the parents to keep an eye on what their kids are up to and protect them from the darker corners of the internet. Microsoft’s misstep may have been to make the system opt-out rather than opt-in, like Apple’s equivalent family setup, but can they really be faulted for trying to help parents monitor what kids get up to online for the sake of protecting them?

Does this sound familiar?

Maybe because it’s the exact same argument the US government makes about its “anti-terrorism” surveillance laws. These are the same surveillance laws that much of the voting public isapathetic about, because they still harbour the delusion that if you do nothing wrong there is nothing to fear about surveillance. They don’t grasp the incredibly complex social context of so many legal-but-stigmatized behaviours, our ever-changing standards and mores, that governments are made up of imperfect people who will use that data imperfectly, that anything that allows the government to keep tabs on its citizens can be exploited by malicious actors, that anything that sends parents info on child browsing behaviour can also send that browsing information elsewhere.

These are problems I don’t have solutions for. I don’t think these are problems anyone will have a solution for, for a very long time. We’re nothing if not good at sticking our heads in the sand, and we will likely have to wait to see concrete consequences from widespread surveillance before doing something about it…if we do anything about it at all. Or maybe this surveillance state is just what we can expect in the future. If that’s the case, email addresses of people who may or may not have thought about cheating at some point in the past fourteen years are the least of our worries.

Ones-and-zeroes

Trust me, I get the desire for schadenfreude. In an increasingly scary environment where nobody’s data seems safe, where celebrities and Target shoppers alike can be targeted, there’s a certain comfort and poetic justice in there finally being a set of victims who seemingly deserve it. Just world fallacy meets centuries-old desire for vicious public humiliation in the glorious internet age, where communal consumption of negative viral content is often also the basis of community building and social capital. It’s the same in-group vs. out-group signaling we’ve always engaged in, except now the in-group is millions of people laughing at the other millions of victims of a large-scale data breach.

But the thing about justice and due process is that either it is applied equally, or it is applied not at all. Either stealing people’s data without their permission is bad, or it is not. We can’t pick and choose based on whether or not we like the victim, and we especially can’t pick and choose thirty million people who may or may not have engaged in behaviour that may or may not have been hurtful against whom to exercise our two minutes of hate.

There’s a lot to chew on and think about and react to with the Ashley Madison leak. But glee should not be one of those reactions. We are better than that.


Many thanks and much love to naxuu, zarq, and LoRichTimes for providing notes and feedback on this piece.

  1. This study is from 1997 and I couldn’t find a full-text of it so I couldn’t verify its sample size or methodology. I’m going to assume that the Harvard Medical School checks out its sources even if it’s just for an online zine. It seems to assume a heterosexual model, but if you know of any research about the distribution of emotional labour in male same-sex relationships please pass it along!