Our Services

Our Services

September 02, 2015

Ashley Madison: The Privacy Issues

A colleague, Mark Heyink, writes about the abuse of personal information.
© Mark Heyink 2015
Privacy Online www.privacyonline.co.za
The hacking of the Ashley Madison website, which has as its logo “Life is Short - Have an Affair”, is one of the more dramatic examples of why the issue of privacy is so important. It graphically illustrates many of the questions relating to the abuse of personal information in the 21st century and how the threats posed by evolving technologies, allowing for the abuse of information generally and personal information in particular, hold for our democratic society.

The “infidelity” or “cheating” website, as Ashley Madison has become termed, suffered a breach in which the personal information of 32 to 33 million customers was compromised. The sensitive information compromised included among other information seven years of credit card information, contact details, eMails and communications between participants. IT Web reports, quoting the Sunday Times, “that the personal information of over 70,000 South Africans (including many government officials and academics)” is among the information compromised.
When Ashley Madison’s parent company, Avid Life, failed to adhere to demands by the hackers, called the “Impact Team”, the personal information of customers was made public. By the nature of the website the publication of customers’ personal information has naturally caused severe embarrassment, hurt, disruption to families and law enforcement agencies in Canada have linked two “unconfirmed suicides” to the hacker’s publication of the personal information.
This gives rise to several issues which deserve consideration and debate. Firstly, there are those that take the attitude that the victims, by participating in the website, deserve the embarrassment and hurt that may come their way. This goes to the very core of privacy. We may all do things that others disapprove of. If what we do is not unlawful and we do it privately, a fundamental human right of privacy protects us. If we do not respect this right it is a very small step to allowing moral judgments to be exercised by publishing to the world the actions or communications made in private, for the advancement of political, commercial and social or even purely personal agenda and gain, regardless of the consequences to persons whose privacy has been infringed. In terms of our Constitution this is unlawful.
That the action of the hackers is unlawful is supported by the Canadian authorities formulating charges against them, which include the extortion, theft and mischief to property. Even though the enforcement of criminal charges against the hackers may prove problematical, this does not detract from the unlawful and morally reprehensible actions of the hackers. It serves to illustrate how anarchy on the web can be easily perpetrated if the right of privacy is not enforced and that, without the cooperation of governments, becomes difficult to counter. In the South African context this brings the delays in implementing appropriate legislation to protect citizens sharply into focus.
Ashley Madison is not blameless as it represented that it would protect participants’ privacy and it would appear that its security was seriously deficient. While it may suffer no criminal penalty, having reported the breach as required by Canadian law, the penalty for its failure lies in the enormous reputational damage that the website has suffered and the lawsuits which are likely to be brought against it. It is reported that a national class action of Canadian citizens claiming US Dollar 760 million will be instituted. It is also reported that Avid Life were not long ago, considering an initial public offering at a valuation of US Dollar 1 billion. One doubts that an IPO is any longer feasible or that any other potential purchasers would be found, so tainted is the website and the company’s image.
Another element of the fallout from the hack is that its CEO, Noel Biderman, has left by “mutual agreement”. This follows on from the replacement of Amy Pascal at Sony Pictures and the CEO of Target, after devastating hacks on those companies information systems compromised personal information of its customers.
While we may shake our heads at the failure of Avid Life to protect personal information the fact is that typically the boards of South African companies and institutions do not take information security seriously. The identification of government officials and academics whose interaction with Ashley Madison has been easily detected as a result of .gov.za and .ac.za extensions to the eMails used in their communication with Ashley Madison, is evidence of this disregard. Either these employees do not know that they should not be using their employer’s information and communication systems for these very personal purposes, or the policies and the enforcement of the policies by the employers are deficient. Which South African directors will, like Noel Biderman, be the first to “fall on their swords” for the general apathy and neglect that exists in implementing appropriate information security? It is not a case of if, but rather of when.
The framers of our Constitution have enshrined privacy as a fundamental human right. The Protection of Personal Information Act provides the framework necessary to protect against the abuse of personal information. We should do everything possible to prevent the right of privacy being subverted by government, big business, individuals or criminals in the advancement of “their agenda”.

August 31, 2015

Damages for dog bites

Can I sue my neighbour for damages if his dogs attack me outside his property?

The matter was heard in Du Preez v Kingsley [2015] JOL 33595 (FB)

Facts: Whilst cycling on a suburban road, the plaintiff encountered two dogs which exited their property and one of them bit him. The dogs had managed to get out of their owner’s property because the gate had been left partially open. The plaintiff received medical attention from a doctor living next door to the property where the dogs lived. As a result of his injury, the plaintiff sued the defendant for damages.
The defendant could not dispute the version of the plaintiff and the doctor. He contended that he had secured the gate, but could not dispute that the dogs had gotten out of the property. As he was not home at the time of the incident, he could not deny that the dogs went out of the premises.

Held that where a person has assumed control over potentially dangerous animal which may cause harm unless preventative measures are taken, he is under a legal duty to act in protection of third parties.

At common law, the defendant ordinarily would be required to take steps to protect others against harm flowing from the conduct of the dog.  The defendant should have ensured that his dogs did not escape onto the street. Whatever means he alleged he had taken, if any, were clearly inadequate and insufficient.

The plaintiff had discharged the onus of proof on both action de pauperie and actio legis aquiliae. The grounds of negligence were that the defendant had not properly controlled the dogs and taken reasonable measures or sufficient precautions at all relevant times so that they did not escape and cause harm to others.

The defendant was therefore liable for plaintiffs proven damages arising out of the incident.