Women in IT Security: A picture worth a thousand no's
Women in IT Security: A picture worth a thousand no's

In a bold show of support for the victims of the infamous iCloud “nude photo hack” last year, several members of F-Secure's staff stripped themselves bare to take a group photo that challenged much of the victim- blaming that followed the leak. 

The incident occurred in late September when hundreds of nude photos of celebrities, mostly women, were posted online without their consent. The images first appeared on 4chan, an online, image-based bulletin board, but quickly went viral, prompting some victims, like actress Jennifer Lawrence, to involve law enforcement. After a 40-hour investigation, Apple confirmed that celebrity iCloud accounts had been compromised in a “very targeted attack on user names, passwords and security questions,” but that the attacks hadn't resulted in a breach of Apple's systems, including iCloud or Find my iPhone, as had been speculated.

While Apple quickly addressed the root cause of the photo leak, the images of victims that had been posted posed a concern since they had already been saved and reposted online, often as a source of ridicule. 

Witnessing the events as they unravelled, a number of workers at F-Secure, a Finland-based online security and privacy firm with offices in the U.S., had had enough. 

 In late September, nine female employees posed nude for a photographer and posted the photo on F-Secure's blog to emphasize that the iCloud incident, and others like it, showcased the importance of consent in regards to online privacy. Pascale

The team's show of support was inspired by the actions of a Danish woman, Emma Holten, a victim of “revenge porn,” who eventually decided to “write a new story about [her] body,” she wrote in an essay called “Consent.” Last year, Holten, then 23, published her own nude photos, years after having been victimized by a similar act, when an ex-boyfriend allegedly shared private images of her without her permission, some which were taken when she was 17. 

Laura Díez, media designer for corporate communications at F-Secure, who was one of the original staff members to plan (and pose for) the photoshoot, tells SC Magazine that “the wish to support the victims [of revenge porn] was what brought us there.”

While she initially had her doubts about participating in the shoot, particularly concerned with how her close friends and family would react, Díez believes that “the cause for which we fight is fair and bigger than any individual's fear. It was totally worth it for me to go against the grain,” she says.

Sean Sullivan, security adviser at F-Secure Labs, said that when he became aware of his colleagues' plans to post their own photos in response to victim blaming, that leadership at the company was on board. “People take these photos and there's nothing beneficial about saying that they shouldn't have taken them in the first place, or that they brought this on themselves,” Sullivan says. “It's [also an issue] when the content is shared without someone's consent.” 

To date, 18 states have passed legislation that, in some form, makes illegal the posting of explicit pictures online without the subject's consent, an act of harassment in some instances known as “revenge porn.” Yet, despite the successful efforts of lawmakers to prohibit this form of online persecution, a debate has surfaced regarding how effective these laws will be in the long term in discouraging these acts by ex-significant others, hackers seeking notoriety or website operators who've created businesses out of extorting victims who are desperate to have their images removed from strangers' sight.