Apple pays millions to end customer's explicit images leak lawsuit
Apple has paid millions of dollars to settle a lawsuit with a student, after Pegatron employees leaked explicit photographs and videos from her iPhone that was sent in for repair.
In 2016, an unnamed student in Oregon sent her iPhone to Apple, as part of the repairs process. The device was then handed over to a Pegatron facility in Sacramento, California, where it was examined by technicians.
Two of the technicians then posted "10 photos of her in various stages of undress and a sex video" to the woman's Facebook account, to make it seem like she posted the images herself, according to The Telegraph. The explicit content was later removed once friends of the victim told her of their publication.
The woman then threatened a lawsuit for the invasion of privacy and emotional distress, with the additional warning there would be "negative media publicity" due to the lawsuit's existence. Apple provided a "multimillion-dollar" settlement of an undisclosed size, following a demand for $5 million.
Confidentiality provisions as part of the settlement prevented further discussion of the case or the amount paid. However, the existence of the lawsuit still surfaced due to it being referenced by another lawsuit.
A dispute arose between insurers and Pegatron, as the insurers refused to pay out for the settlement amount Pegatron had reimbursed Apple. Though Apple wasn't identified in that second lawsuit, only mentioned as a "customer" to maintain confidentiality, another unrelated lawsuit with Apple referred to previous legal activity.
When asked, Apple confirmed the incident occurred.
The incident prompted Apple to perform an "exhaustive" investigation, resulting in the firing of the two workers.
"We take the privacy and security of our customers' data extremely seriously and have a number of protocols in place to ensure data is protected throughout the repair process," Apple said in a statement. "When we learned of this egregious violation of our policies at one of our vendors in 2016, we took immediate action and have since continued to strengthen our vendor protocols. "
Follow all of WWDC 2021 with comprehensive AppleInsider coverage of the week-long event from June 7 through June 11, including details on iOS 15, iPadOS 15, watchOS 8, macOS Monterey and more.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get the latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
In 2016, an unnamed student in Oregon sent her iPhone to Apple, as part of the repairs process. The device was then handed over to a Pegatron facility in Sacramento, California, where it was examined by technicians.
Two of the technicians then posted "10 photos of her in various stages of undress and a sex video" to the woman's Facebook account, to make it seem like she posted the images herself, according to The Telegraph. The explicit content was later removed once friends of the victim told her of their publication.
The woman then threatened a lawsuit for the invasion of privacy and emotional distress, with the additional warning there would be "negative media publicity" due to the lawsuit's existence. Apple provided a "multimillion-dollar" settlement of an undisclosed size, following a demand for $5 million.
Confidentiality provisions as part of the settlement prevented further discussion of the case or the amount paid. However, the existence of the lawsuit still surfaced due to it being referenced by another lawsuit.
A dispute arose between insurers and Pegatron, as the insurers refused to pay out for the settlement amount Pegatron had reimbursed Apple. Though Apple wasn't identified in that second lawsuit, only mentioned as a "customer" to maintain confidentiality, another unrelated lawsuit with Apple referred to previous legal activity.
When asked, Apple confirmed the incident occurred.
The incident prompted Apple to perform an "exhaustive" investigation, resulting in the firing of the two workers.
"We take the privacy and security of our customers' data extremely seriously and have a number of protocols in place to ensure data is protected throughout the repair process," Apple said in a statement. "When we learned of this egregious violation of our policies at one of our vendors in 2016, we took immediate action and have since continued to strengthen our vendor protocols. "
Follow all of WWDC 2021 with comprehensive AppleInsider coverage of the week-long event from June 7 through June 11, including details on iOS 15, iPadOS 15, watchOS 8, macOS Monterey and more.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get the latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
We can't assume the activity was illegal under the criminal code in California. In fact, I suspect it was not.
Not knowing CA's laws, I just looked it up. At first, it appeared to fit the 2013 revenue porn law. But, I don't think it does. One of the criticisms of that law is that it apparently only covers pictures taken by someone other than the victim. That may be the loophole here.
Since they uploaded the the images and video to Facebook they could have potentially exposed them to minors which would put Penal Code 288.2 PC in play. At a federal level the Child Online Protection act would likely apply as well.
Also, the pictures are her property and are copyright protected when they are created. So the individuals in this case would be liable for copyright violations.
Did you catch that it was Pegatron employees at a Pegatron facility that did the "bad thing"? How does that make Apple's statement gaslighting? They aren't denying what happened, they are agreeing it happened and took action.
Assuming it's the case that hardware repairs at some point need the device unlocked, the software needs better protections. Banking apps usually allow the app to be locked on leaving the app. The photos app doesn't necessarily need to have this by default but it could have a more visible way of securing photos and videos behind biometrics and/or pin code. iOS can even use on-device AI to detect nudity or just NSFW content and have a popup that recommends protecting it behind some security.
For repairs, the workers should only be allowed to boot the device into a safe mode that isn't allowed to access user's apps. Maybe something in iCloud could generate a second unlock code. On setting up an account on iOS, both would be generated. Then when a device failed, the user would get the repair code from iCloud to give to the repair people.
Well, I haven't found any yet. Have you? I'm also unaware of any criminal prosecution.