Forget WikiLeaks – here comes DickiLeaks!

Forget WikiLeaks – Australia is currently embroiled in a data leakage saga of its own, dubbed “DickiLeaks”.

In short, the story is that a young woman has published nude photos of football players from high-flying Australian Football League club St. Kilda, rapidly accumulating thousands of Twitter followers as a result.

Varying accounts exist of how she came by the photos. The youngster is reported to have claimed that she took the photos herself. Another report documents a counterclaim by the manager of team captain Nick Riewoldt, one of the pictured players. In the counterclaim, the photos were copied from the laptop of a teammate who snapped the photos on a club trip to the USA last year.

Riewoldt himself claims that his pic was taken one morning last year in a Miami hotel room. Riewoldt says that he asked his teammate to delete the snap and assumed that he would do so. The teammate backs his skipper’s claim, adding a personal apology for what subsequently became of the photo.

There is a whole raft of questions emerging from all of this. But this is a computer security site, so I’ll concentrate instead on the privacy lessons – both social and technical – that we can learn from this saga, no matter what is finally deemed to have happened.

* Don’t snap a photo with your friends in it without their explicit permission. If they ask you to delete a photo they took, do so immediately – even if the law says you don’t need to. They’re your friends, after all.

* If you are going to let someone else use your laptop – a favour many of us may grant to travelling acquaintances over the coming holiday season – then create a new account for them to use. Don’t give them an administrative account. Let the operating system help you keep everyone’s files separate.

* If you are serious about security – and if your computer is used for any sort of business, including internet banking – consider some sort of encryption solution. Full disk encryption will protect your entire computer if it gets stolen; file, folder and network encryption will protect your data from other users on your network.

This whole sorry mess also brings into question current laws about who gets the rights to a photo. In many countries, the law comes from a time when photographs were comparatively difficult to take, develop, publish, index and search.

The law therefore generally hands the rights to the photographer. These days, of course, digital images can be easily acquired, even in huge volumes – as CCTV systems and Google StreetView remind us quite clearly.

I’ve discussed this issue before – I think that the law needs changing, especially to protect us from what I see as mechanised predatory photography – but have had numerous people tell me that I’m being paranoid, or unreasonable, or petulant, or Luddite. (The Luddites, as it happened, weren’t anti-technology. Their concern was social justice, though they chose violence as a way to make their point. I am neither anti-technology, nor pro-violence.)

You can read more about this at the links below, but whether you agree with me or not, please take heed of the advice above.

And if you aren’t ready for a full-blown encryption system just yet, here’s a Christmas present to help you keep your private stuff safe, both at rest on your PC and in motion across the internet: Sophos Free Encryption.

* Read more about the ownership of rights in photos taken by others:

* Learn from recent data leakage disasters how to protect yourself and your business:

(10 December 2010, duration 9:25 minutes, size 9.0MBytes)

The podcast is also available as a transcript.