The Department of Justice has published details of a case that seems to be the plot of one of the creepy episodes of techno-dystopian law and order: Special victims unit.
A former Yahoo employee
Reyes Daniel Ruiz, pleaded guilty to using his employee's access to hack emails from "friends" and colleagues, in order to find intimate photos and videos.
Accused of a charge of computer intrusion and a charge of interception of a cable communication, Ruiz pleaded guilty to computer intrusion under the terms of a plea agreement. He could face up to five years in prison and a fine of 250,000 dollars, plus restitution to victims.
The accusation came about thanks to an FBI investigation. Ruiz is a former Yahoo software engineer. Yahoo fired him after he noticed "suspicious activity" in his accounts.
They were right
While specifically targeting people he knew, Ruiz also admitted to compromising “around 6,000” Yahoo accounts, primarily to search "Sex images and videos."
He used Yahoo backend tools and decrypted passwords to gain access and search. He then used the information he found to access other accounts, such as Gmail, iCloud and Dropbox.
Ruiz stored the images and videos on a computer at home, which he destroyed once Yahoo and law enforcement began to catch him.
They are a clear and especially chilling violation, technology companies as a whole have been scrutinized about how much access employees have (and in some cases, contractors) to personal data and the life of users.
Big Four technology companies reviewed their policies around the collection of audio fragments by smart speakers and the sometimes intimate human audio review; Some Google Home speaker recordings even leaked in Denmark.
It is no stranger to privacy violations. In October 2017, he admitted that a 2013 hack compromised the 3,000 million email accounts of its users.
It is a bitter thought that, to keep our lives private, we should keep them offline; Telling people not to send nudes digitally for fear of a privacy violation sounds a bit like the fault of the digital victim.
But Ruiz's case is a reminder that even when technology companies say (again and again) that they value the privacy of their users, it is not a sure thing.