Barbie DavenporteTwo or more weeks ago the full legal names, birth dates and stage names of some 12,000-plus porn performers – both current and former – were released on a site called Porn Wikileaks, which blatantly refers to performers as “whores” and considers men who work on both sides of the fence to be “fags.”
So yeah, the guy in charge of this site – who will not be named here as he is not the subject and focus of this article – feels more than a little disdain toward the men and women whose fornication gives us all something to fuck talk about.
The mainstream media has jumped at the topic, and rightfully so, reporting that a security breach of the AIM Medical Associates (AIM) patient database is the source of the suddenly available personal information.
Uh oh. That's bad.
It's also been reported that the names and contact information of not only the 12,000 pornstars of past and present are accessible, but so are the identities of the thousands of regular Joes and Janes who've used the testing facility for anonymous HIV and STI tests, pelvic exams and the like.
That would mean escorts, their customers, anyone who thought about doing porn but decided against it, and any man or woman who couldn't get a Planned Parenthood appointment would be in this reportedly hacked database. They might be teachers, librarians, husbands and wives now. Reputations could be shattered.
Shit, that's REALLY bad.
AIM's notoriously terrible about public relations, responding to media requests, and generally explaining what the hell's going on. This isn't the first time.
The closest thing the clinic has to a publicist or media rep is its attorney, Jeffrey Douglas, who answered as many questions as possible to try to explain what the hell happened, how AIM could let this happen, and what the organization is doing to protect its patients.
Douglas is first to point out that though Gawker, LA Times, Salon and several other reputable outlets have reported a security breach of AIM's client database being the source of the information now available to the universe, there's info on the site that could not have come from the database because, simply, it's not there.
“There's material that could not have come from [AIM's] database – home addresses, IDs, that info isn't [there],” Douglas tells AfterDarkLA.
So where did that info come from? More on that later. Let's focus on AIM's role and responsibility.
Now the fact that some of the details aren't available through AIM's easily accessible patient database doesn't mean it didn't play a role in the information gathering. It's absolutely possible.
Here's a crude explanation of how AIM works: Adult producers need STI test results ASAP before shooting content, often within a half hour of shoot time. Approved producers (no idea what that approval process is) get a limited access password to access health details – except HIV test results – about any performer who's used AIM.
But wait a minute. It's THAT easy to get this information? Just type in a code and BOOM, birth name and birth date? What took some disgruntled porn dude so long to seek some kind of revenge on a porn chick who refused to blow him by posting her real name all over the web?
Porn journalist Gram Ponante, who's been covering the business porn with the same kind of flippant passion since 2002, tells AfterDarkLA that the adult industry follows a sort of whacked-out honor code despite the fact that it's filled with more than a few “volatile and eccentric personalities.”
“Everyone who has ever shot or worked on a movie in Porn Valley has access to AIM's database,” Ponante says. “This is thousands of people sharing a password. I do myself, having just directed 'The Facts of Life XXX.' We all know so many things about each other [from documents distributed throughout]; real names, social security numbers, addresses – and, even more intimately, real ages – that it is not ridiculous to say that there is a very real honor code in place with regard to the sharing of personal information, say what you will about the thicks of porn in general.”
Performers have the choice whether to make their results accessible or to be placed in the “civilian” database, which is NOT accessible using the above-mentioned code. In the weeks since the Porn Wikileaks postings, many performers have contacted AIM's facilities demanding their information immediately be moved to this presumably safe database.
Douglas explains that if information from the civilian database was compromised it would have only been possible from within AIM and currently there is no indication or reason to believe a breach of that nature has occurred.
Plus, he says, if the function of Porn Wikileaks is to humiliate porn stars, what value would having civilian information have for the site?
Well we can think of more than three possibilities – power, instilling fear and shame, vengeance – but that's not the matter at hand.
Right now it is not confirmed whether or not a security breach occurred – what Douglas calls “forensic work” is being done, involving AIM staffers going through each and every access of the database (not sure how far back, however) to find one or more that features an information download that exceeded the allowed accessibility. That would prove a hack, and as a result, a possible federal offense.
“State law, and some provisions in similar federal law, state that if you are authorized to access information through a computer and exceed the approved authorization, you committed crime,” Douglas says. “For example, if you get a free membership or password to access a certain site, but due to screw up on the part of structure of the database you find you are allowed to access places that you [knowingly] are not supposed to go, [that is a hack].”
So does that mean there was a “screw up” in the structure of AIM's database, resulting in the access of not one or five but upwards of 15,000 names and test results?
“No idea,” Douglas says. “There are many possibilities we are exploring, but assuming we can show that somebody accessed essentially the entire database, that without question was a crime. We don't know whether or not it was a classic hack or whether [AIM's] database had structure flaws that allowed it.”
But who's to say the person in charge of Porn Wikileaks hasn't slowly been compiling names and info without making one or two massive information downloads? Is he smart/conniving enough to do that? We'll get to that in another post.
So basically this is a wait-and-see type of deal. While AIM's staff sifts through its records, Douglas says law enforcement has expressed interest in response to the inquiries and are pursuing the case. He could not tell us to what extent they are working on it.
“The urgency is enormous and we are expecting law enforcement will assist in the process, as they have tools [that AIM doesn't],” Douglas says.
So what about the porn stars in question who are afraid of having their information showcased on a low-rent website with the potential of ruining lives? Douglas says AIM has been moving patient files to the civilian database at the request of the records' subjects.
He can't confirm how many have already done so, but AfterDarkLA was contacted by one individual who communicated with AIM in person and via email and has asked to remain anonymous. She feels her case wasn't treated with urgency and staff members who hadn't been briefed or prepped for what to – and NOT to – say revealed less than savory information.
The AIM staffer apparently not only admitted AIM's advanced knowledge of a database breach, she was told how it happened and who they suspected to be the culprit. The staffer said AIM had known about the breach for about two weeks (Douglas couldn't confirm to us when AIM found out about it) and that they had changed procedure (aka changed the access code) to secure the database since.
Douglas couldn't comment on this event.
So what about the rest of the info found on Porn Wikileaks that apparently didn't come from AIM? Where the hell did that jerkoff get it?
Well that kind of information is easily accessible via 2257 records, documents required by the federal government to be in possession of not only the producers of the porn footage, but even second parties involved in the distribution of the content. These records feature clear photocopies of IDs and driver's licenses, photographs and other personal details of every porn performer to have set foot on set and in front of the camera.
'The X-Files: A Dark XXX Parody' couldn't film until every cast member had a 2257 document to his/her name
There is no law preventing the sharing and distribution of 2257 documents within and outside of the industry and often there's no way to know if a person requesting the documents with the intention of drop-shipping porn DVDs is actually selling anything.
“If someone were to say, 'I have this website and I want to sell 1,000 titles a day,' [that person] needs 2257 documents,” Douglas says. “When he gets the money, [he] then notifies you and you ship the DVDs to his address. It's a perfectly legitimate business model, and there are thousands of sites that use it, but how do I as the holder of the content have any idea if that person is actually just accumulating the records with no intention of selling? Nothing can be done to slow that down. Federal law essentially requires distribution of that [2257] data with no protection.”
Douglas says when the dust clears he plans to approach legislators to begin steps to make it a crime to distribute this information.
So while AIM figures out if they fucked up or if this ordeal is primarily the result of a hack and malicious act on the part of Porn Wikileaks' founder, if you believe your information may be compromised call AIM and hope someone answers the phone. ( 818) 981-5681.
And in the meantime AIM released this statement that doesn't really help the matter…but at least they aren't pretending that the industry (and the clinic itself) doesn't have a bit of a disaster on its hands. (Massive civil lawsuit, anyone?)
“AIM Medical Associates, P.C. is investigating the possibility of a criminal breach of the medical record database. Substantial amounts of information posted on the site in question could not come from the AIM database because we do not possess that information. Specifically, home addresses and identification documents are not within the AIM database. Other testing businesses may or may not have such information on their databases.
AIM is utilizing every available resource to conduct a thorough forensic investigation to confirm if a breach of security occurred here. If such a breach occurred, we shall take all available steps to see that the felonious behavior is criminally prosecuted to the maximum extent under the law. Accessing a database for improper purposes, violating medical privacy and extortion are all crimes in California. There is preliminary information indicating that criminal behavior by persons or entities may have occurred.
In any case, the malicious nature of the site cannot be overstated. It is reprehensible that the site characterizes all adult actresses as 'whores,' and refers to some women as 'baby killers.' It is gratifying that the website has been largely unavailable at least over the past few days. We hope the hosting company removes this scurrilous site altogether.”
Additional reporting by Monica Shores.
Advertising disclosure: We may receive compensation for some of the links in our stories. Thank you for supporting LA Weekly and our advertisers.