By Doug Porter
Yesterday Sony Pictures did what many businesses would in similar circumstances – it assessed risks relative to reward and chose to pull the plug on a soon-to-be-released movie comedy, ‘The Interview.’
The $44 million film staring Seth Rogen and James Franco about an assassination attempt on North Korea’s leader was supposed to debut on Dec. 25, Christmas Day.
Now it’s dead in the water, with company reps saying, “Sony has no further release plans for the film.”
This decision was the end result of a hacking of Sony’s computer system by the “Guardians of Peace,” a group the US government says has links to North Korea. Unreleased films, company emails, employee information, threats to employees and their families and promises of violence against theaters and the public have all surfaced on the internet in recent days.
Today I’ll take a look at the implications of both the attack and Sony’s decision to capitulate.
The reactions most common to the twitterverse were that Sony’s decision incentivized future groups seeking to engage in cyber attacks on companies and concern about the implications for freedom of expression.
New Regency films decision yesterday to cancel production of ‘Pyongyang’, a movie starring Steve Carell as an American accused of espionage gives credence to that line of thinking.
Sad day for creative expression. #feareatsthesoul
— Steve Carell (@SteveCarell) December 17, 2014
No one should kid themselves. With the Sony collapse America has lost its first cyberwar. This is a very very dangerous precedent.
— Newt Gingrich (@newtgingrich) December 17, 2014
Gingrich didn’t blame the Obama administration, but that hasn’t stopped other right wing pundits–many of whom are desperate for something besides Cuba to rant about–from pointing the finger.
On the other side of the aisle, here’s DR J at Daily Kos bemoaning Sony’s decision:
The people who did all of that have been given exactly what they wanted. On Tuesday, even though there was no evidence of a credible threat, America’s top five theater chains, including Regal Cinemas, Cinemark, Cineplex, Carmike, and AMC Theatres, dropped the film after Sony gave theater owners the option of backing away from the film, and the writing was on the wall. American intelligence officials believe North Korea is behind the attacks, and the U.S. is mulling how to respond. Although, others are not sure North Korea has the technical capabilities to perform this sort of cyber attack. Per CNN, a formal announcement by the U.S. government accusing the North Koreans of this crime may come as soon as today.
Details of the Cyber Attack
This cyber attack was clearly different from your garden variety theft of data from companies like Target and Home Depot occurring over the past couple of years. Those intrusions were about stealing data enabling financial theft via consumer credit card information.
From the New York Times:
While intelligence officials have concluded that the cyberattack was both state-sponsored and far more destructive than any seen before on American soil, there are still differences of opinion over whether North Korea was aided by Sony insiders with knowledge of the company’s computer systems, senior administration officials said.
“This is of a different nature than past attacks,” one official said.
An attack that began by wiping out data on corporate computers — something that had been previously seen in South Korea and Saudi Arabia— had turned “into a threat to the safety of Americans,” the official said. But echoing a statement from the Department of Homeland Security, the official said there was no specific information that an attack was likely.
Any administration statement regarding North Korea’s involvement is going to be circumspect at best, structured in a manner designed to protect any NSA/CIA monitoring of the Asian nations computers.
Once the hackers got into the Sony computer network, stealing data was as easy (really!) as running an email search for “password.”
From the Associated Press:
The stolen files expose lax Internet security practices inside Sony such as pasting passwords into emails, using easy-to-guess passwords and failing to encrypt especially sensitive materials such as confidential salary and revenue figures, strategic plans and medical information about some employees. Experts say such haphazard practices are common across corporate America.
“Most people who say they’re not doing that are lying,” said Jon Callas, co-founder and chief technology officer for Silent Circle Inc., a global encrypted-communications service.
The emails show CEO Michael Lynton routinely received copies of his passwords in unsecure emails for his and his family’s mail, banking, travel and shopping accounts, from his executive assistant, David Diamond. Other emails included photocopies of U.S. passports and driver’s licenses and attachments with banking statements. The stolen files made clear that Diamond was deeply trusted to remember passwords for Lynton and his family and provide them whenever needed.
The Ethics of Reporting on the Sony Data
The Sony corporation has demanded that media organizations cease reporting on the information stolen by the hackers.
A three page letter sent to major news media companies by the company’s lawyers says “Sony Pictures Entertainment does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use of the stolen information.”
Not many outlets seem to fear the threat.
TV producer Aaron Sorkin, whose movies were the subject of emails were revealed in the hack, wrote an op-ed critical of reporting the data for the New York Times:
I understand that news outlets routinely use stolen information. That’s how we got the Pentagon Papers, to use an oft-used argument. But there is nothing in these documents remotely rising to the level of public interest of the information found in the Pentagon Papers.
Slate.com editor Jacob Weisberg agreed with Sorkin’s assessment:
What distinguishes this episode from the WikiLeaks and Edward Snowden disclosures, where the more prestigious media organizations published super-sensitive secrets about national security? The difference is the matter of public interest. In the Snowden case, purloined emails revealed abuses of power. The disclosures exposed practices that even President Obama admitted as wrong once they came to light. And in those cases, journalists at the Guardian, New York Times, and Washington Post took seriously their obligation to balance the public interest with potential for harm to individuals and risk to national security.
In the case of the Sony hack, it’s hard to see any public interest at all. The stolen emails are more like the nude photos of Jennifer Lawrence that someone got by hacking into her Apple iCloud account. Of course people wanted to see those photos.But in that case, even the bottom-feeding media acknowledged that there was no justification for the massive violation of her privacy that hosting them entailed. But in that case, the public had sympathy for the victim. This time, the reaction has been schadenfreude. It should be solidarity.
Slate.com writer and media advocate Justin Peters disagrees:
To what extent are journalists obligated to care about the motives of a leaker or hacker? After all, journalists deal with odious sources all the time, and every reporter knows that no one leaks from neutral ground. But, obviously, there are agendas and then there are agendas. There’s a difference between the motives of NSA leaker Edward Snowden and those of criminal hackers who were likely compensated by North Korea to make Sony pay for the crime of releasing a dumb James Franco movie. One party wants to reform the government, while the other wants to bring down, or at least humiliate, a corporation that made a movie it found offensive.
But just because the Sony data may have been released for one reason doesn’t mean that reporters can’t use it for another. Journalists don’t have to support the source of the information or the means by which it was acquired to believe that it has news value. And the information released by the Sony hackers does indeed have news value.
Is it newsworthy that Sony executives have exchanged vaguely racist emails in private? Yes, it is—these are the people who determine which movies get made and who stars in them, and it’s reasonable to wonder whether opinions exchanged in private affect their public-facing decisions. Is it newsworthy that there are race and gender discrepancies in pay in Hollywood, as Fusion has reported? Yes, it is. Gawker has used the leaks to report on how Sony may have mustered influence to kill stories in the New York Times. The Verge used the leaks to report on how, after the Stop Online Piracy Act died in 2012, movie studios and the Motion Picture Association of America changed tactics in their war against pirated content, in an initiative dubbed “Project Goliath.” These are all legitimate stories, and they’re all stories that we wouldn’t have if not for the leaks.
By the way, the Washington Post has an interesting story today based on those emails today about how star actress Jenifer Lawrence was paid less than her male co-starts in films. The magic number in was 23% less pay, a number corresponding to the figure used in numerous credible studies showing that women earn roughly 77 percent of what men earn.
The Stupid is as Stupid Does Question…
From a comment left at the Los Angeles Times’ Readers React section:
While I don’t condone any sort of terrorist-type threats, I can’t help but think of that old adage, “What goes around comes around.”
The entertainment industry has now reached further into the bowels of bad taste than ever, and the chickens have come home to roost. Sony will finally pay the price for bankrolling anything and everything that will make it a buck, regardless of the subject matter.
I personally couldn’t care less about North Korea, but this isn’t just a movie poking fun at someone; it makes light of an assassination attempt on a real, living world leader. Can you imagine the uproar if someone made a similar “comedy” about an assassination plot against one of our presidents? How about on the life of some slimy executive at Sony who treated people like garbage?
It’s too soon to access the real impact of the Sony hack. Some day we may look back on it and say this was the Pearl Harbor of the digital age. The FBI says 90% of the nation’s computer networks could not fend off a malicious attack like the one Sony endured.
Or maybe it will be taught in business classes as an example of corporate stupidity.
I’m changing my passwords. Again.
On This Day: 1865 – Secretary of State William Seward issued a statement verifying the ratification of the 13th Amendment to the Constitution. The amendment abolished slavery with the declaration: “Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.” 1892 – Tchaikovsky’s “The Nutcracker” publicly premiered in St. Petersburg, Russia. 1999 – After living atop an ancient redwood in Humboldt County, for two years, environmental activist Julia “Butterfly” Hill came down, ending her anti-logging protest.
Did you enjoy this article? Subscribe to “The Starting Line” and get an email every time a new article in this series is posted!
I read the Daily Fishwrap(s) so you don’t have to… Catch “the Starting Line” Monday thru Friday right here at San Diego Free Press (dot) org. Send your hate mail and ideas to DougPorter@SanDiegoFreePress.Org Check us out on Facebook and Twitter.
bob dorn says
If Sony execs were found in stolen e-mails to have plotted a tax evasion scheme would the IRS not investigate? What if another studio were to hack into Sony’s systems to find out what Sony is paying women, so that those women could more readily be recruited with salary offers exceeding Sony’s. Wouldn’t that just be regarded as good business?
Large American corporations seem to have the same disease of privilege as do white American men. Their outrage at having their ineptitude and lazy security procedures sounds like the whining of spoiled rats.
John Lawrence says
If only Bill Gates and Steve Jobs had taken security seriously when they were inventing computers and the internet in the first place. In those innocent days, no one gave the least thought to security. As it’s turned out, security is the number 1 consideration in computer networks. They could have prevented a lot of headaches if it had been built in from day 1. But nobody thought it would turn out to be the problem it has. Chalk it up to a too benign view of human nature. Once again human nature has turned out to be more malevolent than a bunch of naive techies thought it to be.
William T says
But Bill Gates and Steve Jobs didn’t “invent” the Internet. For that, see DARPA.
Internet security (Swiss cheese?) is what it is today largely because the Internet evolved from very modest beginnings into something much different from its original purpose. In the beginning, the only machines connected were DOD and academic research computers, and DARPA owned the entire network. No bad guys on the net means no need for Fort Knox -style security.
Hindsight is 20/20.
As for the hack-ability of Windows boxes (and to a lesser extent Unix boxes), you can pillory Bill Gates all you like. And I would concur.
John Lawrence says
Well, no they didn’t invent the internet per se, but they made it possible on a widespread basis by their development of personal computers. As developed by DARPA, I believe it had a security layer in it. I don’t know what happened to that, if that proved to be insufficient, or if Windows didn’t take security seriously enough. Enlighten us!