No matter who or what is behind the hack on Sony Pictures, it’s really bad. The lead theory, though it begs many questions, is that the North Korean government initiated the attack and subsequent mass data dump of sensitive information along with five unreleased feature films. The rationale I heard proposed this morning on NPR is that the attack might be retaliation against Sony for the premise of a Seth Rogan vehicle called The Interview, in which a pair of hapless reporters who’ve gained access to Kim Jong-un are asked by the CIA to assassinate the North Korean leader. Not known for their taste in screwball comedy, the North Koreans issued a statement calling the film itself an act of terrorism, and then Sony got hacked.
Some of the data released by the hacker(s) is of dubious value. Like the email exchange between Sony Pictures co-chairman Amy Pascal and the CEO Kazuo Hirai of Sony Corporation about the manner in which Kim Jong-un’s head is depicted exploding at the end of the film. The exchange, thanks to Rogen’s responses, is a little bit funny, though I don’t think Sony Corp weighing in on this one project is a particularly intriguing revelation from the leak. No doubt, the headline is worth a few thousand clicks, so what the hell.
Other data released by the hacker(s) is not so innocuous. A lot of it was highly sensitive material, including emails, marketing plans, and payment processing information pertaining to both famous and not-so-famous people who have worked for the studio. According to multiple reports, sensitive information such as social security numbers may have been compromised for individuals who have worked for the studio anytime in the last ten years, thus creating a bait ball that would be attractive to any sharks out there looking for opportunities to conduct identity theft. And just in time for holiday shopping!
The Sony hack ought to be disconcerting to, well, anybody who has ever worked for any company either as an employee or a contractor. If that’s not you, no worries. While this attack may indeed have come from North Korea, it as admittedly hard to say whether that scenario is better or worse than if it were committed by an entity like Wikileaks or just some highly-skilled teenager with a random beef against Sony. It’s a bit like trying to parse the difference between an act of terrorism in the name of Islamic jihad and an act of terrorism in the name of just being the local sociopath. After all, the digital age has spawned quite a few home-grown anarchists who like to arbitrarily vent their self-righteousness on large corporations. They’re smart enough to encode a major security breech, but too stupid to realize they’re jeopardizing the security of regular folks like freelance contractors who’ve done jobs like build sets or haul cables for Sony projects. If this same kind of hack, for instance, had targeted GM, I suspect it would be the lead story on cable news.
What concerns me about this story is that, whether the perpetrator of a hack like this is a rogue state like North Korea or a lone hacktivist, the real casualty of all this remote-control retaliation might be free speech. Consider this: the likelihood that any movie producers, especially major ones, are going to produce any films mocking the prophet Mohammed is actually very low. I’m not saying we’re in need of such a thing, but I bring it up because the calculus applied in considering a lampoon of Mohammed includes serious consideration that one might incite real violence perpetrated by extremists who’ve proven they posses nothing we call humanity. And that’s not good for free speech in a pure sense, though such assessments are made all the time with regard to potentially hazardous material. Still, the Sony attack reveals that in our increasingly interconnected world, we are all potentially vulnerable to forces that would silence one form of criticism or another. After all, it’s almost de rigueur now that if a woman publicly expresses a feminist thought, she’s going to receive death and rape threats through social media; and some of these incidents have included release of information that has led to real-world stalking and physical assaults.
If the investigation proves that Sony’s attacker really was the government of North Korea in retaliation for the film The Interview, that’s a fairly impressive amount of damage being done by an otherwise largely impotent state. Will it make producers and executives skittish about green-lighting certain material in the future that might garner a similar attack? If so, where does that logic lead when some of the most skilled code-writers in the world live right here in the U.S., some of them working in very large, very wealthy corporations? What if Seth Rogen’s next picture shows Mark Zuckerberg’s head exploding? (Really, Seth, what if?) Because my personal gut feel is that this was not the work of North Korea but was more likely someone with a personal gripe or a generalized love of vandalism. Is it farfetched, therefore, to imagine someone within, say, Zuck’s world exposing Rogen and/or his colleagues to a similar retaliatory assault on their privacy and, by extension, their security? Maybe. But a great deal of evidence suggests that the moral barriers which prevent people from committing violence or vandalism or classic forms of extortion appear to break down somewhat when the weapons are a keyboard a few lines of code.