Keep Publishing the Sony E-Mails
Sony Pictures Entertainment wants news outlets to stop publishing stories based on material stolen by hackers, who recently ransacked the company's computer network to devastating effect. From one perspective, that might be the right thing to do. Though it was found on corporate servers, some of the information revealed by hackers was undeniably personal and not meant for dissemination. But the ethics of this situation are more complicated than Sony would like to admit: Completely apart from the content of the stolen material, the media's publishing of it has been a socially useful act, an instance of moral hazard for the digital masses.
Aaron Sorkin, the screenwriter behind Sony hits "Moneyball" and "The Social Network," found himself at the center of the Sony scandal. A number of e-mail exchanges made public by the hackers involved him, and allegations were made about him that anyone would resent. In a column for The New York Times, however, Sorkin wrote that the media's picking up the revelations was a bigger problem than the hack itself:
If you close your eyes you can imagine the hackers sitting in a room, combing through the documents to find the ones that will draw the most blood. And in a room next door are American journalists doing the same thing. As demented and criminal as it is, at least the hackers are doing it for a cause. The press is doing it for a nickel.
I could argue that making a nickel is probably a worthier cause than the hackers' stated goal, stopping the release of a comedy about the assassination of North Korean leader Kim Jong Un. That would be nitpicking, however: Sorkin is clearly trying to make the point that, when publishing material from the Sony hack, journalists cannot hide behind a public interest defense. Movie executives' emails and salary data are of far less importance to society than the Pentagon Papers or National Security Agency leaker Edward Snowden's trove of documents detailing the scale of the U.S. government's electronic spying.
Indeed, in those cases journalists used stolen documents but avoided prosecution -- ultimately because they were providing the public service they had been hired to do. When public interest is not obviously served, news organizations and their employees are punished harshly, as in the case of the News of the World phone hacking scandal in the U.K.
Still, I disagree with Sorkin's argument because I believe that reporting faithfully, and in great detail, on the scale of the Sony hack makes the public aware of a reality it tends to ignore. It could roughly be formulated as follows: "Whatever you put on a computer network that is connected to the Internet is, essentially, published for all to see." No server is secure enough from hackers, and no big brand is trustworthy enough when it comes to information security.
Sony Pictures made the transition from "stored on corporate servers" to "available to all comers" particularly easy. For God's sake, it stored private records, including passwords, in unencrypted text files!
It would be naive, however, to expect better from any company, or from the government. Sony's chief information security officer, after all, was previously a senior security advisor to the U.S. Defense Department's Joint Task Force on Global Network Operations, and his predecessor had run the National Cyber Security Center at the Department of Homeland Security. And yet, despite all those fancy titles, a small group of anonymous hackers -- perhaps hailing from an impoverished country like North Korea or maybe even just a dedicated team of teenage hackers with a few thousand dollars to spend can -- was able to bring down the company's security edifice. There's little reason to be optimistic that the remaining corporate expenditures in the U.S. on cybersecurity -- projected to reach $109 billion a year by 2020 -- are being put to much better use. The embarrassing media reports about Sony may bring the outlets that publish them a few thousand extra clicks, but it would be wrong to begrudge them that minor reward for telling the public an uncomfortable truth: You have been too cavalier and too trusting with your data.
The racy details being published seem unnecessary for that purpose, but, human nature being what it is, they draw attention to the bigger issue. By threatening the press with legal consequences, Sony can only force publications to take precautions against lawsuits, which they are doing anyway. The New York Times only reports on the Sony Hack citing other publications, Bloomberg News names no names and refrains from citing specific allegations, and even the most in-your-face coverage, on sites like Gawker, can probably be defended by pointing to sources from which the information -- whose veracity Sony doesn't deny -- is publicly available. All media reports, serious and racy alike, will still carry the same important message: Your information is not safe anywhere on the Internet.
I am almost sure the sad events of the Year of the Hack, as 2014 is already known, will contribute to new legislation regulating the storage of personal data by companies and government agencies. That alone won't suffice, however: People will need to become more careful. If Sorkin wants to discuss things with Hollywood executives that he would rather not see circulated on the Internet, he'd better do it in personal meetings. E-mails are simply not safe for that kind of thing. Computer networks will get hacked, and information will be published -- if not in traditional media outlets, then on Reddit or on the forums where celebrities' nude pictures stolen from Apple were dumped this year. That time, news outlets showed restraint, but it's important to recognize that such restraint has its limits in a world dominated by social networks, not traditional media. Everyone who was interested saw the photos anyway -- we might as well admit it.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Leonid Bershidsky at firstname.lastname@example.org
To contact the editor on this story:
Cameron Abadi at email@example.com