How grave is the cyberattack on
"We have been reminded in recent days of the fact that no one is immune from the threat of cyber attack.... The attack on us was, we believe, unprecedented in its size and scope.... We believed that the security we had in place was very, very strong.... However, the intensity and sophistication of the hack was such that even despite those best measures that we had taken, it was not sufficient."
The executive is Tim Schaaff, president of Sony Network Entertainment International, speaking before the House Committee on Energy and Commerce. Here's the punchline: He was speaking on June 2, 2011.
Hackers had attacked Sony Online Entertainment and its
The evidence today is: Whatever they did — if they did anything — it wasn't enough.
Sony's executive ranks never got the message that they shouldn't transmit their passwords by email, or keep employees' salaries, Social Security numbers or medical claim information in their systems without encryption. Technology that might have enabled the company to detect or defeat another large-scale assault either wasn't adequate or wasn't implemented at all.
Sony may not be unique among corporations in the apparent laxity of its cybersecurity, and it may be impossible to make any system 100% secure. But as Schaaff acknowledged more than three years ago, Sony was very much on notice that it should implement anti-hacking protocols second to none.
That's why the company deserves a heavy measure of blame for the attack that has created chaos in its filmed entertainment division — not because it released and then withdrew "The Interview," the Seth Rogen/James Franco North Korean assassination comedy blamed for the hack, which the FBI says was launched by North Korea. Inflammatory movies get released by major studios all the time; if they score at the box office, the studio gets praised for its edginess and nerve.
Yet it's the decision to withdraw "The Interview" for which Sony is taking fire. The Hollywood creative community and numerous pundits have denounced Sony's decision as an act of cowardice. They say it's a craven capitulation to the hackers who invaded the company's computer systems and then issued threats of violence against theaters that screen the movie.
Sony's decision was more like a capitulation to reality. Distribution companies can't keep a movie in theaters if independent theater chains such as Regal or
Sure, Sony could have threatened to sue any theater that violated its contractual commitment to show "The Interview," but that's hardly practical. So it followed the precept by former Israeli Prime Minister Shimon Peres, no stranger to tough decisions: "If a problem has no solution, it may not be a problem, but a fact, not to be solved but to be coped with." Sony coped.
If you're looking for cowardice, you have to cast the net much wider. The entire movie industry capitulated.
Just read its pusillanimous "statement of support" for Sony in its hour of need. As my colleague Richard Verrier reported on Tuesday, the other major studios originally rebuffed efforts to craft a joint statement. The eventual product, which went out under the badge of the Motion Picture Assn. of America, was drafted after tortuous machinations by Sony Pictures Chairman Michael Lynton and MPAA Chairman
The MPAA wouldn't go beyond its text, which reads in its entirety: "As we've said, Sony Pictures is not just a valued member of our association family, but they are friends and colleagues and we feel for them. We continue to be in constant touch with their leadership and will be of any assistance to them that we can."
In Hollywood, that's how we spell "courage."
The statement doesn't say that one possible reason the other studio heads were in "constant touch" with Sony's leadership was to urge it to kill "The Interview." A whole section of the MPAA's website is devoted to "preserving free speech." So how come no one defended Sony? (
The other phenomenon against which Sony has no defense is panic. The threat of violence at theaters was nebulous, and dismissed by law enforcement. It's impossible to know whether the public would have shrugged it off, or stayed home in droves. It's impossible to know how many theaters might have shown the movie, or what would have happened if Sony had held exhibitors to their commitment to open the movie on Christmas Day.
But since 9/11 — the date invoked by hackers to scare moviegoers away from "The Interview" — many of America's political leaders have capitalized on public fears for political gain. The threat of attack has been used to justify torture, to carry loaded firearms in stores and schools, and to bolster security at airports and office buildings.
The latest example of this ginned-up hysteria involved Ebola, an epidemic disease in West Africa that resulted in four cases and one death in the United States, but was exploited by a handful of governors desperate to look tough. Public health, as a recent article in the New England Journal of Medicine put it, was "used as a tool to serve primarily political purposes."
One can draw a direct line from the climate of fear created by this political environment to the reaction by theater owners and Sony. The corporate suites at every level of the entertainment industry have shown they can't think clearly when even a putative threat is laid down by shadowy forces that may or may not have the resources to make good on them.
Almost any movie worth seeing has the capacity to tick off someone, somewhere; everyone now knows what it takes to drive a film into oblivion. So there will be fewer movies greenlighted and more films that are stupid and crass, but not "political."
Farewell, "The Interview"; hello, "Dumb & Dumber 3."