Sony pays high price for ignoring its past

Sony, which had been hacked before, deserves a heavy measure of blame for the cyberattack that has created chaos in its filmed entertainment division. Above, The Theatre at Ace Hotel in Los Angeles before the Dec. 11 premiere of "The Interview."
(AFP/Getty Images)

How grave is the cyberattack on Sony Pictures Entertainment? Here’s one high-level Sony executive:

“We have been reminded in recent days of the fact that no one is immune from the threat of cyber attack.... The attack on us was, we believe, unprecedented in its size and scope.... We believed that the security we had in place was very, very strong.... However, the intensity and sophistication of the hack was such that even despite those best measures that we had taken, it was not sufficient.”

The executive is Tim Schaaff, president of Sony Network Entertainment International, speaking before the House Committee on Energy and Commerce. Here’s the punchline: He was speaking on June 2, 2011.

Hackers had attacked Sony Online Entertainment and its PlayStation Network, forcing the company to shut the services down for weeks. Schaaff told the committee that Sony recognized “that the scrutiny we are likely to be under from the hackers will continue” and that “we’ve made additional commitments to enhance the security of our network.”


The evidence today is: Whatever they did — if they did anything — it wasn’t enough.

Sony’s executive ranks never got the message that they shouldn’t transmit their passwords by email, or keep employees’ salaries, Social Security numbers or medical claim information in their systems without encryption. Technology that might have enabled the company to detect or defeat another large-scale assault either wasn’t adequate or wasn’t implemented at all.

Sony may not be unique among corporations in the apparent laxity of its cybersecurity, and it may be impossible to make any system 100% secure. But as Schaaff acknowledged more than three years ago, Sony was very much on notice that it should implement anti-hacking protocols second to none.

That’s why the company deserves a heavy measure of blame for the attack that has created chaos in its filmed entertainment division — not because it released and then withdrew “The Interview,” the Seth Rogen/James Franco North Korean assassination comedy blamed for the hack, which the FBI says was launched by North Korea. Inflammatory movies get released by major studios all the time; if they score at the box office, the studio gets praised for its edginess and nerve.

Yet it’s the decision to withdraw “The Interview” for which Sony is taking fire. The Hollywood creative community and numerous pundits have denounced Sony’s decision as an act of cowardice. They say it’s a craven capitulation to the hackers who invaded the company’s computer systems and then issued threats of violence against theaters that screen the movie.

Sony’s decision was more like a capitulation to reality. Distribution companies can’t keep a movie in theaters if independent theater chains such as Regal or AMC refuse to show it. Sony reportedly also heard from its fellow studios, which were panicking that yuletide moviegoers would avoid going to any movie at any megaplex showing “The Interview.” Visions of a crucial Christmas weekend box office shrinking to nothing danced in their heads. (Sony has its own would-be blockbuster, “Annie,” in theaters for the Christmas family trade.)

Sure, Sony could have threatened to sue any theater that violated its contractual commitment to show “The Interview,” but that’s hardly practical. So it followed the precept by former Israeli Prime Minister Shimon Peres, no stranger to tough decisions: “If a problem has no solution, it may not be a problem, but a fact, not to be solved but to be coped with.” Sony coped.

If you’re looking for cowardice, you have to cast the net much wider. The entire movie industry capitulated.


Just read its pusillanimous “statement of support” for Sony in its hour of need. As my colleague Richard Verrier reported on Tuesday, the other major studios originally rebuffed efforts to craft a joint statement. The eventual product, which went out under the badge of the Motion Picture Assn. of America, was drafted after tortuous machinations by Sony Pictures Chairman Michael Lynton and MPAA Chairman Chris Dodd, a former Democratic senator from Connecticut. After it was released, no studio head would come to the phone to expand upon it. Dodd refused to comment.

The MPAA wouldn’t go beyond its text, which reads in its entirety: “As we’ve said, Sony Pictures is not just a valued member of our association family, but they are friends and colleagues and we feel for them. We continue to be in constant touch with their leadership and will be of any assistance to them that we can.”

In Hollywood, that’s how we spell “courage.”

The statement doesn’t say that one possible reason the other studio heads were in “constant touch” with Sony’s leadership was to urge it to kill “The Interview.” A whole section of the MPAA’s website is devoted to “preserving free speech.” So how come no one defended Sony? (George Clooney also says he was unable to get anyone in Hollywood to sign an open letter stating, “We fully support Sony’s decision not to submit to these hackers’ demands.”)


The other phenomenon against which Sony has no defense is panic. The threat of violence at theaters was nebulous, and dismissed by law enforcement. It’s impossible to know whether the public would have shrugged it off, or stayed home in droves. It’s impossible to know how many theaters might have shown the movie, or what would have happened if Sony had held exhibitors to their commitment to open the movie on Christmas Day.

But since 9/11 — the date invoked by hackers to scare moviegoers away from “The Interview” — many of America’s political leaders have capitalized on public fears for political gain. The threat of attack has been used to justify torture, to carry loaded firearms in stores and schools, and to bolster security at airports and office buildings.

The latest example of this ginned-up hysteria involved Ebola, an epidemic disease in West Africa that resulted in four cases and one death in the United States, but was exploited by a handful of governors desperate to look tough. Public health, as a recent article in the New England Journal of Medicine put it, was “used as a tool to serve primarily political purposes.”

One can draw a direct line from the climate of fear created by this political environment to the reaction by theater owners and Sony. The corporate suites at every level of the entertainment industry have shown they can’t think clearly when even a putative threat is laid down by shadowy forces that may or may not have the resources to make good on them.


Almost any movie worth seeing has the capacity to tick off someone, somewhere; everyone now knows what it takes to drive a film into oblivion. So there will be fewer movies greenlighted and more films that are stupid and crass, but not “political.”

Farewell, “The Interview”; hello, “Dumb & Dumber 3.”

Michael Hiltzik’s column appears Sundays and Wednesdays. Read his blog, the Economy Hub, at, reach him at, check out and follow @hiltzikm on Twitter.