November 24 will mark two years since the North Korean government’s massive cyberattack on Sony Pictures Entertainment (SPE). The attack – widely believed to be an attempt to intimidate SPE into canceling the release of The Interview – exposed 30,000 company documents and 170,000 emails.[i] Two years later, how are SPE and the entertainment industry moving forward in the aftermath of the hack?
While no company would ever want to see its inner workings revealed to the public, the SPE attack posed a particularly stark threat to the operating model of the entertainment industry. This model depends centrally on colorful personalities having a safe space to exercise freedom of speech and engage in creative expression. The hacking episode demonstrated that actors, directors, screenwriters, and producers all assumed – wrongly – that email was one such safe space. The hacked emails lifted the curtain on the eccentric, blunt, colorful and at times politically incorrect entertainment industry community. Regarding some of the more controversial emails that were disclosed, Amy Pascal, the former co-chair of SPE who was fired in the wake of the attack, said, “Everyone understood because we all live in this weird thing together called Hollywood. If we all actually were nice, it wouldn’t work.”[ii]
Following the attack, SPE and other entertainment industry firms took steps to strengthen network defenses. Key measures have included: monitoring for atypical login patterns, encrypting data even if it is held behind a firewall, and placing greater control over access to individual files.[iii] As the CEO of a cybersecurity consultancy told CNBC, “Prior to the hack, creative types saw security as friction. It became super personal in terms of the type of information that was stolen. Across the studios, they realized that it could have been any of them.”[iv]
While steps to improve network security were necessary to SPE’s continued functioning as a company, it remains to be seen whether they will be sufficient to reestablish trust among the artists and film executives that had grown accustomed to free-flowing exchanges over email. As one prominent screenwriter wrote in the New York Times, “Since the Sony hacking, I say less in personal emails, and much less in professional ones. … If I’m writing to someone whose cloud a hacker might fancy, I am less cozy, which is a bit like downgrading a close friend to an acquaintance.”[v] On the other hand, SPE chairman and CEO Michael Lynton told Slate, “I still regularly see emails that make me say, ‘Really?’… The technology is so compelling that – for whatever reason – people are still sending me emails that they would very much not like to see show up in another venue.”[vi]
Going forward, can SPE and other entertainment industry firms continue to benefit from the convenience of email while protecting the privacy of their artistic talent? I would encourage SPE and other companies to consider a policy that would delete all emails after a fixed period – say, 90 days – unless the user proactively requested that the messages be archived. And if emails need to be stored for a longer period, they should be held in a highly secure location – not in a standard inbox. I would also encourage the entertainment industry to use other tools like Signal to communicate. Such tools can protect privacy and avoid the sort of self-censorship and chilling effect that the hack was intended to produce.
Some will argue that no digital communication is ever truly secure, and that the only solution is to be more careful when we communicate using technology. For the time being, this may ultimately be true. But my hope is that over the long term we can all restore our faith in the security of digital communications, ensuring that movie stars and ordinary citizens alike can express themselves freely and openly through digital means.
[i] Natalie Robehmed, “The Entire Sony Hack Is Now Available On Wikileaks,” Forbes, April 16, 2015, http://www.forbes.com/sites/natalierobehmed/2015/04/16/the-entire-sony-hack-is-now-available-on-wikileaks/
[ii] “Ex-Sony Chief Amy Pascal Acknowledges She Was Fired,” NBC News, February 12, 2015, http://www.nbcnews.com/storyline/sony-hack/ex-sony-chief-amy-pascal-acknowledges-she-was-fired-n305281
[iii] Julia Boorstin, “The Sony hack: One year later,” CNBC, November 24, 2015, http://www.cnbc.com/2015/11/24/the-sony-hack-one-year-later.html
[v] Delia Ephron, “It’s a Whole New Paranoid World,” The New York Times, March 21, 2015, http://www.nytimes.com/2015/03/22/opinion/sunday/its-a-whole-new-paranoid-world.html
[vi] Amanda Hess, “Inside the Sony Hack,” Slate, November 22, 2015, http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.html
Note: All online sources accessed November 17, 2016. Photo from: http://www.yrbmagazine.com/the-interview-free-movie-passes-chicago-houston-nyc-jamesfrancotv-sethrogen-theinterview-theinterviewmovie/.