Sony Pictures climb down worst possible course
18 December 2014 | 0
It has been reported this morning that Sony has cancelled the theatrical release of the film The Interview, a comedy which depicts an attempt to assassinate the already comic figure of North Korean leader Kim Jong-Un.
After a hack of Sony Pictures that yielded highly embarrassing internal communications, creative material and even some movies, the company found that some of the major theatre networks in the US were unwilling to show the movie.
It had been suggested that it would be left up to individual theatre owners to decide whether to show the movie, but this has now been overtaken.
There had been much speculation that the so called Democratic People’s Republic of Korea (DPRK) was behind that Sony Pictures hack, but the information slowly filtering out now indicates that it was more likely the work of a hacktivist group. This is not unusual, as several security experts have said in the past that nation states will often use such groups to maintain a distance from actions taken, especially in the realms of industrial espionage.
The DPRK has been implicated in the past in hack attempts on South Korea, but these have been characterised as unsophisticated.
From information available, it does not seem as if the Sony Pictures hack was anything special, as some reports have said that not only were Sony executives warned, albeit by way of a ransom demand, but that security measures were poor, such as passwords being kept in a folder called “Passwords”.
The security situation for Sony in general is not good. Since the PlayStation network hack of 2011, there have been a series of incidents that have left the group with egg on its corporate face.
However, this latest incident goes far beyond this.
To give in to the hackers is, in my opinion, even more unforgivable than the obviously unfit for purpose security standards implemented.
While it is understandable that the company is going through a PR nightmare as it deals with its dirty linen being aired in public, not to mention creative projects that are already underway being compromised, there is also a duty to stand up to the blackmailers and show them that this kind of gambit will not work.
Even if the ridiculous ideologues of the DPRK are not directly behind the hack, to give into the opportunistic criminals who are will only provide encouragement for others.
The decision to allow theatres to decide themselves whether to show the film was the right thing to do, as it would have allowed each one to make an informed decision, understanding the risk, and take precautions as necessary. It would have allowed those who defend freedom of speech to make a stand, to show that they would not be intimated. As it is, the climb down just makes Sony look even worse, weaker and unable to deal with the situation.
To be perfectly honest, the film sounds pretty awful, but that is entirely beside the point: now, I feel a duty to see it.
I think there is a duty here among the information security community, and the film industry as a whole, to support Sony, to lay aside the all too common victim blaming culture, and help to ensure that this film makes it out to as many people as want to see it.
The alternative is to allow these criminals to win, to suppress free expression and to give in to oppression for the sake of saving corporate face.
To use a very Irish expression: feck that for a game of soldiers.