Wrong Message Sent in the Sony Hack Debate

David Williams

January 13, 2015

This article originally appeared in The Hill on January 12, 2014

As Americans take to the Internet as never before, the increasing rate of lawlessness online is of great concern. In addition to all too common identity theft, fraud and worse, 2014 saw devastating cyber breaches of large American companies including Target, Home Depot, JP Morgan and Sony Pictures. All of these attacks contribute to an environment of uncertainty and trepidation amongst consumers, as they consider adopting new technologies and online services. The recent attack on Sony Pictures has dramatically illustrated and escalated the extent of the danger.  The attacks have also heightened the awareness of the importance of the need to protect intellectual property.

As has been widely reported, Sony suffered a massive attack on its computer systems which led to the release of stolen material including emails, business plans and intellectual property (for some perspective, the amount of data stolen is more than every printed page in the Library of Congress). After an investigation, the FBI accused North Korea of orchestrating the attack, perhaps in part due to terrorist threats levied against Sony, movie theaters and consumers if “The Interview” (a boorish comedy about a CIA plot to assassinate North Korean Dictator Kim Jong Un) was exhibited. On January 7, FBI Director James Comey reiterated North Korea’s complicity stating “We know who hacked Sony. It was the North Koreans… I have very high confidence about this attribution.”

Depressingly rare were stories focusing on the attacks’ implications for free markets, free speech and the rule of law. Instead, the press took the bait, releasing every scrap of ill-gotten gossip they could ladle out. Private emails and personal conversations were distributed by the Hack-sis of Evil while the American press did their dirty work and drove the getaway car by delivering every detail they could to Main street Internet, USA.

One sideshow which seemed to fascinate tech-focused news outlets centered on stolen emails from the Motion Picture Association of America (MPAA) detailing efforts to work with state attorneys general to use existing law to pressure search engines to make illegal drugs, human trafficking and illegal movies and music harder to find online. One particular response was that some folks, including MPAA, were attempting to revive the “Stop Online Piracy Act,” long dead legislation aimed at combating online theft.

The allegations suffer from two fundamental problems. First, SOPA was federal legislation which would have created new law. In particular, efforts to engage attorneys general appear to be focused on using existing law to combat online theft. It made common sense that Hollywood’s trade association would seek the aid of law enforcement at all levels to diminish rampant online theft.  Nobody blames a homeowner when their house is broken into and they call law enforcement to find the perpetrators.

But more importantly, the press’ fixation on Hollywood gossip and stolen industry legal strategies entirely misses the point. As the Sony attack dramatically illustrated, American citizens and businesses are under attack. And not just by hackers, or worse, criminal gangs… But by rogue states. It was perhaps said best by Michael Schrage in the Harvard Business Review:

We are rapidly witnessing and experiencing the accelerating erosion of civil digital society. That is, cyberspace is recreating the “broken windows theory” of urban crime and decay as so brilliantly articulated by the late great political scientist James Q. Wilson and his collaborator George Kelling.

“If a window in a building is broken and is left unrepaired, all the rest of the windows will soon be broken,” Professors Kelling and Wilson wrote in The Atlantic. Should those windows and those buildings be left unrepaired and their vandals unpunished, the neighborhood inevitably rots. Societies and legal systems — police and neighborhoods — have to collaborate not just to fix broken windows but identify and punish vandals and criminal gangs. That commitment doesn’t exist in the digital space either in theory or practice.

The unhappy reality is that the Sony case is a signal that, if the rule of law doesn’t radically improve, cyberspace will become a shadow war of vandals, vigilantes, and mercenaries — some state-sponsored, others paid for by corporations looking to protect their global interests. It will be ugly. It will be risky. It will be dangerous.

Cyber terrorism and lawlessness online are serious and growing threats that are seeking to destroy the comfort and reliability of the online digital community that is connecting people as never before. When hackers steal from individuals and companies and put their communications, labor and property on display for all to see, that’s theft on the same level as smashing their windows and picking their offices clean. The Internet has the potential to dramatically improve the lives of everyday Americans. The Internet is also an important platform for commerce, competition, innovation and creativity, which benefit us all. However, it must be anchored by the rule of the law.