Preventing A Sequel To Sony’s Hacking

One of the worst corporate hacks in recent memory, if not ever, may have been triggered by the failure of a sense of humor. Now no one at Sony Pictures is laughing either.

The movie studio suffered a devastating cyberattack by hackers calling themselves the Guardians of the Peace, who claim to have stolen 100 terabytes of corporate data. Of that, almost 40 gigabytes have appeared online, including salary information, staff members’ Social Security numbers and private operating information. Detailed compensation reports for Sony’s top executives have also been leaked. Consulting and auditing firm Deloitte was caught in the crossfire, as the hackers posted confidential data about the company that purportedly lived on Sony’s servers.

Several news outlets initially reported that Sony was investigating whether North Korea was behind the attack. The country’s government was previously vocal in its anger over Sony Picture’s upcoming release, “The Interview,” a comedy in which Seth Rogen and James Franco play hapless celebrity reporters recruited by the CIA in a plot to assassinate Kim Jong Un. The FBI said that reports North Korea had been verified as the attack’s source were inaccurate, but the agency and the movie studio both continued to seek more information.

When asked directly about its involvement by the BBC, the North Korean government initially refused to confirm or deny the allegations, instead saying, “Wait and see.” (1) Two days later, a North Korean diplomat in New York issued a direct denial that the country’s government was involved. Investigators speaking anonymously to The Washington Post, however, have said that Pyongyang’s involvement is likely. (2)

Many have been quick to observe the ways in which this incident itself seems ripe for the cinematic treatment. But the situation’s inherent comedy, if any, is soured by the backdrop against which this attack played out.

In March, the Obama administration announced it would end U.S. protection of the open Internet, by relinquishing control over the Internet Corporation for Assigned Names and Numbers, or ICANN. ICANN, a California-based nonprofit, is the key body in Internet governance, and it has long operated under contract with Commerce Department. The current contract is set to expire in 2015. At that time, the administration plans to turn the reins over to the vaguely defined “global Internet community.”

It is an awful move. In the short term, the question is whether ICANN’s contract will be renewed next year. In an opinion column for The Wall Street Journal, L. Gordon Crovitz wrote that ICANN has admitted it will not be able to meet next September’s deadline for answering key questions such as “What mechanisms are needed to ensure Icann’s accountability to the multi-stakeholder community once [the U.S.] has disengaged from its stewardship role?” The fact that no answer exists should give everyone pause. At the very least, the government should extend ICANN’s contract sufficiently to give the agency more time to come up with workable answers.

But that really does not go far enough. Even friendly governments have entirely different views of freedom of speech and information than we do. Consider Europe’s “right to be forgotten” and the subsequent exposure of American multinational companies to punitive actions by democratic governments. And this from countries that we trust and respect. The more disturbing specter comes in the form of attempts by repressive governments to outright control the flow of information. China recently hosted an Internet conference to promote, among other things, national sovereignty over the Internet. We know what that will look like behind the Great Firewall.

The Internet as it exists today grows out of deeply imprinted American DNA, which manifests in its free and relatively unrestricted flow of information. This is a major plus in terms of commerce, education and freedom, but a vulnerability in that it creates opportunities for foreign governments to orchestrate attacks such as the recent one on Sony Pictures. Whether or not North Korea is involved, it is evident that it realistically could have been. Depending on the way in which events unfold, it may come to pass that certain countries or regions will have to be excluded from the open Internet for the security of actors on the world stage operating in good faith.

But it is really a betrayal of fundamental American ideals for the president to unilaterally give up American control of this American creation for no apparent pressing reason. Even our allies who think American protections for free expression go too far realize that our commitment to the open Internet is the bulwark against its subversion by oppressive regimes, and that any defense against attempts at this subversion will need to be led by Americans.

There is nothing wrong with the Internet’s current governance. The administration ought to leave it alone while it focuses on unraveling the Sony whodunit and preventing future sequels.

Sources:

1) BBC, “North Korea refuses to deny Sony Pictures cyber-attack”

2) The Washington Post, “Sony Pictures hack appears to be linked to North Korea, investigators say”