The Sony incident reminds us again about the fragile yet constantly shifting state of cybersecurity and Internet policy. Clearly the international political ramifications of this incident, who actually did it, and Sony's potential culpability remain unknown. However, the purpose of this commentary is not to dwell on such issues since there is far too much being generated about them already - most of it is nothing more than wasteful, wishful, or boastful speculation that changes on a daily basis anyway. Frankly, I am less concerned about the possible immediate 'responses' to this incident (now including sanctions of questionable purpose and effect) than how it may be exploited to influence future Internet policy discussions and technology more broadly.
For decades, the entertainment industry has long been a major influence in the development of technology policy around the world, particularly as it relates to products and services that facilitate the creation and distribution of what it deems 'content' -- movies, music, and other forms of intellectual property. From the VCR to computers, from FM music radio to Spotify, from the iPod to Pandora, and from radio to television to cable and the Internet as delivery mechanisms, the entertainment industry's always sought to ensure its business interests were protected during periods of technological innovation and social evolution (think of digital rights management (DRM) for starters.) All of which, we are told, is to support the industry's goal of crafting compelling and dramatic narratives that can be packaged, sold, streamed, and licensed to capture the hearts and minds of audiences around the world -- but only on terms that it approves.
Unfortunately, the industry (i.e., "Hollywood") has a history of using these same techniques to craft its own version of reality when defending its business practices, legitimacy, and alleged vulnerability to technological change.
In doing so, Hollywood plays fast-and-loose with facts allegedly portraying reality in order to gain the support of legislators and regulators to expand its generally self-serving policy agenda in order to preserve its role in society. For example, between 2005-2011, despite record-breaking box office and video sales metrics, the industry frequently claimed significant losses due to piracy -- yet those figures were proven subject to broad interpretation, challenged by insiders as 'fantasy' or deemed 'meaningless' by government regulators, researchers, and think-tanks. If that's not evidence enough, the Sony incident revealed that Hollywood's much-hyped $80 million settlement with Hotfile in 2013 was only $4 million -- but the industry kept repeating the larger bogus number in public statements anyway. Moreover, the leak also shows the entertainment industry's ongoing paranoid reaction to new technologies such as Google Fiber's blazingly-fast internet access because since such access, would, it believes, lead to significant losses due to those connections being used for illegal infringement and piracy. Whether concocting its own facts or automatically presuming its worst-case existential fears already are an absolute truth, Hollywood routinely uses such antics in its efforts to influence (or control) Internet policy and global technology use generally.
As the saying goes, if you repeat something often enough it will become common belief until proven otherwise. But I'm also reminded of the late Senator Daniel Patrick Moynihan's admonition that although one is entitled to their own opinion, they are not entitled to "their own facts."
That being said .... the cybersecurity and diplomatic ramifications of the Sony incident, important as they may be in the short-term (and making a compelling media-friendly storyline!) should be less worrisome to society than the very real potential of the entertainment industry cartels transforming this incident into a semi-fictional narrative arguing for expanded controls over technology and the Internet under the guise of "preventing future [cybersecurity] incidents" along the lines of its failed - and quite controversial - SOPA and PIPA proposals from 2012.
Should -- I mean, when, that happens, anything the entertainment industry presents to the public about this incident used to support their legislative lobbying efforts for greater cybersecurity or intellectual property protections should be taken with a healthy dose of skepticism. By extension, legislators and pundits must not simply accept such information on face value, either. (Don't hold your breath!)
Looking ahead in 2015, I expect to see another round of Internet-centric intellectual property protection proposals hitting Washington given the more pro-business, pro-Hollywood majority soon controlling Congress. However, to ease any initial public outcry (a lesson learned from SOPA or CISPA) I believe such proposals will be framed as part of a larger legislative package of 'cybersecurity' measures and marketed with the usual feel-good bromides of ensuring national security, economic competiveness and jobs, preventing terrorism, and of course, "protecting the children." As such, I predict seeing renewed desires to: eliminate "safe harbor" protections for Internet providers, modify the proper functioning of the Internet, and allow companies to digitally 'strike back' against alleged attackers or other cyber-miscreants, among other broadly-worded fantasies lurking on Hollywood's legislative wishlist. Accompanied, of course, by the traditional tone-deafness the entertainment industry and its supporters display when challenged by intelligent questions arising over the effacay or viability of their ideas.
To be clear: I am completely supportive of meaningful cybersecurity policies and practices by organizations and industries to protect proprietary or sensitive information. However, I am vehemently opposed to using cybersecurity measures to infringe upon online privacy, the legal flow of information and expression, the safe functioning of the Internet, or as the means of protecting an intractable industry's outdated business model. Moreover, I am troubled by the ongoing desire by organizations to assume a victim mentality that prefers pointing fingers at others when incidents occur, even if they are partially (or fully) to blame for the event themselves -- but that's a topic for a different day.
The ultimate causes and consequences of the Sony incident remain unknown. However, as citizens of the Internet and global society, we must remain alert to any attempt by the entertainment industry to exploit this high-profile incident to broaden its already excessive influence and control over Internet policy, technology, and global information flows.
In other words, Hollywood's expertise in crafting fictional narratives must not continue to influence the evolution of reality-based outcomes.
And may I simply add: FIRST POST 2015! ;)