One of the most gifted but controversial characters in the English Premier League is the Italian Mario Balotelli. One minute he scores a breathtaking goal for his country, the next he sets his house ablaze by letting off fireworks in his bathroom. You get the picture. Once he revealed a T-shirt in a goal celebration that read “Why always me?”.
How Sony must echo that sentiment. About the only foot the company has put right since the Walkman is the PlayStation: Sony was all about packaged media – much of which it invented. But when PlayStation went on line to follow the trend in connected gaming Sony utterly failed to appreciate the Zeitgeist of the ‘open’ Internet that came with it. When it filed suit against a 21 year-old who unlocked its PS3 closed operating system, it didn’t predict the reaction, or prepare for it, and ‘hacktivists’ duly broke in and exposed the personal data of 77 million users of the PlayStation Network (PSN).
PSN was offline for 24 days – a far bigger penalty than the peanuts $400,000 fine handed out by the UK’s Information Commissioner. But the Commissioner had it right when he said:“There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
And now we come to 2014. Sony Pictures Entertainment has had its internal servers hacked with the consequence that several pre-release films have been leaked (they’ll probably more than make up the box office losses through the publicity) and, more embarrassingly, so have thousands of ‘private’ emails. They, on the whole, amount to the un-stunning revelation that when Hollywood execs, agents and stars say “you’re awesome,” or even “have a nice day”, they’re lying.
More importantly, they do a lot of damage to the reputation of some of the individuals involved and, more importantly, to Sony. Again. To paraphrase the old election slogan, when it comes to data protection, it’s not about the immediate economic damage, “it’s about the reputation, stupid”.
In this industry, we’ve always equated data security with content protection – i.e., revenue assurance by fighting off hackers of TV content with encryption and other techniques. With the advent, and massively rapid growth, of connected TV Everywhere, one wonders if the attack points this presents to both company’s and customer’s private data is being taken seriously enough by providers and their suppliers. How far down the road to Smart Homes, let alone the Internet of Everything, do you think we’ll get before a major service provider finds itself in Sony’s shoes?
I chaired a session at a recent conference about content security and – tellingly as an afterthought – personal data protection. An audience participant who had recently moved into this sector after a career in banking and with a mobile network, was deeply unimpressed with what they had found. Be warned.