Few things are more tempting for today’s journalists than covering a computer hack like the one at Sony Pictures Entertainment. Its November online-security breech generated a huge amount of scandalous, delicious details on the topics writers generally love: salary information, celebrity gossip and intrigue.
Some background: Hackers, which some say were working for the North Korean government, hacked into the computer systems of Sony Pictures Entertainment. Some estimates say the hack may have taken place in 2013 and continued through 2014. However, Sony became aware of it in fall 2014, and reports of the hack became news in late November. Through the computer-security breech, hackers obtained information about a variety of Sony activities, including employee salaries, celebrity email addresses and even medical records.
As a news organization, you have to cover the facts; a cyber attack on one of the nation’s largest media companies is front-page news. News outlets should mention that material that was released. But is there a need to include details of who said what about Angelina Jolie? Ethically, there are good reasons why no self-respecting reporter should consider publishing any of that salacious stuff.
Sharing any of Sony’s data or details brings up questions about what is appropriate to print in light of today’s journalistic standards. If you print it, have you failed Journalism Ethics 101? Countless news organizations – both large and small – went ahead and printed materials such as personal emails and contractual agreements they obtained via the hackers. Sony’s lawyers asked media outlets, including Bloomberg, New York Post, Huffington Post and The New York Times to stop reporting on the leaked emails and stolen documents.
Both legal and security experts agree: There is little that Sony can do about the information that has been publically shared. Even though Sony’s lawyers claim it will hold these news outlets “responsible for any damage or loss,” it is unlikely that they will be successful recovering damages in a court of law. Legal expert Eugene Volokh noted in his well-regarded legal blog, The Volokh Conspiracy that Sony pretty much is out of luck when it comes to legal precedent.
“Sony is unlikely to prevail — either by eventually winning in court, or by scaring off prospective publishers — especially against the well-counseled, relatively deep-pocketed, and insured media organizations that it’s threatening,” he wrote. “It seems likely that the publication of the documents isn’t likely to be tortuous. And even if it can fit within some tort (such as the improper use of trade secrets, a tort that is sometimes said to apply to disclosers of illegally released information), the First Amendment would likely preempt the tort. One can argue that, when it comes to hacking, the only effective way to deter it and to minimize the harm caused by it is to ban third-party publication of the leaks.”
But just because news media would likely prevail in court, does of course not mean that their actions were ethical. Not only did the hackers share information about Sony’s upcoming projects, such as the newest James Bond movie, they also released Sony executives’ emails. In one series of racially charged email exchanges, for example, they mocked President Obama’s imagined movie taste. These emails damaged the reputation of the Sony executives who typed them, and if Paula Deen taught us anything, it’s that once you’re labeled a racist you cannot go back. However, these emails may be the most “newsworthy” of all the hacked items, mainly because they reveal a kind of “need to know” level of information about the company, its employees and its corporate culture.
Another positive outcome of this hack is the fact that it revealed the pay disparity that still exists between actors and actresses in Hollywood. Charlize Theron found out she would make $10 million less than a male actor in a movie where they were costars of equal billing. Multiple reports say she negotiated a $10 million raise after the information was released. As a reporter who also found out after the fact that a male counterpart was hired in for thousands more than me, I can relate to the Oscar-winning actress, if only on this level. This gender gap is outrageous, and Hollywood was rightly held accountable for such a strange turn of events.
However, less newsworthy information was released as well and reaction against the media for so-called “over covering” the event came swiftly. For example, Oscar-winning screenwriter Aaron Sorkin criticized these publications and journalists in a New York Times op-ed on Dec. 14, 2014, stating that the vast number of publications writing about information revealed in the leaked documents are “morally treasonous and spectacularly dishonorable.”
Sorkin, an eloquent and powerful writer, made an arguably excellent point for not publishing the less-than-tasteful tidbits from the Sony hack:
“I understand that news outlets routinely use stolen information. That’s how we got the Pentagon Papers, to use an oft-used argument. But there is nothing in these documents remotely rising to the level of public interest of the information found in the Pentagon Papers. Do the emails contain any information about Sony breaking the law? No. Misleading the public? No. Acting in direct harm to customers, the way the tobacco companies or Enron did? No. Is there even one sentence in one private email that was stolen that even hints at wrongdoing of any kind? Anything that can help, inform or protect anyone?”
Nick Tobin is president of C-Net Systems, an information-technology company in Metro Detroit. The firm, which was founded in 1998, provides 24/7 security monitoring and maintenance for companies of all sizes in Michigan. The company also provides, as Tobin told me, “ethical hacking,” or security audits for businesses. In these hacks, C-Net Systems looks for holes in a company’s network so it can fix them.
Tobin said he was surprised when he first heard of the Sony cyberattack; it seemed highly unusual given the nature of the company’s business. His second reaction: This was a targeted attack that probably left Sony feeling used and abused. “Typically, hackers are after credit-card data. They’re not going after a movie company,” Tobin noted.
Companies of all kinds, whether they are as large as Sony or as small as a mom-and-pop shop in his hometown of Shelby Township, cannot idly sit by and wait for a cyberattack. Rather, Tobin notes that businesses need to be proactive and protect themselves. Just as salespeople might use an auto-dialer to find customers, hacker use automated means to find online addresses with holes in them. They don’t care if it’s a Fortune 500 company or a church, Tobin said. It’s all the same if the hacker can make a profit off of what he or she finds, he added.
And, for the record, even the IT guy agrees with Sorkin. If you publish that material, you’re giving the hackers not only the satisfaction of seeing Sony red faced in the public eye, but you’re also letting the hackers win.
“Actual information downloaded from their network is their property and it shouldn’t be used. The only purpose is to damage Sony and that was the purpose of the hackers,” Tobin said. “You’re feeding the people who want to hurt the company. And it’s giving the hackers more fuel to do it again. … You cannot stop them from hacking, but not publishing those details may cause them to hesitate next time.”
Because Sony is unlikely to be able to stop the documents from being published, our efforts both as citizens and journalists to avoid further scandal mongering is more important than one might think. So what can a journalist who is covering the Sony hack do? Well, the answer is layered. For starters, he or she should change his or her passwords. What does this have to do with covering a major cyber attack? It is the first important step in protecting your employer from a hacker, and it shows a concern for the greater good. For the record, I hate changing my online passwords. It’s time consuming, slightly annoying and I inevitably end up forgetting what I’ve done soon afterward. But it is worth doing if it saves your company from such a hack job.
Second, I’d rethink the kind of reporter I am if I started covering the gossipy conversations between Sony executives about what stars they like and which ones they obviously do not. There is no greater good being served here, and I’d like to think that my work has some larger purpose. There is nothing to be gained by playing the “Telephone Game” in your publication, and that’s pretty much all that was done by sharing what the hackers found. (Except in the instances discussed above.) Remember, the hackers had access to tens of thousands of documents. And yet they chose to release only the titillating pieces? That’s appealing to our base nature, and that’s not what true journalism should be.
Ethically, we should stand in question of using stolen material in our publications, whether it’s light gossip or not. For me, I wouldn’t print something that I knew had been illegally obtained, and I feel that the Sony hack stumbles too closely to this line. If my boss said that my job depended on me writing up this sort of schlock, I’d rethink my career and whether I wanted to be part of such a news-gathering organization. Sure, a paycheck is a nice thing. But so is going to sleep soundly at night and knowing that I have set a moral example for myself, my children and young journalists. You’re only as good as your name in this business, and I value my name more than one stop in my career.
Here’s a moral to this story. If you’re going to cover these security breaches, at least don’t take so much glee in someone else’s misery. Headlines like “Jolie a ‘Spoiled Brat’ From ‘Crazyland,’” in The New York Post, definitely sell papers. I get it. But you’re going to earn years of mistrust from the organization that had the hack, all of its affiliates and Ms. Jolie in particular. It damages your reputation far more than a single headline is worth.
Add new comment