U.S. Takes Heat Over Sony Hack

I wrote about the SONY  cyber-attack when company execs’ emails first emerged in the public domain. At the time, the PR narrative was starting to shift away from “Sony-as-victim” to “Sony’s dirty little secrets.” The hack was so audacious, it eventually prompted an unprecedented retaliation by the U.S. government.
As we all know, the story went through an unusually long (for a PR crisis) series of twists and turns. When I last checked, Sony found itself (to its apparent relief) viewed again as a victim and even a hero for defying the hackers’ threats and green-lighting the film for release (on VOD).

(Image via kirguru.net)

I remain skeptical about whether the advice of the studio’s high-priced PR consiglieres produced this desired change. Of course Sony should stand up for the First Amendment and release the film. Rather the 24/7 news cycle and a fickle media consumer more likely speeded Sony’s exit from the headlines.
To its credit, the company did take a page from J&J’s playbook to offer one mainstream news org exclusive access to the crisis decision-making, even though it was after the fact. In its piece “Behind the Scenes at Sony as Hacking Crisis Unfolded,” the Wall Street Journal sympathetically quoted SONY Entertainment chief executive Michael Lynton:

“It took me 24 or 36 hours to fully understand this was not something we were going to be able to recover from in the next week or two.”

One theory we can reasonably debunk asserted that this mess was a giant PR ploy manufactured by the studio to bolster the prospects of a less-than-well-received film. Geesh. No PR person is that shortsighted (nor prescient) to have created such a reputation-compromising controversy to rake in a few dollars at the box office.
I’m always amazed by the number of pundits, conspiracists and Monday morning quarterbacks who emerge during a crisis like this to offer their take on how SONY should or should not have acted.
In a twist, Wired just posted a piece by a cyber-security expert and academic who took aim at a different actor in the affair: the U.S. government.
In his piece “The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous,” Robert M. Lee, a PhD candidate at Kings College London and an active-duty Air Force Cyber Warfare Operations Officer, wrote:

“…in presenting inconclusive evidence to the public to justify the attribution, the government opened the door to cross-analysis that would obviously not reach the same conclusion it had reached. It was likely done with good intention, but came off to the security community as incompetence, with a bit of pandering.”

Lee argues that the U.S. government should have either presented all evidence it had collected (from the NSA and elsewhere), or withhold all evidence under the guise of national security. He takes issue with releasing evidence piecemeal or haphazardly:

“The problem in this case is that the government made a decision to have public attribution without the needed public evidence to prove it. It sets a dangerous international precedent whereby we’re saying to the world “we did the analysis, don’t question it — it’s classified — just accept it as proof.”

Every PR crisis has its own peculiar dimensions. In this instant, faced with the prospect of a torrent of embarrassing leaks — not unlike what BP faced with that live video torrent of oil gushing into the Gulf — SONY knee-jerked and pulled the plug on the film’s release hoping to quickly quell the crisis. The PR pendulum then swung back to activate enraged 1st Amendment advocates, which prompted SONY to reverse its decision.