The holiday season and motion picture industry were rocked when hackers stole ten terabytes of data from Sony Pictures. Though they didn’t disseminate all of it, the effects of this hack will be felt for a long time.
The hackers, calling themselves Guardians of the Peace (GOP) and widely believed to be associated with North Korea, objected to the release of “The Interview,” and went as far as to threaten to bomb any theaters that showed it. The film was eventually released on a Video On Demand basis. Since then, not much has been publicly heard from the hackers, but the damage they did continues to wage on. The Sony hack set the national tone for cybersecurity for a long time, and while we’re already moving onto the next big hack, it’s worth looking at some of the legal fallout from Sony.
1. Former employees bring class action(s)
Although there was plenty of embarrassing corporate gossip news, the hackers also released plenty of salary information, social security numbers, and health histories. Obviously employees weren’t very happy with that, and some even brought lawsuits against the company, claiming that they didn’t do enough to protect the information. Janice Mock writes about the first of those lawsuits for Employment Law E-Buzz:
The complaint brought by two former employees alleges that Sony failed to protect their private data and that it negligently ignored warnings from programs designed to provide advance notice of possible attack or vulnerability in the computer network. One employee also alleges that his reason for resigning from Sony was also disclosed.
Though these types of lawsuits are often unsuccessful because of the plaintiffs’ uphill battle to prove damages, this case may be different because Sony has a history of prior hacks into its system where customer data was exposed. Evidence of multiple past failures may weigh against Sony in any attempt to dismiss this latest litigation. The fact that the employees’ medical information was exposed is also a problem for Sony, because California maintains strict privacy laws designed to protect such information.
As of this printing, Sony is facing eight class action lawsuits around their security measures. They are currently protesting them on the grounds that no harm has been done in terms of identity theft or misappropriation of medical information. As it stands now, a hearing is scheduled with U.S. District Judge Gary Klausner for Feb. 23.
2. Google’s crusade
Google also found objectionable material in the thousands of documents that released: an alleged conspiracy by the Motion Picture Association of America (MPAA), along with a few major studios, against the tech giant and an attempt to revive the ill-fated Stop Online Privacy Act (SOPA).
According to Google the plan was codenamed “Project Goliath,” and relied on the MPAA colluding with state officials— like Mississippi Attorney General Jim Hood, who Google fought with in court on Friday. Jeff John Roberts reports for Giagom:
“For nearly two years, Attorney General Hood has pressured Google to remove and censor content that he and Hollywood don’t like — even though he lacks legal authority to do so,” said Google’s general counsel, Kent Walker, in a statement. “Attorney General Hood’s extraordinary 79-page subpoena is an unjustified assault on free speech and we’re asking the federal court to set it aside. We regret having to take this matter to court, and we are doing so only as a last resort.”
In the case of Hood, the current details came to light after the Verge discovered documents from the Sony hack that showed how lawyers from the movie industry had drafted documents that the Attorney General had sent to Google as part of an investigation.
That investigation is ostensibly about protecting Mississippi consumers from online threats like drugs and pornography, but appears instead to be a stalking horse for the movie industry. Internet activists fear the industry’s goal is to use state AGs in a back-door attempt to implement the substance of SOPA, an unpopular anti-piracy bill that collapsed in early 2012.
…According to a brief filed by Google, the state of Mississippi is usurping federal statutes that shield internet companies from copyright and indecent acts carried out by their users. Google also argues that Hood is treading on its constitutional rights with “specific threats of prosecution, and there is no dispute that the First Amendment forbids threats of prosecution based on protected speech.”
Hood’s lawyers, meanwhile, will attempt to tell the judge that its subpoena falls within Mississippi’s investigative powers, and that Google can always go to state court if it fears its rights are being abused.
A ruling on the case is expected in a few weeks.
3. The much-touted Spidey-deal
One of the biggest bits of entertainment news to come out last week was that Marvel would be able to welcome Spider-man back into the fold of The Avengers.
Since 1999 Sony has held the rights to Spider-Man, not Marvel. If the Disney-owned Marvel group ever wanted to make a ploy for Spider-man, it was expected to be fairly costly. But thanks to the Sony Hack, which weakened the studio significantly, the deal is going to be fairly cheap. Some might even say free. As a Variety article notes, it’s a mutually beneficially situation:
Marvel Studios won’t pay Sony Pictures for the rights to put Spider-Man in “Captain America: Civil War,” the “Avengers” franchise or its other superhero films, as part of its new partnership with the studio, according to sources with knowledge of the deal. At the same time, Marvel won’t receive a cut of the box office for any of Sony’s films that feature Spider-Man. Sony won’t receive a percentage of the revenue Disney makes from Marvel’s films that have Spider-Man, either.
There may be some opportunities for Marvel to benefit financially from the Sony films, with payments tied to certain box office milestones. The financial relationship is likened by sources to the kind of compensation structure a producer would receive.
Sony needed to breathe some life into its extremely popular franchise, and Marvel gets access to a character’s film rights (they already controlled the rights for TV, merchandise, and other platforms, but the golden goose for Marvel Studios is film these days).
4. Increased interest in data security
Though it’s a PR’s nightmare, Sony’s hack wasn’t even the worst one of the year. That title goes to JP Morgan. In fact, 2014 was home to a lot of high profile attacks. But as it was a very public and prolonged hack that gave some insight into the dark side of Hollywood, and it got everyone’s minds thinking cybersecurity–and that effect is having some staying power. As Jill M. Valenstein writes for Privacy & Security Law Blog, it’s made its way all the way to the top of the priority list for the White House:
In advance of the summit, President Obama’s homeland security and counterterrorism advisor, Lisa Monaco, yesterday announced the creation of a new intelligence unit to coordinate analysis of cyberthreats. Calling the cyberattack on Sony, a “game changer,” Monaco said that the new agency, the Cyber Threat Intelligence Information Center, is being established because “no single government entity is [currently] responsible for producing coordinated cyber threat assessments,” and “is intended to fill the gaps.”