Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Three days later, Sony finally issued a more detailed statement on the hack, confirming that names, addresses, birthdates, e-mail addresses, and other information for registered users of its PlayStation Network and Qriocity—which provides streaming media—had been stolen. It gave customers advice on how to protect themselves in case of identity theft.

Later that day, an angry user named “jonabbey” commented on Sony’s PlayStation blog: “It’s rather incredible that this is the first meaningful communication you have given us. Many of us who are savvy enough to be reading your blog are technical enough to be running our own Internet services, and you really can’t go wrong by over-communicating, here.”

Schneier agrees. “You need enough information so researchers—and also customers—can make intelligent decisions,” he says. “But the companies don’t want the customer to have visibility. They are perfectly happy not talking about the details, because the details are embarrassing.” 

Schneier added: “Right now, you as a customer have no choice but to trust Sony— or Citibank, or your phone company, or Facebook, or Amazon, with your information—and you have no visibility and no control over how they secure it.”

Last week, the White House announced a legislative proposal that would increase penalties for those who hack into computer systems—but only if the target involves critical infrastructure, which is yet to be defined.  Under the current Computer Fraud and Abuse Act, penalties only apply to attacks on  financial or government networks. Melissa Hathaway, a consultant who served as President Obama’s cyber policy advisor in early 2009, says the proposal should extend to incidents such as the Sony breach. 

“This is an opportunity to actually create more of a domestic deterrence policy statement that any computer that is penetrated for whatever reason should fall within this law,” Hathaway says. “The laws should determine that the hacking is illegal, and that the effects of the hacking should determine the penalties. It’s time that the government declares that the computer systems of all entities—government, commercial, education—are interconnected.”

The White House proposal would also create a federal law requiring companies to notify users of breaches that expose their personal information in the United States. Currently, a patchwork of 47 state laws govern such notification.

1 comment. Share your thoughts »

Tagged: Computing, security, Amazon, Sony, hack

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me