Exactly 10 years ago today, I published a commentary defending the decision to publish the contents of the Sony hack in Variety, the publication where I then served as co-editor-in-chief.
Listen to the podcast here:
And so in this episode of “Strictly Business” podcast, with a decade’s worth of perspective, I’m going to revisit a decision that, if I’m being candid, I came to regret.
I’ve encountered some sticky wickets over the course of my 30-plus-year career, but the Sony hack was the stickiest. I’m not going to say if I had to do it all over again I would do it differently because I understand why I did what I did then. But looking back on the hack in hindsight, I wish I’d taken a different tack. Let me explain why.
By now the basics are a well-known chapter in relatively recent Hollywood history: On November 24, 2014, a group of hackers based in North Korea calling themselves Guardians of Peace began what you might call a virtual terror campaign against Sony Pictures in objection to the movie “The Interview” and its depiction of their leader, Kim Jong Un.
As part of that campaign, they stole and leaked mountains of private information of all sorts from Sony, including highly sensitive emails from its executives concerning their business. Variety was one of many press outlets around the world that published some of the information that emerged from emails and other materials unearthed by the hack.
While I was not alone in making that decision, it was a controversial one, one I think a lot about to this day. It’s even fair to say it haunts me. I can remember representatives of the studio begging us not to, citing the damage being done to their employees and business associates whose privacy was being invaded.
And though I felt I had solid logical ground on which I was able to make my decision to publish the hack’s disclosures, I admitted in the opening words of my article defending that decision that I did not feel good about it.
The more Sony Pictures data keeps leaking, the more my moral compass spins like a weather vane in a hurricane. What just a week ago seemed such a clear-cut case of doing what my instincts have told me to do at every other moment of my career is now making me increasingly queasy.”
“Why Publishing Stolen Sony Data Is Problematic but Necessary”
I still recall that feeling, that bitterness in your gut you get whenever you have to make any decision that doesn’t feel right even though you know it’s not wrong.
But here’s the funny thing when I look back 10 years later. You know what I don’t remember: the stories we stuck our neck out to publish that emerged from the hack.
Really, it occurred to me recently that I couldn’t remember a single revelation from that time. Which struck me as odd because why take a principled stand to publish something that wasn’t even memorable enough to stick in my brain?
Years later, a fresh doubt started to gnaw at me: How principled a decision could this have been if I couldn’t even remember what I was taking a stand for?
Of course, a little googling brought it all flooding back, a random hodgepodge of fairly gossipy tidbits: A Sony executive and a movie producer making crude, racist jokes about then President Obama. Another calling Angelina Jolie a “minimally talented spoiled brat.” Budget and salary figures from the movie “The Interview.” Celebrity hotel aliases.
No wonder I couldn’t remember, right?
But I’ll tell you what I do remember quite vividly from that period a decade ago: the pointed criticism that came for journalist decision-makers like myself from some pretty prominent celebrities. And not just any celebrities, mind you, but in a group of actors, writers and directors that if I had made a top 10 list of the Hollywood luminaries I admired most, they’d all be on the list. So that felt good.
Let’s start with the one that cut deeper than them all because it was the only one that was targeted directly at me. The great screenwriter Aaron Sorkin not only wrote an op-ed excoriating those like myself who published the contents of the Sony hack, but in his piece singled me out and even linked to my commentary (which I thought was really cool at the time!). But let’s get to the not-cool part, which is where he mercilessly mocked me:
The co-editor in chief of Variety tells us he decided that the leaks were — to use his word — “newsworthy.” I’m dying to ask him what part of the studio’s post-production notes on Cameron Crowe’s new project is newsworthy. So newsworthy that it’s worth carrying out the wishes of people who’ve said they’re going to murder families and who have so far done everything they’ve threatened to do. Newsworthy. As the character Inigo Montoya said in “The Princess Bride,” I do not think it means what you think it means.
“The Sony Hack and the Yellow Press”
Not content to have his say in The New York Times, Sorkin also went on NBC’s “Today” to pound the point home:
So this is a good place to begin walking through the reasoning behind the decision to publish. What Sorkin is essentially saying here is that it’s not as if the press shouldn’t publish stolen information of any kind under any circumstances. But he is setting the bar above mere gossip and at what he calls wrongdoing, which we can presume means examples of corruption or malfeasance and not just filmmakers making racist jokes about the president.
And I invoke that infamous example when I draw that distinction to make a point by the way, which is to say, where does one draw the line at defining what exactly wrongdoing is?
But let’s not get caught up there. Regardless, for Sorkin, wrongdoing sets the bar for what he refers to as the “public interest,” and of course there’s the other phrase he has fun mocking me with in his op-ed, “newsworthy.”
In all candor, these phrases are so amorphous as to have become meaningless. Any clever editor can bend them to accommodate the raison d’etre of all but the most vacuous pieces of journalism. During the Sony hack, I read many a justification from others in the press about how publishing the hacked emails was OK because it held up a mirror to how the business of culture truly operates. I thought it was hogwash then and I think it’s hogwash now. Not that it doesn’t hold up a mirror, it does, but that the mirror alone doesn’t justify the invasion of privacy.
But I also didn’t believe there had to be something truly revelatory on the level of, say, wrongdoing, as Sorkin might argue, in order to rise to the level of being worthy of publishing. And to explain what I mean by that I want to explain what it is exactly I’ve done for a living for the past 20 years because it’s at the core of my argument.
People who aren’t in my business ask me from time to time, where does news come from? And I know there’s a certain kind of naivete that comes with the question; it almost sounds like they’re asking if babies are delivered by storks. But there is some nuance to the answer, so let me lay out the answer for a bit here.
I like to think of news coming in four different channels. First, there’s what’s “on the record,” through so-called official channels. Reporters get press releases and there are sometimes press conferences, press calls, and presentations and events, all these dog and pony shows where there is controlled flow of information from companies to press where they tell us what they’d like us to know about their companies.
But what separates the best publications from the run-of-the-mill publications is the information they get from unofficial channels, like the second channel in which information is distributed off the record. This is the information often marked “exclusive,” that gives you reason to read one publication and not another.
Now just to confuse a little bit, oftentimes the off-the-record information comes from the same people that give you the on the record information. That’s the third channel of news, what I’d call a “leak.” They’re deliberately giving you information, but not through the official channels they’d typically give it to everyone for one strategic reason or another.
But lastly and most importantly, there’s a fourth channel where news is sourced, where the reporter secures information that they’re not supposed to get. It might come from other people within the organization or it might come from the ecosystem of companies that operate around the organization that might be divulging the information for all sorts of reasons. But the very best reporters are those that can traffic in that information.
On the entertainment beat, these are the people who get the scoop on the big movie coming together before the studio is ready to announce it. But sometimes it gets even more sophisticated than that: they break the news of a multibillion-dollar M&A deal. They even get the details of what the CEOs said to each other in a private conversation to make that deal happen. I myself know of a few stories where financial documents were anonymously snail-mailed to me referring to all sorts of entertainment-industry dealings — in one instance fairly major — where I may have no idea how the info was obtained but once I confirmed it, I ran with it.
So why do I tell you all this? Because when you think about the information that came about in the Sony hack, it’s because it really wasn’t all that different than the fourth-channel information I access almost every day. And when I hear the Aaron Sorkins of the world push back against it, what I’m hearing to some extent is them really wishing what the Hollywood establishment more or less fought with me about every day: controlling the flow of information that gets into the public, on their terms.
Now I know what you’re thinking. The background explanation is all well and good but irrelevant because the Sony hack isn’t your ordinary circumstances. This wasn’t some mogul snitching to you about a rival’s extramarital affair with some starlet he cast in his next movie. This information came from terrorist threatening people’s lives, and I was aiding and abetting them!
As Seth Rogen, star of “The Interview,” said at the time, “Everyone is doing exactly what these criminals want…It’s stolen information that media outlets are directly profiting from.”
Look, I get it. I acknowledged then that the hackers were essentially playing the press as witting pawns, I likened us to zombies mindlessly chasing any available information no matter what.
But you also have to understand the slippery slope the situation had us sliding down. As I just explained, my job was getting information about the business of entertainment, both important and not so important, all the time. So this time the information came in bulk instead of the usual tidbits; is there some kind of tonnage level where I should cut off the acceptable amount of unauthorized information I am allowed to accept?
And more to the point: As for how savory a character I am allowed to accept the information from, where exactly do I draw the line between North Korean hacker and, for example, your typical Hollywood agent? Isn’t the simplest solution given the impossibility of drawing clear lines is to not draw lines at all?
I also think you need to take into account the time in which this hack took place. 2014 was just a few years removed from the dramas of Edward Snowden and years before that WikiLeaks. The lesson many learned from their stories was that the ends justified the means when it came to stolen information. Never mind that Sony is not a government and there didn’t seem to be any corporate wrongdoing on that company to report on.
What’s actually striking to me to reflect on is how the optics would have been so much different in this situation if the hacked company in question was one of the bigger tech companies like Meta or Amazon or Apple? Something tells me given the regulatory scrutiny they’ve come under for years, it would have changed the equation dramatically.
It’s also ironic to be talking about a time when the U.S. government was concerned about protecting Sony, considering here we are 10 years later and there was a brief possibility that Sony could join the private equity group Apollo Global Management in pursuing the acquisition of Paramount Global, a move analysts expected would draw regulatory scrutiny of Sony because they are a foreign company that already owns a film and TV studio. Funny how the tables turn depending on the circumstances.
***
There was also the criticism I and many others in the media got back then, that we published the Sony hack content “for clicks.” In all candor, while I’m not going to deny that the web-traffic value of gossipy articles never entered my mind at that time, anyone who knows anything about entertainment news can tell you this kind of business-minded editorial content is nowhere near the most click-rich stories that generate the high-six-figure, even seven-figure unique visitor tolls that more empty-calorie, famous-person obituaries generate. So it’s kind of an absurd criticism to say we leaned into those stories intentionally to drive up those numbers, because they didn’t make that much of a difference.
In the years since the Sony hack, it’s been interesting to see what has changed and what hasn’t. For instance, I think it would surprise many to learn, because we haven’t seen a fiasco at the level of what Sony experienced in 2014, that hacks are still a very big problem for the entertainment industry.
SEE ALSO: 10 Years Post-Sony Hack, Hollywood Isn’t Ready for Next Big Cyberattack
Disney and Roku were hit by cyberattacks just this year, and an August study by Unit 42, the research arm of cybersecurity company Palo Alto Networks, found that the media & entertainment industry is more vulnerable than just about any industry out there, as determined by the highest monthly growth in attack surface, the term for the total number of points within a software environment that are vulnerable to a cyberattack.
But what has changed is how high-profile hacks have played out in the press. Just two years later, for instance, Russia hacked the Democratic National Committee and turned over Hilary Clinton’s emails to WikiLeaks, in turn steadily feeding the press for months leading up to the presidential election, which many experts in retrospect believe is why she surprisingly lost to Donald Trump.
Eight years later, earlier this year, the media behaved quite differently when Iran hacked the Trump campaign and some prominent newsrooms were approached with materials from Vice President JD Vance’s dossier. This time around, the reflexive urge to publish was stifled. There was much talk about not doing the bidding of overseas entities not acting in the best interests of the U.S. of A.
It was a far cry from the sensibility that has been drummed into my journalistic noggin since I was in college, which has been that the media is its own entity, not American nor anything else, a third-party observer that must be so steadfast in its neutrality it has no allegiance to anything but its own aggressive pursuit of truth.
To a larger degree than you might realize, there’s some hair-splitting that comes with the territory here that makes tearing your hair out about the ethics of what to do here a little bit too precious. For instance, I don’t know if there is a material difference between publishing the contents of the emails from the hack and, say, aggregating or describing the reporting elsewhere of other publications who do publish those contents. And yet no less than the editor of The New York Times during that time did draw a distinction, saying he would only cover newsworthy information surfaced by other outlets and not dig through the files itself, which gets nothing but a total eyeroll from me.
And yet I’d say that’s at least a better solution than not reporting on the contents of the emails at all, which to me feels like doing the worst possible thing a publication can do — ignore reality. If something is in the news cycle, for good or for bad, once it’s there it’s not like looking away from something makes it go away, so those purists are even worse.
The hair-splitting becomes all the more ridiculous when you consider what was true then and more so now, which is that when you really think about it, the whole notion of the press in these hacking situations is really like an unnecessary middleman. I mean, it’s not like the hackers need the media’s websites or the printing presses in order to display their stolen information to the public. The internet is after all one big open publishing platform, and together with social media there’s no intermediary required to direct the world’s attention to something that will be of interest to them.
Getting media involvement is like validation for the materials in question, a reputable tastemaker that can co-sign for its importance but isn’t really essential to the equation. Certainly not nowadays, when the establishment media almost seems like it could be detractive.
Which speaks to the utter futility of choosing not to have published the emails. Principled a stand as some might have seen it, Variety would have no doubt been part of a very quiet and small minority. Had I any indication that we were influential enough to have set a standard otherwise, perhaps I would have felt differently. If anything, to be completely candid, it would have fueled the reputation my publication had earned over the years of being an industry lapdog, which I was not about to rekindle.
Neverthless, I’ll confess to feeling a sense of regret to not having just stood out as the lonely minority back then and sat out the feeding frenzy over those emails. Do I think it would have influenced anyone? No. Do I think it would have even been noticed to the point where it would have engendered some goodwill in the industry? Maybe a little, but the skeptic in me says we would have just been carelessly tarred by the same brush as the rest of the media, which would have made the move futile.
But with a little more age and wisdom, I do wish I was a little less cynical then and just experimented with, well, not being a cynic.
I didn’t have that courage then, maybe were I in that position today, I still wouldn’t. We’ll never know, nor would I want to go through something like that again and find out.
