As you all by now surely know, PSN is down. It went and got itself hacked. And there’s no telling when it’s coming back up. Now Sony has admitted that as many as 70 million user accounts have been compromised, with personal information and encrypted credit card numbers in the paws of some script kiddie. A few analysts are speculating that this little fiasco could cost Sony upwards of $20 billion.
Now, there’s been some debate over how users should feel. I mean, of course users are pissed that they can’t access PSN, and I suspect most people are less than thrilled to know that their personal data has again been compromised by a company that held it with the implicit promise to keep it safe. Lawsuits have already begun. Of course, here in the United States, the US Supreme Court – in an ongoing Republican war on civil rights – have made it very, very difficult for class action suits to proceed in this country, which will offer some measure of protection for Sony. Ironic to get this news when gamers are also waiting with bated breath for another Supreme Court decision, expected any day now.
I’ve been kinda on the fence about blaming Sony. On one hand PSN is free (Xbox Live Gold is not), and I always get a little bitey when people complain about free stuff – like all the crap Valve takes for releasing Portal 2 12 hours early instead of 48 hours early despite the fact that gamers failed to do what they had to do to secure an early release. But others have made some good points about this: that the PS3’s super high price was, in part, a way to offset the fact that PSN is free. That offering an online service is assumed in modern consoles, and therefore a serious outage is cause to complain. That Sony brought this on itself by the way it treated some of its customers.
So from a certain perspective, Sony was hacked; that’s sad. I definitely agree that the company should have been more secure, and it has seriously mishandled its communication and dissemination of information to its customers. Of course, I also tend to believe that groups like Anonymous (who say they are not to responsible; I’m inclined to believe them) will always be able to defeat any security measure thrown at them. Enhancing security tends to annoy consumers and do little to deter hackers. I just don’t believe that any software company will ever be able to create something that’s unhackable. And the instant you say something is unhackable, everyone makes it their mission to hack it.
I’ve been playing on my PC recently and am thus totally unaffected by the PSN outage. I’ll get back to Enslaved eventually, but that’s not an online game; I feel much more sympathy for those who bought Portal 2 for PS3 knowing they’d get a free Steam copy (oh! Look! Valve’s giving something away for free! Let’s complain about it) and be able to play co-op with PC buddies. Of course, co-op Portal 2 is online. So those people are hosed. And I’m guessing they can’t get their code for the Steam version of Portal 2 without activating their PS3 version online either, or else Dobry would have already called me and sung the new song.
Thus do I find myself at a crossroads in weighing blame. I’m mad at Sony for… well… for messing up, I guess. For not being secure. For not encrypting all its data. At the very least it shouldn’t have been this easy for a hacker to get that stuff. But I’m also mad at the hacker, who is ultimately responsible. And I’m mad at the Court because though Sony is sort of the affronted party here, it should be sued in a class action for failing to protect the data of its clients. They can claim that they were hacked five ways to Friday; even if they couldn’t have stopped it they’re to blame because when you assume stewardship of private information and fail to protect it, it’s your ass even though no power on earth could have succeeded in keeping it safe. That’s the price you pay for asking consumers for something valuable: an implicit promise you’ll keep it safe.
So tell me, Tap. Who should be the prime recipient of Steerpike’s rage?
Email the author of this post at firstname.lastname@example.org.