
Sony threatens to sue Twitter - abdias
http://www.scribd.com/doc/250802459/Sony-Letter-to-Twitter
======
moe
So by the way, when and how will Sony be held liable for criminal negligence?

Their security track record is equivalent to a bank storing its customers,
partners and employees crown jewels in a wooden bikeshed with no doorlock.
Repeatedly.

Stomping your feet, blaming evil North Korea and launching lawsuits against
unrelated bystanders may be a convenient way to distract the mainstream media.

But it's also completely missing the point and a little bit embarrassing...

~~~
dmix
Which part was criminal?

Various employees have started civil suits claiming damages.

Their entire IT infrastructure was obliterated and they had to spend tons of
money on IR and new security tools. So quite a bit of damage has been done
already.

~~~
moe
_Which part was criminal?_

The part where they don't establish most basic protection at least for their
critical customer data, after suffering from security breaches pretty much
constantly[1] for over 3 years.

If you have an account with any Sony product (Playstation network etc.) then
your personal and payment data (credit card numbers) have most likely been
leaked not once but multiple times by now.

Why is Sony still allowed to store payment data? Why is their PCI
certification not revoked?

[1]
[https://news.ycombinator.com/item?id=8790458](https://news.ycombinator.com/item?id=8790458)

~~~
BHSPitMonkey
Can you point out which law(s) you mean? It's a little hard to establish a
criminal charge otherwise. Everything in your comment so far indicates cause
for civil damages, which are already being pursued as pointed out.

~~~
moe
I am not a lawyer, my question was rhetoric.

As a layman I would argue that we know anyway that these kinds of laws are
rarely ever enforced upon companies the size of Sony. Especially not when
there's a political PR spin as convenient as "omg North Korea" (was: "omg
terrorists").

However, the least that they have obviously violated (on multiple occasions)
are the PCI-DSS diligence requirements and probably every data protection act
under the sun.

------
octo_t
This seems like fairly standard procedure to be honest, I'm not entirely sure
what the issue is here...?

Especially given quotes such as "To the extent that Twitter has previously
suspended the accounts of users publishing the Stolen Information, SPE and its
employees are sincerely grateful to you"

~~~
tsaoutourpants
There was no need to be threatening in manner that they were, and, as far as I
understand, the threats are non-actionable (that is, Twitter can't be held
liable in the manner they are suggesting).

~~~
dustinfarris
Letters like this go back and forth between companies all the time. It doesn't
even sound threatening to me. Just a standard legal complaint. I'm sure there
were a handful of phone calls made first. Sony and Twitter couldn't figure it
out over the phone, so Sony sends the official letter saying, "here's why
we're upset, this is what we want you to do about it, if you don't we will
climb the legal ladder some more until it's all straightened out."

------
miander
Though I understand Sony probably feels compelled to at least try to stifle
links to the stolen data, I am a little bothered by their legal reasoning they
are using to support their argument. That said, they seem to be wording their
accusations towards Twitter very cautiously. It also does not seem to be
worded as a threat, but more of a strongly-worded request, so I'm not sure
saying that they're threatening to sue them is accurate.

~~~
jsprogrammer
Not worded as a threat?

>If Twitter does not comply with this request, and the Stolen Information
continues to be disseminated by Twitter in any manner, SPE will have no choice
but to hold Twitter responsible for any damage or loss arising from such use
or dissemination by Twitter, including any damages or loss to SPE or others,
and including, but not limited to, any loss of value of intellectual property
and trade secrets resulting from Twitter’s actions.

Page 3 of Sony PDF

Sony should be sending these letters to their network department as they are
the ones that appear to have 'disseminated' the Stolen Information.

~~~
conkrete
I have to agree. "will have no choice but to hold Twitter responsible for any
damage or loss..." implicates a potential lawsuit if their demands are not
met.

------
rhema
Should SONY's response been DMCA takedown notices? Does DMCA cover unpublished
copyrighted work? If the DMCA applies to trade secrets and personal email, it
seems like Twitter would be legally in the clear and particular users would be
liable.

~~~
declan
>Should SONY's response been DMCA takedown notices?

This lawyer letter goes beyond what DMCA Sec. 512 allows. 512 authorizes
requests for "removal of material" that is believed to be infringing; in this
case, Sony is demanding suspension of Twitter users' accounts (which even Sony
would likely concede are 99.999% non-infringing as measured by number of
tweets). The letter also raises non-DMCA CFAA and state law claims.

> Does DMCA cover unpublished copyrighted work?

Yes. The DMCA covers "copyrighted work[s]," and publication is not necessary
for copyright to attach. The longer emails likely meet the threshold for
copyrightability and the screenplays, even unpublished, are the very
definition of a copyrighted work. Note fair use still applies to copyrighted
works.

> If the DMCA applies to trade secrets and personal email

The C in DMCA stands for "copyright." It doesn't apply to trade secrets.

David Boies, the lawyer who wrote this on behalf of Sony, is a very capable
hired gun (he represented DOJ in its futile pursuit of Microsoft and plenty of
other high-profile plaintiffs). Twitter is going to have to be careful in how
it responds.

Remember news organizations have also reproduced excerpts from the Sony-hacked
emails, and in some cases the entire correspondence. Note Sony hasn't
threatened to sue them, at least so far. Also note Boies' letter could have
been addressed to the individual Twitter users, who are actually the ones
responsible for posting the material. It wasn't.

~~~
simonblack
> David Boies, the lawyer who wrote this on behalf of Sony, is a very capable
> hired gun

He wasn't very capable when he was acting for the SCO Group in their never-
ending bullshit case against Novell and IBM. He has also been criticized for
ethics violations.

[http://gl.scofacts.org/gl-20031217025304677.html](http://gl.scofacts.org/gl-20031217025304677.html)

~~~
PhantomGremlin
He also couldn't convince the Supremes that Al Gore should be president.
[https://en.wikipedia.org/wiki/Bush_v._Gore#Rapid_development...](https://en.wikipedia.org/wiki/Bush_v._Gore#Rapid_developments)

Lawyers should (within the bounds of ethics) be advocates for their clients. I
can't fault him for his role in the 2000 election, but as to SCO I think
anyone and everyone who took SCO's side should be disbarred!

------
kraigspear
Oh great, I've been wondering where I could get my hands on this stuff.

------
cromulent
For some reason I always find it amusing to see US lawyers title themselves
with a middle ages term such as "Esquire". It seems so incongruous.

~~~
drcube
That's because they can't call themselves the equally medieval term "doctor".
Even though they have "Juris Doctorate" degrees.

------
r109
This letter seems like a blanket that Sony's lawyers are laying out across
@BikiniRobotArmy and pinning Twitter with a wall of federal and state law
violation claims. Does anyone have information on what material
@BikiniRobotArmy actually "published" ??? Did he upload the 26GB Sony dump
into a Tweet? Did he upload a picture he found on Google Images? Did he
retweet Greenwald?

~~~
notjackma
This could be it. Amazing what "celebrities" are charging for product
placement.

[https://twitter.com/BikiniRobotArmy/status/54688646593893171...](https://twitter.com/BikiniRobotArmy/status/546886465938931712)

~~~
shawn-butler
Might just be me but it seems likely Sony and these celebrities are in pretty
clear violation of the FTC 2013 .com disclosure guidelines?

It's one thing to give celebrities clothes, etc and let them parade them
around so that gullible consumers buy the product to pretend to be
"fashionable" via known endorsement contracts.

It's quite another to pay a celebrity millions of dollars to say something and
hide it as their own statement without disclosure.

Payola 3.0?

EDIT: Added link to FTC guidelines [pdf]
[http://www.ftc.gov/sites/default/files/attachments/press-
rel...](http://www.ftc.gov/sites/default/files/attachments/press-releases/ftc-
staff-revises-online-advertising-disclosure-
guidelines/130312dotcomdisclosures.pdf)

~~~
pervycreeper
This seems to be the most glaring issue here, and likely the reason for the
scare letter.

Probably unwise of them to have used this strategy considering the Streisand
effect.

~~~
shawn-butler
Again just speculating, but this could also elevate the dump of the documents
on Twitter by the individual into a press issue now since it is showing
wrongdoing.

Rights of journalist to distribute illegally obtained documents in public
interest I think was firmly established by SCOTUS in BARTNICKI v. VOPPER [0]
and they go over the DMCA implications in the opinion.

[0]
[http://scholar.google.com/scholar_case?case=2171346211086974...](http://scholar.google.com/scholar_case?case=2171346211086974391)

------
jahmaiosullivan
Is Sony requesting that twitter not shut down just this one account but keep
up with every account that pops up for this purpose? If they are that naive
then no wonder they hacked, no idea how technology works. If I can write a
script to create a different twitter account every few seconds, imagine what
these guys can do.

------
smsm42
So, from this now I know 1) that Sony pays celebrities to do gray advertising,
2) name of such person that does it, 3) that Sony uses lawyer threats to stop
people from talking about it. It's hard to hurt Sony's public image any more
at this point, but they certainly keep digging with vigor.

------
paintnp
You start with feeling bad for Sony and its employees. You see a letter like
this and my response goes from feeling bad to "Screw you Sony. You first show
immense stupidity in how you handle your security and then flex your muscle
around."

------
noobermin
In a way, they are right about it being against the twitter terms of use, and
twitter should comply because it's their rules anyway. Still, can twitter be
"held responsible"? It kind of sounds like you holding a bar tender
responsible for drugs being traded in her bar. Even if she was aware of it,
why not arrest the actual culprits?

Any lawyers care to comment?

~~~
declan
I posted some thoughts on the law here:
[https://news.ycombinator.com/item?id=8789302](https://news.ycombinator.com/item?id=8789302)

Service provider liability isn't exactly a new topic; it goes back to at least
Cubby v. CompuServe in 1991 (note this is not necessarily the law today) and
hundreds of law review articles and dozens of conferences have discussed the
topic. You might also want to read DMCA Sec. 512:
[http://www.law.cornell.edu/uscode/text/17/512](http://www.law.cornell.edu/uscode/text/17/512)

------
byoogle
Interesting that David Boies is representing Sony – he represented the US v.
Microsoft, Napster v. the RIAA, Oracle v. Google.

------
quahog
If twitter deletes that account it would take the owner a few seconds to
create another one. Better to have this one account than for many to pop up. I
think it is pretty clear that Sony was lax in their security and are now
paying a huge security debt.

------
frik
How about a comeback of 1990s style action movies like: Die Hard, Air Force
One, Beverly Hills Cop, Lethal Weapon, etc.

Instead Sony plans new movies like Captain America, Avenger, Ants Man. They
milk the Marvel brand to death. Sad and boring.

------
meritt
Sony is utterly incompetent and ignorant.

------
radicalbyte
The link is broken on Android :(

~~~
smtddr
They do it on purpose. Use another browser, like "Boat", to change UserAgent
to desktop and it'll work fine.

~~~
radicalbyte
Ahh, that sucks. Thanks for the advise :)

------
donohoe
Unless there is a unique piece of information and it is physically taken away,
it cannot be stolen, only copied?

------
barkingcat
why is the title of this post mispelled? Just seems like a really obvious
typo.

~~~
nitrogen
A mod or the OP must have fixed it (it originally said "treat _h_ ens").

------
pasbesoin
Engineering with lawyers...

------
xnull2guest
Hmm. Up until now the Sony/NK thing has been confusing from a technical
standpoint - there's lots of good reasons to be curious about and skeptical
whether NK had anything to do with the SONY hack (see the bazillion threads on
HN and elsewhere that cover it). Now for some conspiracy.

Here are some facts. One of the primary journalists responsible for announcing
that the government had determined NK was responsible for the SONY hack is the
same one responsible for falsely declaring the US had confirmed locations of
weapons of mass destruction in Iraq on behalf of the State Department (Judith
Miller), who hadn't yet gotten the public support it needed to go into Iraq.

But what could the US's motivation for falsely fingering North Korea in this
attack, if that's in fact what was done?

First, either instability or regime collapse in North Korea would mean very
good things for the United States. Not just because it would advance human
rights or because NK represents a black mark on US military operations. But
also because instability threatens China. A regime collapse would mean China
would have to deal with a flood of millions of starving and brainwashed
immigrants at its border, and in fighting due to power vacuums. The downside
is that the US would need to spend a lot of money and man hours supporting
their ally South Korea, as they would also be forced to handle the
instability, and because of US military presence in the region.

But second - and this is where the conspiracy theorizing comes in - we've seen
the US make several attempts to get Twitter to censor certain types of
information. The US, through the NSF, wants to study 'social pollution' on
Twitter ([http://www.washingtonpost.com/opinions/truthy-project-is-
unw...](http://www.washingtonpost.com/opinions/truthy-project-is-unworthy-of-
tax-dollars/2014/10/17/a3274faa-531b-11e4-809b-8cc0a295c773_story.html)).
However, it already has studies on social contagion and memetic social
influence and these are used in political campaigns today
([http://enga.ge/download/Inside%20the%20Cave.pdf](http://enga.ge/download/Inside%20the%20Cave.pdf)
& [http://bits.blogs.nytimes.com/2008/11/07/how-obamas-
internet...](http://bits.blogs.nytimes.com/2008/11/07/how-obamas-internet-
campaign-changed-politics/) & [http://theweek.com/article/index/256160/how-
obama-won-the-in...](http://theweek.com/article/index/256160/how-obama-won-
the-internet)). Moreover, the United States uses these tactics to influence
public opinion in enemy nation states, such as the use of Twitter this year to
cause insurrection and organize riots to overthrow the Cuban government
earlier this year (search Cuban Twitter CIA), the use of Twitter messages in
Jordan, Egypt, Syria and others to spread US propaganda
([http://minerva.dtic.mil/doc/samplewp-
Lieberman.pdf](http://minerva.dtic.mil/doc/samplewp-Lieberman.pdf)), and the
US contracts with companies that are used to do the same thing (e.g.
www.marayamedia.com).

The conspiracy here would be that since the US has so far lacked legal
traction in giving it the ability to influence other nations with adversarial
messages but preventing others from influencing US citizens in the same way,
that it is using the traction of the NK/SONY event to create a civil law
precedent for content curation in Twitter that can later be expanded to
federal law. This creep from civil to federal law has happened before -
notably with Youtube - which now removes content that the federal government
wants it to (known examples include ISIL recruitment videos and US citizen
Anwar al-Awlaki's political messages).

