Forget the name-calling and fanboy-baiting. There are much bigger issues at play here. This isn't just about the security of Sony's servers. It isn't about the competence of its tech guys. It isn't even just about the hack, although the personal security issuesat play here are unbelievably serious. No, aside from all of that, the current PSN crisis ties into long-standing failures endemic to the house of PlayStation, which the company has remained complacent about for far too long. Will it now recognise and fix them now that they've finally blown up in its face? Let's have a look.
The first thing to understand?
The hack isn%26rsquo;t Sony%26rsquo;s fault
Seriously, it isn’t. Any large organisation can be hacked. Any. From your local fruit and veg shop’s marrow inventory to the Pentagon. If it’s connected to the internet, it can be hacked. Fact.
Above: There's enough to blame Sony for. Don't drop the hack on them too
It could have been Xbox Live. It could just as easily been the Nintendo WFC or Steam. And don’t go saying that Sony’s interference with George Hotz put it in the hacker firing line. Anonymous has distanced itself from this particular attack, and an assault on innocent customers’ information is not the organisation’s style. And besides, whoever has made this attack, the decision to hack lies with the hacker, and the hacker alone.
This whole thing has been managed badly. Very badly. The facts are as follows.
Sony knew about an external network intrusion between the 17th and the 19th of April. It confirmed the intrusion and shut down the PSN on the second of those dates. It then proceeded to make a thorough sweep of its system to try to work out what information had been tampered with, if anything.
All well and good, anda recent postat the PlayStation Blog states that “There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised.
“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon."
Above: This will become more relevent in a moment
But I’m sorry. That just isn’t good enough. An unexpected tech failure is one thing. A server going down is an annoyance. That sort of stuff can be dealt with quietly, and passed off as “maintenance”. When the issue includes, or may include, the personal security of a corporation’s public customers however, it becomes a very different game with very different rules.
Your PR becomes a secondary consideration. Far secondary. If there’s even a chance that your customers’ personal information may be in danger, you tell them. They may panic, they may complain, they may take precautions to safeguard their personal interests, they may not care or bother. But the key point is that they’ll have the option of doing each of those things, and having that option is their right in a situation such as this.
You do not deprive a person of that right just because you’re not sure of the situation and don’t want to panic them. You do not use vague language like that above when explaining the situation after the fact. I'm not the only one who thinks this. A US Senatorwas voicing these concernsto Jack Tretton yesterday, before Sony even announced the full gravity of the security breach.