A year after the hack of Sony Pictures Entertainment, Hollywood is an industry culture mixed with fear, ambivalence and shattered illusions of privacy, industry analysts and insiders told TheWrap.
Collateral damage from the hack, called the worst on any U.S. corporation in history, is difficult to quantify: Jilted movie stars, runaway prestige films and executive-on-executive abuse litters the landscape of Sony and, by extension, all of show business.
What has this taught us to feel about our own privacy and the way we relate to each other in the business?
“Honestly, nothing feels safe anymore,” one high-ranking executive at a global tech company told TheWrap. “That level of exposure makes me question how people see me. And it definitely affects how I see other people.”
One of the greatest symbols of a culture shift is in the content of the hack itself: more than 170,000 stolen emails from Sony executives, fully indexed and searchable on Julian Assange’s Wikileaks site.
With 12 months in the rear-view, the emails stand as a 360-degree view into Hollywood’s entitlement, pettiness, self-satisfaction and deep-seated fears — still available to call up at a moment’s notice.
One executive from a Sony rival said that, to this day, the hack has her confronting the “delusion” of online privacy. “Everyone knows that your email is the property of your company and anything you write can be read and published — it’s not private. [The hack] was a dose of cold water,” the executive said.
“It’s less how a company behaves — it’s more the individual thinking long and hard about sending something. Even jokes,” the executive added. “Many times, I’ve had friends been like, ‘Oh, here’s a funny response.’ But out of context, would I want to read that response?”
For many in the industry, the Sony hack has provided a wake-up call to avoid committing any sensitive information to emails that might later be read by wider, unintended audiences.
“We talk offline now — it’s just how it is,” one top Los Angeles-based agent told TheWrap. “We pick up the phone or grab coffee. Even with gadgets, you see less phones on the table at lunch these days.”
Emotional fallout from such an insidious attack is normal, according to Clifford Neuman, Director of the Center for Computer Systems Security at USC.
“It drove home that there’s a need to only put things in writing you’d want to be seen. Whether its a memo, or someone’s opinion — email represented a certain amount of privacy that it no longer does,” Neuman said.
Still, there are signs the initial post-hack vigilance and self-reflection may prove fleeting.
“When that story broke, a lot of people’s knee-jerk reaction was ‘Oh, my God, are we safe?’ Then, ‘Oh, my God, I need to change my email habits,'” a top-level cable network executive told TheWrap. “Then slowly but surely… a majority fell back into the old habits.”
The cable executive said a handful of studios and production companies have worked to better protect top-level employees, or a “protected class” of individuals, with extra firewall power. Several major studios and media companies contacted by TheWrap declined to comment or denied the practice.
Some craftier employees have created alternate email accounts using aliases, the cable executive said, but most don’t have the good sense to use them outside company-owned buildings, making their content susceptible to hacking over Wifi connections. No solution seems safe enough. No work-around is impenetrable.
More troubling are no signs that the Sony hack has resulted in any sweeping changes in corporate policy across town. One rival studio simply ordered department managers to verbally reiterate routine security training for all its employees, according to an insider, and a similar shrug-off was also experienced by employees at another studio.
Perhaps most shockingly, some inside Sony itself report that there has been little discernible shift in corporate policy or behavior with regard to computer usage or cyber-security.
“There has been literally no change in how employees do business in terms of email use,” said one SPE employee, speaking on the condition of anonymity.
Another senior SPE executive told TheWrap that post-hack legal documents now require password protection and that outside parties must even place a phone call to learn the password and open drafts.
Sony declined to comment on its security procedures.
There is a natural temptation to shift back into a state of complacency despite the magnitude of the harm that befell Sony.
“Is this like a college or a theater shooting where people talk about it and then forget it?” one exec who works closely with Sony wondered.
At least for senior levels at most studios, though, there seems to be a greater awareness that stepping up cyber-security reduces the risk of catastrophic harm.
“This is a tectonic shift, an event that made everybody hyper-aware of what’s a stake and what can happen if you have your guard down,” another executive said.
Beatrice Verhoeven, Linda Ge, Daniel Holloway and Thom Geier contributed to this report.