backtop


Print 61 comment(s) - last by achintya.. on May 17 at 1:38 AM


The Japanese government won't let Sony restart its online services as it's unsure if the company is doing enough to protect Japanese consumers. The PlayStation Network was recently restored in the U.S., Europe, Canada, and other locations.  (Source: RuliWeb.com)
Government says it won't authorize reboot unless Sony shows what precisely it's doing to protect customers

Citizens across Japan, Europe, and America fell victim to a massive breach of privacy thanks to lax security at Sony Corp. (6758).  As many as 101 million individuals are thought to have lost personal information including hashed (but not salted) passwords, plaintext usernames, addresses, and birth dates.  It is unclear whether Sony also lost tens of millions of other customers’ credit card information.

For American, Canadian, and European customers the PlayStation Network (PSN) is now back online after being shutdown for over three weeks while Sony tried to assess the extent of the damage and secure its systems.

But in Japan the network is still down and may remain so for some time.  The Japanese government has refused to let Sony restart the network without providing more explicit proof that it is securing the network.

Kazushige Nobutani, the director of the Media and Content Industry department at the Japanese Ministry of Economy, Trade and Industry, comments, "We met with Sony on May 6 and 13, and basically we want two things from them. The first is preventative measures. As of May 13, Sony was incomplete in exercising measures that they said they will do on the May 1 press conference."

The second key point was that the Japanese government is demanding Sony address what steps it’s taking to protect customers whose credit card data may have been stolen.  Sony Japan has been less specific about what measures it has been taking, as opposed to Sony Computer Entertainment America LLC , which announced that it would be providing customers with a year of free identity theft coverage.

The PlayStation Network is currently back online in Americas, Europe, Australia, New Zealand, and the Middle East, though it remains down in Japan and some other locations (such as China and South Korea).

Sony is also working to restore its Sony Online Entertainment (SOE) service, which was also compromised as part of the breach.  SOE offers services for certain streaming music and video offerings and also supports online games like DC Universe.

The company is currently struggling to clear the cloud of negative publicity.  It is currently facing several high profile class action lawsuits internationally, in addition to multiple government inquiries.  Customers have reportedly also been returning their PS3s and trying to trade-in their consoles for cash towards purchasing Xbox 360s.

No charges have yet been filed against those involved in the data breach.  Sony claims the online hacker collective Anonymous might have been involved, but the majority of members of the collective rebuked this claim.  Sony has presented no evidence indicating that it's figured out exactly who was involved.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: gov't protecting its citizens
By JasonMick (blog) on 5/16/2011 1:39:56 PM , Rating: 2
quote:
The government doesn't need to protect it's citizens when they are perfectly capable of doing so.

If you don't trust Sony anymore, just don't use their service.

The problem with government intervention is that they start acting where it seems right, and soon they will be enforcing things you really don't want them too.


I agree.

If a large portion (e.g. if all 10+ million who had CCs on file) of the population was victimized by identity theft I could see the gov't stepping in with additional restrictions as it would be creating a national security threat.

That has not happened though.

As is the U.S. and European gov't seem to be reacting appropriately here for the most part... allowing the restarting but continuing their investigation into who committed this crime.

And citizens in these regions seem to have the right idea. Some are indeed returning (or trading in) their PS3s and/or cancelling their service. And those affected are also filing suit against Sony.

No need for the U.S./EU gov'ts to expand their involvement beyond the level they're currently at. That would do little to "protect" their citizens....


RE: gov't protecting its citizens
By VooDooAddict on 5/16/2011 2:22:50 PM , Rating: 3
So the theft of the information from millions of citizens isn't enough? Citizens must be further victimized?

Asking Sony to prove that they have new security and better data handling practices in place before they expose citizens to more risk is not an excessive request.

Government officials could pass non-binding resolutions requesting this of Sony. Passing new restrictive regulations and adding layers of bureaucracy isn't required. As it stands now though there's no proof that Sony hasn't simply added a new firewall appliance, left the unencrypted data schema alone, and flipped the ON switch.

This isn't something impacting a few thousand people. Millions of citizens were impacted. To claim the government has no responsibility to protect it's citizens and their assets on a scale this large ... then what's the purpose of government?


RE: gov't protecting its citizens
By FITCamaro on 5/16/2011 2:37:04 PM , Rating: 2
Because the evil corporation of Sony just wanted this to happen right?

It's cyberspace. There is no true 100% security. If every company out there was automatically 100% liable in any case like this, none of them would take the risk. You have to prove Sony was negligent with people's data to have and win a case. It is doubtful that will ever be shown.

Of course that's not to say some sympathetic judge won't render a verdict in the favor of some scum sucking lawyer who's looking to make millions of dollars off this incident of which the people affected will get mere pennies in comparison.

Sony has stepped up and offered those millions of people free identity theft coverage. What more are they to do? What could they have done to prevent this? Nothing. I suppose you plan to sue the government every time an employee loses or steals a laptop too right?


RE: gov't protecting its citizens
By tfk11 on 5/16/2011 2:58:52 PM , Rating: 3
quote:
You have to prove Sony was negligent with people's data to have and win a case.


"As many as 101 million individuals are thought to have lost personal information including hashed (but not salted) passwords ..."

There's your proof of negligence right there...


RE: gov't protecting its citizens
By gamerk2 on 5/16/2011 2:58:50 PM , Rating: 2
You ever been hit by identity theft and tried to "fix" your credit rating? I think not.

Essentially, you are arguing that the theft of the personal information for 75 Million people is not reason enough for a governemnt to ensure that the services replacement is more secure then the previous one was.

Governments job, first and formost, is to protect its citizens. If that means coorporate profits are depressed by some amount to ensure this, then so be it. Citizens first, coorporations second.


RE: gov't protecting its citizens
By jjmcubed on 5/16/2011 4:07:11 PM , Rating: 4
Wasn't Sony warned about their network not being secure in the past? If that is indeed the case, to me that is reason enough. If you are warned you have an unsecured network, then do nothing to protect the millions of customers, you have shown negligence.


RE: gov't protecting its citizens
By Reclaimer77 on 5/16/2011 4:13:27 PM , Rating: 3
I don't know about Japan's laws, but I don't think having your gaming network being hacked gives a Government the right to step in and call the shots. Sorry, no way.


RE: gov't protecting its citizens
By jjmcubed on 5/16/2011 4:57:01 PM , Rating: 2
So you are fine with companies that do nothing when warned of major problems?


RE: gov't protecting its citizens
By erple2 on 5/16/2011 6:01:52 PM , Rating: 3
Sadly, yes. Unless there are existing laws that force a corporation to protect (via hashing, encrypting, whatever) your personal information, then yes, I'm fine with it. Note that there are rules governing how information related to credit cards can and can't be stored (encryption, access controls, etc), but we're not necessarily talking about that right now.

The corporation can choose to not encrypt anything you supply to them (with the exception of things that they're required to encrypt). They can choose to have everything open to the intartubes. I can also choose to not do business with that company. It's a terrible case of buyer beware. While it makes good business sense to encrypt/restrict access to that kind of information, and there are TONS of simple ways to do that, I don't believe that there are any laws that govern that (at least, in the USA).

The Government, on the other hand, has different restrictions on what it must do. By law, the Government has to safeguard your personal information by "reasonable" means. That's primarily because I, as a citizen, can't choose to not do business with the government.


By snakeInTheGrass on 5/16/2011 7:58:08 PM , Rating: 2
Why should your credit card information be protected by any laws? Wouldn't everyone be happier if your SSN, credit cards - everything! - wasn't restricted by an overly large government? Why regulate any company for anything, for that matter? Surely capitalism will protect us all?


RE: gov't protecting its citizens
By wordsworm on 5/16/2011 7:51:23 PM , Rating: 2
I think you, and most of the others, are missing the bigger issue here. Japan's government is concerned with, if I'm not mistaken, the reputation of the nation itself. Sony is a flagship company for the nation. It is not just an embarrassment for Sony, but for Japan as well. I suspect this is the biggest reason why Japan's government is reacting strongly to this issue.


By Reclaimer77 on 5/16/2011 9:05:45 PM , Rating: 2
That's fine. I don't care what Japan's government does. I'm arguing with those that stupidly think that everyone else should do the same.


RE: gov't protecting its citizens
By Reclaimer77 on 5/16/2011 4:22:30 PM , Rating: 2
quote:
Governments job, first and formost, is to protect its citizens.


You know what's funny in all this? Sony is being made to be a bigger bad guy here than the hackers. Corporate employees are citizens too. Where was the Government when PSN was being hacked? Why aren't THEY protecting individuals from hackers?

So the Governments who don't have the technical knowledge to have decent cyber security for it's citizens, or law enforcement to track down and arrest hacking communities, are now qualified to evaluate Sony's PSN security changes.

Is that it?


RE: gov't protecting its citizens
By jjmcubed on 5/16/2011 5:00:43 PM , Rating: 2
Where in this story are you seeing the the government is doing nothing? Would you like the government to monitor the internet for us? You seem to want them to do nothing, but be able to do something... I'm confused.


RE: gov't protecting its citizens
By JediJeb on 5/16/2011 5:49:24 PM , Rating: 2
What is being said is that if the government can't secure their own networks, then why should they come down heavy on Sony for the same failures. So far the only financial data to be shown to have been breached was old out of date debit card/checking account info from a few European countries. The rest was only user info on Sony's online gaming networks. Is it then Sony's fault if someone uses the same username and password for their own bank account that they use on their PSN account? Or is it Sony's fault if the moment they announced what had happened users didn't go out and change their passwords and account names on their bank accounts if they were using their PSN account info on those accounts also?

Sony definitely should suffer some legal accountability for being lax in security, but there is also a responsibility on the part of users to use proper habits online. If for convenience I go and have my car, house, atv, safety deposit box and garage key made the same, and I get a call from Ford saying someone stole copies of all their keys, should I be able to sue them if someone uses that key to break into my house? No, because it is my fault I chose convenience over security.


RE: gov't protecting its citizens
By jjmcubed on 5/16/2011 6:36:37 PM , Rating: 2
The Japanese were using best practices and were warned by others that they were in jeopardy of being hacked? You state only out of date information was stolen... you know that how?

Also, lets not take this as someone like you and I that know a bit more than the average public does about computers. Look at it from the point of view that you grandmother could have one for the grand kids.

You state Sony should suffer some legal accountability. Just not this? Is this not enough for you? Is this to much for you?

Yes, this is totally about the people that have the same passwords, and not about Sony being told they were insecure.....


RE: gov't protecting its citizens
By snakeInTheGrass on 5/16/2011 8:00:18 PM , Rating: 2
Sorry, was there a story about the Japanese government getting hacked and losing 100 million people's info? After being warned? Guess I'm not really seeing the parallel.


By Reclaimer77 on 5/16/2011 8:36:43 PM , Rating: 2
lol, Logic escapes you.


RE: gov't protecting its citizens
By fic2 on 5/16/2011 6:57:16 PM , Rating: 2
quote:
Sony has stepped up and offered those millions of people free identity theft coverage. What more are they to do? What could they have done to prevent this? Nothing. I suppose you plan to sue the government every time an employee loses or steals a laptop too right?


They offered 1 year of id theft coverage after they were pressured into it. What if the thieves just sit on the data for a year and then start using it.

I think that if the laptop has millions of peoples private information weakly encrypted then yes I think the gov't should step in and do something.
Of course, it seems that half the time something like this happens it is a gov't employee having his/her unencrypted laptop stolen.


By snakeInTheGrass on 5/16/2011 7:54:34 PM , Rating: 2
Sue the government when they're incompetent? Don't be ridiculous - the government has plenty of laws in place exempting it from just that kind of accountability.


RE: gov't protecting its citizens
By semo on 5/16/2011 3:11:20 PM , Rating: 2
You can say that millions of citizens could be impacted as for all you know, every other big company could be as complacent as Sony. OP's point was that the Japanese government protects their citizens. Why don't they extend their scrutiny to other big corps? Because Sony is a scapegoat and they will throw the book at them.

I think this is all about the votes.


RE: gov't protecting its citizens
By wallijonn on 5/16/2011 5:33:15 PM , Rating: 2
quote:
OP's point was that the Japanese government protects their citizens.


What seems to be forgotten is that this is Sony, where the Japanese are fiercely loyal to local companies, where the XBox can't make in-roads, where workers are loyal to one company for life.


RE: gov't protecting its citizens
By adiposity on 5/16/2011 2:46:34 PM , Rating: 3
quote:
And citizens in these regions seem to have the right idea. Some are indeed returning (or trading in) their PS3s and/or cancelling their service. And those affected are also filing suit against Sony.


How, exactly, is it the "right idea" to "cancel your service" or trade in your PS3?

I mean, I certainly don't begrudge someone trading in or returning their PS3 if they are that upset by this breach. On the other hand, I don't see it as a foregone conclusion. Your personal data has already been compromised. What good will canceling your service do now?

In the future you can use PSN cards if you are really concerned. I just got into my PSN account and observed that my "personal info" was deliberately inaccurate (e.g., "123 No Street"). So, it seems I was not required to enter my name and address.

I don't mean to downplay the seriousness of this happening, but I feel it is a bit cavalier to suggest people should just trade in their PS3s and stop using the service. The service has a lot of value, and this breach doesn't change that. Most people trading in are just angry at Sony, not necessarily making a rational decision.


RE: gov't protecting its citizens
By adiposity on 5/16/2011 2:47:53 PM , Rating: 2
I should add, I had a CC on file with Sony and purchased things from the store. But I did not have to have a real address in the system to do that. Which is kind of odd...


RE: gov't protecting its citizens
By bah12 on 5/16/2011 5:16:47 PM , Rating: 3
quote:
I should add, I had a CC on file with Sony and purchased things from the store. But I did not have to have a real address in the system to do that. Which is kind of odd...

Just shows you that they are so laxed on security they are not even validating your CC against your address like virtually every other online dealer would. Essentially all they are using is the CCV code, and nothing else.

This is the core of my biggest issue with all of this. Sony's security is crap. Period!! Unencrypted data, unsalted hashes, and not even the common courtesy to validate your CC # off of more than what can be clearly found on the card. I'd blame the robbers for bank robbery no doubt, but at some point you have to start pointing fingers to the asshat that left the vault open.


RE: gov't protecting its citizens
By erple2 on 5/16/2011 6:05:13 PM , Rating: 3
And that should dictate your choice to do business with that company. I choose to no longer do business with that company. I'm sure they'll lose lots of sleep over their lost minor revenues (maybe 50 bucks a year) over my lost business. But as a consumer, that's how I vote in the business world.


“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki