In one of many recent cyber attacks, North Korea stole intellectual property and confidential business information from Sony and selectively scattered that property across the Internet for all the world to see, to copy, and to profit from.
President Obama recently announced new sanctions against North Korea for its role in the Sony cyber attack. It is good to discourage would-be attackers, even if North Korea historically has been impervious to sanctions. We simply have not yet devised economic punishments that discipline North Korea’s behavior.
Even if North Korea were miraculously brought to justice, neither Sony nor our federal government has any expectation that North Korea will pay any reparations, much less full reparations, for all of the damages it caused Sony. While North Korea initially stole property from Sony, it is not the only entity that benefited from the theft.
Countless websites, many of them with commercial interests, hosted and made use of the Sony intellectual property and confidential business information, which can still be found bouncing around cyberspace. It is illegal to traffic in this information, and the government should take action against these websites.
Sony is neither the first nor the last victim of a cyber attack. Home Depot, Target, Apple, JP Morgan Chase, Neiman Marcus, and America’s national security and intelligence agencies are just a few of the major entities that are publicly known to have been victims of cyber attacks.
The victims are not just large corporations. Jennifer Lawrence, whose pictures were stolen from iTunes, told Vanity Fair that the theft of her pictures was a “sex crime” and condemned anyone looking at them.
But Lawrence’s harshest assessment was for businesses that profited from her stolen pictures. As Lawrence told Vanity Fair: “Just the fact that somebody can be sexually exploited and violated, and the first thought that crosses somebody’s mind is to make a profit from it. It’s so beyond me. I just can’t imagine being that detached from humanity.” Several celebrities threatened to sue Google, not for stealing their pictures from iTunes, but for not doing enough to prevent their dissemination at Google sites.
Trafficking in stolen property is a crime in many if not all states. Widely recognized as the cornerstone of commercial integrity in physical transactions, the legitimacy and provenance of goods for sale are not uniformly recognized for online material. Stolen property is seemingly everywhere online.
The theft and dissemination of copyrighted works online has been litigated in the courts for years. From Napster to Grokster to Aereo and to many cases in between, American courts have typically found the commercial dissemination on the Internet of copyrighted works outside of the provisions of the copyright unlawful. These cases are consistent with the unlawfulness of trafficking in stolen goods.
The damages associated with trafficking in stolen goods are substantially magnified online relative to physical transactions. Courts have typically sided with copyright holders against piracy, but the damages from Internet piracy are largely unmeasured and uncollected. Once a work is unlawfully disseminated on the Internet, it is difficult to retrieve. A stolen car or painting can be retrieved. A stolen video or music recording cannot. The digital copy of a stolen video or recording is indistinguishable from the original and easily duplicated countless times.
In recent months, we have seen the substantial damages from stolen property on the Internet. Independent of copyright claims to her pictures, Jennifer Lawrence and other celebrities were rightly aghast at the theft and commercial dissemination of their personal images as a profound invasion of their privacy.
Commercial rivals of Sony have had access to at least some of its secrets and its deliberations. Whether the leaked information reflects some or all of Sony’s information, only Sony knows for sure. But rivals have been swift to attempt to use Sony’s confidential information against it.
For example, last month Google posted a public policy blog attacking MPAA and others for allegedly considering a legislative campaign. Google does not directly cite the stolen Sony emails, but it instead cited other websites and newspaper articles that do. Whether the stolen emails are still relevant or doctored is not as important as their commercial use once stolen. Simply, stated Google attacked Sony and MPAA based on information contained in emails stolen by North Korea and disseminated around the web by third parties. No one seems to care that corporations are commercially benefitting from stolen property.
Sony is injured, and no doubt the thugs in North Korea’s leadership are laughing. They laugh because they successfully breached Sony’s computer systems. They laugh because they know that they will ignore the new American sanctions as much as the old. They laugh because they have unleashed commercial chaos among American businesses and consumers. They laugh because they believe they can get away with it all.
We can deter North Korea and other cyber-terrorists by reducing the commercial use of stolen property here at home. If American businesses and consumers were to shun stolen intellectual property, and if American businesses were to avoid stolen corporate information, the value of cyber attacks to the North Korea would greatly diminish. Neither businesses nor consumers will magically become virtuous on their own, but enforcement of laws on piracy and on trafficking in stolen property might have the same effect. An America that takes property seriously is an America that can make the thugs of North Korea stop laughing.