CNET también está disponible en español.

Ir a español

Don't show this again

Internet

The peculiar star of the Sony hack: Email

The massive hack has raised questions about First Amendment rights, privacy and cyberwarfare. But there's a subtler issue at play when we look at all the news stories that have come from hacked inboxes: Why do we put this stuff in email?

Most of the news stories that came out of the Sony hack were based on info from the email inboxes of Sony executives. Sony Pictures

Every summer, Coye Cheshire teaches a workshop to incoming grad students on how to be smart and careful on social media.

The class, held in the School of Information at the University of California, Berkeley, involves letting students know the repercussions of posting things on networks like Facebook and Twitter. But Cheshire doesn't mention an online medium even more basic than social media: email.

"We sort of treat email as a given," said Cheshire. But after the high-profile hack against Sony Pictures Entertainment, which resulted in a leak of tens of thousands of internal emails, financial documents and other items, will he be sure to mention email specifically when he teaches the workshop again next summer?

"Absolutely," he said.

That's just one of the many impacts of the devastating hack, which has already spurred questions about everything from First Amendment rights to cyberwarfare to journalistic ethics. Looking past the marquee headlines, there's a subtler effect: As self-preservation kicks in, people may try to ensure their digital paper trails don't make them vulnerable targets.

The hack, revealed in late November, was carried out by a group that US authorities say is linked to North Korea. That country was upset by the "The Interview," a movie from Sony Pictures starring Seth Rogen and James Franco, about an assassination attempt on North Korean leader Kim Jong-un. Sony on Wednesday announced it was canceling the release of the movie amid threats of terrorism, though on Friday it said a release may still happen.

Inside the company, the hack has been devastating: Amy Pascal, head of Sony's film division and one of the most prominent women in Hollywood, watched as her email inbox was opened to the world and her emails made available for anyone to read. Among the trove of missives: an offensive joke shared with producer Scott Rudin about President Obama's taste in movies. Both of them quickly apologized.

Messages ranging from discussion about Facebook CEO Mark Zuckerberg to new movie ideas to even a script for the latest James Bond film were dumped onto the Internet. And they were revealed by media outlets pouring over thousands of emails from the inboxes of Sony executives.

Those are high-profile examples of collateral damage, and Cheshire said he hopes news of the hack will motivate people to be more vigilant about what they say in their digital communications. "My hope is it might be a reflection point, that people might think more carefully," he said.

But while that's his hope, his research as a professor at Berkeley -- he focuses on the role of trust in online interactions -- stands against him. According to surveys he's conducted, only those who have experienced "adverse events" online, like their emails or other Internet accounts being hacked, are likely to change their behavior to be more careful. "Most people think, 'Thank God that didn't happen to me,'" he said. And then they don't change.

As social media has risen to prominence over the past decade, it's come with growing pains over privacy. But those concerns have brought about vocal discussion on the implications of what people post on social networks. Earlier this month, the Supreme Court considered a case about free speech on Facebook, centered around a Pennsylvania man's threatening comments about his estranged wife and law enforcement officers.

But with email, a form of online communication that looks almost antiquated next to Twitter, Facebook, Snapchat, WhatsApp, Skype and others, those kinds of cases rarely get attention anymore. Without the reminders that come from media intrigue, people tend to be less careful. "What we say about our friends and bosses in email has become akin to how we talk on the telephone," said Cheshire.

Though people won't necessarily change their email behavior as a result of the hack, there is an opportunity to make email more secure. "We need to reinvent the way we send messages," said Frieda Birnbaum, a private psychologist and author.

There are already people taking on that challenge. For example, Silent Circle and Lavabit, two secure-communications firms, have teamed up to build Dark Mail, an email standard that encrypts messages so they can't be deciphered by outsiders. The service, expected to launch after Christmas, is a response to surveillance practices revealed by Edward Snowden's leaks about the National Security Agency. Google and Yahoo are also working on a web-mail encryption project called End-to-End.

Initiatives like those are probably not foolproof solutions, but they're nevertheless attempts to make email more secure.

"There are wonderful things that can happen with technology," said Birnbaum. "But there are kinks."

So until there's secure email, people might do well to think before they type. Research shows, though, that they probably won't.