View Full Version : Which? wants stiffer PSN theft penalty

June 6th, 2011, 18:27
UK consumer rights group Which? wants companies like Sony who lose your personal data slapped with harsher fines.

One of those would be offering "victims" of ID theft "a flat rate of compensation".

"Sony's systems have been hacked into on more than one occasion in just a few weeks," Which? technology editor Matt Bath told Eurogamer, "but they're not alone in having lost their customers' personal data.

"Companies which keep people's details on file need to look very closely at the security measures they have in place. As well as preventing accidental loss of personal information, these measures must be robust enough to deal with threats of hacking.

"Which? wants to see companies faced with more serious consequences if they do lose personal data, with any victims offered a flat rate of compensation."

The Information Commissions Office - an independent UK watchdog group concerned about privacy - is currently investigating whether Sony breached the Data Protection Act. Apparently our sensitive data was stored in plain text rather than in secure encrypted files. Sony will be handed a 500,000 fine if found guilty.

But that's a drop in the ocean compared to the 105 million bill Sony expects for total PSN hack-related costs.

"There is undoubtedly a massive trust issue with Sony now."
Paul Gibson, Gamers' Voice
The Information Commissions Office was asked by UK campaign group Gamers' Voice to investigate Sony's part in the Great PSN Identity Theft. A 100 million bill will sting, but GV chairman Paul Gibson believes there's a bigger issue to consider first.

"There is undoubtedly a massive trust issue with Sony now," he told Eurogamer.

"Most people who were affected by the PSN hack will agree that the handling of the event was very poor indeed, with a full week between the actual hack taking place and the confirmation that consumer details had been stolen. Further to this, the lack of informative communication to PSN users meant many were completely in the dark as to what information had been compromised and what precautions to take.

"Many people are saying that they will not be going back to Sony once they system is fully up and running again, instead preferring to pay for a more secure online games provider. Whilst we are sure that Sony's new security system is now as secure as any other, this is as it should have been months ago and the damage is done in the eyes of consumers."

Eurogamer was told by some high street shops that customers had traded in their PS3 consoles as a result of the fiasco.

However, it isn't just customers who Sony will have to spend time, effort and money convincing - PSN game developers will need courting in order not to jump ship and develop for Xbox Live Arcade or PC.

"I don't think PlayStation Network is ruined as such," said Andrew Eades, co-founder of Buzz! and Blue Toad Murder Files developer Relentless Software.

"The people that stole our data committed a crime and I suspect are less of a protest group than the hacker moniker suggests. You could argue that Sony should have defended themselves better and I think they've said as much.

"There is a danger that these hackers have put gamers off PSN. It'll take a lot of effort both from Sony and developers to get people back."

Eades said Relentless had suffered as a direct result of the PlayStation Store being down for 43 days, because gamers couldn't buy Blue Toad Murder Files. But luckily Relentless has more strings to its bow.

"I'm just pleased that Relentless doesn't live or die by PSN alone and that there are meaningful alternatives out there," said Eades.

"I actually think [Sony] will spend more, not less, on PSN content."
Michael Pachter, analyst
By way of apology, Sony has offered PlayStation Network users a Welcome Back pack. This includes two free PS3/PSP games from a choice of five older titles, as well as a month's free subscription to PlayStation Plus. Sony has also made sweeping improvements to the security of PlayStation Network, and granted a year's free ID theft cover to all.

"There will always be naysayers to whatever Sony has offered," acknowledged Gamers' Voice.

"Sony could never hope to please everyone, but a larger selection of games to choose from would have been better. As for the credit protection facilities, well, it's the least that they could offer in the circumstances.

"Let's not forget that Sony themselves are losing out with the store's downtime as well as the damage they are causing to their relationship with PSN developers.

"In the end," Gibson concluded, "these apologies and free games are not as important to PSN users as being guaranteed that their personal details will remain secure and their enjoyment of the PSN network will remain uninterrupted in the future."

Sony, already playing second fiddle to Xbox Live Marketplace, has an uphill battle restoring general faith in PlayStation Network. But Wedbush Morgan analyst Michael Pachter has faith Kaz Hirai's company can turn it around.

"Yes, the brand is tarnished, and yes, trust will be a continuing issue. Sony must reassure everyone that the restored network is secure, and that they will indemnify against any harm. They need to do a lot to restore confidence," Pachter said, "and I think that they will.

"I actually think they will spend more, not less, on PSN content. You will see more downloads, some exclusive content, maybe even payment for an exclusive DLC window. That will help a lot.

"Microsoft will stay ahead and Nintendo behind," he added. "Free PSN is a real draw, and if Call of Duty Elite is copied by Bungie, DICE, Respawn and others, it may be a differentiator.

"That's why PSN can recover."

Fellow analyst Billy Pidgeon also recognised the "intangible cost of the loss of consumer confidence". Sony placed 85th in Millward Brown's BrandZ top 100 company report earlier this year - way behind fifth place Microsoft. But Pidgeon believes Sony can recover, and there's even opposing evidence that the PlayStation brand has been positively influenced as a result of the PSN hack.

"I don't believe there are serious losses in consumer confidence in PSN now," Pidgeon told Eurogamer, "but Sony must maintain services and should strive to exceed expectations for networked services.

"I don't believe publishers will constrain game supply to PSN, but Sony has a lot riding on networked media delivery, so the company must lead in this sector. Sony should continue to invest in PSN for PS3 and NGP as well as on other digital distribution platforms and services, such as smartphones, PC and direct to television.

"Microsoft is the current leader in connected console gaming and Nintendo is the laggard," Pidgeon added. " With PSN, Sony must meet, and ultimately exceed, Microsoft's performance with Xbox Live."

That's what analysts, consumer rights groups and developers think. But they're the insiders. Has there been any real impact on street level; do people who actually walk into shops care?

"Our PS3 customers are incredibly loyal to the brand but when PSN was taken down, there was initially a level of confusion, concern and frustration over what the hack meant for them," explained Game's head of PR, Neil Ashurst.

"Some people do seem to be slightly nervous about the level of security around PSN going forward and we recommend that users use the normal precautions around buying through an online store. However, customers are more interested in getting back to gaming online and that will drive people back to PSN in the coming days."

"With PSN, Sony must meet, and ultimately exceed, Microsoft's performance with Xbox Live."
Billy Pidgeon, analyst
HMV's head of games, Tim Ellis, had a similar story to tell.

"You'd think that it wouldn't have helped, and, obviously, customers will be aware of the issue - it's hard to miss given the media coverage, but actually we've not seen too much change to the usual level of sales," he told Eurogamer.

"So much is driven by key new releases, and there's not been that much coming out lately, though, obviously, things are likely to pick up. If the issue had fallen in the run up to Christmas, it might have been a different matter, but Sony is an incredibly strong brand that has a loyal following, and I think gamers will be keen to get playing again once they see the company fully on top of things.

"So, frustrated and disappointed as many users may be, I'd be surprised if this incident results in significant long-term fallout."

One thing Eurogamer learned from shoppers on the street was that pre-paid PSN cards, which enable content to be bought online without the use of credit cards, will be a preferable way to pay in the future.

Lewis, 22, hasn't bought a PS3 game since the PSN ID theft hack hit the news. He's got an Xbox 360, so he's got the luxury of choice.

"I did lean a bit more towards Xbox before but now it's definitely, 100 per cent Xbox," he explained to Eurogamer. "Even before the hack you'd lose connection and it has just reinforced the belief that Sony doesn't really know what they're doing when it comes to online stuff."

"When I get anything from the Store I'm going to use the voucher codes and that's it now, because I don't really want to use something that's not really secure."

Does Lewis still trust Sony? "No, not at all."

""If they were just honest about it, which it took them a long time to do; and if they were giving more things than a Welcome Back back that isn't very good; then they would probably win me over that way."
Ben Brown, shopper
Reece, 20 still trusts Sony and still buys PS3 games, but said he'd rather buy the pre-paid cards and "do it that way" in the future.

Mark Allen, 38, altered some personal credit card details but his confidence in Sony hasn't been knocked. "No no no no, no it's not at all, erm, no it hasn't affected me [buying PS3 games] no," he implored.

Eddie, father of Edward, told Eurogamer he thinks this will be a "one-off incident" that Sony, "a big company", will recover from. Eddie won't stop buying things on PSN for Edward.

But Ben Brown, 24, also an Xbox 360 owner, has had his mind made up.

"It was [Sony's] reaction to it: they were really slow about it and then they sent an email out saying, 'Yeah you could have possibly been hacked we don't know.' It was that sort of thing. Unless I see some improvement I'm put off buying definitely more titles for the PlayStation," said Brown.

"I'm not sure," he added, on the issue of trust. "That's the thing. I'm not sure. I suppose so - I've still got my card details, but I'm definitely giving it more thought that I would have before.

"If they were just honest about it, which it took them a long time to do; and if they were giving more things than a Welcome Back back that isn't very good; then they would probably win me over that way."

What happened to Sony will never be forgotten - it's one of the largest identity thefts on record. And hopefully this will be the end of Sony's run-in with hackers, which started earlier this year with the regrettable PS3 Jailbreak incident.

Perhaps any company could have been the victim; maybe Sony was unlucky - even Sony overlord Howard Stringer said PSN, which is predominantly free, "didn't seem like the likeliest place for an attack". But fair or not, Sony's suffering has been done on the behalf of the entire video games industry - as rival platform holders and gamers take the cue to rethink their personal data security.

What's more, Sony's humiliation at the hands of hackers could the shake-up needed to catapult PlayStation Network forwards.

"Sony have a reputation amongst consumers for being a bit of a 'faceless' corporation only caring about their bottom line and ignoring the community they sustain," concluded Paul Gibson from Gamers' Voice. "Hopefully Sony will recognise the value of this community in the future and perhaps support it in a more constructive way.

"Obviously, Howard Stringer stating that 'we have a network that gave people services free - It didn't seem like the likeliest place for an attack' is a stance that will now have been re-considered and I expect that their security systems are now second to none.

"If there is one positive to take from the PSN hack," Gibson added, "it is the fact that the shock of this incident and the massive publicity it achieved has made consumers increasingly aware of the amount of information they are making available on the internet and apparently how easy it is for that data to be stolen. If increased consumer awareness of these dangers is a by-product of this event then we have to take that as a good thing."