So…it's back. Over three weeks later, Sony resolved the PlayStation Network outage and turned the lights back on. Mostly. Who's ready to throw their brand-new credit card number into Sony's updated, untested system?
Not me. Hey, I'm happy everybody waiting to go multiplayer in Mortal Kombat, Portal 2, and SOCOM 4 finally gets to scratch their online itch. I also don't doubt PSN has tightened security far beyond what it was. My problem is this: Sony demonstrated an inexcusable reticence when they failed to keep their supposedly valued customers informed in the face of a major data theft.
There's a metaphor in here somewhere….
That's one serious breach of trust. And yet, the conversation mainly revolved around those demanding a little something-something for the loss of a free service and loyalists digging in to defend their platform against fanboy schadenfreude. Both approaches strike me as weak consumerism at best, poor judgment at worst. Yes, hackers created this situation, but Sony's response makes BP's handling of the gulf oil spill look positively heroic. The official company line still demonstrates a head-in-sand mentality. As CEO Howard Stringer put it on May 5, "To date, there is no confirmed evidence any credit card or personal information has been misused."
Well, allow me to introduce myself. My name's Rus McLaughlin. Someone stole, then used my credit card and personal information in the wake of the PSN breach. I have no proof that the two events are related, but based on how Sony tackled this mess, who do you think I'm going to blame?
Take a look at the timeline. The network went down on April 20 without explanation. Two days later, Sony announced (via the official PlayStation Blog) that they pulled the plug themselves due to "an external intrusion on our system." Four days later, on April 26, the story changed:
"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised."
Except the big attack actually hit on April 16 and encompassed Sony Online Entertainment's servers as well. Worst-case scenario? A criminal owned your name, password, address, email, birth date, phone number, and credit card information for 10 days before Sony said anything to anyone.
Now, if anyone at Sony even suspected their customers' information was loose in that week between the shutdown and the blog post announcing the theft — and you have to wonder why they'd turn PSN off if they didn't — that could be aiding and abetting, and criminal charges might follow. Otherwise, it really took them 10 days to figure out they had a problem, which doesn't exactly fill me with confidence in their ability to protect anything. The Japanese government still won't approve the PSN relaunch in their territory. They're not convinced, either.
That's where the real trouble begins. I wouldn't mind so much if Sony took all the damage for what they did and how they did it, but that's not the way things will play out.
Only once Kevin Butler sacrificed Marcus on the altar of blood were the PSN gods appeased.
Yes, we've seen reports of PlayStation 3 trade-ins rising sharply, class-action lawsuits are already filed (a drop in the bucket if widespread credit fraud does come to light), and Microsoft couldn't resist tagging downloadable content with "Get it first on Xbox Live!" labels just to turn a few screws. I'm far more concerned by the shift in software sales and preorders, which crash-dived on PS3. Cross-console publishers won't mind so much…that money largely shifted to the 360 releases. Developers who threw their support behind Sony — particularly those specializing in downloadable games exclusive to the PlayStation Store — must be nervous. Their revenue dropped to zero for the last month. By the time the store comes back online, their audience may have moved on…assuming they're not still resentful.
While I genuinely feel for those guys, I'm not about to give Sony another crack at my Visa card. My confidence in them is shot — not so much around security issues but in their transparency. I now know they won't tell me when something's wrong. They even left millions of customers hanging for two days, wondering why PSN didn't work anymore. Since that's the level of consideration they're willing to show me, I'm pleased to return the favor.
If others share my level of consumer confidence, that month-long outage might be the tip of a much longer drought for innocent developers like Hothead Games, Eat Sleep Play, and Q-Games.
Ah, but now Sony wants to kiss and make up with their Welcome Back Appreciation Program, the tribute demanded by the "gimmie-gimmie" crowd. Offering free downloads of past classics like Infamous and Little Big Planet would've carried more weight if I hadn't already played them to death years ago. You also get a free month of PSN Plus, the premium service nobody cares about. All the Plus benefits vanish once your subscription lapses, so call it a free preview rather than a reward for loyalty. Here's the funny part: odds are claiming this fairly cheap gift basket will require you to input a credit card. Nice way to win back customer loyalty, eh?
I just hope somebody's smart enough to make sure the free PSN Plus preview doesn't auto-renew by default, or a month from now the scandal will be how Sony showed "appreciation" by scamming returnees into paying for subscriptions they didn't actually want.
There you go…all fixed! Woot!
But really, Sony's missing the mark with appreciation. They should grovel. They should pray. Customer data is still out in the open, and their welcome back feels like a bone thrown to loyalists rather than genuine penitence…and that's what I want. Sony Executive Deputy President Kazuo Hirai, in a video released on the PlayStation Blog, assured the PlayStation nation that "we will do everything we can to regain your trust and confidence." It's tempting to suggest he start by resigning. I want the people who made these decisions gone, but not if they're replaced by others who will repeat the same mistakes.
Look…security fails sometimes. We accept a certain amount of risk when entering personal information into an online database, but we do so under a good-faith agreement. They guard our information to the utmost and, should the worst happen, notify us immediately of any danger. One way or another, through incompetence, inability, or intention, Sony didn't follow through on that contract. Those who made the decisions must explain and answer for them — and guarantee they'll do better next time to get right with me.
Oh, eventually things will settle back down to the status quo. People forget, expediency takes over, routines re-establish themselves. As a species, we just don't learn very well. But I've got a pretty good memory, and my forgiveness costs more than $40 in old games. I like the platform and all the very cool things it offers, and it's nice the PlayStation Network's back so people can enjoy it again. But for me personally? Nope. Don't care.