Social Media Week, from Feb. 7-11, drew a worldwide gathering of people and businesses interested in exchanging ideas and learning more about online social interaction and communication techniques. By offering free and inexpensive sessions with gurus on a variety of topics in nine cities across the globe, Social Media Week had something to offer everyone with an online presence.
This was only the second year that Social Media Week took place in New York City, but it was hard to tell from the session that I attended, called “WikiLeaks and Online Civil Disobedience,” since there were nearly 300 people who showed up to listen, discuss and network.
The session was a discussion of online “activism” in connection with the WikiLeaks controversy. The experts were mainly addressing the question: “Are DDoS attacks just criminal mischief, or should they be considered a legitimate form of political activism?”
Background on WikiLeaks in the U.S.
WikiLeaks, directed by the now-infamous Internet activist Julian Assange, is a whistleblowing organization that publishes secret and classified information from anonymous news sources. This international nonprofit organization has been around since 2006, but made mainstream news in the U.S. last July by publishing 67,000 intelligence reports from the war in Afghanistan, and again in October, when it posted nearly 400,000 secret reports from the war in Iraq. “[The archives] disclose important new facts about civilian casualties, the torture of detainees by our allies, Iran’s exported violence, the disruptions caused by private contractors, and the debilitating patterns of clandestine warfare in two benighted regions,” according to an article by Steve Coll that appeared in The New Yorker. And most recently, starting on Nov. 28, WikiLeaks has been releasing some of more than 250,000 secret State Department documents, casually referred to as “the diplomatic cables,” including (among many other things) our intelligence assessment of Iran’s nuclear program, our international spying habits, our involvement with corruption in the Afghan government, and how our security plans to track detainees once Guantanamo closes.
The controversy surrounding WikiLeaks is rooted in the argument of whether or not government actions should be public knowledge. On the one hand, WikiLeaks has succeeded in exposing state and corporate secrets, supporting freedom of the press, and encouraging democratic discourse. And yet, on the other hand, WikiLeaks has threatened national security, harmed international diplomacy, and compromised the lives of our diplomats and soldiers abroad.
(This background pertains particularly to WikiLeaks and the U.S., but many other countries, leaders, incidents and wars have been exposed in past cables. The ethical debate is international; the history of United States’ experience with WikiLeaks is simply used as an example to point to the controversy that WikiLeaks can incite.)
How #Anonymous and Operation Payback Become Involved in the WikiLeaks Controversy
In the days following the initial publications of “the diplomatic cables,” on Dec. 1, Amazon dropped WikiLeaks from its servers, temporarily causing the WikiLeaks website to be unreachable. Three days later, Swiss bank PostFinance froze Assange’s assets, and PayPal, a money-transferring site, cut off the account that WikiLeaks used to collect donations. On Dec. 6, MasterCard also began refusing donations to WikiLeaks, and the next day, Visa followed suit as well.
After these institutions denied financial services to WikiLeaks and Assange, a group of anonymous “activists” coordinated themselves online (mainly via Twitter) to carry out decentralized attacks on the corporations’ websites. They worked under the name “Anonymous.” This moniker is a reference to an Internet meme that represents an online community acting together anonymously. However, the pro-WikiLeaks attackers referred to themselves specifically as “Operation Payback.” Although Operation Payback existed throughout 2010 attacking other types of sites, they began focusing their attention on the companies that opposed WikiLeaks in December.
Operation Payback used distributed denial of service (DDoS) attacks to temporarily shut down the sites of the companies that had opposed WikiLeaks. The most common type of DDoS attack floods a website with external communication requests, so that the website cannot handle the level of Web traffic and is temporarily inaccessible to the public. In laymen’s terms, it would be like if you could reload a page 10,000 times in a minute, and 1,000 other people were doing the same thing at the same time — the server can only process a certain number of requests at once.
DDoS attacks are Internet piracy — but not hacking. Hacking tampers with the content and business operations of a website, while DDoS attacks are only affecting website traffic levels. To launch a DDoS attack, anyone with a computer can simply download a DDoS software program and pick a target. However, DDoS attacks are illegal, and law enforcement (or more specifically in the U.S., the FBI) can trace DDoS attackers from their IP addresses.
In the U.K., five Operation Payback people have been arrested so far for offenses under the Computer Misuse Act, and now each face up to 10 years in prison and a fine of 5,000 euro (or about $6,762). On Jan. 28, about 40 search warrants were executed in the U.S. by the FBI in search of American DDoS attackers from Operation Payback. The FBI has not confirmed any arrests, but said that suspects could also face up to 10 years in prison.
The Event: “WikiLeaks and Online Civil Disobedience”
The session I attended at Social Media Week was hosted by Personal Democracy Forum at the Hearst Corporation’s global headquarters in midtown Manhattan. Titled “WikiLeaks and Online Civil Disobedience,” the gathering featured four media-tech experts: 1) Micah Sifry, cofounder and executive director of Personal Democracy Forum, 2) John Perry Barlow, cofounder of the Electronic Frontier Foundation; 3) Deanna Zandt, author of “Share This! How You Will Change the World with Social Networking” (Berrett-Koehler, June 2010); and 4) Evgeny Morozov, author of “The Net Delusion: The Dark Side of Internet Freedom” (PublicAffairs, January 2011).
The event took place in a large conference room on the 44th floor of the Hearst Tower. The room was filled with chairs, and behind the chairs were two very large windows that showed off a scenic (and vertigo-inducing) view of the city skyline. A small platform stage was situated in the middle.
When the session began, a host introduced each of the guests, and they commenced their discussion in debate-style fashion.
The Discussion: “WikiLeaks and Online Civil Disobedience”
Are DDoS attacks just criminal mischief, or should they be considered a legitimate form of political activism?
1) Issues from Deanna Zandt (@randomdeanna), author of “Share This! How You Will Change the World with Social Networking” (Berrett-Koehler, June 2010):
What is the digital equivalent of throwing yourself in front of a tank?
DDoS attacks can be compared to a sit-in because they make businesses inaccessible, but don’t permanently damage operations or property.
The uprising in Egypt also proved that we cannot entirely rely on social media and the Internet to protest because the government can shut down the Internet, thus, it can be a way to control people. In other words, DDoS attacks can’t be the only means of attaining a political goal.
Social media is a mirror that shows our primal need to be connected.
2) Issues from Evgeny Morozov (@evgenymorozov), author of “The Net Delusion: The Dark Side of Internet Freedom” (PublicAffairs, January 2011):
DDoS attacks also put psychological pressure on the leaders of a company. They worry: “How many computer resources will we need to stay online in the future? How can this be prevented from happening again?” This concern increases as DDoS attacks become easier and easier to launch. For example, people can rent botnets and purchase a DDoS attack on an organization for several hundred dollars. Instead of needing a grassroots movement to collectively attack a website, now it’s possible to just pay for it instead.
How much jail time do DDoS attackers deserve? Ten years in prison is disproportionate to the damage done to the institutions.
Three criteria need to be considered legitimate activism: 1) attacking based on moral principles, 2) attempting to change government policy, and 3) being prepared to suffer the consequences for illegal activity. The third point brings up intent. If the attackers knew they could be traced, and did it anyway without trying to hide their identity, then that is evidence to support that it is a legitimate form of activism.
A judge should decide what is right and wrong, and the right to protest should cover cyberspace.
3) Issues from John Perry Barlow (@jpbarlow), cofounder of the Electronic Frontier Foundation:
Social media is a human right. The purpose of the Electronic Frontier Foundation is to assure rights which had not previously been assured.
The Internet is also a great tool of surveillance.
The system and architecture of the Web needs to allow the free flow of information. DDoS is irresponsible because it closes the openness of the internet and therefore is inherently wrong. There should be no laws governing the Internet. “If you control one part of it, you control all of it, in principle.”
The objective of DDoS attacks is to get a rise out of the media and advertising companies, but just because something destructive is effective doesn’t mean that it is right.
Governments don’t let their sites have public protests. We don’t own our own tweets (not that Twitter would necessarily abuse the privilege of owning them). We need a decentralized network system.
4) Issues from Micah Sifry (@mlsif), cofounder and executive director of Personal Democracy Forum:
Harsh laws (in reference to the 10 years in prison for DDoS attacks) are in place to prevent trouble.
“WikiLeaks doesn’t change anything; it highlights everything.”
DDoS gives ammunition to people in favor of the Internet “kill switch.” (The “kill switch” is associated with the Protecting Cyberspace as a National Asset Act, which is intended to protect the U.S. from external cyber attacks, but it could also potentially give the president the ability turn off the Internet during a crisis.)
Overall Questions to Consider:
Are DDoS attacks a legitimate form of protest?
(Overall, the experts seemed to agree that the intent of the attacker is key to whether or not it can be considered political activism.)
Should the Internet be decentralized, or should there be corporate servers and a “kill switch”?
(All of the experts agreed that the Internet should be free and decentralized.)
Authored by Grace Lavigne, editor, ProfNet.