Legitimate civil disobedience: Wikileaks and the layers of backlash

(Update/edit note, 12/15: If you, like me, tend not to read comments in general because they’re troll-fests, I suggest suspending your disbelief and reading the comments on this post. There’s an incredibly useful, thoughtful and productive discussion going on. With that, let me also say that I’m a tyrannical comment moderator and delete unproductive/trolling comments.)

(Note: There are so many parts to the Wikileaks story that it’s almost impossible to cover them all–once you start to detangle one angle, you discover twenty more. Slip down that rabbit hole, and you’ll come out dizzier than when you went in. In any case, this isn’t meant to be a comprehensive discussion of the entire topic, but to expand on a conversation sparked yesterday.)

I attended Personal Democracy Forum’s symposium on Wikileaks yesterday–a fantastic lineup of speakers and attendees, gathered quickly to discuss one of the most complicated intersections of Internet and politics that we’ve seen in a while. During one of the earlier forums, my friend Noel Hidalgo put forth an idea that divided the room pretty quickly: that distributed denial-of-service (DDoS) attacks are a legitimate form of civil disobedience.

A quick lesson on DDoS for the unfamiliar: a group of people gets together and decides to render a website unusable. They do this by flooding the website’s server with so many requests that the server gets overloaded and either slows down, or stops responding altogether. A big important point: this is not hacking. “Hacking” generally applies to incidents where systems are actually broken into and data is compromised. DDoS doesn’t do this.

To use the case from this week, a group of activists called Anonymous (more on them in a second) decided to render, among others, Mastercard’s website unusable. This does not mean that credit card data was stolen, or that people were unable to use their Mastercards for purchases. It means that if you went to Mastercard.com, you got a message that the website was unavailable.

So, the question: is this a legitimate form of civil disobedience?

The first sentence of the civil disobedience entry in Wikipedia reads, “Civil disobedience is the active, professed refusal to obey certain laws, demands, and commands of a government, or of an occupying international power.” After that, all bets are off on what you consider the term to mean. It’s generally accepted in the US to mean an organized, non-violent way of protesting or expressing extreme displeasure with a situation. I’m certainly open to hearing others’ definitions, here–this is as concisely as I can nail my own understanding.

The next part of this question is to look at the word “legitimate.” Legitimate doesn’t always mean legal; in fact, most of the time, it doesn’t have much to do with law at all. I want to clarify this because it also explains how I approach politics. As I said in my talk at PdF this year:

Let’s be clear about what politics are. “Politics” is not just about candidates, elections, and ballot initiatives. Politics is the art and science of influencing or changing any kind of power relationship: the cultural norms by which we act; the laws that govern us; the expectations we experience based on our gender, race, class, sexuality, abilities, and more. When I talk about political work, I’m talking about challenging and radically redefining those power relationships.

Because “legitimate” is so much more than laws, in the same way that politics is more than government, I use the term to mean “justifiable,” or otherwise “acceptable.”

To be clear, most DDoS attacks are rarely explicitly politically motivated; the people that commit them are often just in it for the lulz. (In other words, in it for kicks ‘n’ giggles.) Those folks, typical of Anonymous’ membership, are what I call “chaos enthusiasts.” They want to cause disruption for its own sake, and love watching the theater and drama of an attack play out. When politics do become involved, other tactics are often added to the DDoS attacks, and aren’t what I’d consider OK within the realm of protest vs. power. Friends, clients and colleagues have been the victim of this end Anonymous’ work in the past–particularly my feminist cohorts have experienced their brutal misogyny.

When we face issues of free speech on the Net, we’re confronted with a severe reality in the harshest moments: we consider this here to be public space, but in reality it’s owned and operated by private companies. There is currently no set of accepted standards that say we have a set of rights online. (Though many have tried– Katrin Verclas referred us to a very short history of Internet rights, for example.)

Several corporations bowed to political pressure and cut off services to Wikileaks. It has not yet been proven that the organization broke any laws, but Paypal, Mastercard and others decided to stop allowing citizens to show their support for the organization by giving them money. This is a clear violation of limiting a form of speech– the Supreme Court ruled this year that political donations are a form of free speech, at least when corporations are doing the donating. To me, this was the first volley in this theater of battle. It angered me, and a whole lot of other people, clearly. I’ve been told that in Germany, where the citizenry are notoriously suspicious of technology, privacy and politics, the federal courts there have labeled DDoS a form of free speech. (Link tk.)

Thus, in response, Anonymous launched a DDoS attack against the websites of the companies that took away people’s rights to support a political organization. Many, myself included, consider DDoS in this context to be much like a sit-in in the offline world. The point of a sit-in is to render a building/room/service unusable for a temporary period of time. Sit-ins aren’t “legal”– you get arrested, and most activists who participate in them know this ahead of time and prepare for it. (At the event, I was asked what happens after arrest; most of the time, it’s a misdemeanor charge, and you’re issued an ACD.)

No permanent damage is done in a DDoS attack. This is particularly important to note when discussing DDoS as a political tool. It’s the difference between participating in a die-in at an embassy, for example, and smashing the windows of an embassy. As with any other form of activism, it shouldn’t be the only prong in a campaign strategy, and shouldn’t be used in every campaign.

Many at the forum disagree vehemently with this line of thinking: from what I understand, the argument is that “attacking the network does everyone a disservice.” I understand this and see the nobility it tries to bring; I was pointed to a quote from 2000 by Cult of the Dead Cow opposing early political DoS attacks– “One does not make a better point in a public forum by shouting down one’s opponent.” However, I disagree in cases where we are dealing with powerful corporations who do not respond to traditional forms of protest. I also believe it is, in cases against corporate abuse of power, a way to get direct media attention for a cause.

Noel asked what I’d ask people who disagree with me: how do I digitally throw myself in front of a tank? What we do online often runs the risk of slacktivism. For example, I’m surprised at how many people rallied around last weekend’s “change your Facebook picture to a cartoon character to raise awareness about child abuse.” Really? This is the innovation we’re coming up with? What does a picture-swap do except make us feel chummy with each other?*

We — tech activists and politically-minded folk, especially in the US — bring a tremendous amount of privilege to the table. We have the ability and freedom to risk ourselves for the benefit of many who do not. So with that in mind, we’re using our privilege to poo-poo the temporary disabling of a giant corporate website, while looking for just the right shot of Mickey Mouse? Power dynamics matter. There is a reason that David and Goliath is such a powerful story in Western culture.

Perhaps what some people are afraid of is that giving a stamp of approval to DDoS as a political tool makes it okay for their political enemies to do the same. What’s to stop the CIA, or Iran’s government ops, or whomever to do the same to sites we believe in and support? Again, I understand, but I maintain another angle on the slippery-slope fears: I fear cataloging DDoS as illegitimate will ultimately prevent other forms of digital activism from being used, or even from being able to be used. There’s a nicely nuanced post about DDoS from the Iranian protest period of 2009 that discusses pros and cons, vis a vis the “we don’t want to stoop to the enemy’s level” argument.

The last point of discussion I want to bring up is one of accountability– over on Twitter, my friend Ben Greenberg made this point: “I question actions that are not accountable to a community or to the other side. How is that ‘civil’ disobedience?” Well, I think Anonymous certainly is accountable to itself, with its own set of wacky mores and rules. In a case like this, who else do they need to be accountable to? Maybe I’m misunderstanding the question, which is why I wanted to take this part beyond the 140-character limit. An anti-war group that sits-in at a recruiting station is accountable to whom? Themselves, certainly. Are they accountable to the entire rest of the anti-war movement? The opposing side, in this case, the military or the police, can hold them accountable by arresting them. In the case of DDoS, that’s not as easy, but still quite possible. (Especially when the publicly released tool to propel the DDoS on Wikileaks’ detractors didn’t disguise IP addresses.)

Nonetheless, anonymity is mainstay of DDoS, and this could be the sticking point for many as to whether it’s considered “civil.” My friend Arthur said, “Anonymity is generally not accepted as civil disobedience- that is not a bad thing, it’s just a different category. Civil disobedience uses the spectacle of the citizen confronting the mechanisms of the state to create its power. I don’t think denial of service attacks are comparable in that regard.” What if members of a DDoS attack volunteered their names? Would that change how people who currently disagree with the tactic feel?

Ultimately, I’m far more fearful of (and angered by) corporate reactions to politically sticky situations, and what we’re going to be doing to aid people I buy Internet services from in protecting me against politically-motivated squelching, and how we’ll stop those companies that seek to do it anyways. Until we have clear, strong protection globally, I have few to no issues with using many of the tools at our disposal.

UPDATE: Noel sent me this article on Electronic Civil Disobedience.

UPDATE #2: Must read: Nathan’s comment below.


* There’s a whole ‘nother discussion here about power, privilege, risk and comfort when it comes to digital activism. What the short version of my feelings amounts to is that as long as we are as comfortable as we are, we won’t risk anything. We have too much to lose. Thus, the question comes back to: how do I digitally throw myself in front of a tank?

43 Responses to “Legitimate civil disobedience: Wikileaks and the layers of backlash”

  1. Noel Hidalgo says:

    It’s been 12 years since the following quote was written and we still have trouble defining cyberspace.

    http://www.thing.net/%7Erdom/ecd/oecd.html

    As we consider the trajectory of resistance in the United States and as we envision the possibilities of resistance increasingly taking place in cyberspace, it is important to remember that civil disobedience has been an important part of the history of political growth and change in this country. Thoreau’s contribution, by example and by word, influenced generations that followed. But today, we stand at a new crossroads, one in which these older forms of resistance and protest are being transformed. While it is useful to consider the path that civil disobedience has taken up until now, we also need to be aware that our political terrain is changing dramatically. In the 21st century, electronic civil disobedience will occur.

    Also, one should take a look at Tim Hwang’s piece in the Washington Post.
    http://www.washingtonpost.com/wp-dyn/content/article/2010/12/10/AR2010121002604.html

  2. Kyra Gaunt says:

    This is an excellent post. Love your definition(s) of politics and engagement with issues of power and privilege (I can always count on you for that) around issues that affect our public security and voice. Love the links too! Let me be the 2nd not-so-lonely comment.

    You really distinguish, tease out, some important issues about legality and legitimacy. I appreciated that a whole lot. Trying to see how to bring this post and the issue into my anthro course this spring. xoxo, Kyra

  3. “One does not make a better point in a public forum by shouting down one’s opponent.”

    What this viewpoint leaves out is that Wikileaks was the victom of DDoS attacks first. Does it become more civil disobediency when you are mirroring the actions of your opponents? I would argue that it does. Some will claim Mastercard, Visa, Paypal and others weren’t opponents, but the minute they actively shut off Wikileaks they took a stand (a stand they aren’t willing to take agains the KKK) and aligned themselves as opponents of Wikileaks. The government’s silence while an American inside the country attacked Wikileaks and numerous mirror sites sent a strong message, they might have well taken a bullhorn to the White House lawn and screamed “DDoS is legitimate!”

  4. Amanda says:

    I think the question you’ll never find consensus on might be “what are the boudaries of ‘legitimate’ civil disobedience?”

    I draw the lines at silencing others and weave them through property distruction. Physically preventing access to a facility is sometimes legitimate, but I havea big issue with abortion protesters who. Do just that. Dismantling railway tracks to stop arms sales?

  5. Anonymous are criminals, not Robin Hood. Any business has a right to say no to questionable clientele. It seems off to me.

    Let’s look at masters of civil disobedience — Ghandi and MLK, would they attack someone else’s storefront and put them out of business? No, they would boycott, verbally protest, etc. etc.

    As to the two wrongs argument, consider that. The U.S. is already implicit, the attack just brings attention to the hackers instead of U.S. clampdown’s on Wikileaks. How many more attacks will it take before public opinion completely goes against the hackers in the U.S.? The rest of the world is already with them, so I question how more attacks will help.

    Leaking the cables was an act of civil disobedience that MLK or Ghandi would agree with. DDoS is step across that line…

  6. Nathan says:

    My geek side is admittedly excited about the concept of opt-in activist botnets, but my non-violent direct action-trained side is seriously concerned about people not knowing what they are getting themselves into.

    DDoS is a lazy form of civil disobedience, at best, and one the participants undertake with very little to no training or preparation for the potential consequences. It seems now that potentially the LOIC tool uses by Anonymous isn’t actually anonymous for the participant in the attack, leaving the willing, but perhaps too trusting, participants now open for direct criminal persecution. This may not be a bad thing though, as a pretty important component of CD is that you most likely will end up in jail, at least for a night.

    I also am curious to find other examples of CD where the CD act itself isn’t directly against the unjust law… the lunch counter and bus strikers were against specific laws about those places and services. Gandhi refused to buy salt, show his papers, and so on, because he felt to do so was unjust and unfair. DDoS might be a form of protest, but within this type of definition, disrupting service providers is CD. If internet anonymity was outlawed, using Tor knowing you might be arrested would be CD, in my definition of things. Even illegal file-sharing is CD, if you feel that the DMCA and copyright is an unjust law. I would say that the proper CD for Wikileaks if you support them is to mirror, and not to DDoS their adversaries.

    I also believe there are better ways to make use of distributed human and computing resources. As an example, I have built a similar “botnet for good” system in the past, that allowed anyone to add their computer into a cloud of machines used to send SMS messages to mobile phones via the “free” SMTP/Email-to-SMS gateways offered by carriers. Normally, a single machine can only send a few messages at a time through these gateways, but with our opt-in cloud of sms senders, we were able to send tens of thousands a messages a day without any cost. This was used to send SMS reminders about election days to people who had willingly given their cellphone numbers to various NGOs, unions, etc. This is not civil disobedience, but it does help change things.

    Another great example is running a Tor bridge for users in countries with restricted net access. This is a constructive act, that enables the network to work BETTER, and for information to move more freely, as opposed to shutting things down.

    Finally, I just don’t think I can get over the anonymous aspect of it all. I am a huge pro-anonymity advocate, but I am against that capability being used for disruptive network attacks, both because it wasn’t what these services were built for, and it potentially harms and disreputes the anonymous services down the road.

    I am not condemning DDoS as not being CD, I think I am just saying “is that it? is that the best you can do?”.

  7. Farai Chideya says:

    Dear Deanna:

    Thank you for this provocative and nuanced look at DDoS vs.-or-as civil disobediance. I forwarded it to a bunch of students I’m working with and I look forward to discussing it with them.

    Although I’ve been online/in online communities for many years, I was introduced to the idea of “the lulz” much more recently. Very often, some people are doing something for the lulz; another group can do the same thing for ideology… and that bring up intent. Do you judge the worthiness based on outcome or intent, and how do you judge intent? (Juries have to judge intent sometimes, for example between murder and manslaughter; let alone murder and self-defense. How does the court of public opinion judge intent?)

    Anyway, thanks for this…

  8. David Power says:

    This has been an interesting discussion, Ddos attacks have been around for quite some time at least 15 years. Nobody really mentions the collateral damage this causes.

    Every network and all the users on it are effected by the flood, I used to run an ISP and we would have data pipes that cost us 10′s of thousands a month of dollars rendered useless as they were flooded buy an attack targeting a single user who got into a argument. This would effect 1000′s of users until we could set the routers to discard the traffic and contact the other network operators to do the same. Very unhappy customers resulted from this.

    Think of 20 or so trucks all deciding to start driving 10 mph on all the freeways heading into any major city for hours to stop a single delivery from being delivered to a single business.

    This effects every customer in the data center, all the web sites hosted there, and anyone that happens to be trying to use the networks that the floods are coming in on.
    Whats next, take down all the cell phone networks because a carrier no longer provides service to someone they turn off for violating their terms of service?

  9. irdial says:

    “change your Facebook picture to a cartoon character to raise awareness about child abuse.” Really? This is the innovation we’re coming up with? What does a picture-swap do except make us feel chummy with each other?*

    For me, this is the most crucial observation of this entire post.

    There are many people who seem to think that demonstrations and actions against an enemy are an end in themselves, and no matter what the outcome is, they should be done and followed. The twitter avatar brigade, the demonstrations in the street brigade and all other adherents of goal-less gestures are exactly the same; they are all subject to the delusion that the exercise of speech itself is enough to solve a problem.

    You would not organise a concert to put out a grease fire on your stove, any more than you would change your twitter avatar to stop your bath from overflowing, yet, this is exactly what the people who call for demonstrations in the street, the signing of petitions and other useless tactics do over and over. Instead of using the internet to organise acts that unambiguously achieve ends, they use the internet to more efficiently collect petition signatures. It doesn’t make any sense.

    Until a problem solving mind set comes into play, nothing is going to change or get fixed. In order to solve a problem you need to understand all the fundamental parts of it, and in the case of wikileaks and net censorship, the core problem is the State. It is the State that caused Amazon to terminate Wikileak’s account. It is the State that frightened Tableau into deleting Wikileaks’ visualisations. It is the State that caused MasterCard, VISA and PayPal to terminate their relationships with Wikileaks. In absentia of the State, none of these companies would have taken that actions that they did, and that is a fact.

    You cannot on the one hand, be for ‘Democracy’ and the State, and also believe that you will be able to solve the problems that continue to recur and escalate on the net and elsewhere.

    Anonymous is an interesting phenomenon but its methods are crude, immature and operating ‘inside the matrix’ i.e. there is an implicit acceptance that there must be a State, and that the State is not the problem; by taking this stance as a given, Anonymous and all the people who are for a free internet will never succeed.

    Net Neutrality is a perfect example of the doublethinking amongst ‘the technorati’. On the one hand, they are for a free internet, where everyone has access and there is no censorship. On the other, they are calling for the state to MANDATE that ISPs do not shape traffic. You cannot have it both ways; you cannot call for the state to do violence against ISPs but then demand that the state not interfere in ISPs.

    Once again, nothing is going to be solved for the long run until the people with concerns in this area come to terms with the true nature of the countries they live in, their violence and the unethical nature of the things they are calling for. Only after this realisation is internalized will it become possible for a form of civil disobedience to emerge that will solve the problems to hand.

  10. deanna zandt says:

    Just wanted to say THANK YOU for all these insightful comments from last night and this morning. I’m reading, digesting, and will either post replies here or craft a new post in response. xox

  11. amanda says:

    Sigh. I apologize for my half comment. I was trying to respond from my phone and it didn’t go so well. Among other things, I managed to submit it while I was trying to fix a typo. I thought I stopped it but I guess I didn’t get there in time.

    Maybe I made my point, but I was planning to follow that with a few sentences. Civil disobedience is always fraught and we all draw lines around what we find acceptable differently. The idea that you shouldn’t take any action that will inconvenience other people is downright silly. My parents love to tell a story about someone (a great aunt, I think, or cousin of my grandmother’s generation?) who came home from the grocery store absolutely aghast that UFW had the nerve, the gall to be handing out petitions urging a boycott of table grapes. Right there at the store! She was just trying to buy groceries and they were bringing up all this political nonsense. The grocery store is not the place for politics. No word on where they should have been. All of which is to say … we all draw our lines in different places.

  12. [...] somewhat sympathetic to arguments like the one Tim makes here (or that’s discussed in this comment). But I think the idea that past instances of civil disobedience were done in an orderly manner by [...]

  13. [...] has produced a good coverage of it. New York-based blogger Deanna Zandt has also sparked an interesting conversation on this topic. December 13, 2010 | mdeseriis | No Comments [...]

  14. wantonymous says:

    I’m not sure what other activists (with no precursor) would say, but my own experience says that it is very hard to start a movement. Unfortunately, people seem to lust after the smallest forms of expressing displeasure (e.g., the cartoon profile pics), but ask someone to attend a rally and they’re always just too busy. In that sense, what Nathan says: “DDoS is a lazy form of civil disobedience” is very true. Anonymous made it easy to download and install LOIC for thousands of people, who, with a few minutes of setup and some mouse clicks, could particpate.

    Yet, as Deanna points out, it is an absolutely huge media event. After the Anonymous DDoS attacks and media coverage, the number of downloads of LOIC skyrocketed and hundreds of people were asking on their forums how they could help protest. The media coverage was, therefore, an essential first step to creating a movement, and it spun off multiple new projects focusing other ideas (e.g., LeakSpin, and now CableWiki). Leakspin has 10s-100s of people (it’s hard to tell, really) editing releases, and both efforts emphasize reading the cables directly so it has also promoted even more mirror sites.

    There probably are ways of doing things better, Nathan. And if it had all been planned out by people with activism experience, things might have been done differently. But it was pretty spontaneous (4chan is nothing if not that), and people didn’t have months, or even weeks, to plan out what they were going to do (even if they did, it wouldn’t have been in their ethos to work that way). Anonymous is a reluctant leader at best (“leader” is not even the right word), and it does not even begin to represent (nor would it claim to) “the distributed human resources” who were introduced to, and now working in support of, Wikileaks through those offshoot organizations.

    My point, I suppose: It seems to me that all civil disobedience movements start out as a small snowball rolling down the hill. The ball almost always stops because friction is just too great. But if it hits the right critical mass and has the right shape, it rides. I think the DDoS attacks promoted the cause and made the snowball significantly bigger, and attracted a group of people who could keep it going. Unfortunately, it’s got some really rough edges (it does need those “problem solving mind sets” mentioned by irdial). But some of minds are stepping up right now (it’s pretty cool to see it happening), and we’ll see if they’re good enough.

    If nothing else, all the mini-issues that info-activists have been talking about for years (e.g., net-neutrality), will finally grow up to be real issues that everyone else knows and finally cares about.

    PS – In response to Geoff: “Any business has a right to say no to [a] questionable clientele.” That is true. However, 1) they do not have a right to tell you to go away without settling your accounts. That was, in effect, what Paypal did by suspending access to Wikileaks funds (which were just released today), and 2) companies are legally obligated to fullfill contracts within the terms of their service agreements. The immediate termination of wikileaks DNS and hosting space, if they did not actually violate the terms of their service agreement (which is legally fuzzy), would then be a crime. Iceland is opening an investigation into Visa and Mastercard for this very thing.

  15. Stowe Boyd says:

    Geoff Livingston is completely wrong when he says businesses can deny service to questionable clients. This is not the case in general. For example, a restaurant cannot deny service to teenagers, people eating alone, or Gypsies. In general, the courts have upheld the notion that service can only be denied when the clients are doing something illegal, like disturbing the peace, or not wearing shoes. Banks can’t turn people away who want to open checking accounts because they seem unsavory. Your landlord can’t evict you because you were arrested for tax fraud, for example.

    Mastercard is breaking the law, but assumes it will be able to get away with it b/c they assume that Wikileaks will be prosecuted by the US, and in the meantime, they presume that Wikileaks will be too busy to do anything about it.

    More fundamentally, direct action — like that undertaken by Anonymous — is certainly in line with activities that Green Peace and others have taken in the past. If whalers want to kill whales, and the courts let them, diIrect action — chasing whalers away from whales, boycotting and picketing stores that sell whale meat, etc. — might be the last course of action available.

    The question of legitimacy is slippery, and is tied up with the point of view of the observer, but to me, Anonymous’ actions are legitimate direct action against a company making a political stand. Mastercard might have been better served by taking a neutral position. Those who are in favor of Wikileaks radical transparency might also reject the company’s business, but by closing Mastercard accounts.

  16. As I said over on Twitter to Deanna, Nathan makes several points that I hold true and dear to my heart about CD and nonviolent resistance. More on that to come in a blog post soon—but I want to ask here, where there’s a bunch of folks who know the history of Anon and the use of such tactics better than I, is it verified that this is the same group that Wikipedia says was responsible for the racist 2008 DDoS attack and hacking of SOHH.com and AllHipHop.com sites? The incident was covered on NPR by Farai. If you look through the list of past actions that Wikipedia attributes to Anon, there are others that I would not want to rush to defend the legitimacy of either. There are allegations, for example—not clearly substantiated—that Anon was involved in hacking an Epilepsy Foundation forum to make the site flash in a sick attempt to induce seizures in site visitors. The fact that that Anon may have also gone after Scientology and right wing extremist Hal Turner does not ameliorate the indefensible racist crap.

    Have folks here researched this history? If Anon is responsible for the attack on SOHH and AllHipHop (see the screenshot at the wikipedia link for an example of the hack), I really don’t want Anon’s actions put anywhere near the legacies of MLK, Diane Nash, and Ghandi.

  17. Jen Angel says:

    These types of “attacks” are simply tools to be used by activists. Hopefully whomever is doing the attack has thought strategically about what they want and how to get it, and what tools might be used as tactics to accomplish those goals. Part of considering whether a tactic is strategic or not is considering who, in addition to the target, might be inconvenienced, or what other consequences might be. Each activist groups makes their own decisions about what is and what is not strategic.

    In a world more increasingly controlled by corporations as well as governments, disrupting a corporations business temporarily is a tactic being used by a wide range of social movements. In the environmental movement, Greenpeace and Rainforest Action Network are masters. Picket lines, boycotts, creative actions that disrupt business as usual are common tools/tactics, and this is an example of those tactics moving online – which no one should be surprised at.

  18. Deanna, thanks for hosting a thoughtful and provocative conversation.

    I’m in agreement with a number of the commenters here. I share Nathan’s sense that DDoS is a lazy form of engagement, and with irdial that any form of protest needs to be connected to a larger campaign and a theory of change to be effective in the long run. And, as a former sysadmin, David Power’s comments on collateral damage and cost are near and dear to my heart.

    I’d like to complicate one of the assumptions that you’re making in the post – that DDoS causes no permanent damage. Companies like MasterCard and PayPal have the system resources to clean up the mess caused by DDoS, but not everyone who’s subject to DDoS does.

    In the next couple of weeks, colleagues at the Berkman Center and I are releasing a report on DDoS attacks on independent media and human rights sites – we’ve been working on the report for almost a year, and we’ve had to slow the release to incorporate some thoughts on the recent rash of DDoS, both against and in support of Wikileaks. One thing we found from polling admins of independent media sites is that DDoS attacks on their sites often take them offline for weeks or longer. Sustained DDoS forces them off $20/mo. hosts and onto hosts that cost thousands of dollars a month, massive sums for some of these organizations. In most cases, the admins don’t know if the attacks are coming from governments they’re reporting on, individuals who don’t share their point of view or hired botnets – they simply know that they can’t stay online in the face of the attacks. Some often-attacked sites, like Vietnamese pro-democracy group Viet Tan, are simply giving up and hosting key sites on Blogger, letting Google take on the role of defending them from DDoS. In other words, a DDoS on MasterCard may not be smashing windows, but a DDoS on a smaller site might well be.

    I’m not suggesting that Anonymous is responsible for these attacks on independent media and human rights sites. What I am suggesting is that they’ve generated a huge amount of PR for DDoS, and that I expect to see more DDoS attacks on independent media going forwards. My fear is that legitimating DDoS as a form of protest doesn’t just enable those who would protest large corporations – it enables the sorts of people who target dissident voices. As Will Urquhart mentions in his comment, Wikileaks was subject to a serious DDoS attack, which prompted it to move to Amazon’s cloud hosting. An individual hacker, “The Jester”, has claimed responsibility for that attack, based on his belief that Wikileaks endangers American troops. The Jester has a long track record of targeting sites he believes promote Jihad or which he perceives to harm US interests. I worry that arguments used to justify DDoS against MasterCard will be used to justify the Jester’s work or the work of people attacking Viet Tan.

    I think what Amazon, PayPal and others did in response to US government pressure was shameful. The good news is that there are far more effective ways to protest than DDoS. Denounce. Boycott. Push for legislation that eliminates their ability to hold themselves harmless from copyright infringement or other distribution harms unless they agree to protect online speech. Promote companies, especially competitors, that have less abusive terms of service and a better policy of protecting free speech than those mentioned here. Just don’t give moral and ethical air cover to the bastards who are using DDoS to silence sites for whom a DDoS is a shut down, not a sit in.

  19. Tom W. says:

    Ethan Zuckerman has hit on a key point here, related to less-powerful actors who come up against DDoS activists: “…don’t give moral and ethical air cover to the bastards who are using DDoS to silence sites for whom a DDoS is a shut down, not a sit in.”

    That’s a great point, mainly because the crowd’s not always on the side of the good or the just or the brave. And the anonymous ability to force the closure of a virtual community, a salon of ideas, a government, an opposition group, a big store, or a blog like this one frankly gives too much opportunity for digital fascism to take root.

    I did a post over on my blog on this today – http://tomwatson.typepad.com/tom_watson/2010/12/denial-of-service-denial-of-speech.html – and basically said (in typically long-winded fashion) that denying Internet speech to anyone is a bad tactic – and even worse ethics.

    Deanna, thanks for this open conversation.

  20. Alison Bryan says:

    In the UK it is a criminal offence to intend to impair the operation of a computer and to prevent access to a program or data.

    The Computer Misuse Act 1990 s.3(2), specifically paragraph (b). See here: http://www.legislation.gov.uk/ukpga/1990/18/section/3

    Note, the above section was inserted as amendment from a 2006 Act, so it was drafted within the era of common internet usage. (If anyone is going to argue parliamentary intention wouldn’t have included this in 1990, for the purposes of interpretation).

  21. wantonymous says:

    I’ve already spoken so I’ll be quick, but in quick answer to Ben: “past actions that Wikipedia attributes to Anon”. Those attacks were most certainly done under Anonymous’ umbrella, and that is a perfect example of the “chaos enthusiasts” mentioned in Deanna’s OP. However, I want to point out (or reiterate) that there are no controls on the membership of Anonymous (everyone is, in fact, anonymous). It is not like Greenpeace or Al Queda or any other group with a hierarchical structure and specific objectives or morality. It is the opposite of that. “Anonymous” is just the mantle that individuals take up to fight for causes or sow chaos. It is not a group, it is a moniker.

  22. C-wil says:

    Much of this conversation boils down to a belief in making quasi-legal rules for activists to follow. “Are DDoS prohibited or encouraged?” is being treated as something we can decide for ourselves, now and for all time.

    I think this legal consciousness is part of the problem. I’m not saying that any and all ethical standards are problematic, just that this kind of discussion often pivots around “ethical standards” that amount to universal decisions about a given tactic, rather than situating our ethics in particular situations of conflict.

    In the case of Wikileaks/Visa/Anonymous, the cyberwar metaphor that is circulating may be of more use than the civil disobedience frame. (Actually, nonviolent tactical combat may be a better way to think about strategy in the case of CD and NVDA as well, but that’s a whole other book of thoughts). CD theory came out of the idea of a common citizenry to which a government is accountable, and the existence of corrective mechanisms once an injustice is exposed by peaceable conflict with the state. This is is the world summoned by Ethan Zuckerman when he says, “The good news is that there are far more effective ways to protest than DDoS. Denounce. Boycott. Push for legislation that eliminates their ability to hold themselves harmless from copyright infringement or other distribution harms unless they agree to protect online speech.”

    Ethan must be joking with this last idea: Members of the US legislature are calling for literal war on Wikileaks. The idea that some unbiased legislative policy will come in to protect them on free speech grounds is ludicrous in this context.

    Which brings us back to the war metaphor. Conflicts like these aren’t all out wars: the US has not declared martial law in response to wikileaks and started rounding up people without charge. Instead the attacks on Wikileaks are a small area of lawless or principal-less behavior begun by the powerful to attack a specific threat. The war on Wikileaks takes place within a broader landscape of peace and legality. Nonetheless, the everyday legal/commercial/social order has been violated by a number of attacks: unlike everyday leaking (through, for example, the Washington Post), threats of assassination, covert grand juries, and highly irregular international arrest warrants are circulating; DDoS attacks have been mounted on Wikileaks; the normally sacrosanct flow of commerce (MasterCard! Visa! PayPal!) has been sabotaged by government pressure.

    The Civil Disobedience strategic framework suggests that these are rare and exceptional circumstances best dealt with by an appeal to leaders through demonstrative action. The (nonviolent) combat metaphor reads these acts as the creation of a battlefield in which the government has departed from the everyday rules. This view implies that the best way to respond is to make sure that this foray into direct attack on Wikileaks is defeated on its own terms. I think that the past decade of governmental behavior, systematically creating new illegalities—extraordinary rendition, warrantless wiretapping, drone assassinations, laptop searches…—suggestions strongly that the world we live in is better described by the the latter perspective, at least on issues of national security and information freedom.

    This kind of limited conflict has its own standards of restraint. Things are not to be randomly attacked, and the rest of the world is to be left in its state of peace as much as possible. Nonviolent blockaders, for example, have an intuitive sense of such ethics: allowing ambulances to pass, but not buses full of police involved in a conflict; focusing antiwar actions on institutions involved in the war; and feeling outrage at police who attack passersby or who arrest injured demonstrators at hospitals. This not being a revolution, we expect some limits on the arena of conflict, and we do our best to respect them.

    Two weeks ago, the US government vs. Wikileaks battle was being waged in the court of public opinion (with the exception of the imprisonment of Bradley Manning). Visa, MasterCard, and PayPal were only as much a part of that struggle as the grass is part of a football game. Then, voluntarily, these organizations placed themselves on the battlefield against Wikileaks. They’ve been attacked by Wikileaks allies using the exact tactics already used in the conflict. In my view: no surprise, no foul.

  23. @wantonymous thanks for replying to my comment. It’s taken me a while to wrap my mind around the anarchist non-groupness of Anonymous. I think I pretty much get it now. In the debates about this, there is little distinction between critique of DDoS as a tactic and critique of Anon as an actor. As I’m writing about the the issue and continuing to learn, I only feel more strongly now that I object to both. I don’t see how some positive directions ameliorates the deeply negative ones—especially when by any caprice the negativity may well dominate again. Is it “chaos” when Anonymous perpetrates racist or ablelist attacks and “good” when better “minds” prevail? This mode of operation has no relationship to the civil disobedience and nonviolent resistance traditions, rooted in values of civil society and the rule of law. Why have so many progressives leapt to join hands with thugs who’s main political accomplishment was bullying?

    Deanna, I know I’m not speaking to your stated concerns about the possibility of closing off other defensible digital tactics or to your desire to keep your options open for when there is a virtual tank that that needs to be stopped by a desperate act or not be stopped at all. One of the fundamental tenets of the nonviolent tradition is ends do not justify means. I am not a purist about pacifism. MLK used to tease my dad that he was a “pacifoid” for holding that there were circumstances in which force was justified; I’m sure that if pressed I’ll be shown to be a pacifoid, too. But I just don’t see how what Anon did here deserves support.

  24. Rita Walpole Ague says:

    Deanna: FYI, yours was one of two articles and one link posted on AlterNet that my Windows could not pull up. The other article, posted on Dec. 10, had to do with the Pentagon turning middle class recruits into the worst killers in the world. The link that was barred also had to do, as does your excellent article, with Assange/Wiki-Leaks, and is Michael Moore explaining his contribution to Assange’s bailout. It’s strange, because other AlterNet articles on far less controversial topics come up for me to read and comment on, if I so desire, with no trouble whatsoever. Qustion is, has anyone else brought this to your attention?

  25. [...] LinksDeanna Zandt: Legitimate civil disobedience: Wikileaks and the layers of backlash"We Don't Have the Internet We Think We Have"Pro-WikiLeaks Hackers Take Down MasterCard [...]

  26. [...] technology as an effective tool for challenging powerful institutions. Are whistleblowing websites, crowdsourced DDoS attacks and text messaging the methods which will reinvigorate activism? Perhaps we’re moving beyond [...]

  27. Jed says:

    Ethan’s point about the risks of giving PR to DDoS is an important dose of pragmatism. In addition to the question of whether it’s “lazy” engagement, he’s asking if there’s such a thing as “responsible” disobedience and probably we have to agree that there is. (Though, I’m not claiming to know where the line is, and we can also agree that disruption is often the best way for activists to get attention.)

    But the continuing Wikileaks drama higlights questions that have hounded online activism all along: Do metaphors of physical place apply to virtual politics? Is there any point in calling something a “virtual march?” When an effectively stateless actor like Julian Assange can post national security information to a virtual space, mirrored 500 times by volunteers, which of our pre-Internet notions of place, policy and decorum still apply and which have been rendered insufficient?

    This is my problem with that Malcolm Gladwell piece in The New Yorker too. Just because the breathless claims about social media’s power are overblown (per Deanna’s point about cartoon characters (mine was Pooh)) doesn’t mean that risk in the physical world is the defining element of real activism. If Wikileaks and the DDoS debate here have shown us anything, it’s that we need new definitions of risk, accountability and activism to account for the evolving nature of location, security and collective action.

    Deanna and Noel, I thought you’d like this picture from Saturday’s PDF event, from when a gentleman whose name I don’t was insisting to Noel that DDoS is not legitimate CD.

    p.s. On the question of whether the Internet is a viable space for setting information free, everyone should watch these sobering reminders from Doug Rushkoff about ownership and who controls the off-switch.

  28. [...] Deanna Zandt’s take on the power dynamics of the DDoS [...]

  29. [...] Deanna Zandt, author of Share This!, looks at it as a form of nonviolent action: Many, myself included, consider DDoS in this context to be much like a sit-in in the offline world…. No permanent damage is done in a DDoS attack…. It’s the difference between participating in a die-in at an embassy, for example, and smashing the windows of an embassy. [...]

  30. ubuntupunk says:

    Denial of Service everyday, experience of the developing world http://medialternatives.blogetery.com/

  31. Steve Katz says:

    One of the best books I’ve ever read about the history and ethics of nonviolent civil disobedience is Ray Arsenault’s Freedom Riders: 1961 and the Struggle for Racial Justice. Arsenault looks beneath the TV images and our own media-shaped memory, and tells the story of the very, very few members of that “beloved community” who committed themselves to the struggle.

    Less than 400 people, who grounded their action in a moral/religious/ethical belief system that most of us would find astonishing in its intensity, power, and reach. Their beliefs sustained them in the face of real danger, and it was on that basis they were willing to risk their lives every day. I guess the point being that there was a consistency, an alignment between their beliefs and their actions. Actions were deeply meditated upon before being put into play.

    Arsenault suggests that the Freedom Rider community truly believed that they could change the world through their testimony, their witness, and their willingness to sacrifice everything they were and had. Is that how it actually worked? Maybe for the very few people who had direct engagement with those folks, and saw the depth of their beliefs.

    But that’s not what moved public opinion, which in turn forced changes in law and mores. It’s pretty clear, I think, that the Freedom Rides were made for prime time, even if that wasn’t what the Riders themselves intended. Morally right action intersected with the society of the televised spectacle in completely new ways. And out of that strange brew came the change that made the 60s different.

    Is there a digital, 21st corollary we should be looking at?

  32. Nathan says:

    I just read this post: http://blog.greenpirate.org/a-look-at-ddos-net-activism/ and thought i was useful to tag on to this thread. Some excellent analogies are presented between DDoS-style net activism and “AFK” Activism, including:

    “Imagine a thousand activists forming long lines in a grocery store in protest of said store. Each one performing the legal act of purchasing an inexpensive pack of bubble gum, effectively making it difficult for customers who want to make larger purchases to do so. After their initial purchase, they move to the back of the line to buy another pack of gum.

    Customers intending to make larger purchases either go to another store or must wait until the protesters are finished before they return.

    Would you expect those who purchase a cheap pack of bubble gum to be arrested as criminals or vandals? Most reasonable people would not call for the arrest of somebody buying a pack of gum as a form of civil disobedience. Should it be any different for somebody performing a very similar, legal act?”

  33. [...] worth noting, Deanna Zandt has some excellent  commentary on the issue of internet rights and access, When we face issues of [...]

  34. [...] (For a more in depth exploration and ensuing discussion of DDoS, see my post, and the comments, over here.) [...]

  35. [...] of criticism, too, from thinkers like British author Andrew Keen. Media consultant Deanna Zandt offered a thoughtful take on the ethics of [...]

  36. [...] Zandt has written a great report on the flurry of discussion that has erupted in reaction to the assertions recently made that the tactic for bringing down the credit card [...]

  37. [...] taking part in pro-WikiLeaks cyber attacks against MasterCard and Visa. Tech writer and activist Deanna Zandt wrote of the PDF forum that there too, DDoS absorbed most of the crowd’s attention. People might [...]

  38. [...] affect Amazon with a DDoS attack helps support our case for core platforms and DDoS resistance.) Deanna Zandt makes an eloquent case for DDoS as a form of civil disobedience, suggesting that it’s a way to impact a corporation for a period of time without causing [...]

  39. [...] in the Netherlands have so far been able to arrest two teenagers who took part in the campaign. As Nathan Freitas explains, the very nature of DDoS makes it vulnerable to people participating “with very little to no [...]

  40. [...] DDoS attacks ? and once again, there is nearly complete silence from their end, not counting a comment that Ethan Zuckermand left on Deanna Zandt’s blog and a handful of tweets and retweets. [...]

  41. [...] civil disobedience was the subject of discussion at a December forum on WikiLeaks. While some, like Deanna Zandt and Evgeny Morozov, have written of DDoS as a legitimate but limited tactic, others – such as [...]

Leave a Reply