Where is your CVC code?
In today’s marketplace, as more and more people conduct their business online, some methods of protest traditionally open to the public are becoming less and less of an option. If an online retailer, for instance, engages in action or holds a position some of us feel compelled to oppose, many times there’s no central location to converge upon in order to publicly register our disapproval.
As business evolves in the digital age, forms of protest need to evolve as well, running the full gamut from consciousness-raising efforts and boycotts to nonviolent subversion, intervention, and civil disobedience. Thanks to the recent campaign by the hacktivist group Anonymous, the website-blocking technique known as distributed denial-of-service (DDoS) has once again been thrust into the mainstream, opening itself to evaluation and potential adoption by a growing community of online activists.
The campaign was aimed at the websites of PayPal, MasterCard, Visa, and Amazon.com, some of which were temporarily rendered inaccessible through servers being flooded with more requests than they were able to handle. That this was a form of protest is undeniable, as the group was explicit about it being in response to those companies bowing to US pressure and severing ties to WikiLeaks. Whether or not it should be considered civil disobedience, however, has been a subject of much debate, and for good reason. With government and business colluding to co-opt the Internet as a neutral forum for free speech, conscientious citizens everywhere must be prepared to react.
One of the most powerful ways we can do so is through the time-tested method of civil disobedience. It’s fitting, of course, that protesting for Internet freedom take place online. Oftentimes, in nonviolence theory, the more related the method of protest to that which is being protested, the better. In addition, when the issues at stake have such global implications, it only makes sense to select a form of protest in which people around the world can participate.
Of utmost importance, however, when attempting to rally public opinion, is that a clear distinction be drawn between criminal and civil disobedience. By showing respect for the law even while breaking the law, it becomes difficult for an act of online defiance to either be brushed off as a prank or condemned as cyber-terrorism. If we examine the Anonymous campaign in this light, we should be able to see whether or not it represents a valid model for future action.
The first qualification an act of civil disobedience must meet, quite obviously, is that it violate the law. While engaging in DDoS has been made explicitly illegal in places such as the UK, Sweden, and the US, other countries have taken a more nuanced view. A German court of appeals, for example, ruled in 2006 that a DDoS campaign against Lufthansa, in protest of the airline’s having participated in the deportation of asylum-seekers, should be seen as a legal attempt to influence public opinion. It’s a shame not everyone sees things in such an enlightened way.
That being said, just because something qualifies as “disobedience” in no way earns it the “civil” modifier. In a recent article on Slate, Evgeny Morozov holds the Anonymous DDoS campaign to the standard set by John Rawls in his 1971 treatise A Theory of Justice. For an act to be considered civil disobedience according to Rawls, it has to be public, conscientious, and nonviolent, while the transgressors need to also be willing to accept legal consequences for their actions. This last one is a sticking point for Morozov, who claims that the other criteria were indeed met:
The attacks were clearly public: Anonymous widely advertised the targets, the software to be used, and even the timeframe. Anyone could follow their deliberations in their online chat. They were conscientious in as much as they believed that companies like Amazon and Visa behaved in a cowardly fashion by pulling support from WikiLeaks and that politicians—especially Joe Lieberman and Sarah Palin—should not have exerted pressure on them without first establishing a strong legal case against WikiLeaks.
The next thing to consider is whether or not DDoS is considered nonviolent. Although the media quite often uses the phrase “DDoS attack”, as a form of protest it’s much more akin to, say, nonviolently blocking the entrance to a store. In this sense, the term “cyber sit-in” seems eminently more appropriate. Morozov claims the technique is nonviolent because it causes “only temporary rather than permanent damage”. I think we need to be careful here equating non-physical consequences with violence. To describe it even as property destruction would be a stretch, since no irreparable harm is being done. There could certainly be lost revenue, and perhaps increased cost in getting a site back online, but to imply that it approaches a violent act does seem a bit much.
In contrast, it’s maybe not all that difficult to understand how a group named “Anonymous” might fail the openness test, even though the program downloaded by campaign participants, as it turns out, doesn’t actually keep their identities a secret. By tracking IP addresses, authorities in the Netherlands have so far been able to arrest two teenagers who took part in the campaign. As Nathan Freitas explains, the very nature of DDoS makes it vulnerable to people participating “with very little to no training or preparation for the potential consequences.” By most definitions, civil disobedience is a deliberate act. It’s hard to qualify something as such when those taking part don’t even know what they’re getting themselves into.
So did Anonymous commit an act of civil disobedience with this DDoS campaign? I’d agree with Morozov in saying: no, but it was close. The potential is definitely there for DDoS to be a valid tactic in our arsenal of civil disobedience, but I would stress that openness should be seen as a source of strength rather than a liability. Any act tends to carry more weight when people believe in something enough that they’re willing to go to jail. Along with the other criteria mentioned above, this is exactly what distinguishes civil disobedience from the more-often-seen criminal variety.
Since innovation is such a big part of what protest needs to thrive, stay relevant, and be effective, an innovative form of protest such as DDoS appears to carry with it a lot of potential. A list updating the methods of nonviolent action for the digital age would so far include things such as online petitions, email campaigns, viral videos, mock websites, and smart mobs. Especially when meeting the criteria for civil disobedience, it looks like it might be time to add DDoS to our online activist toolbox as well.
Really helpful essay, Will—thanks so much! I hope we’ll be hearing more from you soon.
I appreciate the way you try to distance us from the language of “attack,” which may not be justified. However, I’m not sure that “cyber sit-in” captures what they’re doing any more than “censorship,” which I used in my earlier post on Anonymous. Neither really captures the kind of disobedience that’s going on. A sit-in doesn’t attempt to close down an establishment, it aims to transform it from within. I’m not sure how this would look online, but it’s an interesting thought experiment to consider.
It seems like an old-fashioned boycott could work against sites like these, though it might be tough to get people to sign on. One could strengthen it by calling on people to remove links on their own websites to Amazon products (I say this as a beneficiary of the Amazon Associates $-for-links program). That could significantly weaken Amazon’s traffic and Google ranking—though it would require much broader base of support than DDoS. Perhaps the best thing people could do now is mirror the Wikileaks data on their own sites. This would both enact the openness that one is trying to advocate, while also taking clear responsibility for the action.
You’re absolutely right that openness has to be the key. I stand by that completely. An act of disobeying one law should be also an act of obeying a higher law, as you imply.
Hey Nathan, thanks for the kind words. I agree that “sit-in” is maybe not the most appropriate metaphor out there, but one I nonetheless always appreciate reading for its nonviolent and activist connotations. I think words like “attack” carry an inherent insinuation 1) that violence is somehow involved, and 2) that it’s an illegitimate technique, adopted only by troublemakers and criminals, with nothing but ill intentions. I appreciated having an opportunity to try and modify the language we use, knowing how much that shapes the way something can be perceived.
I think as you recognize, the “censorship” metaphor might also be a little misleading. While I can see it maybe for a DDoS campaign against an organization like the Church of Scientology, in the case of an online retailer, I draw a definite distinction between censorship and creating in essence a nonviolent blockade. The point of course is to discourage or prevent direct access, but from more from a standpoint of disrupting business rather than trying to suppress information from the public. The opposite of an eye-for-an-eye response, as you and Nathan Freitas both point out, would probably be to mirror the information originally suppressed – in this case, the WikiLeaks documents. A DDoS campaign, though, seems to have potential both as a legitimate act of civil disobedience, and as a deterrent against censorship on the part of a company, with nothing less than their bottom line at stake. I think that’s an important role for a technique to be able to fulfill.
I enjoyed the idea in your final paragraph that the aims and means of a group go a long way towards determining the ends brought about by its actions. I’d hesitate to conclude, however, that “openness” and “denial-of-service” are themselves mutually exclusive. Hopefully by the end of what I wrote it became more clear how the two could potentially work together.
Finally, I dig your ideas on how an online boycott against Amazon could pan out. That’s exactly the kind of thing I wanted to get people thinking about with this. Gotta start filling up our playbook for digital nonviolent action!
Will, I think you’ve nailed the correct term, but it’s hiding in your response to Nathan: “blockade”.
In terms of comparability to ‘in-place’ actions, DDOS events are akin to blockades – they prevent access to the ‘location’.
Justin, I think you’re right! Excellent identification skills.
Also, I just read this similar article on Al Jazeera: http://english.aljazeera.net/indepth/opinion/2011/08/20118308455825769.html. It’s by an NYU professor with a potentially quite interesting couple of books coming out.