There is an interesting comment that Clay Shirky has just posted to GigaOm:

No one believes social media _causes_ otherwise complacent citizens to become angry enough to take to the streets. It’s a convenient straw man for the skeptics, because, as an obviously ridiculous narrative, it’s easy to refute.

I guess I must be the skeptic touting this straw man argument, because Clay told me the same thing over Twitter. What's most intriguing about this comment is Clay's deliberate use of the term "social media". I've noticed that whenever it comes to debates about the Internet & democratization, this is now his new preferred term (see his Foreign Affairs piece "The Political Power of Social Media").

On Clay's account, "social media" is just a tool that people use to coordinate. So, saying that people want a revolution because of "social media" is akin to saying that people want a revolution because of the telephone. Fair enough and - hold your breath! - I actually agree with Clay on this one.

But this is a very sly recasting of the terms of the debate on Clay's part; the debate about the Internet's impact on democratization has never been about social media only. For example, the impact of social media on social mobilization plays a very minor part in my overall argument; I'm much more interested in understanding the long-term impact of new technologies on authoritarianism and here I also have to consider how it may boost their attempts at surveillance, propaganda, censorship and even the trivialization of public discourse.

A substantial intellectual chunk of this broader debate has been devoted to trying to understand whether giving people the ability to access banned or highly critical information will politicize them in the long term. It's not an argument about mobilization during protests - it's an argument about whether the Internet boosts the odds that such mobilization might eventually happen in the long term.

This is why, I think, we spend so much time debating what to do about circumvention tools that help to bypass censorship. Will giving everyone in China access to a technology like Tor have the desired outcomes of politicizing the masses and enticing the revolution or will the Chinese just use Tor to download porn and get disengaged from politics altogether? Mind you, it's not just about facilitating access to Twitter and Facebook - the tools of social organization- it's also about facilitating access to sites of Human Rights Watch or Radio Free Asia.

Anyone who has seen reports about Tunisia's "WikiLeaks Revolution" would know that those accounts mostly focus on the role that the cable revelations about Tunisia played in enticing the protests (this is an account I don't agree with, if it's not yet obvious). To suggest that a term like a "WikiLeaks Revolution" does not also celebrate - perhaps, implicitly - the factors most commonly associated with the Internet (its resilience against censorship, its spirit of mutual collaboration, etc) would be extremely disingenuous. When people say that events in Tunisia were a "WikILeaks Revolution", they are consciously or subconsciously cheering the fact that there is this former-hacker guy Assange who used the Internet to do the unthinkable. If this is not what is celebrated by the term "WikiLeaks Revolution", then it doesn't have any meaning at all.

WikiLeaks, alas, is not "social media" - so it doesn't meet Clay's rigid definition. But if you broaden the terms of the debate to the Internet proper - and those are the terms that are most interesting to me - you are bound to notice that there are plenty of pundits and analysts celebrating the power of the Internet to politicize future protesters - not only to help them organize. This, by the way, is the same argument that was used by plenty of neocons in the wake of the Soviet collapse: it was assumed that the Western radio informed Soviet citizens about the superior value of Western goods - and the Soviets eventually rebelled. Apologies for self-promotion, but anyone who thinks these are not real intellectual narratives being pimped in Washington DC should take a look at my book, where they are extensively documented (including in the 70-page bibliography!)

Here is just an excerpt from Thomas Friedman's "The Lexus and the Olive Tree", p. 66:

"Put all of this democratization of information together and what it means is that the days when governments could isolate their people from understanding what life was like beyond their borders or even beyond their village are over. Life outside can't be trashed and made to look worse than it is...On the Internet people are ... uploading and downloading ideologies. In a few years, every citizen of the world will be able to comparison shop between his country and his own government and the one next door".

Now debunking Thomas Friedman may seem less gratifying than debunking a social media guru like Clay Shirky - but Friedman is a much better proxy for what people in Washington really think. Anyone who has looked at his columns over the past 5 years would see that he hasn't really changed his view on the power of the Internet.

So, yes, we can have an intelligent debate about the virtues and downsides of social media - but I would not like us to lose sight of the broader intellectual debate about the Internet and democratization, especially in this post-Cablegate era. After all, the debate we are having in Washington is not about the future of "The Social Media Freedom Agenda", it's a debate about the future of the "The Internet Freedom Agenda".

Is Clay himself making a straw man argument here? 

UPDATE: Clay has posted an update to his original comment. 

(I am not a big fan of counterfactual thinking, but in this particular case it does help to generate new insights.)

So let's assume that the protests in Tunisia had eventually gone the way of the Green Revolution in Iran: the government stayed in power, regrouped, and began a massive crackdown on its opponents.

As we know from the post-protest crackdown in Iran, the Internet has proved a very rich source of incriminating details about activists; the police scrutinized Facebook groups, tweets, and even email groups very closely. Furthermore, the Iran government may have also analyzed Internet traffic and phone communications related to the opposition.

Now, Tunisia is no in Iran. Its long-ruling dictator is now gone and the new government is unlikely to engage in repressions on the same scale. Yet if Ben Ali's regime didn't fall, it appears certain to that the authorities would be brutally going after anyone who has ever posted a damning Facebook post or an angry email. As we have seen in the few weeks leading to Ali's exit, the Tunisian cyber-police have proved to be far more skilled in Internet repression than their counterparts abroad: it's safe to assume they would have dug as much evidence as the Iranians.

This brings me to a somewhat depressing conclusion: if the dictator doesn't fall in the end, the benefits of social mobilization afforded by the Internet are probably outweighed by its costs (i.e. the ease of tracking down dissidents - let alone organizers of the protests).

The question then is whether the social mobilization afforded by the Internet provides a force that is so powerful that no dictator would be able to withstand it. Judging by the events in Iran, the answer seems to be "no"...

It's certainly good news that the revolution in Tunisia has happened - for whatever political and social reasons - just like it's good news that the Internet has played some role in it. But we shouldn't forget that if one of the enabling political and social conditions is missing, the ease of Internet mobilization may also prove to be the opposition's Achilles' heel. 

P.S. Yes, I know that crackdowns used to follow failed revolutions before the Internet as well.  My point is simply that technology - not just the Internet but also mobile phones - make it easier to trace protesters and dissidents. It would be very hard, for example, to trace the names of everyone who gathered on Minsk's central square to oppose the results of the recent elections in Belarus before mobile phones became ubiquitous... 

Over Twitter, Sami ben Gharbia - who, I hope, will finally get a chance to return to Tunisia after his long exile - pointed out that social media did play an important role in "feeding" information to Al-Jazeera and France 24, conceding that at the same time it didn't have much of an impact on the coverage of the protests in the US.

Sami's remark made me think about my earlier blog post a bit more. My argument isn't really about the efficacy of social media in improving the coverage of the protests in the mainstream media (i.e. their venue, schedule, leaders, etc). Rather, my argument is in the vein of Ethan Zuckerman's reflections on media attention patterns - and ways of shifting them.

But while Ethan's work is focused mostly on getting ordinary Americans to care about foreign affairs, my interest here is on a somewhat different, more pragmatic level: getting Americans to care is likely to push Washington to care as well. This in itself can create powerful incentives for dictators to play by the rules or exit peacefully. (There is probably an element of this to Ethan's thought as well, even though I'm not sure if the citizens-government connection is essential to his analysis). 

As I deconstruct the original hype behind the "Twitter Revolutions" in Iran and especially Moldova, their real promise (aside, of course, from liberating the country from oppressive rulers) seemed to lie in using social media as some kind of a Trojan horse to get their countries onto the front pages of American newspapers  - and then, hopefully, on the top of Washington's agenda.

There were good grounds for believing this hype. If my memory serves me right, the time gap between me christening the events in Moldova as a "Twitter revolution" and the New York Times running a front page story about it was less than 12 hours. In the case of Tunisia, this time gap has been almost a month...I don't buy the theory that Moldova is more important than Tunisia (not to mention that few Americans ever go on holiday to Moldova...)

Now, I know that Al-Jazeera and France 24 (to their credit) began reporting on Tunisia much earlier than their American counterparts. But then it was probably not a factor of social media's influence but rather of Tunisia's unique position in the Arab and Francophone world. There is little doubt that social media has helped to make their coverage better. Has it also played a role in generating new coverage that wouldn't have happened without it? This would be one good question to investigate. 

There are probably many dissertations to be written about the way in which the rise of non-American global broadcasters like Al-Jazeera and France 24 has helped to balance the geopolitical myopia of the American media. However, as much as I'd like to think that it has led to some fundamental shifts in how the American public (and, by extension, the US government) choose their news diet, I cannot possibly see much evidence that this is actually happening.

Thus, that early promise of the Twitter Revolution - that social media could offer a way to hijack the news agenda (and thus influence foreign policy) in the US - rings somewhat hollow to me. I do hope that I'm wrong.

News from Tunisia looks good. For better or worse, many of us will be pondering the role that the Internet played or didn't play in the events of the Jasmine Revolution. Below are some preliminary reflections, which, if you know me well, are likely to change by the end of next week!

One thing to keep in mind is that revolutions will continue and Twitter won't go away anytime soon. So, it's reasonable to assume that there WILL be some new-media activity for any social or political turmoil. But correlation, as well all know, doesn't always mean causation.

To reiterate: Yes, there will be YouTube videos, Flickr photos, and Twitter messages -- some written by people on the ground and some by those outside -- accompanying any revolution, successful or not. To deny this would be silly.

What strikes me about events in Tunisia is that social media seems to have failed in what many of us thought would be its greatest contribution (outside of social mobilization) -- that is, in helping to generate and shape the coverage of events in the mainstream media. On the contrary, despite all the buzz on Twitter it took four weeks to get the events in Tunisia on the front pages of major newspapers, at least here in the U.S. (the situation in Europe was somewhat better -- and it was way better in the Middle East -- for all the obvious reasons).

How does it fare historically? Well, much of the enthusiasm related to the "Twitter Revolutions" in Moldova and Iran was based on the expectation that social media would help to push these events on the agenda of traditional media -- and it actually worked. By 2011, however, I think that the novelty had worn off -- and few media outlets were interested in carrying "Social Media Changes Everything!" stories. I'm sure there are many other reasons why Tunisia matters less than Iran for most media -- but then so did Moldova…

This is not to deny that many of us were watching the Tunisian events unfold via Twitter. But let's not kid ourselves: This is still a very small audience of overeducated tech-savvy people interested in foreign policy. I bet that 90% of Twitter users are not like that -- and that percentage will get worse as Twitter becomes more mainstream. So, if we evaluate it in terms of awareness-raising by exploiting and building off the mainstream media, Tunisia's "Twitter Revolution" (as Andrew Sullivan was already quick to dub it), seems to have failed.

I'm curious to see more data about the role that social media have played in the mobilization of protesters. I hope that Sami ben Gharbia and others would enlighten us here. Off the top of my head, it strikes me as improbable that some people in Tunisia had a higher chance of learning about the protests from the Internet than they did from conversations in the streets. Besides, many people got killed, the situation was highly emotional -- and I'm not sure how much anger tweets and blog posts could add to such visceral developments.

I don't deny that the Internet may have played a role in publicizing the protests in Tunisia; it's just that the conditions in which the protests took place do not strike me as those where the leaders of the protest movement had to post updates on where to meet and when. Maybe I am wrong, but it all seemed to be somewhat chaotic and decentralized. Once again, it would be great to see more data on this.

What also strikes me as very odd is that just two weeks ago the Tunisian government was bold and strong enough to break into the email accounts of Tunisian activists -- surely, they could turn off the Internet in the whole country if they really wanted to and saw it as a lethal threat? This speaks either to their misjudgment of the situation or to their dismissal of the Internet as a tool of mobilization -- which, given the profile of those who started the protests (mostly the poor and the unemployed), doesn't strike me as an unreasonable assumption.

The question of social mobilization is a difficult one, and we should continue asking it. We should not, of course, forget the structural conditions -- especially the worsening economic situation in Tunisia -- as one factor that may have made the conditions for such a revolution more likely.

Now, let me ask something really wild: Would this revolution have happened if there were no Facebook and Twitter? I think this is a key question to ask. If the answer is "yes," then the contribution that the Internet has made was minor; there is no way around it. On this logic, we shouldn't expect similar outcomes in other countries just because they also have vibrant communities of cyberactivists.

Finally, I think we shouldn't lose sight of the broader political and social impact of the Internet prior to mobilization (or, as some would put it, the "revolutionary situation"). Part of the argument that I'm making in The Net Delusion is that it's wrong to assess the political power of the Internet solely based on its contribution to social mobilization: We should also consider how it empowers the government via surveillance, how it disempowers citizens via entertainment, how it transforms the nature of dissent by shifting it into a more virtual realm, how it enables governments to produce better and more effective propaganda, and so forth. All of this might decrease the likelihood that the revolutionary situation like the one in Tunisia actually happens -- even if the Internet might be of tremendous help in social mobilization.

The point here is that while the Internet could make the next revolution more effective, it could also make it less likely. (And yes, I know that other factors -- primarily economic and political ones -- are probably way more influential than the Internet in influencing the odds of the revolutionary situation either way).

This, in part, is a lesson that I draw from events in Belarus in December: There was plenty of activity on Twitter and there was potential for mobilization -- but to focus on this at the expense of understanding the more sinister ways in which the Belarusian authorities exploit the Internet and in which their citizens become less politicized because of it would be to miss a much more important role that the Internet has been playing in the country.  

Nevertheless, I do hope that the events in Tunisia serve as an inspiration to people in Belarus and elsewhere.

I am still trying to untangle the numerous moral complexities involved in DDoS attacks. Two arguments stand out in particular.

First - and I briefly touched upon this subject in my previous post - some Internet experts fear that participating in DDoS attacks, even if one has morally justifiable reasons for doing so, might make DDoS a more acceptable form of silencing dissent. As such, anyone participating in DDoS – even if they have perfectly good reasons for doing so – should first consider the indirect consequences of popularizing DDoS as a tactic. (I have written about DDoS as a new censorship mechanism on numerous occasions – see, for example, the story of the Georgian blogger Cyxymu.)

Let's leave philosophy aside for a moment and just use some common sense. Would we advise anyone participating in lunch-counter sit-ins during the civil rights era not to do it because it may popularize sit-ins as a tactic that might be abused by all sorts of crazy people and criminals? I don't think so: just because one can organize a sit-in to block an entrance to the offices of ACLU to protest their defense of civil liberties would hardly be a factor in deciding whether to block an entrance to the offices of the Department of Defense to protest a war.

Why is DDoS different? Arguably, physical civil disobedience is often much easier to conduct than its virtual counterpart: having 100 people show up and block entrance to Amazon's offices, on average, is far more effective than having the same 100 people launch DDoS attacks on its web-site. Sure, there are oddballs like Jester, who claims to have taken the entire WikiLeaks with a solo DoS attack; but such people are not exactly missing from the offline domain. Cindy Sheehan has been quite effective acting solo - is it a reason to impose a moratorium on acts of civil disobedience? I don't think so. 

I think that those who worry about the adverse effects of popularizing DDoS as a tactic misunderstand what civil disobedience is (moreover, I'm not sure they understand the distinction between its direct and indirect varieties). Civil disobedience involves breaches of law by definition; anyone lamenting the popularization of DDoS as a tactic is only lamenting the fact that those practicing it would violate the rule of law. But what such critics do not seem to understand is that for a breach of law to count as civil disobedience its perpetrators should be willing to accept the consequences, get arrested and serve jail time if this if what the law demands. Submitting oneself to the rule of law after breaching it is the compensatory act that makes such acts morally permissible.

Those who oppose DDoS on the grounds that it will popularize DDos as a tactic are essentially saying: don't breach the rule of law because it would lead others to breach the rule of law. Note that such a position leaves no space to comment on whether the laws that are being breached are unjust to begin with or, in case the laws are, indeed, just, whether violating them may be a morally permissible way to right other wrongs (i.e. engage indirect civil disobedience).

Frankly, I think this is a morally impotent position – and those who advocate it need to spend more time thinking about ways to resolve competing moral claims than about the costs of server administration. Is it really obvious that a bunch of environmental activists in Russia should not launch DDoS attacks on the web-site of a company engaged in illegal deforestation just because it may result in more DDoS attacks on the web-sites of independent newspapers in Burma? It's not that obvious to me – and I'd like to see the experts who condemn DDoS engage in some rigorous (and preferrably public) ethical calculus before making such loud pronouncements.

The second brief point that I'd like to address is this: many liberal democracies are extremely lenient when it comes to allowing their citizens to organize protests and demonstrations. As someone who comes from Belarus, where protests are few and far in between, this is one feature of democratic societies I find extremely attractive.

 

I've lived in Berlin's Kreuzberg neighborhood - and I have seen a plenty of spontaneous demonstrations, some of them not particularly peaceful and many involving broken windows and the like. I don't see why the German state should be any less lenient when it comes to allowing its citizens to protest in cyberspace than they are in allowing them to riot on  Oranienstrasse. Such considerations, as far as I understand, were part of the reasoning of the German court in the Lufthansa case. 

What I find amusing about the present situation is that the same people who often lament the fact that the Iranian government denies freedom of assembly to the Green movement almost reveal themselves as crypto-conservatives when they are forced to think about the digital equivalent of protests and demonstrations in democratic societies. So, those opposing authoritarian governments should feel free to protest anytime they want – but those who want to protest Amazon should be careful and ask for permissions and all that?Does anyone else smell hypocrisy here?

While the exact conditions differ from country to country, I am pretty sure that most liberal democracies do permit unconditional protests as long as the protesters do not cause serious public disorder and do not seriously disrupt the life of the community. Even if the protests are organized on private rather than public property, trespassing is not always viewed as a criminal offense (unless, of course, it is aggravated trespassing, with lots of disruption/damages, in which case it is often criminalized). Don't they teach such basic stuff at Harvard Law School? 

True, we don't yet have a neat theoretical framework to translate the norms surrounding the criminalization of trespassing (or lack thereof) in the physical world into the digital domain. What I do know is that I don't want a blanket ban on anything that involves groups of people seeking to protest an activity that they find unjust simply because it occurs on the Internet. Even more so in the case of protesting the actions of technology companies, who, unlike conventional factories and plants, bury all their infrastructure underground, where it's unreachable to those who may otherwise choose to protest in the physical space. How do you disrupt Amazon's business in the real world anyway? I know how to do it with, say, a Ford factory; I'm not sure how to do it with a data center.

Anyone arguing against DDoS on the grounds that it may have some undesired secondary consequences is implying that some basic human rights do not apply online. I find this unacceptable. And by the way, I think that the current laws that criminalize DDoS in liberal democracies – some with up to 10 years in prison – are in for some major revision as well. No one blocking access to a physical building or even tinkering with some corporate infrastructure without causing it much damage would receive 10 years in jail. This doesn't mean we need to de-criminalize DDoS altogether but I think that we do need to think about proportionality here.

***

What bothers me even more is that the leading brains working on DDoS – especially the folks at the Berkman center – are once again not particularly vocal in this debate. A few months ago, I pointed out that they were conspicuously silent on the Haystack issue; their excuse then was that they were working on a report about circumvention tools and felt like they shouldn't weigh in on a tool they haven't tested.

Now they are also working on a report about DDoS attacks – and once again, there is nearly complete silence from their end, not counting a comment that Ethan Zuckermand left on Deanna Zandt's blog and a handful of tweets and retweets. Perhaps, if it distracts them from participating in some of the most fundamental debates taking place online today, they should take it easy on all this report-writing.

I am absolutely serious about this, as I happen too believe that too much coyness and pragmatism by the leading minds working on Internet issues is what has allowed the US government to behave as recklessly as they have towards the Internet in the last few weeks. But perhaps we'll read all about this in a report next year.

 

Update #1: I think many people misunderstand the reason why I'm engaging in this debate about DDoS attacks as acts of civil disobedience. This is not to debate the effectiveness of this tactic nor is it to understand whether it fits (or defies) the charge of "slacktivism".  I think that hundreds of people who have participated in such attacks risk getting arrested - and some have been arrested already.

 

If some of them were acting on the assumption that their actions were fully public and that they were ready to get arrested, I think we should honor their willingness to go to jail for launching attacks on companies that behaved in a very cowardly fashion. (By the way, one of the two teeanagers arrested in the Netherlands for launching these DDoS attacks said as much - he chose not to disclose his online identity precisely to make a public statement about WikiLeaks and suffer the consequences). 

After I found one of my earlier FP blog posts quoted in an Anonymous press-release, I thought that I need to clarify my position. Here is my piece for Slate where I attempt to do just that. (Warning: some light political philosophy ahead).

The crux of my argument is that there are certain conditions, which, if met, could make DDoS attacks a form of civil disobedience. However, the case of Anonymous doesn't meet all of them, mostly because the Anonymous attackers don't want to take legal responsibility for their actions.

The part of my original blog post quoted in the press-release -- the one that mentioned DDoS as a "legitimate expression of dissent" -- is not at all ambiguous: what I was suggesting is that the actions of Anonymous would not be interpreted as such by the U.S. media/political circles and may thus result in more control over the Internet by the governments and complete de-legitimization of DDoS attacks as civil disobedience. So I was surprised that Anonymous took those words somewhat out of context and used them to imply that I actually viewed their acts as "legitimate"; I did not. This, however, does not mean that I view all DDoS attacks as illegitimate!

So let me just repeat this once again:

1. To understand whether DDoS attacks can be viewed as civil disobedience, we need to examine the context in which they occur.

2. As far as I can judge the context of the Anonymous case, they failed the test (for more on the specifics of the test, see my Slate piece; I rely on John Rawls's views on civil disobedience n his A Theory of Justice).

3. Operation Payback and its successors may, indeed, harm the causes of Internet freedom but this is NOT what makes them illegitimate.

There is a vibrant debate about DDoS as a legitimate expression of dissent in the blogosphere -- see this excellent summary of positions at TechPresident and this blog post by Deanna Zandt. There is an interesting comment by Ethan Zuckerman in response to Deanna's original blog post that I would like to examine a big more closely.

In short, Ethan is arguing that DDoS attacks are increasingly used to silence down independent publishers; they don't have the same resources as MasterCard or PayPal to deal with them; as a result, for them DDoS causes real rather than just temporary damage; Operation Payback has given DDoS as-a-silencing-tactic a lot of PR; and, finally -- and I am really putting words into Ethan's mouth here -- Anonymous and others should consider the consequences of their actions for others.

As much as I would like to agree with Ethan, I am not sure I am buying the (rather implicit) prescriptive part of his argument. First, it seems to conflate the issues of legitimacy and efficacy -- something that I explicitly caution against in my Slate piece. I'm strongly opposed to making efficacy a factor in evaluating the morality of particular DDoS attacks, not least because efficacy is too fickle of a concept and tends to undervalue the deterrence value of civil disobedience.

How do we know that the reason why Facebook and Twitter still have not removed WikiLeaks' account was not because they feared DDoS retaliation from Anonymous? Of course, it's much easier to measure the costs -- greater crackdown on the Internet, more NSA types in 4chan chatrooms, etc -- but it's not so easy to measure the benefits; will PayPal be as forceful in freezing the funds when it comes to the next WikiLeaks? We simply don't know -- but I'd venture to suggest that the attacks have probably had some impact on corporate decision-making.

This is not to suggest that we shouldn't try to assess the efficacy of DDoS but only to suggest that tying it to legitimacy seems misguided. That an entity like Anonymous has a good moral reason to act on something does not mean that they should necessarily act on it. In the end, it all boils down to good judgment -- and this is where wise Internet intellectuals should step in and theorize about potential fall-outs, crackdowns and what not, so that any of us can make the right (for us) call on whether to join the DDoS effort.

The other thing that bothers me about Ethan's comment is that it doesn't really make an effort to reconcile my right to protest injustice by engaging in acts of civil disobedience (forget Anonymous, we are talking abstract DDoS which doesn't fail the test) with some independent web-site's right to publish what they want and when they want online. (Remember: the theory at play here is that as DDoS get popular/mainstream, this would result in more attacks across the board, thus having a very negative impact on independent/poor publishers).

Is it really always the case that I shouldn't engage in DDoS to right some moral wrongs just because this may potentially make it harder for some third-party to conduct their affairs? I can think of conditions when this would be the case -- but critics of DDoS as civil disobedience need to spell out those conditions in great detail before they assume a particular resolution of competing claims. I can, for example, also think of conditions where my right to protest an injustice might trump a third-party's right to publish.

Otherwise, we end up with very simplistic moral and ethical frameworks where all attacks are presumed to be good or bad simply because of the intrinsic qualities of DDoS. This is an outlook that I reject as technology-centrism (in The Net Delusion, I am actually very critical of a similar tendency in "Internet freedom studies," where the assumptions about the Internet's inner logic seem to outweigh the assumptions about the context in which it manifests itself).

Unfortunately, I can't sign up to Ethan's call -- "Just don't give moral and ethical air cover to the bastards who are using DDoS to silence sites for whom a DDoS is a shut down, not a sit in" because "giving moral and ethical cover to bastards" is often the unfortunate result of allowing those who are NOT bastards to act in morally justifiable ways (as opposed to ways recommended by the estimable Berkman Center).

Until we hear some cogent arguments as to why the possibility of digital shutdowns should always prevent us from participating digital sit-ins, I would like to urge more caution on this subject. My own guess these arguments would never work in the abstract and would still need to be evaluated on a case-by-case basis in the particular contexts they are set in. Which, to return to my original post, was my whole point: we shouldn't prejudge DDoS to be "good" or "bad" simply because it's illegal or because it is "DDoS."

p.s. plenty of folks -- check comments to Deanna Zandt's post -- suggest that there are better, more constructive ways to express one's solidarity with WikiLeaks or one's indignation with the companies that dumped it. Sure, there are. However, most of the "constructive" activities mentioned in the comments are fully legal and thus do not meet the definition of "civil disobedience," which presumes a breach of law. So, once again, this is the question of efficacy, not legitimacy.

The New York Times asked me to do a short piece for their Room for Debate forum on WikiLeaks. Go read the whole piece; below is a paragraph that I'd like to discuss in more detail on this blog:

One possible future for WikiLeaks is to morph into a gigantic media intermediary -- perhaps, even something of a clearing house for investigative reporting -- where even low-level leaks would be matched with the appropriate journalists to pursue and report on them and, perhaps, even with appropriate N.G.O.'s to advocate on their causes. Under this model, WikiLeaks staffers would act as idea salesmen relying on one very impressive digital Rolodex.

The argument I'm making in the Times piece rests on three premises:

a) WikiLeaks, at least in its post-Cablegate reincarnation, has two major assets: an easily recognizable brand and an extensive network of contacts in the media

b) If the Cablegate release ends up having significant global repercussions -- resignations of politicians, alterations in the behavior of governments and corporations -- this is bound to encourage more people to take risks and start leaking

c) The buzz generated by the Cablegate makes it clear that WikiLeaks is only as effective as their media partners: they are the ones screening the cables, identifying narrative threads, redacting the names, and, most importantly, embarrassing the parties involved.

Thus, one of the most important questions about the future of WikiLeaks is how they will choose to structure their relationship with the media. One option that I outline in the quote above assumes that they would continue operating in the Cablegate role set: i.e. WikiLeaks would leverage their brand to solicit leaks and rely on their in-house technology to protect the anonymity of the leakers, with the media doing all the heavy lifting -- i.e. writing news reports based on the leaks.

That said, I myself am not sure if this option is sustainable, especially for leaks that are less explosive than the poignant cables penned by arrogant American diplomats. Suppose I want to leak some documents about corruption in, say, Azerbaijan. Why would I bother leaking them to an organization that knows very little about this country if I can leak them to Azerbaijan's best/only oppositional newspaper or, failing that, simply distribute them to anti-government bloggers? And even if I do leak them to WikiLeaks, wouldn't they just reroute them to the very same sources after going through their database of media contacts? In other words, why bother with an intermediary?

One reason for needing to keep the intermediary in the loop might be WikiLeaks's newly acquired connections with the likes of the Guardian, Le Monde and Der Spiegel. These media -- rather than Azerbaijan's anti-government bloggers -- would be far more effective in attracting global attention to these stories and thus ensuring at least a modicum of embarrassment to the parties involved.

I'd really like to believe that this is a valid assumption. But cynical as I am, I also wonder how much global appetite there exists for stories about corruption in Azerbaijan, Moldova or Mauritania. I suspect that Assange is bound to run into the same global attention problem that Ethan Zuckerman has been trying to tackle for a while now: it's not easy to get people to care about what's happening in far-away and exotic lands -- and certainly not about their complex politics. I don't think that the greater availability of classified information, even when backed up by superb technology for anonymous leaking, would substantially change the amount of attention that global audiences are willing to expend on understanding Azerbaijan or Moldova.

Thus, we should not get carried away: the reason why there is so much hype about the cables right now is because they implicate the United States, a country that everyone loves to hate. I bet cables written by diplomats from, say, Cambodia would be barely noticed by the global media. The United States is unique here because it is clearly the only country that has a stake virtually in every part of the globe, so every cable counts. Now, how many cables from Cambodian diplomats in Macedonia can one really read without falling asleep? Probably none: most people don't care enough about Cambodia, let alone its foreign policy interests in the Balkans.

So, now we are getting to the very heart of the issue. For WikiLeaks to be truly effective, someone knowledgeable -- i.e. not just a geek on a quest for global justice -- needs to look at the cables and tell a captivating story about them. In fact, the story needs to be so captivating that it would even make Cambodian cables from Macedonia look like a treat. This is also the conclusion of my piece in the Times:

One could only hope that the lesson he [Assange] would draw from all this is not that WikiLeaks had not released enough documents but that, in order to be truly effective, any releases of documents needed to be accompanied by dedicated investigative reporting and strategic and careful advocacy.

As I note above, it's possible to do this by pursuing partnerships with the media -- but in this case, it's still not clear what value WikiLeaks actually adds to the process other than providing safe technology for leaking.

Another possibility, which I didn't have space to consider in the Times piece, is that WikiLeaks would develop an in-house fleet of investigative reporters -- they are laid off in droves and searching for jobs anyway -- who would be employed full-time to produce well-informed investigating reporting from far-away lands. Thus, there would be no need to work with intermediaries and WikiLeaks would, all of a sudden, have a reasonable raison d'être (it would also ensure protection from the likes of Joe Lieberman, for it would clearly be a journalistic venture).

What would happen to WikiLeaks pieces once they are written? One option is for WikiLeaks to become something like ProPublica and either try to syndicate their articles to whatever media would take them or strike exclusive deals with select few media partners. This won't be terribly profitable and no U.S. foundation would want to touch WikiLeaks for a very long time (private donors, on the other hand, are a different case; there are plenty of rich oddballs like Peter Thiel who may find the idea of funding WikiLeaks very appealing -- too bad he won't be able to use PayPal to wire his dues though). On the other hand, the WikiLeaks brand right now may be strong enough for them to run on donations for quite some time -- this seems to work with Wikipedia (but the latter do receive a lot of non-donations money as well).

As the above should have made obvious by now, I clearly don't think that the story of WikiLeaks is nearing its end with the full release of all the cables. I know for a fact that Assange has been thinking about the kind of relationship that WikiLeaks needs to have with their media partners for years. I suspect his thinking has evolved quite a bit this year, not least because WikiLeaks has become a media's darling after spending a few years in relative obscurity.

Whatever strategy Assange chooses to pursue, I don't think it's possible to get the future of WikiLeaks right without first addressing the media relationship piece of the puzzle.

The current chapter in the WikiLeaks saga has finally forced me to come out of my blogging semi-retirement! While I'm still trying to make sense of everything that has happened in the last ten days, here are some analytical notes on Anonymous and the challenges facing the Obama administration as it mulls an appropriate response to WikiLeaks.

The impact of the recent wave of cyber-attacks launched by Anonymous on a handful of companies that dropped WikiLeaks as their client -- Amazon, EveryDNS, MasterCard, Visa and others -- is hard to gauge. I'm certain these attacks won't make any of these firms to reconsider, strike peace with WikiLeaks, and offer them some vouchers in compensation. But could the attacks serve as a deterrent to other firms that have been considering dropping WikiLeaks?

Perhaps -- but I don't know how many such companies there are. Right now, WikiLeaks is heavily dependent on Twitter and Facebook as their primary channels for external communications; it's these two firms that need to be watched most closely. (I don't expect many people to call on Google to remove WikiLeaks from its search results -- but let's wait and see...) So far, both Twitter and Facebook have been taking rather bold steps: they declined to stop doing business with WikiLeaks and actually removed the accounts of Anonymous (alas with little success, as new accounts were created within minutes). It's clear that should these two companies succumb to pressure and part with WikiLeaks this would result in a major online backlash.

Now, the fact that Anonymous chose to go after Visa and MasterCard has created all sorts of other challenging issues. While the attacks targeted only the public web-sites of these companies -- rather than the underlying infrastructure that allows card transactions to be processed -- such subtleties are likely to get lost in the public debate. As far as policymakers are concerned, these attacks would be viewed as striking at the very of the global economy (even if they obviously aren't in reality). It's still not clear to me whether any credit card data has been leaked or compromised as a result of such attacks, even though Anonymous posted some links to such data on their Twitter feed. This too won't matter, as most people would assume that data has, in fact, been stolen.

I seriously doubt that U.S. authorities would be able to effectively go after Anonymous, in part because there are too many people involved, they are scattered all over the globe, and attributing cyber-attacks to them would be impossible (and would surely require reading a lot of chat transcripts from IRC). The only other possible policy response at their disposal is to make it easier to trace such attacks in the future -- most likely by empowering the likes of NSA/Cyber Command. I would imagine that after the current cyber-attacks on credit card companies -- even if they didn't cause much damage -- this would enjoy bipartisan support in the United States.

As far as long-term developments are concerned, I think that much depends on whether the WikiLeaks saga would continue being a debate about freedom of expression, government transparency or whistle-blowing or whether it would become a nearly-paranoid debate about the risks to national security. Anonymous is playing with fire, for they risk tipping the balance towards the latter interpretation -- and all the policy levers that come with it.

That said, I don't think that their attacks are necessarily illegal or immoral. As long as they don't break into other people's computers, launching DDoS should not be treated as a crime by default; we have to think about the particular circumstances in which such attacks are launched and their targets. I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don't criminalize all sit-ins, I don't think we should aim at criminalizing all DDoS.

I can spend hours debating this subject but, in short, while Anonymous' actions may result in greater government oversight of the Internet, they are not necessarily illegal or immoral just because they involve DDoS attacks. The danger here is obviously that if the narrative suddenly becomes dominated by national security concerns, we can forget about DDoS as legitimate means of expression dissent -- that possibility would be closed, as they would be criminalized.

What is the impact of these attacks on WikiLeaks? The organization has been silent about its own relationship to Anonymous -- I didn't see any tweets, let alone press-releases, that either spoke out against or in favor of cyber-attacks. As far as strategy is concerned, I think it's a big mistake for WikiLeaks to stay silent on the issue. In the absence of any statements from their end, most people -- especially those who have never heard of Anonymous before -- would assume that they are part of the same hacker gang. (Sarah Palin seem to have implied as much when she accused WikiLeaks about attacking her site).

That WikiLeaks chose not to address this issue publicly suggests that the organization is either overstretched or has not yet reached a level of maturity that some of us expect from it before expressing our unqualified support for what they do. As long as most people link WikiLeaks to the cyber-attacks on credit card companies, it's a net loss for WikiLeaks. It would also make it easier for certain cyber-hawks in Washington to justify classifying them as a "terrorist" organization -- at least whenever they appear on Fox News. Arguably, this is not a battle they can win with facts anyway -- but they should at least be leaving some public record of their stance on such issues. I'm also not sure about the overstretching argument: I'm sure plenty of smart people would volunteer to do PR for WikiLeaks for free...

All in all, if the public continues to associate WikiLeaks with hacking and cyber-attacks -- rather than, say, providing a safe platform for whistleblowers -- this will greatly erode the goodwill that WikiLeaks has built over the course of the last few months by increasing their cooperation with media organizations and NGOs. That "normalization by third parties" allayed the concerns of many -- but cyber-attacks may once again seed doubt in many people's minds.

Looking beyond Anonymous, I'd like to note that when it comes to crafting an appropriate response to WikiLeaks, the Obama administration is in a very delicate position. On the one hand, the domestic pressure to do something about WikiLeaks is growing -- and it will get even worse, as Anonymous continues its attacks and adds more political targets to their list (and I'm sure they will as there is some vicious circle at play here: the more attacks they launch, the more people condemn WikiLeaks, the more new targets Anonymous has). On the other hand, it's obvious that going after WikiLeaks would put the final nails in the coffin of the State Department's Internet Freedom Agenda, which is the most obvious victim of the last ten days.

I have always had mixed feelings about this Internet Freedom drive. While I think it's misguided and led by highfalutin techno-boosters unaware of the geopolitical background to their own actions, it's also obvious to me that there is some good that may come out of the U.S. government's interest in such matters -- for example, the support they offered to tools like Tor has been most appreciated. (That support, however, predated the formation of the Internet Freedom Agenda as articulated by Clinton in January 2010).

The real question here is whether, as the public attitudes towards tools like Tor -- which provide the very anonymity that benefits leakers -- quickly turn negative, the State Department and agencies like the National Endowment for Democracy would lose the ability to fund anything in this space. It's also not clear to me whether many of the geeks associated with the "Internet freedom" movement would feel comfortable taking money from the U.S. government, given that the latter are actively pursuing people like Assange.

I think this partly explains why the U.S. government has been so slow/low I key in lashing out against WikiLeaks, leaving the rhetorical heavy-lifting to populists like Sarah Palin, Rush Limbaugh and Joe Lieberman. Leaving in their hands also means abandoning control of the conversation; so far, it seems to me that such approach has been quite detrimental.

For example, many foreign politicians are already calling on Washington's duplicity and lack of media freedoms and disrespect of human rights -- all because Glenn Beck and Sarah Palin said something radical. As far as most foreign audiences are concerned, few draw distinctions between the elected officials, those in the opposition, and the punditry -- they are all part of "Washington"; so whatever the radicals says would, of course, eventually be associated with the White House and the State Department. I don't know how long the administration can afford to stay on the sidelines of this debate.

Another possible unfortunate consequence of the current backlash is that more U.S. government funding would go to tools that don't provide full anonymity but that still allow to circumvent censorship in authoritarian states. These are the tools developed by the Falun Gong technologists who already enjoy vast support from various neocon interest groups in Washington.

This would be most unfortunate and would further alienate geeks from policymakers, as Falun Gong tools are less effective and, well, they don't provide much security at all. This would only further reveal the duplicitous nature of Washington's Internet Freedom Agenda: it will seem as if all they want to promote is the ability to break through China's firewall -- but not the ability to say and publish what one wants without attribution. Many people in the State Department are not very keen on the Falun Gong crowd either, so I can't imagine that they would be interested in highlighting such issues (and yes, I know that State Dept is not monolithic but getting into internal squabbling inside Foggy Bottom would add another page or two to this post!).

I hope to post more analysis soon! In the meantime, make sure to check my Twitter feed, where I do post occasional observations and share links about WikiLeaks.

Update #1: There is now a statement on Anonymous/DDoS posted on WikiLeaks' site. They distance themselves from the attack -- which is good -- but don't really say what they feel about it (which is not so good...)