The current chapter in the WikiLeaks saga has finally forced me to come out of my blogging semi-retirement! While I'm still trying to make sense of everything that has happened in the last ten days, here are some analytical notes on Anonymous and the challenges facing the Obama administration as it mulls an appropriate response to WikiLeaks.
The impact of the recent wave of cyber-attacks launched by Anonymous on a handful of companies that dropped WikiLeaks as their client -- Amazon, EveryDNS, MasterCard, Visa and others -- is hard to gauge. I'm certain these attacks won't make any of these firms to reconsider, strike peace with WikiLeaks, and offer them some vouchers in compensation. But could the attacks serve as a deterrent to other firms that have been considering dropping WikiLeaks?
Perhaps -- but I don't know how many such companies there are. Right now, WikiLeaks is heavily dependent on Twitter and Facebook as their primary channels for external communications; it's these two firms that need to be watched most closely. (I don't expect many people to call on Google to remove WikiLeaks from its search results -- but let's wait and see...) So far, both Twitter and Facebook have been taking rather bold steps: they declined to stop doing business with WikiLeaks and actually removed the accounts of Anonymous (alas with little success, as new accounts were created within minutes). It's clear that should these two companies succumb to pressure and part with WikiLeaks this would result in a major online backlash.
Now, the fact that Anonymous chose to go after Visa and MasterCard has created all sorts of other challenging issues. While the attacks targeted only the public web-sites of these companies -- rather than the underlying infrastructure that allows card transactions to be processed -- such subtleties are likely to get lost in the public debate. As far as policymakers are concerned, these attacks would be viewed as striking at the very of the global economy (even if they obviously aren't in reality). It's still not clear to me whether any credit card data has been leaked or compromised as a result of such attacks, even though Anonymous posted some links to such data on their Twitter feed. This too won't matter, as most people would assume that data has, in fact, been stolen.
I seriously doubt that U.S. authorities would be able to effectively go after Anonymous, in part because there are too many people involved, they are scattered all over the globe, and attributing cyber-attacks to them would be impossible (and would surely require reading a lot of chat transcripts from IRC). The only other possible policy response at their disposal is to make it easier to trace such attacks in the future -- most likely by empowering the likes of NSA/Cyber Command. I would imagine that after the current cyber-attacks on credit card companies -- even if they didn't cause much damage -- this would enjoy bipartisan support in the United States.
As far as long-term developments are concerned, I think that much depends on whether the WikiLeaks saga would continue being a debate about freedom of expression, government transparency or whistle-blowing or whether it would become a nearly-paranoid debate about the risks to national security. Anonymous is playing with fire, for they risk tipping the balance towards the latter interpretation -- and all the policy levers that come with it.
That said, I don't think that their attacks are necessarily illegal or immoral. As long as they don't break into other people's computers, launching DDoS should not be treated as a crime by default; we have to think about the particular circumstances in which such attacks are launched and their targets. I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don't criminalize all sit-ins, I don't think we should aim at criminalizing all DDoS.
I can spend hours debating this subject but, in short, while Anonymous' actions may result in greater government oversight of the Internet, they are not necessarily illegal or immoral just because they involve DDoS attacks. The danger here is obviously that if the narrative suddenly becomes dominated by national security concerns, we can forget about DDoS as legitimate means of expression dissent -- that possibility would be closed, as they would be criminalized.
What is the impact of these attacks on WikiLeaks? The organization has been silent about its own relationship to Anonymous -- I didn't see any tweets, let alone press-releases, that either spoke out against or in favor of cyber-attacks. As far as strategy is concerned, I think it's a big mistake for WikiLeaks to stay silent on the issue. In the absence of any statements from their end, most people -- especially those who have never heard of Anonymous before -- would assume that they are part of the same hacker gang. (Sarah Palin seem to have implied as much when she accused WikiLeaks about attacking her site).
That WikiLeaks chose not to address this issue publicly suggests that the organization is either overstretched or has not yet reached a level of maturity that some of us expect from it before expressing our unqualified support for what they do. As long as most people link WikiLeaks to the cyber-attacks on credit card companies, it's a net loss for WikiLeaks. It would also make it easier for certain cyber-hawks in Washington to justify classifying them as a "terrorist" organization -- at least whenever they appear on Fox News. Arguably, this is not a battle they can win with facts anyway -- but they should at least be leaving some public record of their stance on such issues. I'm also not sure about the overstretching argument: I'm sure plenty of smart people would volunteer to do PR for WikiLeaks for free...
All in all, if the public continues to associate WikiLeaks with hacking and cyber-attacks -- rather than, say, providing a safe platform for whistleblowers -- this will greatly erode the goodwill that WikiLeaks has built over the course of the last few months by increasing their cooperation with media organizations and NGOs. That "normalization by third parties" allayed the concerns of many -- but cyber-attacks may once again seed doubt in many people's minds.
Looking beyond Anonymous, I'd like to note that when it comes to crafting an appropriate response to WikiLeaks, the Obama administration is in a very delicate position. On the one hand, the domestic pressure to do something about WikiLeaks is growing -- and it will get even worse, as Anonymous continues its attacks and adds more political targets to their list (and I'm sure they will as there is some vicious circle at play here: the more attacks they launch, the more people condemn WikiLeaks, the more new targets Anonymous has). On the other hand, it's obvious that going after WikiLeaks would put the final nails in the coffin of the State Department's Internet Freedom Agenda, which is the most obvious victim of the last ten days.
I have always had mixed feelings about this Internet Freedom drive. While I think it's misguided and led by highfalutin techno-boosters unaware of the geopolitical background to their own actions, it's also obvious to me that there is some good that may come out of the U.S. government's interest in such matters -- for example, the support they offered to tools like Tor has been most appreciated. (That support, however, predated the formation of the Internet Freedom Agenda as articulated by Clinton in January 2010).
The real question here is whether, as the public attitudes towards tools like Tor -- which provide the very anonymity that benefits leakers -- quickly turn negative, the State Department and agencies like the National Endowment for Democracy would lose the ability to fund anything in this space. It's also not clear to me whether many of the geeks associated with the "Internet freedom" movement would feel comfortable taking money from the U.S. government, given that the latter are actively pursuing people like Assange.
I think this partly explains why the U.S. government has been so slow/low I key in lashing out against WikiLeaks, leaving the rhetorical heavy-lifting to populists like Sarah Palin, Rush Limbaugh and Joe Lieberman. Leaving in their hands also means abandoning control of the conversation; so far, it seems to me that such approach has been quite detrimental.
For example, many foreign politicians are already calling on Washington's duplicity and lack of media freedoms and disrespect of human rights -- all because Glenn Beck and Sarah Palin said something radical. As far as most foreign audiences are concerned, few draw distinctions between the elected officials, those in the opposition, and the punditry -- they are all part of "Washington"; so whatever the radicals says would, of course, eventually be associated with the White House and the State Department. I don't know how long the administration can afford to stay on the sidelines of this debate.
Another possible unfortunate consequence of the current backlash is that more U.S. government funding would go to tools that don't provide full anonymity but that still allow to circumvent censorship in authoritarian states. These are the tools developed by the Falun Gong technologists who already enjoy vast support from various neocon interest groups in Washington.
This would be most unfortunate and would further alienate geeks from policymakers, as Falun Gong tools are less effective and, well, they don't provide much security at all. This would only further reveal the duplicitous nature of Washington's Internet Freedom Agenda: it will seem as if all they want to promote is the ability to break through China's firewall -- but not the ability to say and publish what one wants without attribution. Many people in the State Department are not very keen on the Falun Gong crowd either, so I can't imagine that they would be interested in highlighting such issues (and yes, I know that State Dept is not monolithic but getting into internal squabbling inside Foggy Bottom would add another page or two to this post!).
I hope to post more analysis soon! In the meantime, make sure to check my Twitter feed, where I do post occasional observations and share links about WikiLeaks.
Update #1: There is now a statement on Anonymous/DDoS posted on WikiLeaks' site. They distance themselves from the attack -- which is good -- but don't really say what they feel about it (which is not so good...)
So the Haystack Affair (is there a Wikipedia page named after this already?) continues generating food for thought for those of us working at the intersection of free expression, Internet censorship, and media development.
Yesterday I blogged about what the Haystack Affair suggested about the responsibility of "Internet intellectuals." Ethan Zuckerman, who was one of the intellectuals I singled out in that post, eloquently responded to my criticism on his blog.
Let's imagine a parallel universe for a second. In that universe, the U.S. State Department decides that energy -- rather than the Internet -- would form one of the core pillars of "21st century statecraft."
To that end, the secretary of state would give a speech about some highly abstract and ambiguous concept like "environmental freedom" that would strike the right chord with the media -- if only because it promises a greener future for all of us!
Since energy-inspired "21st century statecraft" would be difficult to practice without courting the private sector -- the likes of Haliburton, Exxon Mobile, and Chevron -- their executives would be taken on regular tours of exotic places and invited to private dinners with the secretary of state.
People spearheading this kind of energy-inspired "21st century statecraft" would have a very friendly relationship with the corporate world, occasionally leaving government service to work for the giant energy corporations.
MANDEL NGAN/AFP/Getty Images
If the world of non-profit technology had its own stock exchange, I'd recommend buying lots of stock in Haystack, a censorship-circumvention software put together by California-based Censorship Research Center in order to help Iranians evade their government's control of the Internet.
Haystack's story makes for great Hollywood material: Bay Area technologists who serendipitiously discover that there is a bloody and violent world beyond Silicon Valley -- the one where people rebel, fight, and die for real and not just as part of some new Facebook game -- decide to dedicate themselves to the fight against authoritarian evil with the help of -- you guessed it! -- the Internet. They are the ones putting "Twitter" into the "Twitter Revolution"! And you too can abet their fight: they've got a whole two Donate buttons on their website!
Not surprisingly, Haystack has been all over the media in the last few months -- most recently in Newsweek -- with its founder Austin Heap getting quite a bit of attention from journalists and policymakers alike. This is, for example, what the ever-modest Heap told Newsweek: "Tomorrow I meet with [Sens. John] McCain, [Bob] Casey, maybe [Carl] Levin, but I don’t know if I will have enough time." (Apparently, the senators have become much more tech-savvy since I left town; perhaps, this comes with age.) And it's not just American media: The Guardian pronounced Heap to be "The Innovator of the Year" -- though personally I would have gone with "The Publicist of the Year," just check this photo -- but then who am I to judge? (Moi -- I am only invited to opine on the Snark of the Year Awards.)
I like Hollywood as much as the next guy -- and yet something just doesn't feel right about Haystack. What really bothers me is that one cannot download and examine their software; as far as the Internet is concerned, Haystack doesn't exist. In fact, Heap says that it is only distributed to trusted contacts inside Iran; putting it online would create a situation where the government could easily get hold of it as well and then reverse-engineer it or ban it or find a way to track its users.
Jeff T. Green/Getty Images
As technology and global politics become intertwined -- even in countries that were barely online only a few years ago -- there could hardly be a better time to launch a blog to study this complicated relationship. From Russia to China and from India to Brazil, technology is reshaping entire countries and societies. Often, these changes are for the better: The mobile phone is enabling millions of people around the globe earn a a living, while blogs and social networks allow NGOs to mobilize their supporters around particular causes.However, even a cursory look at top technology issues facing us today -- from Internet censorship to online surveillance to cyberwarfare -- makes it clear that technology poses almost as many threats as opportunities. Most interestingly, we see authoritarian regimes gain proficiency with the Internet and actively turn it to their own advantage -- a phenomenon I dub the "spinternet". Even more disturbingly, many of these more sinister activities happen very quietly, while the public gets overly excited about edgier issues like cyber-spies.
Evgeny Morozov, originally from Belarus, is a visiting scholar at Stanford and a Schwartz Fellow at the New America Foundation.