More on DDoS as civil disobedience

Posted By Evgeny Morozov Tuesday, December 14, 2010 - 9:55 AM Share

After I found one of my earlier FP blog posts quoted in an Anonymous press-release, I thought that I need to clarify my position. Here is my piece for Slate where I attempt to do just that. (Warning: some light political philosophy ahead).

The crux of my argument is that there are certain conditions, which, if met, could make DDoS attacks a form of civil disobedience. However, the case of Anonymous doesn't meet all of them, mostly because the Anonymous attackers don't want to take legal responsibility for their actions.

The part of my original blog post quoted in the press-release -- the one that mentioned DDoS as a "legitimate expression of dissent" -- is not at all ambiguous: what I was suggesting is that the actions of Anonymous would not be interpreted as such by the U.S. media/political circles and may thus result in more control over the Internet by the governments and complete de-legitimization of DDoS attacks as civil disobedience. So I was surprised that Anonymous took those words somewhat out of context and used them to imply that I actually viewed their acts as "legitimate"; I did not. This, however, does not mean that I view all DDoS attacks as illegitimate!

So let me just repeat this once again:

1. To understand whether DDoS attacks can be viewed as civil disobedience, we need to examine the context in which they occur.

2. As far as I can judge the context of the Anonymous case, they failed the test (for more on the specifics of the test, see my Slate piece; I rely on John Rawls's views on civil disobedience n his A Theory of Justice).

3. Operation Payback and its successors may, indeed, harm the causes of Internet freedom but this is NOT what makes them illegitimate.

There is a vibrant debate about DDoS as a legitimate expression of dissent in the blogosphere -- see this excellent summary of positions at TechPresident and this blog post by Deanna Zandt. There is an interesting comment by Ethan Zuckerman in response to Deanna's original blog post that I would like to examine a big more closely.

In short, Ethan is arguing that DDoS attacks are increasingly used to silence down independent publishers; they don't have the same resources as MasterCard or PayPal to deal with them; as a result, for them DDoS causes real rather than just temporary damage; Operation Payback has given DDoS as-a-silencing-tactic a lot of PR; and, finally -- and I am really putting words into Ethan's mouth here -- Anonymous and others should consider the consequences of their actions for others.

As much as I would like to agree with Ethan, I am not sure I am buying the (rather implicit) prescriptive part of his argument. First, it seems to conflate the issues of legitimacy and efficacy -- something that I explicitly caution against in my Slate piece. I'm strongly opposed to making efficacy a factor in evaluating the morality of particular DDoS attacks, not least because efficacy is too fickle of a concept and tends to undervalue the deterrence value of civil disobedience.

How do we know that the reason why Facebook and Twitter still have not removed WikiLeaks' account was not because they feared DDoS retaliation from Anonymous? Of course, it's much easier to measure the costs -- greater crackdown on the Internet, more NSA types in 4chan chatrooms, etc -- but it's not so easy to measure the benefits; will PayPal be as forceful in freezing the funds when it comes to the next WikiLeaks? We simply don't know -- but I'd venture to suggest that the attacks have probably had some impact on corporate decision-making.

This is not to suggest that we shouldn't try to assess the efficacy of DDoS but only to suggest that tying it to legitimacy seems misguided. That an entity like Anonymous has a good moral reason to act on something does not mean that they should necessarily act on it. In the end, it all boils down to good judgment -- and this is where wise Internet intellectuals should step in and theorize about potential fall-outs, crackdowns and what not, so that any of us can make the right (for us) call on whether to join the DDoS effort.

The other thing that bothers me about Ethan's comment is that it doesn't really make an effort to reconcile my right to protest injustice by engaging in acts of civil disobedience (forget Anonymous, we are talking abstract DDoS which doesn't fail the test) with some independent web-site's right to publish what they want and when they want online. (Remember: the theory at play here is that as DDoS get popular/mainstream, this would result in more attacks across the board, thus having a very negative impact on independent/poor publishers).

Is it really always the case that I shouldn't engage in DDoS to right some moral wrongs just because this may potentially make it harder for some third-party to conduct their affairs? I can think of conditions when this would be the case -- but critics of DDoS as civil disobedience need to spell out those conditions in great detail before they assume a particular resolution of competing claims. I can, for example, also think of conditions where my right to protest an injustice might trump a third-party's right to publish.

Otherwise, we end up with very simplistic moral and ethical frameworks where all attacks are presumed to be good or bad simply because of the intrinsic qualities of DDoS. This is an outlook that I reject as technology-centrism (in The Net Delusion, I am actually very critical of a similar tendency in "Internet freedom studies," where the assumptions about the Internet's inner logic seem to outweigh the assumptions about the context in which it manifests itself).

Unfortunately, I can't sign up to Ethan's call -- "Just don't give moral and ethical air cover to the bastards who are using DDoS to silence sites for whom a DDoS is a shut down, not a sit in" because "giving moral and ethical cover to bastards" is often the unfortunate result of allowing those who are NOT bastards to act in morally justifiable ways (as opposed to ways recommended by the estimable Berkman Center).

Until we hear some cogent arguments as to why the possibility of digital shutdowns should always prevent us from participating digital sit-ins, I would like to urge more caution on this subject. My own guess these arguments would never work in the abstract and would still need to be evaluated on a case-by-case basis in the particular contexts they are set in. Which, to return to my original post, was my whole point: we shouldn't prejudge DDoS to be "good" or "bad" simply because it's illegal or because it is "DDoS."

p.s. plenty of folks -- check comments to Deanna Zandt's post -- suggest that there are better, more constructive ways to express one's solidarity with WikiLeaks or one's indignation with the companies that dumped it. Sure, there are. However, most of the "constructive" activities mentioned in the comments are fully legal and thus do not meet the definition of "civil disobedience," which presumes a breach of law. So, once again, this is the question of efficacy, not legitimacy.

EXPLORE:INTERNET, WIKILEAKS
 

CATHERINE A. FITZPATRICK

6:54 PM ET

December 14, 2010

Selective Morality

Your tacitly-supported revolution coming too close for comfort, Evgeny?

It's not just the earlier blog post that needs clarification; if you're sitting on Twitter and eagerly posting the new Anonops Twitter account addresses as fast as they are made when the previous ones are banned, you need to think whether the line between academic study and activism (never well established with you) is in fact being blurred. I think your strategic retweets are part of the intellectual propaganda substrate that anonops can rely on.

There aren't any conditions when the DDOS can be construed as legitimate protest. Any movement that uses violence, even for some "good end" like removing fascism or communism, will itself become like what it seeks to replace. Isn't the critique you "progressives" have about the United States and its hypocrisy about its liberal values? Why can't you extend that sharp analysis to your friends at WikiLeaks and 4chan?

Context can't forgive the DDOS, which removes the right of other people to free speech and free association in the name of a supposed cause for freedom of some other values. The lunch counter protesters paid for their lunch in their quest to an end of discrimination; the 4chan takes lunch away from other people for no higher cause, merely their own screw-you hedonism.

As I've noted, Ethan takes the low road here, refusing, as I've seen him refuse before, to condemn justification of violence in the leftwing blogosphere (like Palestinian apologia), preferring to fudge and deliberate about whether it has some validity for the sake of his own "progressive" politics. He's willing to condemn the DDS on Deanna Zandt's blog (where my comment by these "free Internet" promoters languishes "in moderation") only because he fears it may inspire a worse backlash from the "security state". Is that the only reason for morality the left can ever find?!

You don't mention that problem, however, and prefer to focus on a passing point of Ethan's, that "independent publishers" who randomly suffer DDOS attacks "don't have the same resources" as Mastercard to cope with them, so they are "injust" on as an economic rights problem -- it's as if indeed Ethan thinks he can appeal to some third-world "progressive conscience" in these people to "think about the children".

And here's pretty good proof of my constant critique of you and your confreres, that you work at this topic primarily to set yourself up in power in some kind of Wired State:

"That an entity like Anonymous has a good moral reason to act on something does not mean that they should necessarily act on it. In the end, it all boils down to good judgment – and this is where wise Internet intellectuals should step in and theorize about potential fall-outs, crackdowns and what not,so that any of us can make the right (for us) call on whether to join the DDoS effort. "

You can't see your way clear to condemning the DOS as an abolition of freedom and not a tactic to gain freedom? Why? And you and those other "wise Internet intellectuals" (sigh) are going to "set the tone" for all of us dummies?

 

DISAMBIGUATED

4:53 AM ET

December 15, 2010

DDoS attacks always result in unacceptable collateral damage.

DDoS attacks always result in unacceptable collateral damage: outbound bandwidth from the participating user/bot ISP is consumed, ancillary and necessary services like DNS are often impacted for ordinary users of the same ISP as the attacker, the increasing use of cloud computing means that by definition many targeted sites are actually multitenant in nature, and many of these dependencies/interrelationships are not apparent to the attacker.

In the physical world, it's quite easy to organize a sit-in, a strike, a picket, a march, or other form of civil disobedience which is clearly focused on the objectionable organization or person; not so on the Internet. Even highly skilled, technically-inclined Internet users often have no way to infer the true scope of the collateral damage caused by a DDoS attack until the attack itself is launched.

DDoS attacks are the online equivalent of an out-of-control mob hurling rocks and brickbats at anything and everything in sight, and at many targets which aren't readily apparent. They do not inform, they do not persuade, and they are also readily defended against by technical means which can protect the ostensible targets while leaving secondary/unintentional targets to suffer the consequences of the aforementioned collateral damage.

Thus, the same strictures which make governmental and military online attacks impractical and highly undesirable also apply to DDoS attacks launched with the aim of protesting the actions of some group or individual; the actual target is unlikely to be persuaded, is unlikely to suffer lasting harm, while many innocent bystanders will be inconvenienced or more seriously affected by said collateral damage.

It is disappointing in the extreme that a supposedly mature adult who demonstrably benefits from the stability and security made possible by the existence of functional government and civil society would advocate such irresponsible and harmful actions.

 

MALICEIT

5:40 AM ET

December 15, 2010

When labor unions protested

...they were met with National Guards.
When hippies protested they were met with armed police
When Anonymous protested they were met with..what ?

 

XTIANGODLOKI

2:39 PM ET

December 15, 2010

How is DDOS attack different from other types of protests

All forms of protests' aim is to get people to change by disrupting the status quo. Boycotts attacks the financial well being of an entity, strikes attacks the continuity. Effective protests will certainly limit the target's free speech and ultimately change the target's way of doing things forcibly.

 

BSPAG

6:43 PM ET

December 15, 2010

On Anonymous

Anonymous did not start the DDoS attacks. If you looked into the origins of Operation Payback it was retaliation for previous DDoS (first a corporation's DDoS against a file-sharing network, the to TheJester who took out Wikileaks). Don't hear much about that though, Anonymous was far more successful (and thus published) because far more people participated.
Secondly, what are we supposed to do. Have Joe Lieberman make a phone call to take them offline? Sorry, not all of us have millions of dollars to lobby with, so ordinary people lack the resources to organize 'legitimate' democratic efforts.
You should be happy to know however that Anonymous is moving away from DDoS attacks to other tactics, such as proliferating the leaked cables

 

Evgeny Morozov, originally from Belarus, is a visiting scholar at Stanford and a Schwartz Fellow at the New America Foundation.

Read More