Everything You Need to Know About Online Activism, Hacktivism, and Civil Disobedience

hacktivism 101

hacktivism 101

Speaking to a very nice gentleman from Al Jezeera America (Adam Elrashidi) on Friday about Hacktivism, his questions helped me clarify some thoughts on this topic that I’ve been meaning to write since last month’s piece on Jeremy Hammond. The problem is that there are three terms that are bandied about like cheap ad-hominem’s on a cable ‘news’ show: Hacktivisism, Civil Disobedience, and Online activism.

I think an important starting point is that disobedience means disobedience. It doesn’t mean generic law-breaking. It means disobeying an order, not breaking the law. To use an example, Rosa parks refusing to give up her seat was civil disobedience. If she had, instead, turned out and punched whoever was asking her in the face, that would NOT have been civil disobedience, it would have been assault.

Likewise, in UC Davis, the students were exercising civil disobedience in refusing the order to disperse when they were hit with the stream of CS gas by Lt. Pike. Had they actively resisted, then it would (potentially) have been assault.

So the key aspect of any sort of civil disobedience is a passivity to authority, however, that should be taken with not just a pinch of salt, but with a massive helping of common sense. The idea is to make a point, not to cause injury. That’s emphasised by the very name, ‘civil’, which doesn’t mean ‘not criminal’ as some might assume (as in civil court and criminal court) but means civility, so no abusiveness, aggression etc.

This extends on to online activism. By far and away the most obvious example of online activism in recent times was the SOPA/PIPA blackout in January 2012. The action was simple, passive, broke no laws, and yet got the message across simply. When people were disrupted from their normal activities, they were given an explanation why. In addition the method resonated with the underlying allegations of censorship.

There are other methods that have worked too though. Sites like Avaaz and Change.org are regularly used for online activism, although to some activist it’s more like ‘slacktivism’. However, they’ve brought attention to causes ranging from the Travayon Martin shooting, to the Bahraini protests. Even the Whitehouse petition site is a form of online activism, albeit an ineffective one (especially for those looking to bid on the Death Star).

“Hacktivism” is another kettle of fish, and like that kettle, it has a bit of a whiff to it. Hacktivism can be broken down into two basic groups that can loosely be labelled ‘annoyance’, and ‘direct action’.

Annoyance generally takes the form of a DDoS (Distributed Denial of Service) attack. While it is compared by some to a ‘digital sit-in’, as I’ve said earlier, the comparison is a bit of a stretch, because there are many differences between ‘online’ and ‘meat space’ that disrupt this nice nuance. These very differences, in fact, that were championed by many hacktivists when the US Supreme Court handed down it’s ruling in US v Jones in early 2012. In that ruling the judges highlighted that modern technology allows people to do a lot more via electronic means than is possible using actual manpower alone, be it surveillance as in Jones, or a ‘sit in’ as a DDOS is alleged to be.

A lot of the people who have supported and participated in ‘Anonymous’ used tools like the Low Orbit Ion Cannon’ (LOIC) – a network tool designed to test networks. Anonymous members call themselves part of a voluntary bot-net with these actions, but many have been tricked into participating. And of course, those using these tools are fairly obvious and easy to trace.

Worse for them, DDOS attacks have become increasingly ineffective in performing their intended result. Mitigation services like Cloudflare have stopped massive attacks that use techniques like DNS reflection, which are not only capable of much greater traffic than LOIC-spawned attacks, but hide the attacker.

Meanwhile police in many countries have arrested some of those that participated, potentially criminalising tools that have a legitimate use in technology through association, as I noted several years ago.

And as an end result, such attacks like Operation Payback, Operation Avenge Assange, and others have not actually resulted in any positive actions; meaning they were, bluntly, utter failures. Especially as quite often those attempting to use the targeted site have no idea what’s going on, or that there’s even a protest.

LulzSec logo

LulzSec logo

The Direct Action hacktivists are a different matter altogether, though. Despite Stratfor, HBGary and other hack attacks (including an attack on Westminster’s WiFi network this past weekend at the Million Mask March) there has actually been very little productive that’s come from it, despite claims to the contrary.

Stratfor, for instance, told us a lot about a private security/investigation company, but what it mostly told us about were legal things that were of no surprise to anyone, except in the details. Most of the other AntiSec actions likewise were mostly non-information that was more to harass than reveal anything of any public value.

And then there’s the other aspect of Lulzsec. Generally protesters don’t take great efforts to hide their actions. Doing so tends to undermine the impact of the protest. It’s only when serious acts that are generally criminal that people tend to hide. A quick look at how alleged Lulzsec member Hammond (with whom I have a history) was hiding shows he understood he was breaking the law. However, unlike Snowdon or others, he didn’t have the convictions to stand up and openly acknowledge his protest, like others do. It’s almost like he was ashamed of his actions. Why is that?

It’s almost certainly because he knew that there was no real value to the actions he was doing, he wasn’t protesting anything, he was just doing what he could to annoy and attack his perceived enemies, while at the same time criticising politicians for doing the same.

The difference between Manning, Snowdon and Hammond is clear when you look at what they released, and how they got it. Both Snowdon and Manning were exposed to it as parts of their job, and revealed actions and activities that were morally reprehensible and/or illegal, and which the Government had lied about. What Hammond ‘released’ was some corporate information that was not ground-breaking, and was at best, exposing some financial overspending, but nothing that was illegal, or criminal; and how he got it was to attack the systems from outside, a crime. He wasn’t made aware of crimes, he took it on himself to find crimes, to expose. If he wanted to do that, he should have become an investigator, and gone through the law, as he wants others to.

While Snowdon and Manning were unquestionably whistle-blowers, you can’t set out to be a whistle-blower by deciding to commit a crime; start off going ‘I know nothing, but I’m going to commit crimes until I find something I can blow the whistle on’. That’s just crazy.

Indeed the only real action that’s come from hacktivism has been a cracking down on computer use. The Computer Fraud and Abuse Act (CFAA) has been invoked significantly, and widely, and legitimate actions are now viewed with suspicion. In this, hacktivism has not provided anything positive, but has instead given governments a reason to crack down harder, with no redeeming qualities. In this way, hacktivists, who have seen themselves as a force for ‘good’, have actually been more of a tool for oppression, with attacks that are mostly worthless being used as justification for crackdowns.

At the very least, hacktivism has not proven itself to be a worthwhile action, and significantly reduces the impact of online activism. However it’s certainly not civil disobedience, and nor should it be confused with online activism. Hacktivism is instead used now as an excuse to break laws, and to do whatever someone feels like to find and then expose some ‘injustice’ out there.

It’s important to remember that while I, like the Pirate Party, are strong believers in both Personal Privacy, and Government Accountability and Transparency, Hacktivism isn’t the way to do it. You don’t breach peoples privacy, to protect privacy. You don’t go vigilante to fix a wrong you think might be there. You can ruin a lot of plans that may succeed that way. It’s why if there’s a SWAT team about to raid someone, you don’t want the yahoo with the revolver crashing in there (unless you’re Wayne Lapierre)

There’s a right way, and a wrong way to do things. Hammond chose the wrong way. Am I being overly harsh because I’ve also be a target of Mr Hammond’s “activism”, perhaps. The key fact to me though is that he stole credit cards (his lawyer claims he had no part, but since he’s admitted guilt to it in a court plea, that’s that) – whistle-blowers don’t steal credit card numbers, or make $700,000 of charges on them. Had that gratuitous action (which is what he planned on doing the with the Protest Warrior credit cards but was caught first) removes any inclination to treat him as a whistle-blower, and puts him firmly in the camp of someone who was just doing it because they could, and any ‘whistle-blowing’ was a side act; more HACKtivist than “hacktivist”