Last week, some members of the collective known as Anonymous petitioned the White House to have DDoS attacks legalized:
With the advance in internet techonology, comes new grounds for protesting. Distributed denial-of-service (DDoS), is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any “occupy” protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.
As part of this petition, those who have been jailed for DDoS should be immediatly released and have anything regarding a DDoS, that is on their “records”, cleared.
Their petition is unlikely to reach the 25,000 mark needed to trigger a response from the President, and I disagree with their analogy or attempts to legalize DDoS. When people occupy a space with their bodies – in an old fashioned sit-in, lie-in, or demonstration – they don’t necessarily prevent others from accessing the space or business being protested. Usually, people can still get to where they’re going if they are willing to walk through or around a picket line. With a DDoS, the business is usually unavailable online for an hour or more, effectually shutting down the business instead of just making a point. Indeed, in a physical demonstration, customers would see the protest and know why there was a protest. In a DDoS, customers only know a site is unavailable without knowing why.
Legalizing DDoS when there are victims of financial harm is not a good idea. On the other hand, sending people away to prison for years for engaging in that kind of protest is disproportionate. Those engaging in DDoS for political purposes or “hacktivism” need to understand that they are engaging in disobedience and they should be prepared to face some consequences for it – just as Thoreau wrote in Civil Disobedience.
Where’s the Proportionality?
But the consequences of civil disobedience or breaking laws need to be proportional. What should be the consequences for blocking a bank’s online site for two hours? Should it be decades in prison? Of course not.
And if it makes no sense to send someone to prison for decades for DDoS, it makes even less sense to try to send someone away for decades when there is no victim alleging any harm, even if there was a violation of law.
Our government’s over-prosecution – or persecution – of Aaron Swartz should concern all of us because it was not a proportionate response to what he had done. JSTOR didn’t even support Swartz being prosecuted. So why did the U.S. Attorney’s Office in Massachusetts go after Swartz with a vengeance?
I did not know Aaron Swartz, but news of his suicide troubled me greatly as it seems that our government’s heavy-handed prosecution likely contributed to his suicide.
But while we rail at the government, we need to do some soul-searching. We’ve all known for a long time that the Computer Fraud and Abuse Act (CFAA) has been in need of revision and updating (cf, testimony by Orin Kerr). Had it been revised, the government might not have had grounds for prosecuting Swartz as a felon who might face 35 years in prison and a $1 million fine. Did we fail Aaron by not getting the law changed when we knew it needed changing? If we do not disarm our government from prosecuting activists as non-violent felons deserving decades in prison, how many more Aaron’s will we mourn?
Whether or not you blame U.S. Attorney Carmen Ortiz and/or MIT or both, we need to acknowledge that had the law been revised, this prosecution might never have gone to these lengths.
In 1960, Franklin McCain, Ezell Blair Jr., Joseph McNeil and David Richmond started a sit-in at a Woolworth’s lunch in Greensboro, North Carolina. Their courage and actions led to widespread protest thoughout the South and helped foster desegregation. Had the government prosecuted them with 35 years in prison and $1 million in fines hanging over their heads, where would we all be now?
It’s time for the law to recognize digital activism – not by excusing it totally – but by treating it with rational, fair, and proportional consequences. Aaron Swartz wanted the Internet to be free. At the very least, we should honor his memory by ensuring that the law does not excessively deprive people of their freedom for nonviolent activism.
Update: After posting this, I came across a commentary by Brendan Greeley of Bloomberg on Anonymous’ petition. It seems that he and I are of one mind on their petition.
Photo: We are legion by Sweet Peas Photography, Flickr, Creative Commons
Photo of Aaron, 2008, Flickr, Creative Commons