Pro-WikiLeaks denial of service attacks: just another form of civil disobedience.

Pro-WikiLeaks denial of service attacks: just another form of civil disobedience.

Pro-WikiLeaks denial of service attacks: just another form of civil disobedience.

Innovation, the Internet, gadgets, and more.
Dec. 13 2010 6:30 PM

In Defense of DDoS

Denial-of-service attacks are just another form of civil disobedience.

(Continued from Page 1)

Things get a little foggier when it comes to whether the attacks should be classified as "violent." While the DDoS attacks may have caused some material damage to their targets, this alone seems like a poor indicator of "violence." That the attacks cause congestion of infrastructure is a feature, not a bug: After all, if acts of civil disobedience did not disrupt the normal flow of affairs, they would hardly be "disobedient." One could also plausibly argue that since DDoS attacks cause only temporary rather than permanent damage to the attacked servers, they are far less violent than most acts of physical vandalism.

I'd argue, however, that the DDoS attacks launched by Anonymous were not acts of civil disobedience because they failed one crucial test implicit in Rawls' account: Most attackers were not willing to accept the legal consequences of their actions. This is the crucial difference between Anonymous and the civil rights movement. Those who participated in lunch counter sit-ins — purchasing nothing but cups of coffee and paralyzing restaurants by preventing other patrons from sitting down—knew what they were getting themselves into. They were violating an unjust law, and they knew that they would likely be arrested for it. Their faces could be photographed, their papers could be checked. The civil rights-era protesters knew that effective civil disobedience could not be carried out in complete anonymity; members of the Anonymouscollective have not grasped this yet.

How anonymous is Anonymous?While the FAQ for the collective's preferred DDoS-launching software claims that those using it run a "zero" chance of arrest, Dutch security researchers have discovered (PDF) that the opposite is true: It's actually very easy to trace all of its users, unless they take additional steps to "cover their tracks." If those partaking in Anonymous attacks are cognizant of the fact that their online actions are fully traceable, this may mitigate the anonymity problem and make their actions far more legitimate than they are right now. Without such realization, their acts hardly qualify as civil disobedience and border on hooliganism. For what it's worth, the announcement of Anonymous' most-recent operation explicitly calls on its participants to use proxies in order to guard their anonymity—as such, they are clearly not seeking to conduct their politics in the open.


While Anonymous' attacks fall short of Rawls' high standard for civil disobedience, we should not prejudge all DDoS attacks to be illegitimate. Yes, DDoS tactics are increasingly abused to silence independent media—newspapers in Belarus, Kazakhstan, Lebanon, and Burma have all fallen victim to DDoS attacks in the last few years. Moreover, such attacks are often launched by relying on zombie computers whose unsuspecting owners have no clue they're being enlisted as part of an attack. That's unacceptable however one looks at it.

But should democratic societies really treat everyone who participates in a DDoS attack as a hardened criminal? (The British law, for example, punishes anyone who downloads such tools with up to 10 years in prison.)

Clearly, not all DDoS attacks carry the same moral weight; it all depends on who is attacking whom, as well as how and for what reason. The ethical spectrum here is quite wide: While it's hard to imagine a situation where launching a DDoS attack on the Web site of the New York Times would ever be justifiable, it's not so hard to imagine morally permissible attacks on the Web site of the Iranian government or alleged fraudsters like the proprietor of DecorMyEyes. In some situations, it may even be OK for attackers not to disclose their identities fully: Few of us get furious at the sight of Iranian protesters wearing green scarves to protect themselves from the prying eyes of police.

If done right, DDoS may offer the much-needed antidote to the shallow and sterile politics of most Facebook groups and petitions, where participants take no risks and make no sacrifices. Sure, there is always a risk that DDoS attacks will degenerate into acts of vigilante justice. But the same risk exists with any kind of real-world protest or demonstration. This is the price we pay for not living in a police state where there are no unscheduled events or provocations. DDoS, like all forms of protest, is messy. But there will always be certain times and places—even more so in our increasingly networked world—when the use of "DDoS justice" is warranted.