In Defense of DDoS
Denial-of-service attacks are just another form of civil disobedience.
Judging by the last two weeks, being an enemy of Julian Assange is only marginally less stressful than being Julian Assange. Amazon, PayPal, MasterCard, and Visa, which all moved to cut ties with Assange's WikiLeaks after the site's release of diplomatic cables, have been the targets of distributed denial-of-service attacks from a group that calls itself "Anonymous." There is nothing fancy going on here. DDoS attacks simply aim to send more traffic to a target site than it can handle, slowing it down or making it temporarily unavailable. Many prominent Internet personalities, including John Perry Barlow and Cory Doctorow, have spoken out against DDoS on the sensible-sounding grounds that one can't fight for free speech by limiting it for others. How, then, does Anonymous defend its actions? In a press release (PDF), the self-described "Internet gathering" explains that its "goal is to raise awareness about WikiLeaks and the underhanded methods employed by … companies to impair WikiLeaks' ability to function." For this author, however, the most interesting bit of the press release comes in the next paragraph: "[A DDoS attack] is a symbolic action—as blogger and academic Evgeny Morozov put it, a legitimate expression of dissent" (italics theirs). Yes, it's true: I did write those words. Under certain conditions—some of which, I believe, are present in the case of Anonymous—DDoS attacks can be seen as a legitimate expression of dissent, very much similar to civil disobedience. In other words, there are cases where DDoS attacks have more in common with lunch-counter sit-ins than with acts of petty vandalism. There is a legal precedent for such comparisons. In 2006, a court in Germany, asked to decide whether a DDoS blockade of Lufthansa for allowing its planes to be used in the deportation of asylum-seekers was tantamount to a demonstration, opined that the civil-disobedience analogy is valid. (Germany being Germany, the organizers of the cyber-attack on Lufthansa's site had first asked the local authorities for formal permission to go ahead but were turned down.)
Declaring that DDoS is a form of civil disobedience is not the same as proclaiming that such attacks are always effective or likely to contribute to the goals of openness and transparency pursued by Anonymous and WikiLeaks. Legitimacy is not the same thing as efficacy, even though the latter can boost the former. In fact, the proliferation of DDoS may lead to a crackdown on Internet freedom, as governments seek to establish tighter control over cyberspace.
Likewise, assessing the legitimacy of a particular DDoS attack is not the same as assessing its legality: There is no disputing the fact that DDoS is illegal in many countries (hence the "disobedience"). Thus, to figure out which cases of DDoS may deserve some leniency from the judges, we need to shift the focus away from the medium and on to the message.
John Rawls, one of the most influential philosophers of the 20th century, offered one of the best modern theories of civil disobedience in his 1971 masterpiece, A Theory of Justice. Rawls defended civil disobedience as long as the breach of law was public (i.e., authorities were notified of the disobedient act before or shortly after it occurred), nonviolent (i.e., the disobedient act did not impinge on the civil liberties of others and caused no injuries), and conscientious (i.e., the disobedient act was underpinned by serious moral convictions). Furthermore, Rawls argued that those who practice civil disobedience should be willing to accept the legal consequences of their actions, if only out of their fidelity to the rule of law.
Some elements of Rawls' theory are not indisputable—Bertrand Russell, for example, believed that some violence might be acceptable, for it could force the media to pay attention to issues that may otherwise go unnoticed. Still, Rawls' theory offers an elegant template for evaluating Anonymous's DDoS warfare.
The attacks were clearly public: Anonymous widely advertised the targets, the software to be used, and even the timeframe. Anyone could follow their deliberations in their online chat. They were conscientious in as much as they believed that companies like Amazon and Visa behaved in a cowardly fashion by pulling support from WikiLeaks and that politicians—especially Joe Lieberman and Sarah Palin—should not have exerted pressure on them without first establishing a strong legal case against WikiLeaks.
Did the attackers want to change policies and laws and not just cause mischief? I believe so. One of their goals was to prevent other companies from bowing down to undue political pressure. Another objective was to show the government that prosecuting Assange based on the contentious Espionage Act of 1917 would enrage many digerati.
Evgeny Morozov a contributing editor at the New Republic and the author of the forthcoming To Save Everything, Click Here: The Folly of Technological Solutionism.