Return to Video

The Ethics of Activist DDOS Actions [29c3]

  • 0:10 - 0:21
    applause
  • 0:21 - 0:23
    Hi, my name is Molly Sauter.
  • 0:23 - 0:26
    I'm currently a grad student at MIT in comparative media studies
  • 0:26 - 0:30
    and I do research at the center for civic media at the media lab.
  • 0:30 - 0:35
    This talk is going to be laying out an analytical framework
  • 0:35 - 0:37
    that I've been working on for a while
  • 0:37 - 0:41
    of the ethical analysis of activist DDoS actions.
  • 0:41 - 0:45
    And though distributed denial of service attacks have been used
  • 0:45 - 0:49
    as a tool of digital activism for roughly the past 2.5 decades,
  • 0:49 - 0:53
    the past couple of years we have seen this huge explosion of the use
  • 0:53 - 0:55
    and the tactic and the popularization of the tactic
  • 0:55 - 0:58
    as well as a sharp increase in the attention
  • 0:58 - 1:01
    its use attracts for media and state actors.
  • 1:01 - 1:04
    All this attention has brought a lot of criticism and
  • 1:04 - 1:08
    a lot of sort of support from various people in the digital space,
  • 1:08 - 1:10
    including digital activists.
  • 1:10 - 1:15
    However both DDoS's critics and DDoS's proponents seek to declare the tactic
  • 1:15 - 1:21
    as a whole as good or bad, without a nuance understanding the variety of circumstances in contexts
  • 1:21 - 1:24
    that can render the tactics use ethical or unethical.
  • 1:24 - 1:27
    So in this talk I'm gonna lay down the preliminaries for a framework
  • 1:27 - 1:33
    by which to perform an ethical analysis of an activist DDoS action in individual use context.
  • 1:34 - 1:37
    We're gonna go through a brief technical legal note
  • 1:37 - 1:40
    which I assume I'm gonna be able to skip for this audience,
  • 1:40 - 1:46
    criticisms of activist DDoS actions that have been thrown out in the past.
  • 1:46 - 1:50
    Then we're gonna get in to the analytical framework that I'm proposing
  • 1:50 - 1:53
    and then I'm gonna tell you a little about where I'm gonna take this
  • 1:53 - 1:56
    as I write my thesis, which this is.
  • 1:57 - 2:00
    So everybody knows what a DDoS attack is, right?
  • 2:00 - 2:02
    Raise your hand if you know what it is.
  • 2:02 - 2:04
    Awesome, I can totally skip this slide.
  • 2:04 - 2:06
    laughter
  • 2:07 - 2:11
    DDoS action, distributed denial of service action by which
  • 2:11 - 2:15
    you seek to monopulize the resources of a server or other resource
  • 2:15 - 2:18
    with your resources to prevent other people from using it.
  • 2:18 - 2:20
    Good, we're happy? We're happy.
  • 2:20 - 2:24
    applause
  • 2:24 - 2:27
    Alright, brief legal note: unlike this cat I am not a lawyer.
  • 2:27 - 2:29
    I do not have a law degree, haven't studied law.
  • 2:29 - 2:32
    I worked at a law school for a while but that doesn't make me a lawyer.
  • 2:32 - 2:37
    So I'm gonna talk about legal things in this talk, do not take it as legal advice.
  • 2:37 - 2:43
    So DDoS actions and DDoS attacks are illegal in most but not all jurisdictions.
  • 2:43 - 2:46
    In the US they are prosecuted as felonies.
  • 2:46 - 2:52
    Under title 10 section 1030 of the US Code which is complicated and which I won't read.
  • 2:52 - 2:56
    But just so that everyone is aware and this does have a bearing on my talk later:
  • 2:56 - 3:01
    these things are very illegal and this has severe precautions
  • 3:01 - 3:08
    for how organizers should treat them as they engage with them in their protests.
  • 3:08 - 3:13
    So one of the major criticisms of DDoS actions is that they constitute censorship.
  • 3:13 - 3:20
    This is a very popular criticism among sort of "oldschool" hacktivists
  • 3:20 - 3:23
    like cult of the dead cow hacktivism or other groups like that
  • 3:23 - 3:26
    which have denounced the tactic as straight-up censorship.
  • 3:26 - 3:32
    Basically they say you are impinging the movement of bits on the network and that's wrong.
  • 3:32 - 3:35
    If we're going to be engaging in this type of electronic activism
  • 3:35 - 3:39
    we want to be encouring the movement of bits on the network, not stopping them.
  • 3:39 - 3:45
    This criticism privileges the integrity of the network and the rights of specific individuals
  • 3:45 - 3:48
    to unfettered flows of information,
  • 3:48 - 3:54
    and it privileges that overpolitical ideals of activism in civil disobedience present in activist DDoS actions.
  • 3:54 - 4:01
    This criticism also raises very specific unanswered questions about who can engange in censorship.
  • 4:01 - 4:09
    Can in fact non-state actors and non-corporate actors be engaged as censorious bodies?
  • 4:09 - 4:15
    And while DDoS is undeniably a disruptive tactic, does disruption of speech,
  • 4:15 - 4:19
    particularly in context where the target has many other speech outlets,
  • 4:19 - 4:22
    always equal a denial of speech?
  • 4:22 - 4:26
    For instance when this tactic is trained against a corporate target
  • 4:26 - 4:30
    while certain aspects of that organization's presence may be disrupted
  • 4:30 - 4:36
    their abiltiy to engange in political speech through the press and other outlets is not.
  • 4:36 - 4:43
    Therefore the criticism that you're engaging in censorship by waging a DDoS action sort of falls flat.
  • 4:43 - 4:49
    Though the criticism is appropriate in some cases, especially when it's used against organizations
  • 4:49 - 4:54
    that primarily exist online such as ISPs or independent blogs.
  • 4:55 - 5:02
    Second major criticism is a sort of a revamping of this very old debate in activism.
  • 5:02 - 5:08
    Direct action or symbolic/attention-oriented activism, which is better?
  • 5:08 - 5:12
    And the anwswer is, one isn't really better, they are sort of different.
  • 5:13 - 5:16
    applause
  • 5:16 - 5:17
    Thank you.
  • 5:17 - 5:23
    One group that's been particularly vocal about this in the past is a group called the critical art ensemble
  • 5:23 - 5:28
    which helped pioneer the idea of electronic civil disobedience in the 90th.
  • 5:28 - 5:33
    And they critized groups like the electronic disturbance theatre for their use of DDoS in their actions.
  • 5:33 - 5:36
    Saying that the use is ineffectual because corporations
  • 5:36 - 5:41
    and states are now ??? waging "media war" with activists.
  • 5:41 - 5:45
    And it is ineffectual when compared with direct action.
  • 5:45 - 5:50
    In addition to just sort of being mean to attention-oriented activism for no reason,
  • 5:50 - 5:56
    this criticism ignores the fact that DDoS is often used as a tool of direct action
  • 5:56 - 6:01
    Such as when it was used by the electrohippies in 1999 against the Internet
  • 6:01 - 6:05
    that the world trade organization was using during their annual meeting
  • 6:05 - 6:08
    or other groups that I'm gonna talk later about in this talk.
  • 6:08 - 6:13
    The CAE's conception of DDoS also leaves the tactic
  • 6:13 - 6:16
    out of the context of larger actions that it is associated with.
  • 6:16 - 6:23
    This tactic is pretty much never and frankly should never be used as the sole tactic in a campaign.
  • 6:23 - 6:27
    It should always be used in the context with other tactics
  • 6:27 - 6:32
    and it gets its ethical and politcal viability from the context in which it is used.
  • 6:32 - 6:36
    Not simply because of things inherent to itself.
  • 6:36 - 6:40
    Third major criticism: what is a successful DDoS action?
  • 6:40 - 6:49
    Basically it's really hard to take down a large corporate website with an all volunteer manual DDoS action.
  • 6:49 - 6:52
    If you and all your friends are really just sitting in your chairs
  • 6:52 - 6:58
    hitting refresh a bunch of times on like paypal.com you're not gonna bring it down.
  • 6:58 - 7:02
    So then what are we going to consider a successful DDoS action
  • 7:02 - 7:08
    if we can't rely on downtime to be a measure of success?
  • 7:08 - 7:11
    So there are a couple of different answers to this questions.
  • 7:11 - 7:16
    The first is we want to look at the value of the tactic as something which draws and focuses attention.
  • 7:16 - 7:20
    And this is way more important now that it has become
  • 7:20 - 7:25
    much more of a media magnet than necessarily it was maybe 10 years ago.
  • 7:25 - 7:30
    Another use for the tactic is the biographical impact on the participants
  • 7:30 - 7:33
    and expanding opportunities for engagement and participation.
  • 7:33 - 7:39
    If you have never participated in a political action and you get to participate in a DDoS action
  • 7:39 - 7:43
    and you're in the IRC channel with all of these new friends who you didn't know you had
  • 7:43 - 7:46
    who you didn't know had the political views that you had
  • 7:46 - 7:50
    and you didn't know were willing to participate in ways that you are.
  • 7:50 - 7:53
    That has a huge biographical impact on you and it helps you consider yourself.
  • 7:53 - 7:57
    And activism helps you move up the ??? the ladder of engagement.
  • 7:57 - 8:03
    This enables what Ricardo Dominguez of the EDT calls a permanent culture of resistance
  • 8:03 - 8:10
    where resisting modes of power and resisting oppressive systems is part of the culture.
  • 8:10 - 8:16
    And it isn't simple something you do for special on weekends but it is something that you do all the time.
  • 8:16 - 8:18
    And the value of this symbolic resistence is
  • 8:18 - 8:23
    not necessarily its overt effect on the system that its ostensibly targets
  • 8:23 - 8:28
    but rather its effects on participants and on the reflective fields that surround it as it occurs
  • 8:28 - 8:30
    including media and culture.
  • 8:30 - 8:37
    Basically DDoS acts is a tool for the relevation of what James Scott called hidden transcripts of resistance.
  • 8:37 - 8:40
    It serves as an open action where an individual participant
  • 8:40 - 8:44
    can join a community of resistance with others.
  • 8:45 - 8:47
    Moving on to the second major section:
  • 8:47 - 8:49
    the analytical framework that I'm presenting.
  • 8:49 - 8:53
    There are four major parts of it that I'm gonna talk about in this talk.
  • 8:53 - 8:58
    I'm hoping to expand to maybe five or six later, but not right now.
  • 8:58 - 9:02
    The first is intended effects and actual effects.
  • 9:02 - 9:06
    The second is contacts within a greater campaign which we've already talked about a little bit.
  • 9:06 - 9:09
    The third is technology being utilized in the action.
  • 9:09 - 9:14
    And the fourth is the specific participant and organizer populations ??at play??.
  • 9:14 - 9:17
    I'm gonna go through these one by one.
  • 9:17 - 9:19
    The first is intended and actual effects.
  • 9:19 - 9:26
    What I mean by this is what the group that is waging the action intends to happen by its use of the action
  • 9:26 - 9:28
    what actually happens.
  • 9:28 - 9:31
    So there is a good example of this from 1997.
  • 9:31 - 9:40
    It's called the IGC Euskal Herria Journal action and that's Basque and I totally butchered it but I'm not Basque.
  • 9:40 - 9:45
    Basically what happened was there was an ISP called IGC
  • 9:45 - 9:50
    which was hosting a Basque newspaper publication, an online newspaper.
  • 9:50 - 9:54
    This was during a time in Spain when the Basques were not terribly popular.
  • 9:54 - 9:58
    There was a lot of violence going around Basque seperatives actions.
  • 9:58 - 10:07
    A popular DDoS action was started by people who I don't know, so don't ask me,
  • 10:07 - 10:11
    to pressure IGC to take this website down,
  • 10:11 - 10:16
    the Euskal Herria Journal website down. People didn't like it.
  • 10:16 - 10:19
    It got a lot of popular support.
  • 10:19 - 10:22
    Actually several major newspapers in Spain eventually
  • 10:22 - 10:27
    published target email addresses for email bombs and other things
  • 10:27 - 10:30
    until they eventually decided that was probably a bad idea
  • 10:30 - 10:33
    and they retracted their support.
  • 10:33 - 10:37
    But the stated goal of the actions was always to get the website offline.
  • 10:37 - 10:40
    People didn't like it, they wanted it gone.
  • 10:40 - 10:47
    Eventually it did go down because IGC was flooded with these packets and mail bombs and it was horrible.
  • 10:47 - 10:53
    It rendered inaccessible the websites and emails of their over 13000 subscribers
  • 10:53 - 10:57
    and they couldn't function as a business while this attack was going on.
  • 10:57 - 11:01
    So they did eventually stop hosting the site but under firm protest.
  • 11:01 - 11:06
    As an ISP IGC exists primarily in fact entirely online.
  • 11:06 - 11:11
    Removing its ability to function online removes its core as an organization
  • 11:11 - 11:13
    and its ability to function.
  • 11:13 - 11:17
    So the goal of this action was to remove content
  • 11:17 - 11:24
    by waging the action as long as the DDoS was successful the content was removed.
  • 11:24 - 11:31
    So actually the goal of the action was the permanent imposition of the state of the action.
  • 11:31 - 11:36
    Its intended effects were its actual effects as it was occurring.
  • 11:36 - 11:39
    This fits very well with the criticism that we saw before.
  • 11:39 - 11:41
    This was actually just plain censorship.
  • 11:41 - 11:44
    This was people saying: I don't like that you're hosting that content
  • 11:44 - 11:50
    therefore I'm going to to make you not host that content until you don't host it anymore.
  • 11:50 - 11:55
    This is not very cool and is unethical and bad.
  • 11:56 - 12:02
    The second example that I have up here is the EDT electronic disturbance to Lufthansa action from 2001.
  • 12:02 - 12:08
    This is an example where disrupting content does not equal silencing speech
  • 12:08 - 12:11
    as opposed to the example that I just showed which was depressing.
  • 12:11 - 12:17
    So in this example rather than removing content from the Internet
  • 12:17 - 12:21
    the goal of this action was to raise awareness of Lufthansa's
  • 12:21 - 12:26
    allowing the German government to deport immigrants using its flights.
  • 12:26 - 12:31
    It's part of a much greater action called the deportation class action.
  • 12:31 - 12:37
    While the Lufthansa website itself was rendered inaccessible for brief periods of time,
  • 12:37 - 12:41
    the actual communications of the airline, its ability to fly planes,
  • 12:41 - 12:46
    maintain normal operations and communicate internally with itself and with the media
  • 12:46 - 12:50
    remained for all practical purposes unaffected.
  • 12:50 - 12:52
    So while the stated goal of the Lufthansa action was
  • 12:52 - 12:57
    to draw public attention to a specific aspect of the Airline's business model
  • 12:57 - 13:00
    and through focused attention changed that corporations behavior
  • 13:00 - 13:03
    it was actually rather successful in that.
  • 13:03 - 13:08
    The airline did eventually stop allowing the government to deport immigrants with its flights.
  • 13:08 - 13:13
    Though the action took place on the Internet the effect it sort of had
  • 13:13 - 13:18
    was not limited to, was not even really present in the online space.
  • 13:18 - 13:21
    And in and of itself this action could not have achieved
  • 13:21 - 13:24
    what the electronic disturbance theatre set up to accomplish.
  • 13:24 - 13:30
    It took positive behavior on the part of Lufthansa for the deportation class action to achieve its goals
  • 13:30 - 13:38
    as opposed to the IGC example which was designed to accomplish its intended effects by gross fear.
  • 13:38 - 13:45
    So the third example I'm gonna talk about is something called toywar, or the etoy/toywar campaign.
  • 13:45 - 13:52
    The twelve days of Christmas campaign took place in 1999 and was an online attempt to draw attention to
  • 13:52 - 13:56
    a legal dispute between etoy which was a performance art collective
  • 13:56 - 14:04
    and eToys which was a toy company, an ecommerce company that sold toys online
  • 14:04 - 14:08
    and they were fighting over the domain etoy.com.
  • 14:08 - 14:12
    And writing about this is very kamikaze because etoy and eToys,
  • 14:12 - 14:15
    you have to be very careful.
  • 14:15 - 14:21
    So this action was designed to draw attention to that legal battle.
  • 14:21 - 14:28
    But it had the additional effect of having a fairly significant impact on eToys' bottom line
  • 14:28 - 14:31
    because it took place the twelve days before Christmas
  • 14:31 - 14:34
    which was the primary shopping season.
  • 14:34 - 14:37
    And it did have a major how their website ran.
  • 14:37 - 14:45
    So though their main goal was this attention-oriented campaign in targeting this ecommerce site
  • 14:45 - 14:48
    they were targeting the central purpose of their competitor.
  • 14:48 - 14:53
    They were attacking, they were going after what they were which is an online organization.
  • 14:53 - 14:58
    Etoy, the art ensemble, eventually triumphed in a court case
  • 14:58 - 15:02
    and claimed their role in the financial losses suffered by eToys Inc.
  • 15:02 - 15:03
    that occurred over the course of that actions.
  • 15:03 - 15:06
    Their stock price pretty much plummeted
  • 15:06 - 15:11
    which you can rather blame on the bubble or the action, whichever makes you feel better.
  • 15:11 - 15:21
    So in this instance we have a combining of direct action and attention-oriented activism into the same action.
  • 15:21 - 15:25
    The next part of the framework is context within a larger campaign.
  • 15:25 - 15:28
    As I said DDoS actions very rarely occur by themselves
  • 15:28 - 15:31
    and in fact if they did occur by themselves you'd probably never hear about them
  • 15:31 - 15:33
    because there would be no reason why that site you like
  • 15:33 - 15:36
    is down, it would just be down.
  • 15:36 - 15:39
    Like physical world sit-ins DDoS actions must be embedded
  • 15:39 - 15:42
    within a greater campaign of publicity and messaging
  • 15:42 - 15:46
    to ensure that content disruptions are registered by viewers
  • 15:46 - 15:50
    and passers-by as protest actions and not as mere technical glitches.
  • 15:50 - 15:53
    The EDT/Lufthansa campaign took place within the context of
  • 15:53 - 15:56
    a coordinated multi-pronged campaign
  • 15:56 - 15:59
    which included physical world actions at stock holder meetings,
  • 15:59 - 16:02
    press releases and the distribution of special seatback
  • 16:02 - 16:06
    information cards on Lufthansa airlines that explained
  • 16:06 - 16:07
    what the protest was about.
  • 16:07 - 16:12
    I don't know how they got them into the planes but they did end up in the planes somehow.
  • 16:12 - 16:17
    Similirarly toywar was also embedded within a larger campaign of press coverage.
  • 16:17 - 16:21
    They were covered by Wired, the New York Times, and the AP
  • 16:21 - 16:24
    and there were also solidarity actions and physical world actions
  • 16:24 - 16:26
    at court houses.
  • 16:26 - 16:30
    So if you are going for this type of action,
  • 16:30 - 16:32
    it has to be embedded within many other actions.
  • 16:32 - 16:35
    It can't just be your sole activist ???
  • 16:35 - 16:39
    You have to use with a bunch of other tools as well.
  • 16:39 - 16:43
    The technology problem is a really interesting one.
  • 16:43 - 16:47
    As I mentioned it's really difficult for a purely volunteer-based DDoS action
  • 16:47 - 16:49
    to bring down a targeted site.
  • 16:49 - 16:53
    As a result we started to see the use of botnets,
  • 16:53 - 16:56
    traffic multipliers, automated attack tools and other exploits
  • 16:56 - 17:01
    to bring the power of such actions in line with the defenses employed by targets.
  • 17:01 - 17:05
    While the use of such technological tools doesn't automatically
  • 17:05 - 17:08
    negatively affect the validity of these actions,
  • 17:08 - 17:12
    the use of non-volunteer botnets is the one thing
  • 17:12 - 17:14
    that is particularly worrying.
  • 17:14 - 17:18
    And the other things do need to be considered within a larger context.
  • 17:18 - 17:20
    Volunteer botnets present their own ethical concerns
  • 17:20 - 17:23
    but are less immediately objectionable.
  • 17:23 - 17:27
    Like marches, sit-ins and other crowd-based tactics
  • 17:27 - 17:30
    DDoS actions gain their ethical and political validity
  • 17:30 - 17:34
    from large numbers of willing participants.
  • 17:34 - 17:36
    The use of traffic multipliers and exploits,
  • 17:36 - 17:39
    while tempting to achieve downtime,
  • 17:39 - 17:47
    undercuts claims by organizers that the actions represent a unified political voice of many different people.
  • 17:47 - 17:51
    So as an organizers, you would have to balance the
  • 17:51 - 17:54
    "do I want downtime at press coverage" or
  • 17:54 - 17:57
    "do I want to remain true to the number of participants
  • 17:57 - 18:01
    that I have and value their participation over publicity".
  • 18:01 - 18:06
    And this is something that lots of organizers have to deal with.
  • 18:06 - 18:10
    Non-volunteer botnets, such as those that were used over the course of
  • 18:10 - 18:14
    Anonymous's operation payback campaign in
  • 18:14 - 18:16
    addition to volunteer botnets,
  • 18:16 - 18:17
    they were used together,
  • 18:17 - 18:20
    present a serious ethical problem.
  • 18:20 - 18:22
    The use of someone else's technological resources
  • 18:22 - 18:24
    without their consent in a political action,
  • 18:24 - 18:27
    particularly one that carries high legal risk,
  • 18:27 - 18:30
    like DDoS actions do,
  • 18:30 - 18:35
    is a pretty extremely unethical action.
  • 18:35 - 18:39
    Moreover it cheapens the participation of activists
  • 18:39 - 18:41
    who are consensually participating and
  • 18:41 - 18:44
    makes it easier for critics to dismiss DDoS actions as
  • 18:44 - 18:48
    criminality cloaked in free speech.
  • 18:48 - 18:51
    Even though, again, it may be tempting to be like
  • 18:51 - 18:53
    "oh let's just rent this creepy-ass botnet
  • 18:53 - 18:58
    from wherever to bring down the site for five minutes"
  • 18:58 - 19:03
    Really not in fitting with ethical use of mass participation
  • 19:03 - 19:05
    in political activism.
  • 19:05 - 19:09
    This brings us to volunteer botnets such as those that were enabled
  • 19:09 - 19:13
    by the hive mind mode of low-orbit ion cannon, again,
  • 19:13 - 19:14
    during operation payback.
  • 19:14 - 19:18
    Participants could pledge their support to an action and then
  • 19:18 - 19:20
    basically walk away.
  • 19:20 - 19:22
    They could say "great, use my computer"
  • 19:22 - 19:24
    "to DDoS whatever you want"
  • 19:24 - 19:28
    "because I trust you and I believe that we are all fighting for the same cause"
  • 19:28 - 19:31
    "I'm gonna go walk the dog now"
  • 19:31 - 19:33
    So they pledge their support for an action and place
  • 19:33 - 19:37
    their computing resources under the control of the organizers of that action.
  • 19:37 - 19:42
    This places on those organizers a strong responsibility
  • 19:42 - 19:45
    to maintain open communication channels to participants
  • 19:45 - 19:49
    and to not make significant changes to the operation of the campaign
  • 19:49 - 19:51
    without the consent of those participants.
  • 19:51 - 19:55
    Changing plans, tactics or targets without the consent
  • 19:55 - 19:58
    of the participant population constitutes a major breach
  • 19:58 - 20:03
    of trust and really should not happen.
  • 20:03 - 20:06
    This brings us to the final ?? bit in the framework
  • 20:06 - 20:08
    which I'm going to go over in this talk
  • 20:08 - 20:12
    which is different participant and organizer populations.
  • 20:12 - 20:15
    The great thing about DDoS actions is that
  • 20:15 - 20:16
    they're relatively easy to join and
  • 20:16 - 20:19
    they're fairly relatively easy to wage in the first place
  • 20:19 - 20:22
    meaning many of these participants in these actions
  • 20:22 - 20:27
    are inexperienced and unaware of the risks they could potentially be taking
  • 20:27 - 20:32
    like accidentally committing a felony from the comfort of your own living room.
  • 20:32 - 20:36
    Therefore it is ??? on organizers to make sure
  • 20:36 - 20:40
    that all participants have enough information to usefully
  • 20:40 - 20:43
    consent to participate in such actions.
  • 20:43 - 20:48
    This includes information about risks that they could be taking
  • 20:48 - 20:51
    and ways to mitigate those risks.
  • 20:51 - 20:54
    This was a very big issue in the fallout from
  • 20:54 - 20:55
    operation payback.
  • 20:55 - 20:58
    when during the course of the campaign a great deal
  • 20:58 - 21:02
    of misinformation was present in organizing channels
  • 21:02 - 21:06
    and the use of the low-orbit ion cannon tool was encouraged
  • 21:06 - 21:10
    despite significant concerns about its security.
  • 21:10 - 21:13
    Training should be provided to participants in ways
  • 21:13 - 21:15
    to mitigate risk and support should be provided in the
  • 21:15 - 21:18
    event of arrest or other negative outcomes.
  • 21:18 - 21:22
    This is similar to the way the physical world activists provide
  • 21:22 - 21:24
    training for their participants in the
  • 21:24 - 21:27
    "we're gonna go outside today and we're gonna hold up
  • 21:27 - 21:28
    a bunch of signs and yell at some people.
  • 21:28 - 21:30
    These people may yell back.
  • 21:30 - 21:32
    These people may also try to physically harm us.
  • 21:32 - 21:34
    If you're totally not interested in that
  • 21:34 - 21:36
    that's ok, we still think you're cool."
  • 21:36 - 21:39
    There should be that type of effort to educate and
  • 21:39 - 21:42
    provide different channels for participation for electronic
  • 21:42 - 21:46
    civil disobedience in the same way there is in the physical world.
  • 21:46 - 21:49
    There are two big things that I want to do with this model
  • 21:49 - 21:52
    in the future as I continue to work on my thesis.
  • 21:52 - 21:56
    The first is: I want to develop an analysis for
  • 21:56 - 21:57
    state/state related actors,
  • 21:57 - 22:00
    particularly patriotic hackers
  • 22:00 - 22:03
    and see how they fit into this framework
  • 22:03 - 22:06
    and how the entrance of states into this area
  • 22:06 - 22:08
    affects the ethical validity of these actions
  • 22:08 - 22:13
    or whether we're just wandering full force into cyberwar territory there.
  • 22:13 - 22:15
    The second thing I want to do is adapt the framework
  • 22:15 - 22:18
    from a reflective model, which it currently is,
  • 22:18 - 22:20
    to a prescriptive model,
  • 22:20 - 22:22
    so be more useful to activists who want to
  • 22:22 - 22:25
    organize their own DDoS campaign and want to find out
  • 22:25 - 22:29
    how to do it effectively and ethically.
  • 22:29 - 22:30
    And that's actually it.
  • 22:30 - 22:32
    Who has questions?
  • 22:32 - 22:42
    applause
  • 22:42 - 22:44
    Dude who stood up first.
  • 22:44 - 22:46
    Mike: No other questions.
  • 22:46 - 22:48
    Hi, I'm Mike. I'm from Poland.
  • 22:48 - 22:52
    I was heavily involved in the anti-ACTA campaign in Poland.
  • 22:52 - 22:54
    I was not doing any DDoSes,
  • 22:54 - 22:56
    I was doing the, you know, subject matter work.
  • 22:56 - 22:58
    Molly: You don't have to incriminate yourself in this talk.
  • 22:58 - 23:02
    Mike: Yes. But I can, right?
  • 23:02 - 23:04
    laughter
  • 23:04 - 23:08
    Mike: Thank you for this talk
  • 23:08 - 23:11
    because I feel there is much to little talking
  • 23:11 - 23:18
    about ethics in the whole DDoS and hacking area.
  • 23:18 - 23:20
    So thank you for this.
  • 23:20 - 23:23
    Second thing that I would like to add to this talk is that
  • 23:23 - 23:27
    I think the framework works quite well
  • 23:27 - 23:31
    because there is a criticism that I am going to make
  • 23:31 - 23:33
    about DDoS campaigns right now.
  • 23:33 - 23:38
    That is already kind of handled in this framework.
  • 23:38 - 23:43
    The criticism is that while the anti-ACTA campaign in Poland
  • 23:43 - 23:47
    was at full speed and doing stuff and people were
  • 23:47 - 23:48
    protesting on the streets,
  • 23:48 - 23:52
    suddenly Anonymous started DDoSing Polish government websites.
  • 23:52 - 23:53
    Molly: I've heard about.
  • 23:53 - 23:58
    Mike: And this had the exact opposite effect.
  • 23:58 - 24:02
    Maybe it was there, but I didn't see that in your presentation
  • 24:02 - 24:04
    that you have to be very very careful with
  • 24:04 - 24:06
    DDoS campaigns
  • 24:06 - 24:10
    because they can actually cause harm to the cause
  • 24:10 - 24:11
    that you're trying to do.
  • 24:11 - 24:15
    I think it was a little bit in the success part
  • 24:15 - 24:18
    but I don't think it was highlighted enough
  • 24:18 - 24:20
    that you have to be very careful
  • 24:20 - 24:22
    because there is this huge framework,
  • 24:22 - 24:24
    other actions that are happening.
  • 24:24 - 24:27
    And maybe, just maybe, doing DDoS right now
  • 24:27 - 24:29
    might actually harm because it will give the
  • 24:29 - 24:31
    government, as was this case,
  • 24:31 - 24:35
    the government the excuse to actually do bad stuff
  • 24:35 - 24:36
    that you don't want them to do.
  • 24:36 - 24:38
    Because they will say: "Oh they're DDoSing our websites."
  • 24:38 - 24:41
    "They are hackers and we don't have to do
  • 24:41 - 24:43
    anything good for them."
  • 24:43 - 24:47
    Well done, because the framework already kind of works for that. Thanks.
  • 24:47 - 24:50
    Molly: Yeah, I agree with that.
  • 24:50 - 24:53
    This tactic is right now extremely controversial
  • 24:53 - 24:54
    but people keep using it.
  • 24:54 - 24:57
    My view is that as long as we're gonna use it
  • 24:57 - 25:00
    we should at least be using it in some sort of
  • 25:00 - 25:04
    reflective way in which we consider our actions
  • 25:04 - 25:07
    before we just do them.
  • 25:08 - 25:09
    Dude over there.
  • 25:09 - 25:11
    Male: Hi, I just have a question.
  • 25:11 - 25:19
    You said that disrupting a business which just
  • 25:19 - 25:23
    relies on the Internet is unethical.
  • 25:24 - 25:27
    I just ask why you make this assumption.
  • 25:27 - 25:29
    I would make a different assumption.
  • 25:29 - 25:33
    I would have said that maybe running an unethical business
  • 25:33 - 25:37
    on the Internet is unethical and disrupting it is ethical.
  • 25:37 - 25:40
    Molly: So, really good point. Yay.
  • 25:40 - 25:43
    applause
  • 25:43 - 25:47
    Something that I didn't maybe have make clear is that each of these bits
  • 25:47 - 25:49
    of the framework should not be taken as a
  • 25:49 - 25:52
    "oh you didn't do that, therefore you are totally unethical."
  • 25:52 - 25:57
    This should all be taken as sort of a big lump of stuff which you can
  • 25:57 - 25:59
    sort of massage and be like
  • 25:59 - 26:02
    "well, you're 60% here on that and 45% here on that
  • 26:02 - 26:04
    and we'll figure it out from there".
  • 26:04 - 26:06
    Yes, you're right.
  • 26:06 - 26:08
    That's actually sort of one of the issues that I'm really
  • 26:08 - 26:12
    interested in looking at in the WTO/electrohippies example
  • 26:12 - 26:15
    because I usually don't like it when people are like
  • 26:15 - 26:19
    "I'm gonna protest you by making you fall off the face of the planet"
  • 26:19 - 26:22
    That seems like a bit of an overkill to me.
  • 26:22 - 26:28
    On the other hand disrupting the Internet for the WTO meeting
  • 26:28 - 26:32
    at the Seattle World Trade Organization meeting
  • 26:32 - 26:33
    I'm kind of for that
  • 26:33 - 26:38
    that seems like a good use of resources to me.
  • 26:38 - 26:42
    So I'm very interested in pushing those weeds aside
  • 26:42 - 26:46
    and figuring out when exactly it's ok to basically
  • 26:46 - 26:48
    attack the root of something,
  • 26:48 - 26:52
    as opposed to having a more symbolic protest
  • 26:52 - 26:54
    which I'm generally more in favor of.
  • 26:54 - 26:57
    But you're right, I like you.
  • 26:57 - 27:00
    We're just gonna switch to this mic and then we'll bounce.
  • 27:00 - 27:03
    Female: I was wondering what your thoughts are on these action impacts
  • 27:03 - 27:05
    on non-participants.
  • 27:05 - 27:09
    Like say you DDoS eBay and then other companies lose business
  • 27:09 - 27:12
    or you say DDoS a health care provider and people can't access health care.
  • 27:12 - 27:14
    Is that a factor in your mind?
  • 27:14 - 27:18
    Molly: Well, you sort of brought up two wildly divergent examples of
  • 27:18 - 27:25
    eBay which means I can't buy my awesome collectable Battlestar Galactica glasses anymore
  • 27:25 - 27:28
    and my health care provider which means I can't get my tests
  • 27:28 - 27:31
    from that thing that I had that may be cancer.
  • 27:31 - 27:34
    Those seem like very divergent targets to me ,
  • 27:34 - 27:36
    just to address that off the bet.
  • 27:36 - 27:39
    Second point, yes, collateral damage is something that does
  • 27:39 - 27:41
    definitely need to be considered.
  • 27:41 - 27:45
    But it is not actually sort of specific to DDoS in itself.
  • 27:45 - 27:48
    Like if you just stay sit-in at a lunch counter,
  • 27:48 - 27:50
    I just wanted to eat lunch.
  • 27:50 - 27:53
    I'm not a bad guy, I really just wanted lunch.
  • 27:53 - 27:57
    But you have a political voice and you're using it to sit-in at this lunch counter.
  • 27:57 - 28:02
    That needs to be part of the overall consideration of
  • 28:02 - 28:05
    "do we think this is an appropriate tactic for whatever question is
  • 28:05 - 28:09
    that you're trying to address with your activism at this time."
  • 28:09 - 28:12
    Because not all tactics are appropriate for all questions.
  • 28:14 - 28:15
    Female: Thanks.
  • 28:15 - 28:16
    Molly: Ok, cool.
  • 28:18 - 28:19
    That guy.
  • 28:22 - 28:25
    Sorry, we have a question from the Internet.
  • 28:25 - 28:27
    It hasn't gotten to speak yet.
  • 28:27 - 28:30
    Male: I have this kind of comment and question.
  • 28:30 - 28:31
    Thank you very much for your talk,
  • 28:31 - 28:34
    it was very original material and I enjoyed it.
  • 28:34 - 28:38
    But however you announced to talk about the ethics of DDoS
  • 28:38 - 28:40
    but you didn't say anything about ethics at all
  • 28:40 - 28:43
    except for some personal beliefs.
  • 28:43 - 28:44
    Molly: laughs
  • 28:44 - 28:50
    What kind of ethical framework would you actually suggest to use to analyze DDoS?
  • 28:50 - 28:54
    Molly: The four bits of the framework that I set out.
  • 28:54 - 28:57
    I'm looking at you because you were talking, not because you're the Internet.
  • 28:57 - 29:00
    laughter
  • 29:00 - 29:06
    Basically you cannot just say that DDoS is ethical or unethical.
  • 29:06 - 29:10
    The way that I'm looking at, you have to look at it
  • 29:10 - 29:15
    in the context of these at least four aspects, possibly more.
  • 29:15 - 29:18
    But you can't just simply slam your hand down and be like
  • 29:18 - 29:22
    "nope, this one action which actually has very little political value
  • 29:22 - 29:26
    because it's just a bunch of bits swimming around a bunch of tubes,
  • 29:26 - 29:31
    has real ethical value."
  • 29:31 - 29:34
    I'm sure a lot of people were gonna be like
  • 29:34 - 29:37
    "she's gonna say that DDoS is right or wrong one way or another
  • 29:37 - 29:40
    and then I will feel good and/or bad about myself."
  • 29:40 - 29:42
    laughter
  • 29:42 - 29:46
    I'm sorry, that wasn't what was gonna happen.
  • 29:46 - 29:49
    I'm far more interesting in looking at these very nuanced questions
  • 29:49 - 29:52
    of how this fits into political economy and protest methodology
  • 29:52 - 29:54
    which is far squishier than just saying
  • 29:54 - 29:57
    this is ethical or unethical straight off the bet.
  • 29:57 - 29:59
    I hope that answers the Internet's question.
  • 29:59 - 30:02
    Male: Yeah, I would also come back to the ethics.
  • 30:02 - 30:07
    Because I wouldn't like to start talking whether DDoS is good or bad.
  • 30:07 - 30:09
    But I think DDoS is a very interesting example
  • 30:09 - 30:14
    because it can make us question our ethics again
  • 30:14 - 30:17
    because basically I, like you, I believe that DDoS
  • 30:17 - 30:20
    is really a pretty violent act of censorship
  • 30:20 - 30:23
    but I think it can be very often justified
  • 30:23 - 30:28
    because this violent act can simply give us benefits
  • 30:28 - 30:30
    that couldn't be made any other way.
  • 30:30 - 30:35
    So basically I think that when we think about DDoS and when we want to act with DDoS
  • 30:35 - 30:42
    we have to think about violence and making violence an ethical act, actually.
  • 30:42 - 30:44
    Your comment?
  • 30:44 - 30:47
    Molly: Violence is a pretty prejudicial term.
  • 30:47 - 30:49
    I prefer not to use it.
  • 30:49 - 30:51
    You also notice that I usually don't say DDoS attacks.
  • 30:51 - 30:55
    I try to say DDoS actions because attacks is also a pretty prejudicial term.
  • 30:55 - 31:00
    I think a lot of the "violence" inherent in DDoS has a lot to do with
  • 31:00 - 31:05
    the inherent power structures that play among the people who are participating.
  • 31:05 - 31:12
    For instance, if I am a state government and you have a free press blog
  • 31:12 - 31:14
    and you like to critize me in your blog
  • 31:14 - 31:19
    and I hire a bunch of people to DDoS your blog
  • 31:19 - 31:21
    that's not really cool.
  • 31:21 - 31:23
    That's fairly violent.
  • 31:23 - 31:27
    I am silencing your speech using my superior power as a big state.
  • 31:27 - 31:31
    On the other hand, if you are a private citizen
  • 31:31 - 31:37
    and you and a bunch of friends use floodnet to attack whitehouse.gov
  • 31:37 - 31:41
    I feel that there's less violence inherent in that system.
  • 31:41 - 31:45
    Male: I would partially agree but I think that both acts
  • 31:45 - 31:48
    are violent but basically the ethics are different.
  • 31:48 - 31:52
    So instead of avoiding the word I think that we should just think about the term.
  • 31:52 - 31:54
    That's my opinion.
  • 31:54 - 32:00
    Molly: The grad student in me wants to come up with a new word, but yeah.
  • 32:00 - 32:03
    Male: Hello, has the decision process who attacks
  • 32:03 - 32:11
    which website at what point any effects on the ethical part?
  • 32:11 - 32:12
    Molly: On the organizing?
  • 32:12 - 32:15
    Male: Yeah.
  • 32:15 - 32:17
    Molly: I can't say that I do.
  • 32:17 - 32:22
    I think that falls into the purview of the people who are actually organizing these actions.
  • 32:22 - 32:25
    As someone who is not an organizer I can't really comment
  • 32:25 - 32:29
    on the organizing process, having never sat in one.
  • 32:29 - 32:32
    Yes? That makes sense? Okay.
  • 32:32 - 32:34
    We're gonna switch back to this mic.
  • 32:34 - 32:44
    Male: Aside from the coercive vs. non-coerciveness of volunteer vs. non-volunteer action
  • 32:44 - 32:49
    which maybe falls into ethical standpoint
  • 32:49 - 32:53
    other than that, there's a question of liability.
  • 32:53 - 32:58
    If you're for instance participating in a volunteer action
  • 32:58 - 33:00
    and you have a packet sniffer going on that network,
  • 33:00 - 33:01
    then you can trace it back to
  • 33:01 - 33:03
    "ok you obviously volunteered to this action,
  • 33:03 - 33:06
    therefore you're obviously culpable for those actions"
  • 33:06 - 33:16
    vs. if it's "box that's been compromised" and ???
  • 33:16 - 33:22
    that person is theoretically not liable for those actions
  • 33:22 - 33:27
    because it was a ??? or a virus or ???
  • 33:27 - 33:29
    Molly: Yes.
  • 33:29 - 33:33
    Male: I just wanted to point that out.
  • 33:33 - 33:34
    Molly: Yes, no, you're right.
  • 33:34 - 33:36
    That is a thing that also needs to be considered
  • 33:36 - 33:38
    but it also comes back to
  • 33:38 - 33:41
    "there needs to be more education" upon people who
  • 33:41 - 33:43
    are organizing these actions to be like
  • 33:43 - 33:46
    "hey, you know you could be committing a felony."
  • 33:46 - 33:47
    "you could lose your house."
  • 33:47 - 33:51
    "that's a thing that could totally happen if you get arrested in the course of this action."
  • 33:51 - 33:53
    as oppossed to if you get arrested for chaining yourself to
  • 33:53 - 33:54
    the ??? of the White House
  • 33:54 - 33:56
    because you don't like the tarsands pipeline.
  • 33:56 - 33:59
    You really unlikely lose your house in that instance.
  • 33:59 - 34:02
    This is something that I have a huge problem with.
  • 34:02 - 34:06
    I think the state response to these actions is completely out of proportion
  • 34:06 - 34:10
    and bad and chilling and not good at all.
  • 34:11 - 34:15
    Until that changes there just needs to be
  • 34:15 - 34:18
    way more education, way more informed consent happening
  • 34:18 - 34:24
    among the activist population who participating in these actions.
  • 34:24 - 34:31
    Male: In terms of looking to the sources of products used to make DDoS,
  • 34:31 - 34:36
    how do you think about the ethical responsibility of a company based in Redmond,
  • 34:36 - 34:41
    allowing with their products to very easy make big botnets
  • 34:41 - 34:43
    and use it for DDoS.
  • 34:43 - 34:44
    Molly: laughs
  • 34:44 - 34:47
    Male: Especially this company is working in a country where
  • 34:47 - 34:51
    DDoS is a crime so they could be forced to change this very easily.
  • 34:51 - 34:53
    Molly: That's a hell of a question.
  • 34:53 - 34:56
    applause
  • 34:56 - 34:59
    Molly: And I think I'm going to politely decline a comment
  • 34:59 - 35:00
    until I learn more about it
  • 35:00 - 35:04
    but we can totally talk about this, not right now.
  • 35:05 - 35:08
    laughs Sorry.
  • 35:09 - 35:11
    Molly: Sorry, was there more of that?
  • 35:11 - 35:12
    Male: Why?
  • 35:12 - 35:16
    Molly: Why? Because I don't like to talk about things that I don't know
  • 35:16 - 35:19
    a lot about and that I'm not competent talking about.
  • 35:19 - 35:22
    I'm a grad student, sorry.
  • 35:22 - 35:28
    Male: Do you really think that DDoS attacks will have a big role in activism in the future?
  • 35:28 - 35:36
    Because I think the media interest in those kind of attacks is diminishing.
  • 35:36 - 35:43
    When I think of, I mean, you talk about this partially as
  • 35:43 - 35:46
    very useful means of activism
  • 35:46 - 35:51
    but when I think of DDoS I think of a few people sitting in their cellars,
  • 35:51 - 35:59
    being bored in the IRC room and just hitting their LOICs just like they hit the retweet button
  • 35:59 - 36:01
    and think they save the world
  • 36:01 - 36:06
    I don't think that this will make any difference in the future.
  • 36:06 - 36:11
    Molly: So you roled up a lot of things in that, including a valid, not-so-valid critism of slacktivism
  • 36:11 - 36:13
    which I will also address in this answer.
  • 36:15 - 36:16
    You're right.
  • 36:16 - 36:21
    There are a lot of DDoS attacks happening, not a lot of them getting a lot of coverage.
  • 36:21 - 36:24
    On the other hand there are a lot of street marches happening
  • 36:24 - 36:26
    and not a lot of them get a lot coverage.
  • 36:26 - 36:31
    People still get their signs together and march in the streets sometimes.
  • 36:31 - 36:35
    There's a concept in social movement theory called the ladder of engagement
  • 36:35 - 36:37
    which is basically like it's what it sounds like
  • 36:37 - 36:39
    you start at the bottom and you work your way up
  • 36:39 - 36:44
    to more and more complex modes of political engagement over the course of time.
  • 36:44 - 36:47
    You can't just jump straight to the top of the ladder
  • 36:47 - 36:49
    because you're not Superman and you don't do that usually
  • 36:49 - 36:53
    cause you'd fall off and hurt yourself.
  • 36:53 - 36:57
    DDoS is a very useful tool to get on that first rung.
  • 36:57 - 37:01
    It's easy, it's low financial cost,
  • 37:01 - 37:04
    it's generally pretty easy to advertise,
  • 37:04 - 37:07
    it doesn't look like it will cost you a lot of time and money.
  • 37:07 - 37:11
    All you have to do is really press a button and suddenly you are participating in this thing.
  • 37:11 - 37:17
    The sense of participating has a big impact on something that is called biographical impact
  • 37:17 - 37:20
    which is how you view yourself as an activist.
  • 37:20 - 37:24
    It is really pushing people over the edge to view themselves as activists
  • 37:24 - 37:27
    and the beginning is very very important.
  • 37:27 - 37:35
    So while DDoS may not be "effective" or "successful" as a standalone protest tactic,
  • 37:35 - 37:41
    as part of larger system I think it is still useful.
  • 37:41 - 37:44
    I think it will probably continue to be useful,
  • 37:44 - 37:49
    just like retweeting someone saying something vaguely political
  • 37:49 - 37:53
    on Twitter is also useful.
  • 37:53 - 37:56
    Or liking someone's status or sharing something on Facebook
  • 37:56 - 38:00
    or turning your Twitter icon green because you like the Iranian election.
  • 38:00 - 38:03
    No one in Iran cares that you turn your Twitter icon green.
  • 38:03 - 38:04
    They don't even know you.
  • 38:04 - 38:06
    They don't know that you've turned your Twitter icon green
  • 38:06 - 38:10
    but what that does is that it connects you with all the other people
  • 38:10 - 38:13
    on Twitter who turn their Twitter icons green.
  • 38:13 - 38:16
    You can see all the other people who turn the Twitter icon green.
  • 38:16 - 38:18
    Suddenly you're not just sitting there in your living room
  • 38:18 - 38:21
    saying I really support democracy in Iran.
  • 38:21 - 38:25
    You are part of this community of green people on Twitter
  • 38:25 - 38:27
    who all support democracy in Iran.
  • 38:27 - 38:30
    That's way more powerful to you as a person.
  • 38:30 - 38:37
    Not necessarily to anybody else. But to you as a person it matters. laughter
  • 38:37 - 38:39
    And that's important.
  • 38:39 - 38:41
    That's important for getting people onto that ladder of engagement
  • 38:41 - 38:43
    and making them feel like activists.
  • 38:43 - 38:48
    Feeling like activists is just a couple of ladders away from being an activist
  • 38:48 - 38:50
    which is even better.
  • 38:50 - 38:51
    Yeah.
  • 38:51 - 38:57
    applause
  • 38:57 - 38:59
    Molly: They're clapping for you.
  • 38:59 - 39:03
    Male: laughs I'm from Austria and we have an organization
  • 39:03 - 39:07
    in Austria, it's called Austromechana.
  • 39:07 - 39:18
    Its website got DDoSes on May 11, 2012
  • 39:18 - 39:22
    and they didn't get the website on until now.
  • 39:22 - 39:24
    They used this as an argument:
  • 39:24 - 39:27
    "Oh my god, the Internet is so cruel."
  • 39:27 - 39:34
    "It's bad and we can do nothing against them."
  • 39:34 - 39:45
    "They play with... they have weapons we can't do something against it."
  • 39:45 - 39:52
    I'm not sure if in this case the DDoS was the right tool
  • 39:52 - 40:02
    to get Aufmerksamkeit, attention.
  • 40:02 - 40:08
    I'm not sure if it was helpful in this case.
  • 40:08 - 40:20
    I don't think it's a good weapon for everything and there was not enough messaging with it.
  • 40:20 - 40:21
    Molly: No, you're right.
  • 40:21 - 40:23
    DDoS is not appropriate for all cases.
  • 40:23 - 40:27
    Given that I know nothing about your organization and didn't hear about that action
  • 40:27 - 40:30
    they probably didn't have enough messaging.
  • 40:30 - 40:32
    I don't know.
  • 40:32 - 40:33
    But I'm sorry your website went down.
  • 40:33 - 40:37
    Male: Not my website.
  • 40:37 - 40:46
    It was from the people who want to have the Festplattenabgabe, I don't know the English word.
  • 40:46 - 40:48
    It was their site.
  • 40:48 - 40:49
    Molly: Okay.
  • 40:50 - 40:51
    Hi!
  • 40:52 - 40:53
    Female: Hi.
  • 40:53 - 41:01
    What exactly are your parameters for deciding if a DDoS action was ethical right or wrong?
  • 41:01 - 41:04
    I'm still waiting for this.
  • 41:04 - 41:07
    Molly: Like I said, this is a very holistic model
  • 41:07 - 41:10
    in that you look at a bunch of different factors and say
  • 41:10 - 41:14
    "well, these things fell on one or either side of these different factors,
  • 41:14 - 41:17
    therefore I'm gonna look at it, squint my eyes
  • 41:17 - 41:19
    and say ok, I think that this was ethical
  • 41:19 - 41:21
    and that this was unethical".
  • 41:21 - 41:24
    Like I said, this is probably much less scientific
  • 41:24 - 41:26
    than a lot of people here were looking for.
  • 41:27 - 41:31
    Liberal studies major. What do you want?
  • 41:31 - 41:32
    laughter
  • 41:32 - 41:37
    So, this is not gonna give you sort of a tick list for things
  • 41:37 - 41:40
    that you can say "oh we did this, oh we didn't do that
  • 41:40 - 41:44
    therefore we're totally on the right side of god and the law".
  • 41:44 - 41:51
    Instead what I'm hoping that this system will give people is a way to look at these actions
  • 41:51 - 41:53
    to give them different factors to consider
  • 41:53 - 41:57
    when saying yes this was appropriate or yes this wasn't appropriate.
  • 41:57 - 42:02
    Cause I feel right now the debate right now is really a bunch of people being like
  • 42:02 - 42:04
    "this is always awesome"
  • 42:04 - 42:05
    and a bunch of other people going
  • 42:05 - 42:07
    "this is never awesome"
  • 42:07 - 42:10
    and that's not very useful.
  • 42:10 - 42:12
    Female: But don't you think that's quite outstanding that
  • 42:12 - 42:16
    you are the one who is getting to decide which is ethical right and wrong?
  • 42:16 - 42:18
    Molly: You can also decide.
  • 42:18 - 42:20
    I would love it if someone else would come up with a framework
  • 42:20 - 42:22
    so that I didn't have to do all the work.
  • 42:22 - 42:24
    Female: I thought it's your scientific study, so...
  • 42:24 - 42:26
    Molly: It's not terribly scientific.
  • 42:26 - 42:30
    It's me reviewing a bunch of case studies
  • 42:30 - 42:31
    and saying these are the things that happened,
  • 42:31 - 42:36
    this is were they fall on these different factors
  • 42:36 - 42:39
    and this is now what I think of this action.
  • 42:39 - 42:44
    For instance, Lufthansa/EDT action, I think that actually was ethical.
  • 42:44 - 42:48
    I think it was ethical because it occurred within the framework of a much larger campaign
  • 42:48 - 42:57
    because it focused on a corporate website that didn't attack the central core of the corporation.
  • 42:57 - 42:58
    It didn't stopped it from communicating,
  • 42:58 - 43:01
    it didn't stop it from responding to the action,
  • 43:01 - 43:05
    it just made itself known in that way.
  • 43:05 - 43:07
    And it did a great deal of publicity work.
  • 43:07 - 43:10
    In the end it actually worked,
  • 43:10 - 43:13
    The effect that it wanted to have in that,
  • 43:13 - 43:16
    they wanted Lufthansa to stop flying immigrants out of the country,
  • 43:16 - 43:18
    actually took place.
  • 43:18 - 43:21
    And that also has an impact on the ethical validity of an action
  • 43:21 - 43:23
    which is why this is currently a reflective framework
  • 43:23 - 43:25
    and not a prescriptive framework.
  • 43:25 - 43:29
    Female: Thanks. Good luck with your studies then.
  • 43:29 - 43:30
    Molly: Yay.
  • 43:32 - 43:33
    There's another question.
  • 43:33 - 43:38
    Male: My naive approach to judge the ethics of a DDoS attack
  • 43:38 - 43:41
    would have been to compare it to usual demonstrations,
  • 43:41 - 43:43
    just marching on the street.
  • 43:43 - 43:47
    Because I guess what has a rather good feeling on what the ethics are there.
  • 43:47 - 43:50
    You didn't highlight that too much in your talk.
  • 43:50 - 43:52
    Was this on purpose or can you say something about that?
  • 43:52 - 43:57
    Molly: People really like, and lots of people really like to say
  • 43:57 - 44:02
    "oh DDoS is just a sit-in, except on the Internet".
  • 44:02 - 44:04
    I really don't like that comparison.
  • 44:04 - 44:12
    I think it's really attractive because it sort of feels like a sit-in,
  • 44:12 - 44:15
    You feel like you are monopolizing resources in the same way
  • 44:15 - 44:17
    that sitting in a lunch counter is monopolizing resources.
  • 44:17 - 44:22
    But it's not in the physical world, it's on the Internet.
  • 44:22 - 44:24
    And frankly, these are two different things.
  • 44:24 - 44:27
    We can't just say "oh this is just like it"
  • 44:27 - 44:28
    because it's not.
  • 44:28 - 44:30
    What it is just like, it is just like a DDoS.
  • 44:30 - 44:33
    It's not just like a sit-in.
  • 44:33 - 44:37
    Disruptive tactics in both areas are very parallel
  • 44:37 - 44:39
    but they are very different.
  • 44:39 - 44:43
    That is something that I want to go into much greater detail on,
  • 44:43 - 44:48
    specifically both in sort of the socially acceptable disruptive tactics
  • 44:48 - 44:50
    like sit-ins and street marches
  • 44:50 - 44:52
    but also the non-socially-acceptable disruptive tactics
  • 44:52 - 44:55
    like black bloc tactics.
  • 44:55 - 44:58
    I'd really love to compare that to other modes of
  • 44:58 - 45:00
    disruptive activism online,
  • 45:00 - 45:02
    and other modes of disruptive activism
  • 45:02 - 45:04
    and destructive activism.
  • 45:04 - 45:07
    So that is, if you are interested in reading my Master's thesis,
  • 45:07 - 45:09
    I will have a whole chapter on this
  • 45:09 - 45:12
    that I could not fit into this talk.
  • 45:12 - 45:15
    Because there is a lot of that there.
  • 45:15 - 45:20
    But the instinct to fall back on the physical analogy is,
  • 45:20 - 45:22
    I think, inherently damaging to the discourse of
  • 45:22 - 45:27
    electronic civil disobedience and digital activism
  • 45:27 - 45:30
    because you fall back on these tropes
  • 45:30 - 45:32
    that don't really fit and then
  • 45:32 - 45:35
    when people point out that they don't really fit
  • 45:35 - 45:37
    you're sort of left with nothing.
  • 45:37 - 45:40
    When you say like "that's not actually a sit-in, that's a DDoS"
  • 45:40 - 45:43
    you sitting there going "but I said it was a sit-in
  • 45:43 - 45:45
    and you like sit-ins, right?"
  • 45:45 - 45:48
    and then you're sort of: that's it.
  • 45:48 - 45:51
    So I'd like to push the argument beyond that point.
  • 45:51 - 45:53
    Male: Thanks.
  • 45:55 - 46:01
    Male: Ok, so it looks like we have no more questions. Thank you very much, Molly, for the talk.
  • 46:01 - 46:12
    applause
Title:
The Ethics of Activist DDOS Actions [29c3]
Description:

The Ethics of Activist DDOS Actions
A Historical Analysis

In the world of digital activism, distributed denial of service attacks present relatively low barriers to popular participation, have a high potential for attracting large numbers of first-time and repeat participants, and can attract large amounts of media attention. But though such actions popular, are they ethical? In this talk I will be presenting an ethical framework for the analysis of activist DDOS actions. The framework is grounded in a historical analysis of various activist DDOS actions, such as the IGC attacks in Spain in the late 90s, Electronic Disturbance Theater actions in the early 2000s, and the Anonymous-led Operation Payback attacks in 2010. Each historical case study presents a unique confluence of technological, political, legal and operational factors allowing for a full spectrum of ethical analysis.

Though DDOS actions are only one aspect of digital activism, the tactic crystalizes many issues that are central to the development of the internet as a field of political action. Property rights, free speech, public versus private spaces online, participant responsibility, and the legal consequences of protest are all issues central to the validity of both DDOS actions and digital activism overall. How do changes in technology, such as the use of botnets (volunteer or otherwise), traffic amplifiers, or exploits, affect the ethical validity of a DDOS action? What about so-called wildcat DDOS actions, which are instigated by a single individual through the use of a botnet or exploit (making it a DOS action)? What does the overwhelmingly privatized nature of the internet mean for the ethical validity of disruptive tactics like DDOS? How do the legal penalties, which are based in a criminal understanding of such attacks, affect the ethical responsibilities of the organizers of such actions? What are the ethical responsibilities activists bear towards the network itself? Are disruptive tactics like DDOS actions effective, and in what ways are they effective? In examining these questions, I will be looking at how DDOS actions fit into the landscape of digital activism and what they mean for the development of civil disobedience tactics online. I am a second-year Masters student at MIT, studying digital activism at the Center for Civic Media at the Media Lab. I'm particularly interested in digital civil disobedience and disruptive protest, and my DDOS research encompasses a significant part of my master's thesis. I presented a preliminary version of this work at the HOPE conference in New York this past summer (notes and a recording of that talk can be viewed here: http://oddletters.com/2012/07/15/hope9-talk-activist-ddos-when-similes-and-metaphors-fail/). While that talk focused on the rhetorical framings of DDOS actions, this version concentrates on the ethics of such actions. Since HOPE, I have expanded the historical analysis significantly, including three additional case studies to more thoroughly cover the spectrum of potential actions. I've also encorporated a stronger theoretical underpinning for the ethical framework, which solidifies and strengthens the analysis overall. The general analysis has also been expanded to address larger issues implicated by DDOS actions, including the validity of disruptive tactics and public spaces online.

Speaker: Molly Sauter
EventID: 5206
Event: 29th Chaos Communication Congress [29c3] by the Chaos Computer Club [CCC]
Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany
Language: english
Begin: Fri, 12/28/2012 21:45:00 +01:00
Lizenz: CC-by-nc-sa
more » « less
Video Language:
English
Duration:
46:26

English subtitles

Revisions

Our website uses cookies for analysis purposes.