Demanding the right to digitally protest: Hacktivists petition the White House to legalize DDoS
In the latest WhiteHouse.gov petition to go viral, the Obama administration is asked to make a method of momentarily crippling a website comparable to real word demonstrations, essentially allowing for a whole new legal form of online protest.
“With the advance in internet technology comes new grounds for protesting,” writes ‘Dylan K’ of Eagle, Wisconsin.
Dylan’s petition, uploaded this week to the White House’s We the People page, is the most recent of these electronic pleas on the website to generate national headlines. A series of petitions in late 2012 demanding the peaceful secession of certain states from the US garnered nearly one million signatures from across the country, and just this week the Obama administration was prompted to respond to one popular request to depot CNN host Piers Morgan over his outspoken anti-gun views. That call for action, advocated by Second Amendment proponents and firearm owners concerned over a possible rifle ban, eventually accumulated around 110,000 electronic signatures.
When the White House responded to the petition to deport Morgan this week, press secretary Jay Carney said Americans shouldn’t let “arguments over the Constitution’s Second Amendment violate the spirit of its First.”
Those rallying for new computer laws say that current legislation limits those very constitutional rights, though, and that one electronic form of action should be covered under the First Amendment — the provision that provides for the freedom of speech, protest and assembly.
In the latest instance, the White House is asked to evaluate a federal rule that currently makes it unlawful to engage in distributed denial-or-service, or DDoS, attacks — a harmless but effective way of flooding a website’s server with so much traffic that it can’t properly render pages for legitimate users.
Performed by both seasoned hackers and novice computer users alike, DDoS-ing a website essentially makes certain pages completely unavailable for minutes, hours or days. Unlike real world protests, though, demonstrators don’t even have to leave the house to protest. Instead, humongous streams of information can be sent to servers with a single mouse click, only for that data to become so cumbersome that the websites targeted can’t properly function.
Under the Computer Fraud and Abuse Act, a DDoS assault is highly illegal. For those familiar with the method, though, they say it’s simply a matter of voicing an opinion in an online format and should be allowed.
“Distributed denial-of-service is not any form of hacking in any way,” states the petition. “It is the equivalent of repeatedly hitting the refresh button on a webpage.”
Overloading a targeted website with too much traffic, says Dylan K, is “no different than any ‘occupy’ protest.” According to him and the roughly 1,100 cosigners, there is much common ground between the two. “Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time,” he says.
For companies that are hit with DDoS assaults, though, they sing a different song. In 2006, controversial radio host Hal Turner had his website taken offline after members of the then-infant hacktivist movement Anonymous used denial-of-service attacks to shut down his site to visitors. Turner said the bandwidth overflow cost him thousands of dollars in fees from his hosting company.
When Turner tried to sue those he blamed for the DDoS attack, a federal judge for the United States District Court in New Jersey eventually dismissed his claim. Other “hackers,” however, haven’t been so lucky.
When PayPal, Visa and MasterCard announced in 2010 that it would no longer accept funds for the website WikiLeaks, Anonymous and others responded with a DDoS attack on the payment service providers. The following summer, the US Department of Justice filed an indictment against 14 Americans they accused of participating in shutting down PayPal.
That same year, a homeless hacker using the alias “Commander X” was charged with waging a DDoS attack on the official government website of Santa Cruz, California because he opposed the city’s policy that outlawed sleeping in public space. X could have been sentenced to serious time for committing a felony, but he escaped the United States, allegedly seeking refuge in Canada where he is reported to be in hiding today.
“For a 30-minute online protest I’m facing 15 years in a penitentiary,” he told the National Post last year while on the run. According to an interview he gave last month with Ars Technica, he also participated in OpPayBack — the Anonymous-led assault PayPal and others over their WikiLeaks blockage.
California attorney Jay Leiderman has represented X, and has gone on the record to compare DDoS attacks with real life sit-ins.
“A DDoS is a protest, it’s a digital sit it. It is no different than physically occupying a space. It’s not a crime, it’s speech,” he told Talking Points Memo in 2011. “They are the equivalent of occupying the Woolworth's lunch counter during the civil rights movement," The Atlantic quoted him saying last year.
Speaking specifically of the operation against the companies that cut funding to WikiLeaks, the lawyer said online action is equivalent to peaceful protest.
“Take PayPal for example, just like Woolworth's, people went to PayPal and said, I want to give a donation to WikiLeaks. In Woolworth's they said, all I want to do is buy lunch, pay for my lunch, and then I'll leave. People said I want to give a donation to WikiLeaks, I'll take up my bandwidth to do that, then I'll leave, you'll make money, I'll feel fulfilled, everyone's fulfilled,” he said. “PayPal will take donations for the Ku Klux Klan, other racists and questionable organizations, but they won't process donations for WikiLeaks. All the PayPal protesters did was take up some bandwidth. In that sense, DDoS is absolutely speech, it should absolutely be recognized as such, protected as such, and the law should be changed.”
Leiderman added that he considers the use of DDoS not to be an “attack” in some circumstances, but actually legitimate protest.
“[T]he law should be narrowly drawn and what needs to be excised from that are the legitimate protests,” he said. “It's really easy to tell legitimate protests, I think, and we should be broadly defining legitimate protests,” he said.
New York attorney Stanley Cohen, who is representing one of the accused “PayPal 14” hackers responsible for the Anonymous-led operation, agrees.
“When Obama orders supporters to inundate the switchboards of Congress, that’s good politics, when a bunch of kids decide to send a political message with roots going back to the civil rights movement and the revolution, it’s something else,” Cohen told TPM in 2011. “Barack Obama urged people to shutdown the switchboard, he’s not indicted.”
“It’s not identity theft, not money or property, pure and simple case of an electronic sit in, at best,” he said.
So far over 1,100 people agree on WhiteHouse.gov, and hope the Obama administration will get their point. Until then, though, Commander X and others face upwards of a decade in prison apiece for violating a clause in the Computer Fraud and Abuse Act that makes it unlawful to “knowingly cause the transmission of a program, information code or command, and as a result of such conduct, intentionally causes damages without authorization to a protected computer.”
With attorneys like Leiderman and Cohen arguing that the damages in questions aren’t quite criminal, the White House may have to respond to the latest WhiteHouse.gov petition. The Obama administration is mandated to respond if it can garner 25,000 signatures in the next month. Until then, though, proponents of DDoS as free speech can cite what Jay Carney said when petitioners rallied for the deportation of Piers Morgan for his call to ban assault weapons.
“The Constitution not only guarantees an individual right to bear arms, but also enshrines the freedom of speech and the freedom of the press – fundamental principles that are essential to our democracy,” said Carney.
Meanwhile, exercising constitutional rights by way of overloading web servers isn’t being accepted as such by the government. That doesn’t mean that Anonymous or other so-called ‘hacktivists’ will change their ways: just last month, members of the hive-mind computer collective waged a DDoS attack on the website of the Westboro Baptist Church after the religious group announced plans to picket the funerals of mass shooting victims in Newtown, Connecticut. Anonymous waged a similar wave of attacks on the Church of Scientology in 2008, the result of which landed a number of Anons in prison for violating federal law.