Categories:
Topics:
On The Weaponization of the Collaborative Web
Matthew Burton | June 16, 2009 - 9:43am | 16 comments | Email This!Around this time yesterday, I, along with countless others, tried to bring down the Web sites of Iran's information and justice ministries, and state-sponsored media outlets. The idea was to silence the pro-Ahmadenijad, anti-dissent messages coming from these outlets, and in so doing, strengthen the opposition protests in Tehran.
You didn't have to be computer smart to take part: a developer in San Francisco had set up a push-button tool that would, upon your click, immediately start bombarding 10 Web sites with requests. I clicked Start, and in the 10 little boxes below, I could see the pages load and reload. About half of them were already down.
This was exhilarating. The goal was to promote democracy, and I could actually watch as it happened. Empowering.
But there's more to it than that. I'm conflicted about the virtue of this idea. I'm still trying to sort out my thoughts about what happened, but I know that we will be talking about yesterday morning for years to come. We turned our collective power and outrage into a serious weapon that we could use at our will, without ever having to feel the consequences. We practiced distributed, citizen-based warfare. That is frightening. Here is how my thinking evolved throughout the day:
After a few minutes of watching these Web sites sputter, I spread the word on Twitter. I was met with a few dissenting replies. Clay Shirky felt that by doing this, we were validating the idea of Denial of Service attacks, and that if we endorsed it now, we couldn't argue against it when the state uses it against dissidents.
I disagreed. While our use of it may make us look hypocritical the next time we complain about a state's actions, I don't think we can avoid tactics simply because of that risk. If we forsake every weapon that the enemy uses, simply because the enemy uses it, what options do we have left?
I don't think the idea of disabling your enemy's communications is right or wrong. That judgment hinges on a few factors. First, "sticking it to The Man" is not a standard philosophical justification, but there is something about it that feels so right. There were reports that the Iranian government disabled SMS on election day and attacked Moussavi's campaign site. Giving a citizenry the ability to turn the tables on its own government is, I think, what governance is all about. The public's ability to strike back is something that every government should be reminded of from time to time.
The nature of the information being silenced also counts. And when the loudest voice is distributing pure drivel, that voice has to be stopped.
I should also mention that the US military is the preeminent practitioner of communications hacking: when we invade, the telephone switches are the first to go.
Fernando Cervantes made a good point: when you attack a Web site, you don't just attack that site, but every other site on that host as well. You also clog bandwidth. And as I write this, we in the West are still heavily relying on the Internet to tell us what is going on over there; though it's unclear to what extent, we can also assume protestors are using the Internet to coordinate. By attacking these sites, we're hurting not just the state, but the people we're trying to help as well.
This is true. But if government is disabling services that we do want to be available (SMS, Twitter, etc), then we're allowing the public to be exposed to whatever news the state deems fit, and this is the worst possible outcome. Google gave up the "Don't Be Evil" mantra on the day they gave in to China and agreed to filter news.google.cn, on the basis that some news is better than no news at all. This argument reeked of B.S. And now that I had the ability to upend that judgment just a tiny bit, I was going to take advantage of it.
I still agree with all of my thinking above. But after a few minutes of letting the attacker run in the background, I stopped it. I don't know why, but it just felt...creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience--or even know--the results of my actions. All I had to do was click a button. And while my intentions were honest, there is something inherently wrong with the ability to so easily cause harm, without bearing any of the ill effects. I could have been causing the failure of emergency services that I was not relying on. I wouldn't even suffer the guilt of knowing what I'd done, as it's unlikely I would ever find out.
(UPDATE, just to elaborate: When people want to attack someone or something, they usually can't do it immediately. It takes time to prepare. And during that preparation, they are repeatedly forced to reconsider their actions before going trough with it. Each step--buying/building a weapon, choosing a time and place of attack, traveling to the location of the attack and finally seeing their potential victims--forces the sane mind to pass through "moral checkpoints" that force them to think twice. Carrying out the plan is both physically and psychologically difficult. Even heat-of-passion criminals are forced to deal with seeing their victims. I am sure these two factors weed out lots of would-be criminals who didn't have the heart or the means to go through with it.
The DDoS tool does away with these barriers. Nothing forces us to think through the act before we click Start. And we remain safe from the threat of retaliation. The thing about war is that you can’t do it without exposing yourself to danger, thus discouraging you from starting it in the first place. But that is no longer the case. Scary.)
We can assume that from now on, something like this is going to happen every time a citizenry butts heads with its government. (If there was any doubt, the creator of the DoS tool made the code available on his site; the target sites can be easily modified.) It'd be silly to think that we could contain it by declaring it invalid. Still, we--the technopolitics community--need to consider the morality of this tactic, as our collective ability to spread the "Attack!" message is not inconsequential.
Categories:
Topics:
Sign up for our Daily Digest
Sign up to receive TechPresident Daily Digest,
PdF Network News & more
PdF Network Podcasts
Listen to our most recent PdF Network Podcast from our Archives:
New Media and the GOP: Going Online to Win the Virginia Governor's Race with Patrick Ruffini and Mindy Finn, Engage, posted 1/7. Download here.
TechPres PostsTechPres Comments
- From the Bloomberg Campaign, Some Social Media StatsFebruary 8, 2010 - 5:54pm
- Clearing the Cache: War Games February 8, 2010 - 3:05pm
- About that C-SPAN Pledge...February 8, 2010 - 2:48pm
- DSCC Repurposes the Whiteboard for Palin February 8, 2010 - 1:54pm
- Hollywood Fusion: Gov 2.0 Camp LAFebruary 8, 2010 - 1:32pm
- #demonvoiceFebruary 8, 2010 - 4:32pm
- You thought he was fiery?February 5, 2010 - 10:42pm
- Please Proof Read!February 5, 2010 - 6:33pm
- Bad linkFebruary 5, 2010 - 11:10am
- SMS UprisingsFebruary 5, 2010 - 9:36am
Recent PostsRecent Comments
-
Clearing the Cache: Inside the Rehearsals for YouTube's Q&A
Nancy Scola
-
Clearing the Cache: Inside the Rehearsals for YouTube's Q&A
redante
-
MoveOn.org Doing Real-Time Mass Dial-Test of Obama SOTU
Micah L. Sifry
-
Clearing the Cache: The Kind of Code that Comes from Crisis
Prokofy
-
MoveOn.org Doing Real-Time Mass Dial-Test of Obama SOTU
wanderindiana
Comments
This is indeed an important
This is indeed an important development in the evolution of global civic engagement. Aside from the practical collateral damage of this method, disinformation needs to be fought with truth not guerrilla tactics.
One more dilemma
When are the actions of the citizens of one nation an act of war against another nation? I believe that we have entered a very slippery slope here and need to discuss this issue at many levels. While many people engaged in digital activism with good will in their hearts, they did it as members of their own nation with servers and software located in that nation. While they were not operating under the authority of the nation, they were bound by the rules of that nation. Does the US authorize or condone by law DDOS acts within its boundaries. When does digital activism turn into an act of war that could make the nation libel in an international court of law. And what would happen if the attacked nation would retaliate and start a cyber storm that engulfs many. The US is begining to lay down the foundation of a cyber policy that will take on the issues of responsibility for cyber attacks by other nations. How can the US even attempt to take on these issues when its citizens are engaging in attacks on other nations regardless of how noble the reasons may be.
The complicity of the multitude
I can't help but feel that there's no justification for average citizens to engage in DDoS attacks. There are already enough people out there that are unknowingly, and unwittingly, involved in shadowy "botnets" -- why turn yourself into a "Zombie" knowingly?
The complicity of the multitude in what amounts to grassroots cyrberwarfare will only result in providing more fodder for the "tiered Internet" debate, and the communications companies are just looking for an excuse to make it happen.
Let's leave the cracking and the cyber-terrorism to the pros, or those that are adrift without a moral compass.
Phillip.
I agree with you. I loved
I agree with you. I loved reading your article. This is a nice blog. I must say.
Response from Iran
Very interesting article on the morality of all of this. I just noticed a tweet from Iran which said: 'STOP DDOSing Iranian Goverments sites, the people need all the bandwith they can get. Morons!' which confirms your suspicion that there might be unintended consequences. I too find it quite terrifying how easily these tools can be activated - particularly when crowds can be swayed quickly and easily to an action that turns out to be misguided or worse.
Crude methods => crude results
Let me try a metaphor:
you're with friends in a demo, well back away from the storm-troopers, tossing bottles and bricks. (Yes, I know, "cyber" is different. For the sake of the argument, ok?)
Some of those bottles and bricks are landing on the people at the very front who are already bearing the brunt of the push-back.
DDoS bogs the whole web in that area.
Will you just dismiss that as collateral damage?
--bentrem
Uncertainty is certainty that has stepped on a banana peel.
Negativity is brilliance competing with itself.
my intentions were honest, inherently wrong
idea was to silence them
and in so doing, strengthen us
The goal was to promote democracy so
We practiced warfare
disabling your enemy
it feels so right
If we forsake weapons
what options do we have left
We turned our collective outrage
into a serious weapon
but it just felt...creepy
What about when the means of
Ryan,
What about when the means of distributing that truth is being actively compromised by the other side? If the state is using such guerrilla tactics to silence dissent and is making itself the only voice heard, doesn't this change things?
When are the actions of the
When are the actions of the citizens of one nation an act of war against another nation?
Kelcy,
it's a good question. And I'm not touching it. :-) An international lawyer would have to take a crack at it, only because there probably IS an answer. On the other hand, I don't think we have answers to the questions in my post, which is why I felt willing to discuss them. I thought explaining my thoughts would help us get all the issues out onto the table, and while I still agree with what I wrote, I'm not eternally convinced about any of it.
Do you have an opinion about your question?
DDoS is a rock
I participated in one of these for about an hour yesterday, then stopped. My thinking: I wanted to help throw a rock, not participate in a stoning.
What I really hoped to accomplish is pretty simple: By joining with others in an ad hoc attack, we were demonstrating the power of distributed online networks to the Iranian government.
Did we deliver that message? I hope so, but I have no way of knowing for sure.
Having thrown my rock, it seemed that remaining in the DDoS ceased to deliver the original message. So I logged out.
I have no doubt that all positive change begins with love and not fear, and that violence (even cyberviolence, however we define it) can never be the path to peace. But having said that, I understand that whatever rights Americans enjoy in the workplace began not with peaceful negotiations and respectful dialog, but with riots. Not only did people die to break the hold of the robber barons, but to this day their sacrifices are belittled by history.
Is a DDoS against an Iranian website the same thing as a street brawl with Pinkertons? Absolutely not, and let's not get so abstract that we lose that distinction. But let's not lose sight of the fact that cyberwarfare is aggression, and no matter how good it might feel at the time, it isn't going to build anything.
I think it's OK to pick up a rock every now and then, and it's important that the people who are repressing others understand that about us. But we should throw those rocks only on rare occasions, and only to deliver a simple message: We Are Here, and We Do Not Approve.
More questions than answers
I should have prefaced my comments with a compliment. I thought the blog was very well written and extremely pertinent. I had been mulling over this issue while watching the DDOS RTs and Tweets go out and became more concerned that as a nation the US could be held liable. And certainly it is hard to create a policy that rejects DDOS and other cyber attacks by nation states when its own citizens are engaging in them. I think that this kind of action leaves us vulnerable. I think that it is absolutely critical to start the discussions and engage on all levels to include with the lawyers. I don't know the answers to my questions which is why I asked them. This way they are part of the record for future discussions.
we don't fight suicide
we don't fight suicide bombers with suicide bombers. true, the tactics of the 'enemy' governs our response, however as a society that rests upon a moral gauge we can't justify our actions just because 'they' do it that way.
Digital Armery
Now That's a new approach to battling your adversaries. Something I expect to see occur more frequently in this new technological age.
http://www.adwido.com
That's not my rationale
I'm not saying we should do it JUST because the state is (although we do sometimes fight fire with fire, eg nuclear deterrence). Rather, you said that the strategy should be to "spread the truth." But in this case, I'm not sure if spreading the truth is even possible within a media environment that is being controlled by the people you're competing with. In order to make your own voice more noticeable, you have to silence the noise that's trying to drown you out.
Also, you use the term "guerrilla" in a negative connotation. We Americans tend to think of it that way, as we're usually on the wrong side of it these days. But guerrilla warfare is a fundamental tactic of any outmanned force. The underdog uses it to give itself an advantage on a battlefield that would otherwise remain under the superpower's control. I don't think there's anything inherently negative about that.
Tiffany's Jewelry.We Provide
Tiffany's Jewelry.We Provide a wide range of fashionable tiffany jewelry, including
In 1950 Tiffany's had its biggest boost in popularity as Truman Capote's Breakfast at Tiffany's was published. Tiffany's was shot to worldwide fame in 1961 when the film adaptation staring Audrey Hepburn was released. This film and its star became icons, as did Tiffany's
Tiffany Bracelets
Insightful and thought-provoking
Finally getting around to commenting. Great post, Matt. Really got me thinking about the bold, new political environment in which we find ourselves.
http://twitter.com/thedrake/status/2282593527