Hacktivism - Political Activism on the Net or: Why we have to protect the net as a public sphere - Draft speech for 10th of July conference by the Transnational Radical Party, by Armin Medosch

London 9th of July 2002

In December 1995 an email was circulated on the Internet. It asked people to participate in a political action on the WWW. At a certain hour, as many people as possible should direct their browsers to certain websites belonging to the French government. The political motive for this action were the ongoing French nuclear tests in the Pacific Ocean. The initiators idea was that if thousands of people tried to access websites at the same time, the servers hosting these websites would get such a workload that they could not cope with it any more and slow down. The machines would be flooded by so many information requests that they would fail just to do that, deliver information via the WWW. Also, at the same time, the access road to those servers - or to be more precise, their domains - would get congested and people in French government institutions would experience some delay in sending and receiving email. The Italian initiators of this action, Stranonet, called it a netstrike. In their email correspondence they explained that "netstrike" was not the fully appropriate term for this kind of action, that it actually resembled more a picket line or a sit-in in front of a government building. However, with this so called netstrike a new form of political protest was born - electronic mass civil disobedience.

In February 1996 another netstrike was organized, this time against the Mexican government, because of the ongoing assault by the Mexican army against the Zapatistas revolt in Chiapas. Again thousands, if not hundreds of thousands of people responded and for an hour they clicked on Mexican government websites every few seconds so as to clogg them up with information requests, slow them down and hinder them from processing emails. At the same time rallys were held in front of Mexican embassys worldwide.

A year later, the New York based Mexican artist Ricardo Dominguez and his team from Electronic Disturbance Theatre improved the method of the netstrike. The participating users should not go directly to the target website but to a website especially set up for the protest. There they would launch a script, a small program included in the website, which would automatically send information requests every few seconds to the targeted website, thereby improving the efficiency of each users action, by multiplying their clicking efforts. The tool that did this was called Floodnet. The methodology would soon be called hacktivism or el hacktivismo and would be picked up and used by protest groups worldwide. For example in the context of the Seattle protests by the global anti-capitalist movement, an English hacktivist group emerged who called themselves electrohippies and launched a netstrike on the servers of the World Trade Organisation and the IMF. German activists who support asylum seekers and tried to stop forced deportations on Lufthansa flights organised a netstrike against the flight booking service of Lufthansa on the internet.

All this activity did not go unnoticed.The Mexican government responded in kind to netstrikes and employed hackers for a counterstrike. They wrote scripts that would make the floodnet tool crash. Ricardo Dominguez also got threatening phone calls late at night. His activities also did not get unnoticed by the US government. US government advisers had for a while already fuelled fears about the threat of the so called Infowar or Netwar. In US secret service briefings for the media actions of Electronic Disturbance Theatre were presented as actions of Infowar and were used to legitimate an increase in government spending on IT security and new tighter laws.

In winter 2000 something happened that even more threatened to discredit hacktivism as an evil, almost terrorist assault. Anonymous hackers in a case that remains unsolved till today launched an attack on the biggest websites of the world, Yahoo! and eBay. They completely brought those highly powered websites down for almost a day and caused enourmos economic damage. The technique that they used - Distributed Denial of Service Attack - in short DDoS-Attack, was picked up by the press worldwide as a new buzzword at the height of the new economy boom. Uninformed journalists and politicians from now on would use this term DDoS to discredit hacktivism.

However, there is a big methodological difference between a DDoS attack and a netstrike. The perpetrators of the attack on Yahoo and eBay remained entirely in the dark. Their action was not accompanied by any statement, poltical or else. They did not use human agents to carry out their attack, but used machines instead to launch very powerful programmes, capable of bringing down the most secured Web Servers in the world. A netstrike on the other hand, is carried out entirely in the open. It is organised by people who do not remain anonymous but declare themselves openly, with email adresses and sometimes even phone numbers given. They formulate clear polticial goals for their action and the action is limited in time and scope. It is announced when and which servers are going to bet targeted, so that webmasters can take preventive measures. And most important of all, the aim of a netstrike is not to totally block and shut down the internet service of the targeted organisation. It is considered sufficient if the server is slowed down a bit, if there is some measurable result in an increase in traffic to the site. The action is much more of a symbolic nature than actually being a form of technical violence.

Ricardo Dominguez has, as an artist and theorist, developed a very concise theory of the netstrike. He calls it a poetic gesture that aims at raising awareness for a cause. Much more important than actually harming the technical service of a website is that a sufficient number of people publicly stands up for something. He makes the participants aware that governments have ways of knowing who participates in a netstrike. Although it is not totally clear if participating in a netstrike can be criminalized under existing legislation, participants should know that they possibly could draw some forms of sanctions on themselves. Therefore, if they still participate, they make a statement that they are ready to stand up for what they believe in. This makes a netstrike comparable to traditional forms of civil disobedience, because participants in a sit-in also know that they could get arrested and charged by police. Last not least, by making a very public announcement that a netstrike is going to be carried out a publicity mechanism is set into action. The action and the political cause which it is done for then usually draws the attention of the press. A public debate around issues is created, in the press and electronic media, but also in internet mailing lists and news groups and other internet forums. Dominguez says that this is even more important than the action itself. Therefore a netstrike should not be viewed as a form of Infowar at all and there is no resemblance to the anonymous hacker attacks in the style of the DDoS Attacks against Yahoo and eBay.

Netstrikes are not the only form of hacktivism. Other forms are for example Web graffiti, that means cracking a webserver and leaving a statement on the homepage, and mail bombs, which are semi-automatically generated emails that send a particular political statement or protest note to a recipient. But I have chosen netstrikes because I have done research on this form of electronic civil disobedience in the context of writing an article for German Bundeszentrale fuer Politische Bildung. When carrying out this research I have spoken to lawyers and asked for opinions. The result, and here we come to my thesis, was quite shocking. Most lawyers would clearly see a netstrike as a case for criminal law or at least civil legal action. In German law one of the so called hacker paragraphs cites "suppression of information" as a crime. If a netstrike is seen as a denial of service attack, it would clearly fall into this category. The cybercrime convention and new anti-terror legislation also include attacks on information systems and would give a legal framework for cirminalizing hacktivists and even brand them as terrorists.

At the root of this question, if there is any legitimacy for mass political action on the internet at all, is the question of how we do see the internet. If we see it as a network of networks only, whereby each segment of the net is owned by a legal entity, a privately owned company or a company owned by the state, then there would be no space for poltical action at all. To explain this matter further, most lawyers to whom I spoke to, saw the clicking on a website in the context of a netstrike as sending electronic impulses only. As a result, they can only see the damage done to private commercial interest, to the disruption of information flow. They do not recognize that in a netstrike actual people are behind these signals, that they make a statement with the use of machines. Even so machines are used to make a statement, it is still a political declaration of their intentions and therefore should be covered by free speech legislation. In the real world there is a right to assembly, a right to organise a demonstration and go out and wave banners for a good cause. This also disrupts traffic in cities, it prevents people from going to work, it does some form of damage to economic interests and it generates cost for policing, but the right to demonstrate is a right fought for hard over the last two centuries and nobody would consider charging demonstrators for the collateral economic damage.

I am not a legal expert, I am a writer only. But for me the conclusion is this: first of all we have to make sure that the internet is recognized as a public sphere. It is not only a network consisting of many interconnected private networks, it is also a political forum, maybe soon the most important political forum of all. So far we have many new laws that tell us what we should not do on the net, but we have hardly any laws at all that actively protect citizens rights in the electronic communications sphere. We should implement a form of legal protection for the Internet as a public sphere. This should be done on the highest levels, such as the EU Charta of Fundamental Rights. Then, there are further cyberrights dependent on the recognition and legal protection of the Internet as a public sphere. I imagine something like a charta for citizens rights in electronic communications, which should go beyond and be more pro-actively formulated than only covering matters of data protection and privacy. It should include a right for mass political actions on the net. We should not only have the right to use the net as individuals, but also as individuals who self-organize in bigger groups by the use of the net. We should make sure that those groups have a right to use the net to make political statements by ways of a netstrike or similar hacktivst techniques. Closely intertwined with this is also the question of access. Hereby I mean first, the right to have access to the net. If we are looking into using the net for elections, it is crucial that the digital divide is not opening up further. Everybody, no matter which age, income or education they have, should be able to access the net regularly on a cost free or very low cost basis. Secondly the right of access should include the right of access to information. We have seen new legislation on information freedom recently on European and member state levels, but they have been disappointingly restrictive, favouring more the right to secrecy of civil servants than the citizins rights to transparancy in government. Access for all and acces to everything should become a universal right, similar to the way state regulators guarantee telephony as a universal service, given also to those in remote areas, where there is no commercial incentive.

I will stop here more or less, not to overdraw my speaking time but also not to make matters too complicated, because I mainly want to bring home one point. Starting from the Bangemann Report, the EU has failed the information society. In the neo-liberal climate of the boom years of the late nineties the EU has done more or less this: it has declared that it wants an information society but has left it to private enterprise to achieve this goal. It has misunderstood the internet mainly as a tool for e-commerce, a more efficient tool for the distribution of goods. But in our society its not only goods that circulate and that are of economic importance, its also ideas, political, scientific, artistic and cultural ideas which people want to exchange freely and to the benefit of the whole of society. The notion of the internet as a playground for private entrepreneurs such as supported by the EU so far has done the emergent information society more harm than good. Its time for a radical u-turn and this u-turn should start with recognizing that the Internet is a public sphere.