07 Dec 12 | Volume 41.04 Winter 2012
Between February 2011 and June 2012, I attended nine surveillance technology trade shows around the world. At these events, vendors, developers and government agencies meet, mingle and do business. They’re usually held at anonymous corporate hotels and are strictly invite-only. Yet the atmosphere is usually one of pervasive paranoia and attendees often conceal their real names and governmental affiliations. The sales representatives, by contrast, can be extremely frank, particularly when discussing the ethical implications of their trade. During one presentation, delegates from a password forensics company projected an image of a metal interrogation chair draped with chains and joked that their equipment could be used in conjunction with ‘other methods’. Another vendor told me that he was sure his company could come to ‘some arrangement’ with a (hypothetical) North Korean customer. Fat profit margins are top of the agenda; ethics and social responsibility rarely even come into it.
Twenty years ago, the value of the global surveillance industry was negligible – today it is estimated to be worth around $3bn. The fall of the Berlin Wall in 1989 left hundreds of Stasi officers out of a job and the rash of new surveillance companies that sprang up in the early 1990s in Germany suggests that many found lucrative new employment in the private sector. Privacy International published a report in 1995, highlighting this increased flow of surveillance tools from developed countries like the UK, the US, Germany and Israel to repressive regimes in Africa and South Asia, where they were then used as instruments of political control and internal repression. But not a single Western government has felt it necessary to impose export controls on surveillance technologies, and so this unethical trade has therefore continued unimpeded.
After 9/11, governments around the world ramped up their surveillance operations and private companies competed to develop and supply cheaper and more invasive tools. The business of surveillance was no longer the preserve of large military and arms manufacturers like BAE Systems; small technology enterprises and larger Silicon Valley companies quickly flooded the market. Privacy International’s recent research has identified around 250 vendors of surveillance technology based in 33 countries around the world and there are probably dozens more that have managed to remain under the radar. Unfortunately, these new actors seem to conduct themselves with even less integrity than their predecessors – exports to Africa and the Middle East are significant and companies now offer bespoke solutions and training to their clients.
One would think this would make it difficult to plead ignorance when companies get caught doing business with dictatorships and repressive regimes. Yet this is still the most common defence: companies claim that they had no knowledge of the uses to which their products were being put.
They deny complicity in resulting human rights abuses – censorship, torture, extrajudicial detention and executions – because they say that technology is neutral, that it’s not their responsibility to vet their clients, that they can’t control how equipment is used once sold. Let us be clear: in the majority of situations, this is simply not the case. These companies are not staffed by idealistic young software developers creating socially useful tools that their wicked clients are then misusing and perverting. In fact, most of the time they are working with their customers on a close and long-term basis, carefully tailoring surveillance systems to specific needs.
Milan-based Area SpA last year furnished Privacy International with a disturbing example of just how committed to customer service these companies can be. While President Bashar al Assad’s forces were engaged in brutal attempts to crush dissent in Syria, killing and injuring hundreds of unarmed protesters, Area secretly installed a nationwide mass surveillance system. Dozens of the company’s Italian employees were flown out to Syria to install hardware and software that would allow Syrian security agents to follow targets on flat-screen workstations displaying communications and web use in near-real time, alongside graphics that mapped citizens’ networks of electronic contacts. The €13m (US$16.7m) contract also specified that Area employees would supply training to Syrian security agents, teaching them how to monitor vast swathes of the population. Fortunately, after a Bloomberg report exposed the project and protesters gathered outside Area’s offices, the company quietly pulled the plug on the project.
The effect of a surveillance system of this sophistication and magnitude on political dissent, public debate, the rule of law – in fact, on all of the processes fundamental to participatory democracy – is devastating. When people see their friends and colleagues arrested and tortured because of a text message, a Facebook chat or a phone call, they think twice about complaining about government abuses. They may cut off all phone and email contact with those people, afraid that just being part of the wrong networks will bring the secret police to their own doors in the middle of the night. Arranging face-to-face meetings becomes practically difficult, and even speaking in person isn’t secure – governments can target individual mobile phones with malware that allows them to remotely control the device’s microphone and camera and thereby see and hear everything happening around it.
Organising political demonstrations is equally challenging. Blogs containing anti-government sentiments are identified and blocked almost as quickly as they can be written, preventing citizens from expressing their dissatisfactions to a wider audience. Surveillance technology is therefore one of the most powerful weapons in the dictator’s arsenal; it destroys political opposition and subdues populations far more effectively than guns or grenades.
Privacy International doesn’t think it’s right that companies based in Europe and the United States – where governments publicly condemn the kind of human rights abuses described above – should make vast sums of money by facilitating these same abuses. We also believe that this notoriously murky and elusive industry needs to be much more transparent about which products are being sold to which regimes, particularly in Africa and the Middle East. We embarked on the Surveillance Industry Index – a publicly-accessible online catalogue of surveillance companies, products and marketing materials – because we felt that putting the hard facts in the public domain would hopefully stop companies obfuscating their involvement with repressive governments and make them more accountable. We also hoped that it would add to the evidence base for proper export licensing systems in Europe and the US. In particular, the excerpts from the marketing material we’ve presented provide direct insight into the ethical vacuum at the heart of the industry and demonstrate the terrifying scope and power of some of the technologies that are now readily available.
For example, UK-headquartered Gamma Group describes one of their products as permitting ‘black hat hacking [illegal and malicious] tactics to enable intelligence services to gather information from target systems that would be otherwise extremely difficult to obtain legally’. South African VASTech sells a mass surveillance product that can intercept ‘more than 100,000 simultaneous voice channels, allowing it to capture up to one billion intercepts per day and storing in excess of 5,000 Terabytes of information’. Madrid-based Agnitio is even more explicit, stating that their product is ‘designed for mass voice interception and voice mining’. Mass surveillance has been ruled illegal in most democratic countries as, by its very nature, it can never be considered a proportionate or necessary tactic.
Over the past few years, Gamma International’s FinFisher suite, a range of spyware that covertly takes remote control of a computer or mobile device, copying files, intercepting Skype calls and logging every keystroke, has appeared all over the world. Recent reports by computer security company Rapid7 have placed FinFisher command and control servers in Australia, the Czech Republic, Dubai, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar and the US. A separate investigation in August by CitizenLab, an interdisciplinary project based at the Munk Centre for International Studies at the University of Toronto, identified potential FinFisher command and control servers in Bahrain, Brunei, the Czech Republic, Ethiopia, Indonesia, Mongolia, Singapore, the Netherlands, Turkmenistan and the United Arab Emirates.
Gamma International’s Managing Director, Martin J Muench, has refuted this research – the latest in a long line of denials and excuses from the company. In April 2011, the Guardian reported that two Egyptian human rights activists had found a proposal from Gamma to supply President Mubarak’s regime with FinFisher products inside the ransacked headquarters of the State Security Investigations service. The company said the offer was for a free trial version and that ‘Gamma International UK Limited has not supplied any of its FinFisher suite of products or related training etc to the Egyptian government’. When it was reported that five Bahraini human rights activists had been sent emails containing FinFisher trojans, Gamma suggested that the malware in question was a ‘copy of an old FinSpy demo version’ that ‘may have been stolen’. Muench also tried to point the finger at organisations that had been investigating Gamma’s practices: ‘It’s been suggested that the information was stolen on behalf of a pressure group to disrupt our business but I have no evidence yet to support that claim.’
Yet Muench’s ultimate defence is that Gamma always complies with British, American and German export regulations, recently stating that ‘Export Control Authorities … act as our moral compass’. This would be all well and good – if such export regulations existed anywhere in the world. In fact, exports of surveillance technologies remain almost entirely unlicensed and thus uncontrolled. It should also be noted that, although Gamma has been using the above justification since April 2011, the company only bothered to submit a technical information about FinFisher to the Department for Business Innovation and Skills (BIS) in June 2012. BIS, which is responsible for licensing exports in the UK, has now decided that exports of FinFisher should in fact be licensed, on the basis that the product contains cryptography.
However, the British government has thus far refused to include other surveillance tools in the export-licensing regime, apparently buying into the industry’s claims that these products are all sold for legitimate purposes. Yet BIS controls exports of hundreds of ‘dual-use’ products (products that can be used illegally or dangerously as well as having a legitimate or civilian purpose) and the industry has thus far demonstrated a woeful inability to self-regulate. Unless surveillance exports are effectively controlled by law, the action the UK has taken on Gamma’s FinFisher will be just a sticking plaster on a bullet wound. Though the European Parliament passed a resolution calling for stricter oversight of surveillance technology exports and President Obama announced an executive order to prevent such exports to Syria and Iran, there has not been any clear, decisive action as of yet. And, for dissidents and ordinary citizens alike, the space for speaking out about human rights violations and ensuring this information gets out to the wider world is narrowing all the time.
©Eric King
41(4): 81/86
DOI: 10.1177/0306422012465540
This article appears in Digital Frontiers, the winter 2012 edition of Index on Censorship magazine.
07 Dec 12 | Egypt, Middle East and North Africa
An Egyptian journalist covering Wednesday’s clashes outside the presidential palace in Heliopolis between Islamist supporters and opponents of President Mohamed Morsi has been declared clinically dead after sustaining gunshot wounds to the head.
33-year-old Al Husseini Abou Deif —who worked for the independent Al Fagr newspaper — is the latest journalist to become a victim of the violence while reporting on the protests in Egypt. Another Egyptian journalist was killed while covering the 18-day mass uprising that toppled former President Hosni Mubarak last year. Several journalists, Egyptian and foreign, have also reported assaults, sexual molestation and intimidation while trying to tell the story of Egypt’s turbulent transition.
An witness who was standing next to Abou Deif when he was gunned down said that the journalist was shot at close range while filming anti-Morsi protesters under attack. He added that Abou Deif had been deliberately targeted and that his camera had been seized. Doctors at al Zahraa Hospital, where Abou Deif lay in a coma fighting for his life, also confirmed that the assailant had been less than two metres away from the journalist.
A member of Egypt’s Journalists’ Syndicate, Abou Deif was an outspoken critic of the government and had often participated in rallies protesting media censorship and demanding greater press freedom. He was also an opposition activist and member of the Kefaya movement that opposed the succession of Mubarak’s son Gamal and protested political corruption and stagnation.
The violent clashes outside the Al Ittihadeya Palace erupted on Wednesday afternoon when thousands of Islamist supporters marched to the Palace to express solidarity with President Morsi, under attack since issuing a constitutional declaration two weeks ago which gave him absolute powers. The Islamists have attacked scores of opposition activists camped in tents outside the palace since Tuesday night. Morsi’s opponents had staged their own million-people rally on Tuesday afternoon, protesting the Presidential edict and a draft charter they say will stifle civil liberties and religious freedom. President Morsi had earlier announced that the draft would be put to a popular referendum on 15 December.
Protest outside Presidential Palace in Cairo, 4 December 2012. Mohamed El Dahshan | Demotix
At least six people were killed and 700 were injured in Wednesday’s clashes. Most of the dead were Islamist supporters who succumbed to their wounds after being shot or attacked with knives, a statement by the Interior Ministry said. Two of them were members of the Muslim Brotherhood, from which the president hails. Most of the injuries resulted from Molotov cocktails and fireworks being hurled from both sides. Anti-Islamists accused “Muslim Brotherhood militia” of firing birdshots and using swords to attack them. Denying the accusations, the Islamists insisted they themselves were the victims of such attacks. Riot police that had been absent from the scene at the start of the clashes were deployed hours later and attempted to create a buffer between the two camps.
The attack on Abu Deif followed attacks by security forces on at least two journalists covering last week’s protests demanding President Morsi retract his constitutional declaration. The increased violence against journalists has prompted the Journalists’ Syndicate to issue a statement demanding that police do more to protect reporters covering the civil unrest. In the meantime, Syndicate members are organising a rally on Friday afternoon to denounce state attacks on journalists.
This week, several journalists and talk show hosts took a firm stand against censorship. The strongest statement came from talk show host Hala Fahmy who appeared on her show on Egyptian State Television carrying a white shroud intended to symbolise “the demise of free expression.” The show was immediately taken off the air. Meanwhile, State TV presenter and former presidential candidate Bothaina Kamel is being investigated for going off-script. She told viewers to stay tuned for the “Ikhwani” or “Brotherhood news bulletin” — a jab intended to signal interference by the newly-appointed Islamist Minister of Information in the news editorial content. Khairy Ramadan, a TV talk show who worked for the independent Channel CBC resigned on-air after the station’s managers cancelled a show in which he was to have hosted former presidential candidate Hamdeen Sabbahi.
The impromptu cancellation of the show followed a televised speech minutes earlier by President Morsi, who said that investigations into Wednesday’s clashes had revealed that “thugs” hired by opposition political forces and former regime remnants were responsible for attacks on protesters. He vowed that perpetrators attempting to wreak havoc would be brought to justice. While standing his ground on his controversial edict, which he said was meant to propel Egypt forward, Morsi assured Egyptians it would not shield his decisions from judicial review, nor prevent citizens from holding him to account.
The protesters’ chants of “the people want the downfall of the regime” that filled Tahrir Square immediately after the speech do not auger well for a near-end to the political turmoil. And for journalists covering the unrest,there are as yet no guarantees of their safety.
Journalist Shahira Amin resigned from her post as deputy head of state-run Nile TV in February 2011. Read why she resigned from the “propaganda machine” here.
03 Dec 12 | Digital Freedom, News and features, Volume 41.04 Winter 2012
The decentralised, ungovernable nature of the early internet was an intentional design feature and not a bug. As a result, today’s internet is an open network, where unprecedented creative and economic innovation, art, commentary and citizen journalism flourish.
But child pornography, hate speech and copyright infringement have also thrived, leading to mounting pressures to bring online activity under government control. As nations push for these changes, global interconnectivity and freedom of expression are at risk.
As long as computers speak the TCP/IP protocol, or ‘language’, they can exchange information without centralised controls, standardised operating systems or consideration of geographic location. Users do not need to register or identify themselves. These networks are both simple and robust, and there is no single point of failure.
The Innocence of Muslims film was widely censored
The laissez-faire design principles of the network are reinforced by the legal regime of its birthplace, the United States. The US allows private, unregulated businesses to connect to and innovate on the network without government permission. The First Amendment guarantees that the vast majority of online communications will not result in governmental sanction. Section 230 of the Communications Decency Act of 1996 (CDA), which states that online platforms should not be treated as if they are the speaker or publisher of user-generated content, ensures that online companies are not required to review user posts in advance to avoid liability, a precaution that would be impossible anyway, considering 72 hours of video are uploaded to platforms like YouTube every minute.
While the founding fathers of the internet weren’t envisioning Facebook or YouTube, the TCP/IP protocol made these innovations possible. Photos of cats, indie music and films from around the world can all be found online, along with fraudsters, Nazi propaganda and videos about how to be anorexic.
Activist and co-founder of the Electronic Frontier Foundation John Gilmore said in 1993: ‘The net interprets censorship as damage and routes around it.’ But in the face of the darker uses of the network, Gilmore’s celebration has become a rallying cry for regulation. Apprehending individuals who behave illegally online can be difficult.
An individual posting illegal content might be pseudonymous and their identity not readily ascertained. Or the user might be based outside the jurisdiction where legal proceedings have been initiated. If one service provider blocks access to content or removes a video or song, another user, or users, will almost certainly repost the material, giving it far more attention than it originally received and far wider distribution.
This phenomenon is so common it has been given a name, the Streisand Effect, based on Barbra Streisand’s extensive but ineffectual legal attempts to stop online publication of photographs of her Malibu, California beach house.
Tools for government control
Nevertheless, despite the assertion that technology has outpaced the ability of the law to regulate it, as a result of technological, economic and political changes, online speech on today’s internet is no longer beyond governmental control.
The vast majority of activity is not anonymous – it’s branded with a unique identifier that links details to a particular network account. Internet Service Providers (ISPs) collect and store which IP address information was assigned to what subscriber for billing and operational purposes. Moreover, online businesses increasingly collect IP address information to identify repeat customers, tailor services and target advertising.
These services associate IP address data with other information that can be used to profile, track, physically locate or otherwise identify a user. Governments and civil litigants are learning how to use this information to identify individuals. The old joke was that on the internet, no one knew you were a dog.
Today, everyone knows your breed and what kind of kibble you buy. Not long after the implementation of TCP/IP protocol, its creators decided that easy-to-remember domain names like stanford.edu or facebook. com were better monikers for networked sites than the original IP addresses, which consisted of a long string of numbers.
They set up the domain name system (DNS), a system of databases that translates unique identities into machine-readable addresses. Without accurate and cooperative DNS servers, users cannot find and connect to pages. DNS has become a powerful tool for governments to control the internet.
DNS redirection or filtering, called DNS poisoning, is increasingly common. The Chinese government uses this technique extensively. When a user attempts to connect to sites the government does not want them to access, he or she is simply redirected elsewhere. Domain names themselves are targets for government control.
In 2011, the United States Immigration and Customs Enforcement (ICE) agency automatically shut down over 700 websites for alleged copyright infringement, including the sports streaming sites rojadirecta.com and rojadirecta.org and music site http://dajaz1.com. In many cases, ICE was able to seize these domain names without an adversarial hearing, meaning that website owners were not able to defend their practices in court.
The secrecy of the proceedings was another huge challenge. For both rojadirecta and dajaz1, the government eventually gave the names back, without providing probable cause for the seizure. But the harm was done. In a fast moving economic environment, a business that loses its domain name for even a few months is basically dead.
Governments have also found ways to control online expression by controlling the services people use to connect to the network: electricity providers, ISPs, broadband and cellular providers. Companies that lay power lines or fibre optic wires to users’ homes or operate cellular networks to which internet-enabled devices connect are usually highly regulated and have a cosy relationship with the government. In some countries, these services cannot operate without government approval.
The Arab Spring
During the 2011 protests the Egyptian authorities cut internet access
During the 2011 Arab Spring protests, some reports say that the Egyptian governmentsimply shut off power at an important internet exchange point where ISP lines connected to the network outside the country. The government contacted those ISPs that were not directly affected by this move and instructed them to discontinue services or risk losing their communications licences.
Similarly, Syria has only one domestic internet provider and it is owned by the government. So Syrian authorities have a direct avenue for monitoring, filtering and blocking traffic. Authorities in that country have also disconnected the mobile 3G network to prevent access through the phone network; they have been known to disconnect the electricity supply to control citizens during clashes between the military and protesters or rebel forces.
Unable to use normal means of communication, activists have no choice but to give news and footage to those who know how to circumvent bans so that the information gets out to the world. These kinds of wholesale shutdowns obviously produce a lot of collateral damage for ‘innocent’ users of electricity and communications services.
There is a public cost to this kind of obvious, direct censorship. In the case of Tunisia, the tactics were less obvious. There were reports that the government manipulated Facebook login pages to obtain activists’ passwords and delete their accounts, along with pages organising protests. During Iran’s 2009 Green Revolution, the government prevented citizens from accessing popular dissident websites and used DNS blocking to redirect activists attempting to organise protests via Facebook or Twitter. Since much of the data transmitted over the Iranian (and global) network is unencrypted, the Iranian government has an easy time spying on its citizens.
Blocking offensive material
Communications platforms like Gmail, Twitter, Facebook and YouTube are ripe targets for censorship. In September, Google refused to delete the YouTube-hosted video The Innocence of Muslims, which depicted the Prophet Mohammed and insulted many around the world. The video has been widely regarded to be connected to attacks on the US consulate in Libya, in which the US ambassador and three other State Department employees were killed. As word of the video spread, there were violent protests around the world and governments faced demands to remove the video from the internet.
As a result of the protests, Google initially blocked access to the video in Libya and Egypt by blocking IP addresses associated with those countries’ ISPs so that they could not connect to the YouTube server. It also blocked access in India and Indonesia and, in response to government requests, in Saudi Arabia and Malaysia. Google also blocked the video using geographical filtering. Eventually, it restored access in Libya and Egypt. The video continues to be accessible to the rest of the world and people in blocked countries may view the clip by routing requests through non-local IP addresses.
It’s not surprising that the video remains online – the First Amendment and a decentralised network guaranteed that. What’s surprising is that Google actually blocked the video. The company has such considerable international business interests that following local law in the jurisdictions concerned was in its best interests.
A purely US-based company or an online speech platform with no business interests might have chosen to do nothing. But these days it’s rare for an internet platform to ignore international demands for censorship or for user data. Companies have a potentially international user base and in order for them to exploit it, they increasingly give foreign government demands substantial weight, and not only when they have staff or assets on the ground.
When intermediaries like ISPs fail to comply, this doesn’t stop national censorship. Thailand has blocked the entire YouTube site for hosting videos that mock the Thai king. Turkey has blocked access to webpages about evolution. A decade ago, France successfully stopped Yahoo!’s local subsidiary from hosting auctions for Nazi memorabilia and fined its US division for failure to block French users. Today copyright holders are pressuring European ISPs to block The Pirate Bay, a website dedicated to the sharing of copyrighted materials.
Network problems like unwanted spam and malware have encouraged providers to develop tools that can analyse and disrupt traffic. The economic consolidation of network providers and entertainment companies has encouraged conglomerates to look at favouring and disfavouring – essentially blocking – certain content or applications on their networks. Some countries are now asking these providers to block access to certain content, or to collect transactional data about users’ internet access for subsequent monitoring and potential prosecution.
In 2009, a German man convicted of murder sued Wikipedia and various news outlets for posting information about his crime, asserting his ‘right to be forgotten’, which is recognised in Germany. Wikipedia’s German language service removed the entry, but the English language version has so far refused.
In 2010, Italy criminally convicted three Google executives in response to a YouTube video depicting a disabled child being bullied. Though the content was removed within hours of the company receiving notification, the court faulted it for not screening the video prior to posting. And a court in Brazil ordered the arrest of Brazil Google’s senior executive for failing to remove a video critiquing a mayoral candidate, which violates local election laws.
Also in 2010, various US businesses and government agencies took steps to block the WikiLeaks website after it published a classified cache of leaked diplomatic cables. Private companies, including Amazon and PayPal, stopped doing business with WikiLeaks on the grounds that it violated their terms of service, although, according to reports, the US State Department encouraged the decision. Copyright is a particularly salient cause for censorship in the West.
In one you-can’t-believe-it’s-true example from earlier this year, Amazon remotely deleted copies of George Orwell’s 1984 and Animal Farm from Kindle devices because the books had been added to the Kindle store by a company that did not have the rights to distribute them. No censor could ever hope to seize and burn every paper copy of Fahrenheit 451, and yet digital books can easily be disappeared.
The end of the global network?
Today, our global network is evolving into a parochial one. China already has its own surveilled and monitored internet. Iran is in the process of creating its own domestic network and has started blocking American companies like Google from providing online services to its citizens. As companies block or are blocked in compliance with international assertions of sovereignty from countries around the world, we are in danger of fragmenting the network along national borders.
International efforts to regulate the network are even more frightening. Taking place behind closed doors, the International Telecommunications Union (ITU), a United Nations organisation representing 193 countries, is reviewing international agreements governing telecommunications with a view to expanding its regulatory authority over the internet.
During the meeting, many countries hope to seize power over internet policy, taking it out of the hands of the US. Authoritarian and democratic countries would have equal say. Of those 193 countries, 40 of them currently block or otherwise censor the internet. Voices around the world, including the US Congress and Vint Cerf, one of the creators of TCP/IP, have called for the ITU to keep its hands off the internet.
Under the ITU, the internet would be pushed towards the lowest common denominator, with the potential for rampant civil rights abuses, widespread surveillance and fragmentation of creative and political freedoms. Most experts believe that the days are long gone when internet companies could simply follow US law alone.
Some international legal regulation of the internet is inevitable. Still, it’s important for any changes to be made slowly and incrementally, and to be aware that any major changes applied to internet technology or its network might be hard to reverse. Nations must understand the risk of fragmentation and companies must resolve to restrain sovereign demands.
Multi-stakeholder agreements on how to manage cross-border problems, even without the force of law, may alleviate the urgency of addressing some online crimes. Choices made by communications intermediaries, rather than just governments, will continue to have a disproportionate effect on individual freedoms, so we must be very careful about imposing liability on those platforms for their users’ conduct.
Policy should encourage provider diversity and network neutrality, or else deviation from the internet’s original design as a global, open network will threaten economic growth, creativity and political activism. None of these precautions will be taken, however, until we accept the fact that the law is, indeed, catching up with the internet.
Jennifer Granick is an American attorney and educator. She tweets from @granick
03 Dec 12 | Digital Freedom, News and features, Volume 41.04 Winter 2012
It’s late January 2012. Governments all over the world are considering signing up to a new US-led trade proposal intended to curtail copyright violation, the Anti-Copyright Trade Agreement (ACTA). There have been widespread protests, on and offline: the loose-knit collective of activists, hackers and internet denizens of all stripes known as ‘Anonymous’ believe ACTA represents an attempt by governments to limit and control the core freedoms of the internet, in particular the massive cultural exchange of ideas and information made possible by file-sharing online.
In Poland, the agreement has already been signed off; all that is needed for it to be adopted into law is a majority vote in parliament. The government website is offline, taken down by a distributed denial of service (DDoS) attack launched by Anonymous, which sends a message to politicians who are considering voting in favour. By the final week of January, over 10,000 people gather in Krakow in a last-ditch protest to influence the vote.
Members of the Palikot Movement Party protest against the ratification of the Anti-Counterfeiting Trade Agreement
And then something unexpected happens: on 26 January 2012, while casting their votes in parliament, some members of the Polish government conceal their faces with paper Guy Fawkes masks. The mask, by now the signature icon for Anonymous, has become common protest regalia among rabble-rousers across the globe, from Egypt’s Tahrir Square to London’s Occupy protests. But this is the first case of public servants adopting the symbol. The image is circulated far and wide on social media platforms. Although Polish politicians used it to launch a specific protest against ACTA, the gesture and its photographic memorialisation worked in a much broader capacity to legitimate Anonymous. ‘These parliamentarians were wearing Anonymous Guy Fawkes masks,’ one Anonymous activist blogged, ‘while the parliament’s website was down due to DDoS by Anonymous. We can’t emphasise that point enough – this is a game-changer.’
Less than a month later a very different image of Anonymous was circulated. On 21 February 2012, the Wall Street Journal reported that General Keith Alexander, the director of the United States National Security Agency (NSA), had briefed officials at the White House in secret meetings, claiming Anonymous ‘could have the ability within the next year or two to bring about a limited power outage through a cyberattack’. So only weeks after the ‘game changer’, the group was described as an imminent and credible threat.
The ‘ability’ to bring about a power outage was undefined. Could it mean that hackers had already acquired passwords that would give them access to power facilities? Or was the warning based on information supplied by an informant who had been working with Anonymous? Either way, General Alexander’s claims were frightening and bold, as well as vague. An attack on the power grid systems would cause havoc and potentially even threaten lives.
It is unlikely that we will ever find out whether the NSA assessment was based on credible intelligence or whether it was simply meant to smear and discredit Anonymous. Further news reports quoted activists and security experts and dismissed NSA claims as ‘fear-mongering’. The group, for all its varied tactics, both legal and illegal, has to date never been known to publicly call for such an attack – and there is no evidence to suggest that it would so much as consider it. A tactic like this would be very out of character for the collective, which, though often subversive, generally conforms to ethical norms and defends civil liberties.
While Anonymous has never occupied a controversy-free place on the world stage, by February 2012 it began to be portrayed as an open source brand of radical protest politics and not necessarily as hooligans hell-bent on unleashing extremist, chaotic acts like taking down power grids. More significantly, while the name has been used to pull together a range of unrelated causes, from environmental rights to snuffing out paedophilia rings, Anonymous activists are most effective and forceful when fighting censorship.
With campaigns like Operation Payback, which targeted corporations like MasterCard when it stopped providing services to WikiLeaks, OpTunisia, which responded to Tunisian government tactics against protesters and journalists, and OpJapan and OpMegaupload, launched in response to proposed copyright legislation, it is when Anonymous activists defend the internet’s core freedoms and expose the shadowy workings of state and corporate surveillance that it has the most impact. The NSA news story about the exigent threat from Anonymous failed to gain traction in the public consciousness. Perhaps it would have if it had come earlier, for instance between May and July 2011, at the height of attacks led by Lulzsec.
Anonymous launched Operation Megaupload
In contrast to most Anonymous actions, Lulzsec, a break-away hacker group, acted whimsically, its hacks not always tethered to a political issue. Lulzsec sometimes hacked to make a political statement and, in other instances, for lulz, internet slang for laughs. During this period, media attention, which was colossal, was most heavily focused on Anonymous as hackers rather than as a general protest group. Activities under the Anonymous banner, such as those of Lulzsec, show that even though Anonymous has gained a measure of respect because it champions free speech and privacy causes, it is also notorious for its irreverent and controversial approach to dissent.
To be sure, most of its activities are legal, but a small subset of tactics – such as DDoS attacks and hacking – are illegal, a criminal offence under all circumstances. These tactics also score the most headlines. Some, like ‘doxing’ (the leaking of personal, sensitive information, such as social security numbers and home addresses), reside in a legal grey zone because mined information is found on publicly accessible websites. During the course of a single operation different participants might deploy all three modes – legal, illegal and legally grey tactics.
Take Operation Bart, in August 2011. Anonymous focused on getting the word out when San Francisco Bay Area Rapid Transit (BART) officials disabled mobile phone reception on station platforms to thwart planned anti-police brutality protests. Soon after, Anonymous helped organise street demonstrations. But a couple of individuals also hacked into BART’s computers and released customer data in order to garner media attention – at least that’s how one participant explained the incident to Amy Goodman on television and radio programme Democracy Now. Someone also found a racy, semi-nude photo of BART’s official spokesperson Linton Johnson on his personal website, which was then republished on the ‘bartlulz’ website with considerable fanfare, along with the brazen rationalisation: ‘if you are going to be a dick to the public, then I’m sure you don’t mind showing your dick to the public.’
During the course of an operation, vulnerability and weakness is often identified and exploited. These sorts of actions provoke controversy (even within Anonymous) and also find their way into headlines, boosting the group’s public profile. At times, members of the loose collective are purposely deceitful and propagate false information about their activities. This can be a tactic for self-protection in some cases, and in other cases an antic to coax headlines out of the media, which can be somewhat enamoured with hacking.
Antisec, one of the more well-known hacker groups affiliated with Anonymous, might claim an exploit without having actually been involved in the activity. Hackers will often rely on botnets – networks of compromised computers – to momentarily knock a website offline, but won’t advertise this fact in press releases. Between 10 and 11 September 2012, for instance, Antisec claimed to have procured 12 million unique device identification numbers from Apple iOS devices by hacking into an FBI agent’s laptop computer. As it turns out, while the identification numbers were verified, the source turned out to be an iPhone and iPad app developer, Blue Toad. Because tactics range from the frivolous to the controversial to the illegal and because it has been known to generate hype around its own activities, it can be easily targeted itself. Obfuscation and deceit contributes to Anonymous’s mystique and its power, but also makes it vulnerable to misinformation campaigns spread by others.
Antisec – One of the more well-known hacker groups affiliated with Anonymous
The biggest lesson that can be learned from Anonymous is that the internet will judge – often quite swiftly – the actions of individuals, corporations and governments. And by the internet I mean the countless hackers and geeks from São Paulo to Sydney who understand how the web works, a smaller class who know how to subvert routers and protocols, and a larger number who will rally when the internet and values associated with it are in danger.
This is not to say that every geek and hacker supports Anonymous. In fact, many rather dislike it or its controversial tactics, such as DDoS; some hackers are resolute and unyielding in their view that DDoS is a species of censorship in itself. There are also many different ways to defend the internet, such as writing open source software or joining the Pirate Party. Anonymous is a distinct, emerging part of this diverse and burgeoning political landscape. Its real threat may lie not so much in its ability to organise cyberattacks but in the way it has become a beacon, a unified front against censorship and surveillance.
It might be best thought of as the irascible and provocative protest wing of the internet’s nascent free speech and privacy movement. Though it works to publicise specific issues at the most inconvenient time for the individual, group or company being exposed, it also brings into sharp focus an important trend, dramatising the value of privacy and anonymity in an era where both are rapidly eroding.
Anonymous, of course, champions anonymity, and this is echoed in both the iconography associated with it and its ethical codes. Seeking individual recognition and especially fame is taboo, for example; you are expected to do work for the team, not for one’s own personal benefit or status. The movement, therefore, provides a rare countermeasure in deeds, words and symbols against a world that encourages people to reveal their lives, where the internet remembers everything about us, where our histories are permanently stored in search indexes and government databases – and at a time when governments’ ability to surveil its citizens has grown exponentially thanks to low-cost, ubiquitous digital technologies and new public-private partnerships.
However explosive Anonymous is today, its continued presence on the world stage is certainly not guaranteed to last. It is plagued by infighting, fragmentation, as well as brand fatigue. Paranoia exploded in spring 2012 after the news broke that Hector Xavier Monsegur, known more commonly by his hacker handle ‘Sabu’, had been exposed as an FBI informant. Most troubling for its long-term survival is government crackdown: since summer 2011, over 100 alleged participants have been arrested around the globe, from Romania, Turkey, Italy, the UK, the US, Chile and Germany. But even if the loose-knit collective fades away, irreverent political protest on the internet is unlikely to end.
Since 2008, when individuals started to organise diverse collective actions under the banner of Anonymous, a living model was created, demonstrating to the world what a radical politics of dissent on the internet looks like. Even if Anonymous was to vanish, its history, exploits and propaganda material are here to stay; there will likely be others — in different forms and with distinct twists — who will take its place.
What is a little less clear is what will eventually become of freedom of expression online, given the increasing capabilities for surveillance, censorship and control all over the world. Is Anonymous merely the party at the funeral of online freedom? Or does it represent the irreverent clowns, rabble rousers, and tricksters who are keeping the reaper at bay and enabling others, from protesters on the street to elected representatives in parliament, to join the raucous political carnival and challenge threats to personal privacy and freedom?
Gabriella Coleman is Wolfe Chair in Scientific and Technological Literacy at the Department of Art History and Communication Studies at McGill University. She tweets from @BiellaColeman
