03 Dec 12 | Digital Freedom, News and features, Volume 41.04 Winter 2012
It’s late January 2012. Governments all over the world are considering signing up to a new US-led trade proposal intended to curtail copyright violation, the Anti-Copyright Trade Agreement (ACTA). There have been widespread protests, on and offline: the loose-knit collective of activists, hackers and internet denizens of all stripes known as ‘Anonymous’ believe ACTA represents an attempt by governments to limit and control the core freedoms of the internet, in particular the massive cultural exchange of ideas and information made possible by file-sharing online.
In Poland, the agreement has already been signed off; all that is needed for it to be adopted into law is a majority vote in parliament. The government website is offline, taken down by a distributed denial of service (DDoS) attack launched by Anonymous, which sends a message to politicians who are considering voting in favour. By the final week of January, over 10,000 people gather in Krakow in a last-ditch protest to influence the vote.
Members of the Palikot Movement Party protest against the ratification of the Anti-Counterfeiting Trade Agreement
And then something unexpected happens: on 26 January 2012, while casting their votes in parliament, some members of the Polish government conceal their faces with paper Guy Fawkes masks. The mask, by now the signature icon for Anonymous, has become common protest regalia among rabble-rousers across the globe, from Egypt’s Tahrir Square to London’s Occupy protests. But this is the first case of public servants adopting the symbol. The image is circulated far and wide on social media platforms. Although Polish politicians used it to launch a specific protest against ACTA, the gesture and its photographic memorialisation worked in a much broader capacity to legitimate Anonymous. ‘These parliamentarians were wearing Anonymous Guy Fawkes masks,’ one Anonymous activist blogged, ‘while the parliament’s website was down due to DDoS by Anonymous. We can’t emphasise that point enough – this is a game-changer.’
Less than a month later a very different image of Anonymous was circulated. On 21 February 2012, the Wall Street Journal reported that General Keith Alexander, the director of the United States National Security Agency (NSA), had briefed officials at the White House in secret meetings, claiming Anonymous ‘could have the ability within the next year or two to bring about a limited power outage through a cyberattack’. So only weeks after the ‘game changer’, the group was described as an imminent and credible threat.
The ‘ability’ to bring about a power outage was undefined. Could it mean that hackers had already acquired passwords that would give them access to power facilities? Or was the warning based on information supplied by an informant who had been working with Anonymous? Either way, General Alexander’s claims were frightening and bold, as well as vague. An attack on the power grid systems would cause havoc and potentially even threaten lives.
It is unlikely that we will ever find out whether the NSA assessment was based on credible intelligence or whether it was simply meant to smear and discredit Anonymous. Further news reports quoted activists and security experts and dismissed NSA claims as ‘fear-mongering’. The group, for all its varied tactics, both legal and illegal, has to date never been known to publicly call for such an attack – and there is no evidence to suggest that it would so much as consider it. A tactic like this would be very out of character for the collective, which, though often subversive, generally conforms to ethical norms and defends civil liberties.
While Anonymous has never occupied a controversy-free place on the world stage, by February 2012 it began to be portrayed as an open source brand of radical protest politics and not necessarily as hooligans hell-bent on unleashing extremist, chaotic acts like taking down power grids. More significantly, while the name has been used to pull together a range of unrelated causes, from environmental rights to snuffing out paedophilia rings, Anonymous activists are most effective and forceful when fighting censorship.
With campaigns like Operation Payback, which targeted corporations like MasterCard when it stopped providing services to WikiLeaks, OpTunisia, which responded to Tunisian government tactics against protesters and journalists, and OpJapan and OpMegaupload, launched in response to proposed copyright legislation, it is when Anonymous activists defend the internet’s core freedoms and expose the shadowy workings of state and corporate surveillance that it has the most impact. The NSA news story about the exigent threat from Anonymous failed to gain traction in the public consciousness. Perhaps it would have if it had come earlier, for instance between May and July 2011, at the height of attacks led by Lulzsec.
Anonymous launched Operation Megaupload
In contrast to most Anonymous actions, Lulzsec, a break-away hacker group, acted whimsically, its hacks not always tethered to a political issue. Lulzsec sometimes hacked to make a political statement and, in other instances, for lulz, internet slang for laughs. During this period, media attention, which was colossal, was most heavily focused on Anonymous as hackers rather than as a general protest group. Activities under the Anonymous banner, such as those of Lulzsec, show that even though Anonymous has gained a measure of respect because it champions free speech and privacy causes, it is also notorious for its irreverent and controversial approach to dissent.
To be sure, most of its activities are legal, but a small subset of tactics – such as DDoS attacks and hacking – are illegal, a criminal offence under all circumstances. These tactics also score the most headlines. Some, like ‘doxing’ (the leaking of personal, sensitive information, such as social security numbers and home addresses), reside in a legal grey zone because mined information is found on publicly accessible websites. During the course of a single operation different participants might deploy all three modes – legal, illegal and legally grey tactics.
Take Operation Bart, in August 2011. Anonymous focused on getting the word out when San Francisco Bay Area Rapid Transit (BART) officials disabled mobile phone reception on station platforms to thwart planned anti-police brutality protests. Soon after, Anonymous helped organise street demonstrations. But a couple of individuals also hacked into BART’s computers and released customer data in order to garner media attention – at least that’s how one participant explained the incident to Amy Goodman on television and radio programme Democracy Now. Someone also found a racy, semi-nude photo of BART’s official spokesperson Linton Johnson on his personal website, which was then republished on the ‘bartlulz’ website with considerable fanfare, along with the brazen rationalisation: ‘if you are going to be a dick to the public, then I’m sure you don’t mind showing your dick to the public.’
During the course of an operation, vulnerability and weakness is often identified and exploited. These sorts of actions provoke controversy (even within Anonymous) and also find their way into headlines, boosting the group’s public profile. At times, members of the loose collective are purposely deceitful and propagate false information about their activities. This can be a tactic for self-protection in some cases, and in other cases an antic to coax headlines out of the media, which can be somewhat enamoured with hacking.
Antisec, one of the more well-known hacker groups affiliated with Anonymous, might claim an exploit without having actually been involved in the activity. Hackers will often rely on botnets – networks of compromised computers – to momentarily knock a website offline, but won’t advertise this fact in press releases. Between 10 and 11 September 2012, for instance, Antisec claimed to have procured 12 million unique device identification numbers from Apple iOS devices by hacking into an FBI agent’s laptop computer. As it turns out, while the identification numbers were verified, the source turned out to be an iPhone and iPad app developer, Blue Toad. Because tactics range from the frivolous to the controversial to the illegal and because it has been known to generate hype around its own activities, it can be easily targeted itself. Obfuscation and deceit contributes to Anonymous’s mystique and its power, but also makes it vulnerable to misinformation campaigns spread by others.
Antisec – One of the more well-known hacker groups affiliated with Anonymous
The biggest lesson that can be learned from Anonymous is that the internet will judge – often quite swiftly – the actions of individuals, corporations and governments. And by the internet I mean the countless hackers and geeks from São Paulo to Sydney who understand how the web works, a smaller class who know how to subvert routers and protocols, and a larger number who will rally when the internet and values associated with it are in danger.
This is not to say that every geek and hacker supports Anonymous. In fact, many rather dislike it or its controversial tactics, such as DDoS; some hackers are resolute and unyielding in their view that DDoS is a species of censorship in itself. There are also many different ways to defend the internet, such as writing open source software or joining the Pirate Party. Anonymous is a distinct, emerging part of this diverse and burgeoning political landscape. Its real threat may lie not so much in its ability to organise cyberattacks but in the way it has become a beacon, a unified front against censorship and surveillance.
It might be best thought of as the irascible and provocative protest wing of the internet’s nascent free speech and privacy movement. Though it works to publicise specific issues at the most inconvenient time for the individual, group or company being exposed, it also brings into sharp focus an important trend, dramatising the value of privacy and anonymity in an era where both are rapidly eroding.
Anonymous, of course, champions anonymity, and this is echoed in both the iconography associated with it and its ethical codes. Seeking individual recognition and especially fame is taboo, for example; you are expected to do work for the team, not for one’s own personal benefit or status. The movement, therefore, provides a rare countermeasure in deeds, words and symbols against a world that encourages people to reveal their lives, where the internet remembers everything about us, where our histories are permanently stored in search indexes and government databases – and at a time when governments’ ability to surveil its citizens has grown exponentially thanks to low-cost, ubiquitous digital technologies and new public-private partnerships.
However explosive Anonymous is today, its continued presence on the world stage is certainly not guaranteed to last. It is plagued by infighting, fragmentation, as well as brand fatigue. Paranoia exploded in spring 2012 after the news broke that Hector Xavier Monsegur, known more commonly by his hacker handle ‘Sabu’, had been exposed as an FBI informant. Most troubling for its long-term survival is government crackdown: since summer 2011, over 100 alleged participants have been arrested around the globe, from Romania, Turkey, Italy, the UK, the US, Chile and Germany. But even if the loose-knit collective fades away, irreverent political protest on the internet is unlikely to end.
Since 2008, when individuals started to organise diverse collective actions under the banner of Anonymous, a living model was created, demonstrating to the world what a radical politics of dissent on the internet looks like. Even if Anonymous was to vanish, its history, exploits and propaganda material are here to stay; there will likely be others — in different forms and with distinct twists — who will take its place.
What is a little less clear is what will eventually become of freedom of expression online, given the increasing capabilities for surveillance, censorship and control all over the world. Is Anonymous merely the party at the funeral of online freedom? Or does it represent the irreverent clowns, rabble rousers, and tricksters who are keeping the reaper at bay and enabling others, from protesters on the street to elected representatives in parliament, to join the raucous political carnival and challenge threats to personal privacy and freedom?
Gabriella Coleman is Wolfe Chair in Scientific and Technological Literacy at the Department of Art History and Communication Studies at McGill University. She tweets from @BiellaColeman
03 Dec 12 | Digital Freedom, News and features, Volume 41.04 Winter 2012
WCIT 12: Milton Mueller asks if governments are turning their backs on the global internet? A push to change the business model that delivers online content could stifle innovation and make the net an instrument of sovereignty, stuck behind national walled gardens
At the end of the 20th century, an incredible revolution took place. Barriers to the free flow of information were knocked down and a powerful cycle of technological innovation was set in motion, transforming the economy, first in the United States and then around the world.
No, I am not talking about the internet.
I am referring to the liberalisation of the telecommunications industry, which led to a huge economic revolution in the 1980s and 1990s. It started with a big bang: the breakup of the AT&T monopoly. As early as the mid- 1960s, policy-makers knew they didn’t want the emerging information services industry to be dominated and stifled by an enormous monopoly. The US Federal Communications Commission created a regulatory distinction between ‘basic’ and ‘enhanced’ services, ‘enhanced’ being defined as any transmission that included ‘information processing’. Information services would be unregulated and the market left wide open. This process began in the US and was followed by the largest economies in Europe and Asia. Technical standards escaped from the control of national governments and a huge number of new competitors entered the market. With global free trade agreements in place for IT equipment and telecommunication services, in 1995 and 1997 respectively, economic liberalisation of the industry was complete.
Deregulation had profound consequences. The same infrastructure was used for both the transmission of information services (such as early emails, and data-sharing) and telephone calls, but businesses delivering information services were exempt from the entry restrictions and gatekeeping regulations levied on telephone companies. In the late 1980s, the US pried open space for what was then a largely experimental market, pushing for trade rules to internationalise these reforms. In that pre-internet period, countries such as Japan, the UK and Hong Kong saw no harm in opening up what was a tiny market. Little did those early negotiators know that they were clearing a path for the spread of the internet. Considered an ‘information service’ because it was essentially software run by computers, the internet spread over global telecommunications networks like wildfire. After 20 years, it would swallow up the massive telephone market and transform newspapers, television, radio, publishing and practically every other mode of communication.
The economic roots of internet freedom
Much of the freedom and openness we associate with the internet is not a product of its technology. Many respected scholars have promoted the notion that there is something about the internet’s ‘architecture’ or ‘design’ that magically makes information free. True, the internet’s design made it cheaper and easier to interconnect thousands of different networks and devices. But its technical potential could never have been realised without an open, liberal industry. Without the deregulation of information services, without the market economy in telecommunications, without diversity and competition among providers and free trade agreements that enable content and investment from anywhere in the world, there would be no internet freedom. Internet technology – TCP/IP protocols – can be installed in computers in North Korea, but it won’t make communications in that country free. If a repressive government owns and operates the telecommunications infrastructure, blocks trade in computer and telecom equipment, does not allow a free market for access, devices or services to develop, censors or jails dissident publishers and forces new online businesses to obtain permission to trade online, it’s easy to contain and control the internet.
A counter-revolution in the making?
The internet now dominates our communications environment. But older communication laws, regulations and policies have begun to haunt it. There is a tendency to try to make the internet like the old media, so that governments and interest groups can recreate the kinds of controls they once had. In particular, there are widespread attempts to reassert nation-state authority. In December 2012, the World Conference on International Telecommunications (WCIT) will take place in Dubai. The UN meeting will revise the International Telecommunication Union’s International Telecommunication Regulations (ITRs), a binding treaty intended to ‘facilitat[e] global interconnection and interoperability of telecommunications facilities’. The ITRs were established in 1988 – years before the internet had become a mainstream medium and just as telecommunications liberalisation was in full swing.
The world has changed dramatically in the 25 years since the current ITRs were drafted. Since 1988, the internet’s technical standards community has used open working groups to develop or revise hundreds of new standards and make them available online for free. The ITU’s telecommunication standards development activities, in contrast, have shrunk and its revenue model, based on high membership fees granting exclusive access to official standards documents, has become unpopular. New private sector institutions, such as the Internet Corporation for Assigned Names and Numbers (ICANN) and regional internet registries, allow open public participation and set policy for infrastructure. In the ITU, in contrast, decisions are based on a one-country, one-vote calculus and ordinary internet users, digital rights advocates and civil society are not well represented. The
Dubai conference represents a crossroads for the future of telecommunications: the ITU must update its treaty to take account of the internet or risk slipping into historical irrelevance. It’s as if the internet is now being visited by the ghosts of telecommunications past.
Some alarmists have claimed that proposed revisions to the treaty threaten internet freedom, presenting it as a ‘takeover’ plot by authoritarian governments in the ITU, a premeditated attempt to subjugate the internet to states once and for all. Although these fears have gained an enormous amount of publicity, they are largely unfounded. Aside from polarising the dialogue, they tend to divert attention from the real issues.
The ITU is in no position to assert control over the internet’s domain name or addressing systems or its open standard-setting processes. The ITRs cannot really impose global content regulation. The ITU has no enforcement or policing capabilities; it relies entirely on member states to apply and enforce its rules. No democratic governments will agree to impose Chinese-style censorship on their local internet users simply because of an ITU regulation or guideline. Besides, as the case of China makes clear, national governments already have the authority to censor and regulate internet users if they want to.
The potential dangers emerging from WCIT negotiations are more subtle. Decisions taken during the conference could undermine the economic liberalism of the communications sector. One of the most progressive and important parts of the 1988 regulations was Article 9, a short annex entitled ‘Special Arrangements’. It allowed companies to privately negotiate how ‘special telecommunication networks, systems, and services’ operate. Most agreements concerning internet connections are made possible under this provision. Revised regulations could pull web interconnections into a more burdensome regulatory regime. Some governments and telecom companies (many of which are still monopolies and/or state-owned) want to turn national telecom operators into gatekeepers of internet services, applications and content, which could lead to fragmentation of the internet. Some telephone companies are trying to apply old charging models to internet traffic, as if requesting a web page or video was like making an international telephone call. This could make the internet more expensive for users or stifle business models based on different charging models. It could open the door to charging schemes designed to subsidise national operators at the expense of service providers that rely on the telecommunications infrastructure but do not own it, such as YouTube or Skype.
A more progressive approach would emphasise the gains of liberalisation. Countries should be encouraged to permit multiple, competing service providers and allow them to freely negotiate traffic exchange and content distribution deals. New regulations should affirm the basic principles underlying the World Trade Organisation’s free trade agreements and eliminate all forms of protectionism and national filtering of legitimate information services.
Cyberspace and national security
The Dubai conference will also consider proposals to include cybersecurity in the ITRs. Of course, security problems online are real and do need to be addressed. But it’s questionable whether effective solutions can be included in the new regulations and whether the ITU is the best authority to come up with them.
At best, proposals to address security concerns are unfocused and a bit naïve. Member states are asked to ‘stop spam’, ‘protect data and network integrity’, ‘ensure internet security and stability’ or ‘supervise enterprises operating in their territory’. These proposals reveal the basic disconnect between the security problems of the internet and the ITRs. Cybercrime, spam, and cybersecurity issues involve not just network operations and standards but a complex interaction of hardware standards, software engineering, content and human behaviour. Cybersecurity also relates, of course, to the military, so problems relating to it go far beyond the ITU’s remit and capabilities. Attempts to regulate cybersecurity would vastly expand the scope of the ITU and erase the boundary between information services and telecommunications – with very little likelihood of being effective.
At worst, proposals to deal with cybersecurity reveal nostalgia for the nationally-controlled telecommunications of the pre-internet era. Some proposals would try to prevent international communications that ‘interfere in [states’] internal affairs’ or that undermine ‘sovereignty, national security or territorial integrity’. These proposals have little support, and even if passed could not really shield states from ‘subversive content’ as long as the current liberal information services regime holds in most of the world. But underlying these proposals is an apparent belief that the borderless information flow of the internet is inconsistent with traditional approaches to national sovereignty and security. Even in the US, where the WCIT delegation defends the internet model, the increasingly popular notions of ‘critical infrastructure protection’ and the pursuit of superior cyber warfare capabilities threaten to militarise the internet and push communications back into national walled gardens.
The internet flourished precisely because it was allowed to develop outside a state-dominated political environment where information and communications were seen as instruments of sovereignty, surveillance and power. The new communications and information sector was an instrument of global commerce, free trade, innovation and open culture. Internet freedom advocates must understand and support the economic institutions that made the internet revolution possible. The most important negotiations at WCIT will not be about censoring content or taking over domain registration. They will be about whether the telecommunications revolution will be allowed to continue, or whether it will be pushed in the opposite direction.
©Milton Mueller
Milton Mueller is professor at Syracuse University School of Information Studies and the author of Networks and States: The Global Politics of Internet Governance (MIT Press) revolution in crisis
What can you do?
Index and many other civil society organisations that fight for free speech and internet freedom oppose moves to give the ITU authority over the internet. Join more than 33,000 other citizens from 166 nations and sign here to ask your nation’s leaders to protect global internet freedom
If you are an academic or work for a civil society organisation — join us by signing on here and send the letter to government officials who are participating in the ITU process
30 Nov 12 | India
Last week, in the small town of Palghar, Maharastra, a 21-year-old was arrested for a Facebook post questioning a citywide shutdown to mark the death of a regional leader. Her friend was arrested for ‘liking’ her status. The two women, Shaheen Dhada and Renu Srinivasan, faced charges under the controversial Section 66A of the Information Technology (Amendment) Act 2008.
The case has triggered a massive public outcry here in India over the last ten days, leading to the charges being dropped. Section 66A, now instantly quotable by India’s Twitter generation, allows for “punishment for sending offensive messages through communication service”, which include messages that cause annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred and even ill will. This very loosely defined law has led to a series of arrests around the country in the past year, some of which have only just come to light. Arrests included a professor from Kolkatta forwarding jokes about the West Bengal chief minister via email, an ordinary citizen from Pondicherry for tweeting that he believed the son of a senior cabinet minister is corrupt, a cartoonist in Lucknow whose sketches alleged that corrupt politicians have led to the debasement of democracy in India and two Air India employees in Mumbai who were arrested and held in custody for 12 days after they apparently insulted the prime minister and the national flag in their Facebook posts.
Shaheen Dhadha and Renu Srinivasan appeared on Indian television station NDTV following the arrest and apologised for their online comments
Bowing to public pressure, the Minister for Information and Communication Technology, Kapil Sibal, has spearheaded moves to quickly add guidelines to the section. These new guidelines require an inspector general or district commissioner of police (DCP) to process every complaint under 66A. Twenty-eight states and seven union territories have an inspector general, and each of the countries 657 districts has a DCP.
However, experts have warned this step is not enough to prevent unwarranted arrests and say the section itself needs further revision. In a further development, the Supreme Court of India has just accepted a public interest litigation case calling for the section to be scrapped on the grounds that it violates the right to free speech guaranteed by the Indian Constitution.
These arrests have shown how easy it is for powerful politicians to silence and intimidate their critics using the law as a crutch. Shaheen Dhada and Renu Srinivasan were arrested after a local political leader complained to the police. Even though the case has now been dropped, frightened by the mobs and media spotlight, Shaheen has left her hometown for some “peace”. Soon after, another boy, Sunil Vishwakarma, was questioned by the police for apparently making “vulgar” comments against Raj Thackeray, the nephew of the deceased leader. The police have since released him, as he maintains his Facebook was hacked by someone else to stir up trouble.
The misuse of Section 66A has revealed serious gaps in the legislative process and shown that junior police ranks lack the understanding and training to correctly implement this order. The IT Act was amended in haste in 2008 and passed in parliament without a debate. Under the Indian Penal Code (IPC), the charge of defamation carries a maximum jail sentence of two years, in contrast to the three years Section 66A carries for the same offence. But the IPC requires a warrant for an arrest for the offence, while arrests ordered under the IT Act do not. Further, Section 66A had no explanations or guidelines attached to it, which is why the government’s first step in response to the public outcry over these arrests has been to “modify” the section and provide guidelines.
These arrests — assaults on free speech — have revealed the nature of politics in the world’s largest democracy. These high-profile cases all involve the average citizen critiquing powerful politicians. The freedoms at risk – the right to tweet, update a status, forward a cartoon without the fear of becoming a political pawn, have galvanised and angered the netizens of India. There is a serious backlash against those political parties who seek to use the tools of social networking to control them.
India has a legal convention that allows a member of the public to act as a judicial activist and the the public interest litigation currently before the Supreme Court says:
unless there is judicial sanction as a prerequisite to the setting into motion the criminal law with respect to freedom of speech and expression, the law as it stands is highly susceptible to abuse and for muzzling free speech in the country.
This is a welcome step. The people are of India are gaining the confidence to use constitutional tools to fight back the top-down status quo of the country.
To read more about how Indian authorities try to stifle criticism and debate, read Pranesh Prakash’s article in ‘Digital Frontiers’, the new issue of Index on Censorship magazine
