Monday, December 13, 2010

Denial-Of-Service Attacks As Civil Disobedience, Part II

Prokofy, in a comment on my previous post, takes exception to my characterization of Denial-Of-Service (DoS) attacks as civil disobedience, saying:

DdOS attacks are a form of coercion and a crime.

They aren't civil disobedience, and to claim they are is a whitewash.

At first blush I think that's a reasonable position to take, though one with which I obviously disagree, so I wanted to examine eir (and my) reasoning on the subject in more detail.

Prokofy seems to be making several related assertions regarding DoS attacks:

  1. They are a crime.
  2. They are coercive.
  3. They are not, by virtue of 1 and 2, civil disobedience.
So let's just start at the top of the list and work our way down, shall we?

DoS attacks have been successfully prosecuted in the US, though I wasn't able to find direct citations of the associated statutes. Prokofy is correct that, at least in some circumstances, DoS attacks are a crime.

How about eir assertion that they're "coercive"? That question is a little more interesting, since DoS attacks do seem to meet the dictionary definition of "coerce":

  1. to compel by force, intimidation, or authority, esp. without regard for individual desire or volition: They coerced him into signing the document.
  2. to bring about through the use of force or other forms of compulsion; exact: to coerce obedience.
  3. to dominate or control, esp. by exploiting fear, anxiety, etc.: The state is based on successfully coercing the individual.

However, coercion is a fairly complicated concept, the nuances of which aren't easily contained in a dictionary definition. A coercive act typically requires an explicit, conditional threat; telling someone you'll DoS them is coercive, but actually carrying through with the threat may fail to meet this condition1. More generally, DoS attacks lack certain hallmarks that have typically defined coercive activity. Coercion has historically required an imbalance wherein the actor has more power than the target, but DoS attacks are often performed by (relatively) powerless individuals against institutions backed by significant economic/legal/political resources. The nature of the threat itself is also different. Classically, coercion has involved private violence, expropriation of property, blackmail, etc., acts which the general public agrees are morally odious. It is questionable whether DoS attacks, which can cause indirect economic and/or reputational damages, are subject to the same opprobrium. Given all of that I'm comfortable categorizing DoS attacks as "mildly coercive" on the grounds that they do involve threats of force to change the target's behavior but don't rise to the same level of damage that we typically associate with the word.

Now on to Prokofy's final point, that acts which are criminal and coercive in nature cannot rightly be classified as "civil disobedience". Civil disobedience is criminal by definition:

Civil disobedience is the active, professed refusal to obey certain laws, demands, and commands of a government, or of an occupying international power.

It's not "disobedience" unless you're breaking a law. Far from being a disqualifier, an action cannot be classified as civil disobedience unless it is criminal to some degree.

Can civil disobedience be coercive? Again, that's a really interesting, and somewhat slippery, question. In Defining Civil Disobedience, from Civil Disobedience in Focus, Brian Smart sketches out the following taxonomy of the types of civil disobedience:

  • Threatening by
    • Coercion of Force of Violence
    • Coercion of Force of Nonviolence
    • Coercion of Persuasion (with or without violence)
  • Non-Threatening with
    • Violence
    • Nonviolent Force
    • Persuasion

Note that Smart makes a distinction between threats and action, which goes back to the question of whether a DoS is even coercive. He also makes a distinction between violence and non-violence, suggesting that the former is a less valid as a form of civil disobedience than the latter. I believe that it's fair to say, given the taxonomy above, that a DoS is both non-violent and non-threatening for purposes of this discussion.

What is not yet clear to me, however, is whether a DoS constitutes nonviolent force or persuasion. Smart says the following in that regard:

Coercion of force is illustrated by my giving up my wallet at the point of a gun: while the threat poses two theoretical alternatives only one action is humanly possible: 'I am not left room for effectual reflection and judgment about what I do.' I illustrate the coercion of persuasion by a director threatening to resign if his board votes against a takeover, and where the director is regarded as valuable but not indispensable. The threat presents the board with two practicable alternatives, leaving it room for effectual reflection and judgment: it may incline but it does not necessitate.

If the distinction between force and persuasion revolves around the scope of action given to the target then a DoS attack strikes me as more persuasive than forceful, since the target generally remains at liberty to reflect on their future course of actions. However, in the preceding paragraph he writes:

For Morreall civil disobedience can include violence since violence is a form of force and force can certainly be used in civil disobedience as in the case of sit-ins, lying down in the road, and mass tax refusals.

In my previous post I argued that DoS attacks are closely analogous to sit-ins, which suggests that they include an element of force in their execution as determined by Smart's criteria. Per Smart, non-threatening, non-violent force is accepted as a valid form of civil disobedience by a couple of major names in the field including Rawls and Honderich.

So it would seem that there's a pretty solid argument to be made that DoS attacks are a legitimate form of civil disobedience. Against this view Prokofy offers the following:

5. "What they do isn't a crime, it's just a misdemeanor, or it's just a prank or it's just noble civil disobedience." Geeks tend to downplay what they do, so that their entire tribe doesn't become suspect (which it should become, in my view, when they refuse to ever condemn these miscreants). The Guardian and the Wire State's Secretary of State Evgeny Morozov -- who is actively cheering the coordination of the attacks on sites by retweeting and commenting on the Anon ops accounts and giving them PR advice -- are now claiming that their takedown of the Amazon and other payment sites are just a form of "civil disobedience". Geek techno-determinist Doug "Program or Be Programmed" Rushkoff calls it a "glitch". Anything to diminish and dumb down what in fact is a crime and is disabling and destruction of property.

Which doesn't add much in the way of substantive rebuttal. I should note that ey's writing about the actions of Anonymous2 as a whole and not just the DDoS conducted via the Low Orbit Ion Cannon. The defense above is limited strictly to DoS attacks3; I make no claims about the moral standing of Anonymous' behavior as a whole.


1 Though, I suppose, there's always an implicit threat that it could get worse if the target doesn't change their behavior.
2 Which ey appears to be incorrectly conflating w/ the entire 4chan user base.
3 Specifically SYN-floods and other methods which overwhelm through sheer volume. My analysis probably doesn't hold for DoS attacks which exploit bugs to disable or modify the behavior of services.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Blog Information Profile for gg00