There has recently been an excellent debate going on over whether distributed denial of service (DDoS) attacks are a legitimate form of civil disobedience, as the anonymous members of Operation Payback claim it is. Here are a few key quotes:
Deanna Zandt, author of Share This!, looks at it as a form of nonviolent action:
Many, myself included, consider DDoS in this context to be much like a sit-in in the offline world…. No permanent damage is done in a DDoS attack…. It’s the difference between participating in a die-in at an embassy, for example, and smashing the windows of an embassy.
Nathan Freitas, a mobile phone activist, looks at it through the same lens, but finds it wanting:
I also believe there are better ways to make use of distributed human and computing resources…. I am not condemning DDoS as not being CD, I think I am just saying “is that it? is that the best you can do?”.
In a response to Zeanna’s post, Ethan Zuckerman changes the context:
In the next couple of weeks, colleagues at the Berkman Center and I are releasing a report on DDoS attacks on independent media and human rights sites…. My fear is that legitimating DDoS as a form of protest doesn’t just enable those who would protest large corporations – it enables the sorts of people who target dissident voices.
Evgeny Morozov of Stanford and the New America Foundation, argues that context is king:
My own guess [is] these arguments would never work in the abstract and would still need to be evaluated on a case-by-case basis in the particular contexts they are set in. Which, to return to my original post, was my whole point: we shouldn’t prejudge DDoS to be “good” or “bad” simply because it’s illegal or because it is “DDoS.”
I would say that I agree with Evgeny here, which also allows me to agree with everyone else – it all depends on context. I don’t think DDoS is always awesome, but the populist in me thinks it is kind of neat that a group of geeks in their bedrooms can bring down an institution of wealth and power with the digital equivalent of a sucker punch. Like Ethan, I also oppose DDoS as it is used to silence human rights activists and the opponents of power.
The real problem with DDoS is that it is so damned effective, regardless of who the sucker is on the receiving end. Other than buying more bandwidth or creating a mirror site, there is not much one can do. And these are the military equivalents of sending in more troops when the first brigade has been slaughtered and building a new fort when the first is overrun.
However, I don’t think this state of affairs will last long. Like any case of tactical innovation, once the tactic proves itself to be extremely effective against the powers that be, the powers that be put their resources into creating an effective antidote. In a way, attacks on resource-rich targets like American corporations have sped the demise of the DDoS attack. When DDoS attacks were just used to shake down gambling websites and silence human rights activists, there just weren’t the resources to pay a bunch of smart programmers to find a way to close the protocol loophole that allows DDoS to work. Now there will be. That’s the problem with a sucker punch: it requires a defenseless target.