DDoS: the Problem with a Sucker Punch

There has recently been an excellent debate going on over whether distributed denial of service (DDoS) attacks are a legitimate form of civil disobedience, as the anonymous members of Operation Payback claim it is. Here are a few key quotes:

Deanna Zandt, author of Share This!, looks at it as a form of nonviolent action:

Many, myself included, consider DDoS in this context to be much like a sit-in in the offline world…. No permanent damage is done in a DDoS attack…. It’s the difference between participating in a die-in at an embassy, for example, and smashing the windows of an embassy.

Nathan Freitas, a mobile phone activist, looks at it through the same lens, but finds it wanting:

I also believe there are better ways to make use of distributed human and computing resources…. I am not condemning DDoS as not being CD, I think I am just saying “is that it? is that the best you can do?”.

In a response to Zeanna’s post, Ethan Zuckerman changes the context:

In the next couple of weeks, colleagues at the Berkman Center and I are releasing a report on DDoS attacks on independent media and human rights sites…. My fear is that legitimating DDoS as a form of protest doesn’t just enable those who would protest large corporations – it enables the sorts of people who target dissident voices.

Evgeny Morozov of Stanford and the New America Foundation, argues that context is king:

My own guess [is] these arguments would never work in the abstract and would still need to be evaluated on a case-by-case basis in the particular contexts they are set in. Which, to return to my original post, was my whole point: we shouldn’t prejudge DDoS to be “good” or “bad” simply because it’s illegal or because it is “DDoS.”

I would say that I agree with Evgeny here, which also allows me to agree with everyone else – it all depends on context. I don’t think DDoS is always awesome, but the populist in me thinks it is kind of neat that a group of geeks in their bedrooms can bring down an institution of wealth and power with the digital equivalent of a sucker punch. Like Ethan, I also oppose DDoS as it is used to silence human rights activists and the opponents of power.

The real problem with DDoS is that it is so damned effective, regardless of who the sucker is on the receiving end. Other than buying more bandwidth or creating a mirror site, there is not much one can do. And these are the military equivalents of sending in more troops when the first brigade has been slaughtered and building a new fort when the first is overrun.

However, I don’t think this state of affairs will last long. Like any case of tactical innovation, once the tactic proves itself to be extremely effective against the powers that be, the powers that be put their resources into creating an effective antidote. In a way, attacks on resource-rich targets like American corporations have sped the demise of the DDoS attack. When DDoS attacks were just used to shake down gambling websites and silence human rights activists, there just weren’t the resources to pay a bunch of smart programmers to find a way to close the protocol loophole that allows DDoS to work. Now there will be. That’s the problem with a sucker punch: it requires a defenseless target.

LibTech: Evgeny Morozov on Internet Freedom

Disclaimer: I have done my best to transcribe the comments of these speakers at the conference on Liberation Technology in Authoritarian Regimes, and I apologize for any errors.

Blogger Evgeny Morozov addresses the importance of socio-political as well as technological controls on Internet freedom. As an example, he identifies a recent law in Thailand that makes the creations of social media platforms legally responsible for user generated content, making self-censorship likely. He says that we don’t know how to address the socio-political context. As anti-censorship tools improve, control will not evaporate, they will simply find non-technological ways to control speech. By creating purely technological tools to address technological challenges to Internet freedom, we are missing socio-political avenues of control.

On the technological side, we notes that DDoS attacks are more damaging than censorship and blocking. In the former case, the onus is on the content producer to provide access, in the latter case the onus is on the audience. The real costs of DDoS as a means of oppressing dissent are more costly to the content producer, not only financial, but also psychological. We don’t have the means of addressing this on an international level.

Another method of control is attacking the legitimacy and communication capacity of online communities of opposition. This results in a limitation of their ability to disseminate information, mobilize, mobilize and grow. A variety of techniques, from paid trolls to hacked DDoS attack can be used to attack these communities.

Authoritarian governments are also building local alternatives to Internet services. One of the most disturbing examples is a Turkish effort to create their own national search engine and provide each citizen from a national government email. Iran and Russia is making similar efforts. It is unclear how these efforts are connected. Morozov predicts that this will be detrimental to freedom of expression and that these services may become industries of national importance, increasing surveillance and control.

A lot depends on whether the Internet Freedom agenda or the Internet Control agenda succeeds in the US, where the State Department supports the former and the Department of Commerce and Defense support the latter.

Proudly powered by WordPress
Theme: Esquire by Matthew Buchanan.