[governance] NY Times on 'hactivitst' and Aaron Swartz/Techdirt on Anonymou and DDOSs

Ginger Paque gpaque at gmail.com
Mon Jan 14 12:46:44 EST 2013


I found both of these articles to be interesting as we search for effective
means of communication. I have pasted the full NYT article below because
some might find access to be difficult.

http://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/?nl=opinion&emc=edit_ty_20130114

The Techdirt article speaks to DDOS as a form of protest... and the
interesting technique of asking that DDOS be recognized as a valid form of
protest.

http://www.techdirt.com/articles/20130111/08053821642/anonymous-launches-white-house-petition-saying-ddos-should-be-recognized-as-valid-form-protest.shtml

gp
[image: Opinionator - A Gathering of Opinion From Around the
Web]<http://opinionator.blogs.nytimes.com/>
January 13, 2013, 8:30 pmWhat is a ‘Hacktivist’?By PETER
LUDLOW<http://opinionator.blogs.nytimes.com/author/peter-ludlow/>

The untimely death of the young Internet activist Aaron Swartz, apparently
by suicide, has prompted an outpouring of reaction in the digital world.
Foremost among the debates being reheated - one which had already grown in
the wake of larger and more daring data breaches in the past few years - is
whether Swartz's activities as a "hacktivist" were being unfairly defined
as malicious or criminal. In particular, critics (as well as Swartz's
family in a formal
statement<http://boingboing.net/2013/01/12/aaron-swartzs-memorial-servi.html>)
have focused on the federal government's indictment of Swartz for
downloading millions of documents from the scholarly database JSTOR, an
action which JSTOR itself had declined to prosecute.

I believe the debate itself is far broader than the specifics of this
unhappy case, for if there was prosecutorial overreach it raises the
question of whether we as a society created the enabling condition for this
sort of overreach by letting the demonization of hacktivists go unanswered.
Prosecutors do not work in a vacuum, after all; they are more apt to pursue
cases where public discourse supports their actions. The debate thus raises
an issue that, as philosopher of language, I have spent time considering:
the impact of how words and terms are defined in the public sphere.

"Lexical Warfare" is a phrase that I like to use for battles over how a
term is to be understood. Our political discourse is full of such battles;
it is pretty routine to find discussions of who gets to be called
"Republican" (as opposed to RINO - Republican in Name Only), what "freedom"
should mean, what legitimately gets to be called "rape" -and the list goes
on.

Lexical warfare is important because it can be a device to marginalize
individuals within their self-identified political affiliation (for
example, branding RINO's defines them as something other than true
Republicans), or it can beguile us into ignoring true threats to freedom
(focusing on threats from government while being blind to threats from
corporations, religion and custom), and in cases in which the word in
question is "rape," the definition can have far reaching consequences for
the rights of women and social policy.

Lexical warfare is not exclusively concerned with changing the definitions
of words and terms - it can also work to attach either a negative or
positive affect to a term. Ronald Reagan and other conservatives
successfully loaded the word "liberal" with negative connotations, while
enhancing the positive aura of terms like "patriot" (few today would reject
the label "patriotic," but rather argue for why they are entitled to it).

Over the past few years we've watched a lexical warfare battle slowly
unfold in the treatment of the term "hacktivism." There has been an effort
to redefine what the word means and what kinds of activities it describes;
at the same time there has been an effort to tarnish the hacktivist label
so that anyone who chooses to label themselves as such does so at their
peril.

In the simplest and broadest sense, a hacktivist is someone who uses
technology hacking to effect social change. The conflict now is between
those who want to change the meaning of the word to denote immoral,
sinister activities and those who want to defend the broader, more
inclusive understanding of hacktivist. Let's start with those who are
trying to change the meaning so that it denotes sinister activities.

Over the past year several newspapers and blogs have cited Verizon's 2012
Data Breach Investigations
Report<http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf>,
which claimed that 58 percent of all data leaked in 2011 was owing to the
actions of "ideologically motivated hacktivists." An example of the concern
was an article<http://www.infosecurity-magazine.com/blog/2012/6/7/hacktivism-shades-of-gray-/559.aspx>in
Infosecurity Magazine:

The year 2011 is renowned for being the year that hacktivists out-stole
cybercriminals to take top honors according to the Verizon data breach
report. Of the 174 million stolen records it tracked in 2011, 100 million
were taken by hacktivist groups.

Suddenly, things are looking black and white again. Regardless of political
motivation or intent, if there are victims of the attacks they perpetrate,
then hacktivism has crossed the line. Not OK.

Meanwhile an article<http://threatpost.com/en_us/blogs/verizon-hacktivists-steal-most-data-2011-032112>in
ThreatPost proclaimed "Anonymous: Hacktivists Steal Most Data in
2011."

The first thing to note is that both of these media sources are written by
and for members of the information security business - it is in their
interest to manufacture a threat, for the simple reason that threats mean
business for these groups. But is it fair to say that the threat is being
"manufactured"? What of the Verizon report that they cite?

The problem is that the headlines and articles, designed to tar hacktivists
and make us fear them, did not reflect what the Verizon report actually
said. According to page 19 of the report only 3 percent of the data
breaches in the survey were by hacktivists - the bulk of them were by
routine cybercriminals, disgruntled employees and nation states (83 percent
were by organized criminals).

The "most data" claim, while accurate, gives a skewed picture. According to
Chris Novak, the Managing Principal of Investigative Response on Verizon's
RISK Team, interviewed in ThreatPost, 2 percent of the 90 actions analyzed
in the report accounted for 58 percent of the data released. The interview
with Novak suggests that this data loss came from precisely two hacktivist
actions - both by spin-offs of the well-known hacktivist group Anonymous -
and that these large data dumps stemmed from the actions against the
security firm HB Gary Federal, which had publicly announced their efforts
to expose Anonymous, and a computer security firm called Stratfor). That
means that in 2011 if you were worried about an intrusion into your system
it was 33 times more likely that the perpetrator would be a criminal,
nation state or disgruntled employee than a hacktivist. If you weren't
picking fights with Anonymous the chances would have dropped to zero - at
least according to the cases analyzed in the report.

In effect, these infosecurity media outlets cited two actions by Anonymous
spin-offs, implicated that actions like this were a principle project of
hacktivism, and thereby implicated a larger, imminent threat of hacktivism.
Meanwhile, the meaning of hacktivist was being narrowed from people who use
technology in support of social causes to meaning individuals principally
concerned with infiltrating and releasing the data of almost anyone.

Now let's turn to an attempt to maintain the broader understanding of
hacktivism. Several months ago I attended a birthday party in Germany for
Daniel Domscheit-Berg, who was turning 34. As it happened, Domscheit-Berg
had also been the spokesperson for Wikileaks and, after Julian Assange, the
group's most visible person. He had left the organization in 2010, and now
he had a new venture, OpenLeaks. The party was also meant to be a coming
out party for OpenLeaks.

The party was to be held in the new headquarters and training center for
OpenLeaks - a large house in a small town about an hour outside of Berlin.
I was half-expecting to find a bunker full of hackers probing Web sites
with SQL injections and sifting through State Department cables, but what I
found was something else altogether.

When I arrived at the house the first thing I noticed was a large vegetable
garden outside. The second thing I noticed was that a tree out front had
been fitted out with a colorful knit wool sweater. This was the effort of
Daniel's wife Anke - "knit hacking," she called it. And around the small
town I saw evidence of her guerilla knit hacking. The steel poles of nearby
street signs had also been fitted with woolen sweaters. Most impressively,
though, a World War II tank, sitting outside a nearby former Nazi
concentration camp for women had also been knit-hacked; the entire barrel
of the tank's gun had been fit with a tight colorful wool sweater and
adorned with some woolen flowers for good measure. I interpreted these
knit-hackings as counteractions to the attempts to define hacktivist as
something sinister; they serve as ostensive definitions of what hacktivism
is and what hacktivists do.

Of course the birthday party had elements of hackerdom understood more
narrowly. There were some members of the Chaos Computer Club (a legendary
hacker group), and there was a healthy supply of Club Mate - the energy
drink of choice of European hackers, but the main message being delivered
was something else: a do-it-yourself aesthetic - planting your own garden,
knitting your own sweaters, foraging for mushrooms and counting on a local
friend to bag you some venison. What part of this lifestyle was the
hacktivism part? Daniel and his friends would like to say that all of it is.

The intention here was clear: an attempt to defend the traditional, less
sinister understanding of hacktivism and perhaps broaden it a bit, adding
some positive affect to boot; more specifically, that hacking is
fundamentally about refusing to be intimidated or cowed into submission by
any technology, about understanding the technology and acquiring the power
to repurpose it to our individual needs, and for the good of the many.
Moreover, they were saying that a true hacktivist doesn't favor new
technology over old - what is critical is that the technologies be in our
hands rather than out of our control. This ideal, theoretically, should
extend to beyond computer use, to technologies for food production, shelter
and clothing, and of course, to all the means we use to communicate with
one another. It would also, of course, extend to access to knowledge more
generally - a value that was inherent in Aaron Swartz's hacking of the
JSTOR data base.

Our responsibility in this particular episode of lexical warfare is to be
critical and aware of the public uses of language, and to be alert to what
is at stake - whether the claims made by the infosecurity industry or the
government, or the gestures by the hacktivists, are genuine, misleading or
correct. We are not passive observers in this dispute. The meaning of words
is determined by those of us who use language, and it has consequences.
Whether or not Aaron Swartz suffered because of the manipulation of the
public discourse surrounding hacking, his case is a reminder that it is
important that we be attuned to attempts to change the meanings of words in
consequential ways. It is important because we are the ones who will decide
who will win.

*Peter Ludlow is professor of philosophy at Northwestern University. His
most recent book is "The Philosophy of Generative
Linguistics<http://www.oup.com/us/catalog/general/subject/Philosophy/?view=usa&ci=9780199674473>."
*


Ginger (Virginia) Paque

VirginiaP at diplomacy.edu
Diplo Foundation
Internet Governance Capacity Building Programme
www.diplomacy.edu/ig
**
**
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20130114/7f21ac39/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list