When Activism Goes Online: Anonymous, Hacktivism and the Law Lecture at NYLS

A couple weeks ago I went to a “When Activism Goes Online: Anonymous, Hacktivism and the Law” at New York Law School, co-sponsored by the Institute for Information Law and Policy, National Lawyers Guild- National Office, and Students for Free Culture. The panelists were Kenneth Citarella, an adjunct professor at NYLS and former prosecutor who specialized in computer crimes starting in the 1980’s, Abi Hassen, Mass Defense Coordinator with the National Lawyers Guild, and Grainne O’Neill, a defense attorney specializing in the intersection of law and technology.

Citarella talked a little bit about his experience as a prosecutor of computer crimes very early on. One of his main points is that he strongly dislikes the word hacker, specifically because he doesn’t feel like he known what it means. Later on in the evening he emphasizes the difference between in person actions and actions mediated by technology, without clarifying exactly how. Mainly, I think that he served as a prosecution-side counter point to the other speakers. The most interesting thing for me was hearing how generally conservative he is in his interpretation and squaring that against his early involvement in the Electronic Frontier Foundation, which serves as a good reminder that civil liberties is an area where many people can find common ground.

O’Neill started by talking about the Computer Fraud and Abuse Act (CFAA) of 1984. The CFAA was conceived of and passed in a time before the internet as we know it- both socially and technologically- and was passed to specifically protect financial institutions, the government, and interstate commerce. For purposes of the CFAA, “unauthorized access” is defined by the computer or website’s Terms of Service (TOS), violations of which would otherwise be only a matter of contract law, not criminal law. In effect, CFAA empowered private companies to dictate criminal law through their TOS. The CFAA’s definition of damages sets a low standard.

After covering the basics of what the CFAA, O’Neill compared the penalties for online behaviors to their closest offline equivalents. She placed a DDOS (distributed denial of service) attack as similar to a picket, since both are intended to provide visibility to the activists’ displeasure with the target. Theft of a cheap laptop in a coffee shop that contained sensitive information might be punishable by a year in jail, but accessing the same information via an unsecured wi-fi network would get up to 10 years in prison under the CFAA, and in that senario, the victim hasn’t lost use of anything. Even assuming that that the laptop is more expensive and taken from a home, burglary in New York has a maximum sentence of 7 years, which is still less than allowed for remote entry under the CFAA, and involves someone physically entering one’s home. After going over the potential disparate treatment of crimes based on the involvement of hacking or not, O’Neill reiterated that many online crimes are criminalized under non-online specific legislation and that we should look to our rich history of jurisprudence in seeking to address

Hassan put together a PowerPoint presentation which he titled “The Fifth Estate: Information Activism in the Age of Secrecy,” drawing on the idea that hackers and information activists (including whistleblowers) may work for the public good, as a watch dog, much as the press, or forth estate, has. An example of this he gave was Hamed Al-Khabaz, a Canadian student who was expelled from Dawson College after finding and reporting a major security flaw in his university’s storage of student information.  He also emphasized the role of “lulz,” vaguely defined as humor or mischievous satisfaction, in hacking. His example of this was Guccifer’s release of George W. Bush’s remarkably bad self-portrait while showering.

Hassan’s presentation included a couple of really great quotations on related topics from Bloomberg and Thomas Jefferson. He showed graphs from Google and Microsoft of requests for user information from governmental agencies and emphasized the contradiction of increased government and corporate secrecy with the decrease of personal privacy and increase of individual surveillance at the same time. He also gave a great run-down of current major hacking cases in the United States:

And of whistleblower cases:

The best part of the lecture was the question and answer session after the structured presentation. I didn’t take great notes on that part, and since the lecture was back on April 3rd, my memory is not good enough to flesh out the discussion. Highlights included: Citarella arguing that federal sentencing guidelines are frequently too ridgid and pointing out that in the case of Matthew Keys we should strongly consider the difference between what the end result of his giving out passwords was with what it could have been in understanding it’s treatment in the courts; Hassan building on his early talk of current cases and mentioning that 95% of cases end in pleas, largely because of the power that prosecutors have in their discretion regarding charges and requests; and O’Neill stating that the freedom to assemble is really the freedom to assemble anonymously and that it is the anonymity is key to the power of the freedom to assemble. Other items of discussion including emergent 4th and 5th Amendment issues as well an time-place-manner restrictions on in-person protests and how that translates into online activism.

Book Review: Epic Win for Anonymous

One of my favorite things about living in New York City is making use of the local libraries. The networking and proximity of libraries gives uses access to an entire borough worth of books to pick up and drop off at a local branch. It’s like interlibrary loan, but integrated in to standard library use. I recently made use of this by getting to pick up a copy of Cole Stryker’s Epic Win for Anonymous: an Online Army Conquers the Media, published by Overlook Press.

Epic Win for Anonymous covers the rise of Anonymous (big-A) and the history of anonymous (little-a) in internet culture. When I sat down to write this review, I noticed that the subtitle on the cover is an Online Army Conquers the Media, but inside the book, the subtitle is How 4chan’s Army Conquered the Web, a far more accurate description of it’s content. This is apparently only true for the paperback version. The hardcover appears to reference 4chan throughout. This difference and the publisher’s perceived need to change the title echoes what I feel public conceptions frequently miss when attempting to understand what has come to be known as “internet culture.”

My take on the book is that Stryker does come from this culture and is a good guide. He’s attempting to contextualize a weird, self-selecting youth culture (though participants do range in age). It lays out the social context of sites like 4chan, SomethingAwful, and Rotten; as well as Usenet, WELL (Whole Earth ‘Lectronic Link), and BBS, which came the generations before. He does a good job explaining the user experiences and information flows in the different communities and what that means for the culture that is fostered the different environments. He also looks at the roll of external factors in shaping internal community dynamics.

Chapters 1 (Memes: Shared Nuggets of Cultural Currency), 6 (The Meme Industry), and 7 (The Meme Life Cycle) present a coherent summary of the phenomenon of internet memes and their place in human history as a constant tendency lit up by the enabling hand of new technologies. With this, and the rest of the book, Stryker balances descriptions of individual incidents or memes with explanations of broad processes. He succeeds in using details to illuminate without bogging down. It helps that large parts of what he covers are, well, for the lulz.

This book features an impressive 11-page bibliography. I plan on making a photocopy for future reading list reference. It alone would have made this book worthwhile. I’m looking forward to reading Stryker’s second book, Hacking the Future: Privacy, Identity, and Anonymity on the Web. I don’t think that I liked this book as much as I have liked what Biella Coleman has said on similar topics, though I think it’s important to recognize that Sryker’s book has mostly avoided academic terminology and is more approachable without the background knowledge that Coleman’s require for full understanding. Epic Win is epic win as a first look beyond news stories on the deep background of Anonymous, including AnonOps and LulzSec, and why that background is important for making sense of current discussions on the future of internet communication, especially when it comes to identities, communities, security, fear, and privacy.

See also: