0:00:09.574,0:00:20.937
applause
0:00:20.937,0:00:22.840
Hi, my name is Molly Sauter.
0:00:22.840,0:00:26.337
I'm currently a grad student at MIT in comparative media studies
0:00:26.337,0:00:30.334
and I do research at the center for civic media at the media lab.
0:00:30.334,0:00:35.448
This talk is going to be laying out an analytical framework
0:00:35.448,0:00:37.168
that I've been working on for a while
0:00:37.168,0:00:40.584
of the ethical analysis of activist DDoS actions.
0:00:40.584,0:00:45.023
And though distributed denial of service attacks have been used
0:00:45.023,0:00:49.201
as a tool of digital activism for roughly the past 2.5 decades,
0:00:49.201,0:00:52.767
the past couple of years we have seen this huge explosion of the use
0:00:52.767,0:00:54.882
and the tactic and the popularization of the tactic
0:00:54.882,0:00:57.520
as well as a sharp increase in the attention
0:00:57.520,0:01:00.686
its use attracts for media and state actors.
0:01:00.686,0:01:03.687
All this attention has brought a lot of criticism and
0:01:03.687,0:01:07.751
a lot of sort of support from various people in the digital space,
0:01:07.751,0:01:09.585
including digital activists.
0:01:09.585,0:01:14.868
However both DDoS's critics and DDoS's proponents seek to declare the tactic
0:01:14.868,0:01:21.090
as a whole as good or bad, without a nuance understanding the variety of circumstances in contexts
0:01:21.090,0:01:24.039
that can render the tactics use ethical or unethical.
0:01:24.039,0:01:27.217
So in this talk I'm gonna lay down the preliminaries for a framework
0:01:27.217,0:01:33.129
by which to perform an ethical analysis of an activist DDoS action in individual use context.
0:01:33.822,0:01:36.923
We're gonna go through a brief technical legal note
0:01:36.923,0:01:40.103
which I assume I'm gonna be able to skip for this audience,
0:01:40.103,0:01:46.169
criticisms of activist DDoS actions that have been thrown out in the past.
0:01:46.169,0:01:49.752
Then we're gonna get in to the analytical framework that I'm proposing
0:01:49.752,0:01:52.573
and then I'm gonna tell you a little about where I'm gonna take this
0:01:52.573,0:01:55.952
as I write my thesis, which this is.
0:01:56.660,0:01:59.992
So everybody knows what a DDoS attack is, right?
0:01:59.992,0:02:01.810
Raise your hand if you know what it is.
0:02:01.810,0:02:04.044
Awesome, I can totally skip this slide.
0:02:04.044,0:02:06.411
laughter
0:02:07.319,0:02:10.706
DDoS action, distributed denial of service action by which
0:02:10.706,0:02:14.870
you seek to monopulize the resources of a server or other resource
0:02:14.870,0:02:18.319
with your resources to prevent other people from using it.
0:02:18.319,0:02:20.212
Good, we're happy? We're happy.
0:02:20.212,0:02:23.628
applause
0:02:23.628,0:02:27.300
Alright, brief legal note: unlike this cat I am not a lawyer.
0:02:27.300,0:02:29.252
I do not have a law degree, haven't studied law.
0:02:29.252,0:02:31.618
I worked at a law school for a while but that doesn't make me a lawyer.
0:02:31.618,0:02:37.045
So I'm gonna talk about legal things in this talk, do not take it as legal advice.
0:02:37.045,0:02:42.900
So DDoS actions and DDoS attacks are illegal in most but not all jurisdictions.
0:02:42.900,0:02:45.625
In the US they are prosecuted as felonies.
0:02:45.625,0:02:51.938
Under title 10 section 1030 of the US Code which is complicated and which I won't read.
0:02:51.938,0:02:55.871
But just so that everyone is aware and this does have a bearing on my talk later:
0:02:55.871,0:03:00.507
these things are very illegal and this has severe precautions
0:03:00.507,0:03:07.815
for how organizers should treat them as they engage with them in their protests.
0:03:07.815,0:03:13.289
So one of the major criticisms of DDoS actions is that they constitute censorship.
0:03:13.289,0:03:20.123
This is a very popular criticism among sort of "oldschool" hacktivists
0:03:20.123,0:03:23.312
like cult of the dead cow hacktivism or other groups like that
0:03:23.312,0:03:26.181
which have denounced the tactic as straight-up censorship.
0:03:26.181,0:03:31.618
Basically they say you are impinging the movement of bits on the network and that's wrong.
0:03:31.618,0:03:34.940
If we're going to be engaging in this type of electronic activism
0:03:34.940,0:03:39.349
we want to be encouring the movement of bits on the network, not stopping them.
0:03:39.349,0:03:44.839
This criticism privileges the integrity of the network and the rights of specific individuals
0:03:44.889,0:03:47.629
to unfettered flows of information,
0:03:47.721,0:03:54.163
and it privileges that overpolitical ideals of activism in civil disobedience present in activist DDoS actions.
0:03:54.201,0:04:01.118
This criticism also raises very specific unanswered questions about who can engange in censorship.
0:04:01.118,0:04:08.670
Can in fact non-state actors and non-corporate actors be engaged as censorious bodies?
0:04:08.824,0:04:15.026
And while DDoS is undeniably a disruptive tactic, does disruption of speech,
0:04:15.026,0:04:19.413
particularly in context where the target has many other speech outlets,
0:04:19.413,0:04:21.972
always equal a denial of speech?
0:04:21.972,0:04:26.121
For instance when this tactic is trained against a corporate target
0:04:26.121,0:04:30.410
while certain aspects of that organization's presence may be disrupted
0:04:30.410,0:04:35.510
their abiltiy to engange in political speech through the press and other outlets is not.
0:04:35.510,0:04:42.596
Therefore the criticism that you're engaging in censorship by waging a DDoS action sort of falls flat.
0:04:42.596,0:04:49.073
Though the criticism is appropriate in some cases, especially when it's used against organizations
0:04:49.073,0:04:54.174
that primarily exist online such as ISPs or independent blogs.
0:04:55.066,0:05:01.524
Second major criticism is a sort of a revamping of this very old debate in activism.
0:05:01.524,0:05:07.777
Direct action or symbolic/attention-oriented activism, which is better?
0:05:07.777,0:05:12.427
And the anwswer is, one isn't really better, they are sort of different.
0:05:13.104,0:05:16.184
applause
0:05:16.184,0:05:17.442
Thank you.
0:05:17.442,0:05:22.930
One group that's been particularly vocal about this in the past is a group called the critical art ensemble
0:05:22.930,0:05:27.945
which helped pioneer the idea of electronic civil disobedience in the 90th.
0:05:27.945,0:05:33.314
And they critized groups like the electronic disturbance theatre for their use of DDoS in their actions.
0:05:33.314,0:05:36.146
Saying that the use is ineffectual because corporations
0:05:36.146,0:05:41.289
and states are now ??? waging "media war" with activists.
0:05:41.289,0:05:44.771
And it is ineffectual when compared with direct action.
0:05:44.771,0:05:49.989
In addition to just sort of being mean to attention-oriented activism for no reason,
0:05:49.989,0:05:56.079
this criticism ignores the fact that DDoS is often used as a tool of direct action
0:05:56.079,0:06:01.378
Such as when it was used by the electrohippies in 1999 against the Internet
0:06:01.393,0:06:04.594
that the world trade organization was using during their annual meeting
0:06:04.594,0:06:07.686
or other groups that I'm gonna talk later about in this talk.
0:06:07.686,0:06:13.005
The CAE's conception of DDoS also leaves the tactic
0:06:13.005,0:06:15.617
out of the context of larger actions that it is associated with.
0:06:15.617,0:06:23.037
This tactic is pretty much never and frankly should never be used as the sole tactic in a campaign.
0:06:23.037,0:06:26.768
It should always be used in the context with other tactics
0:06:26.768,0:06:31.539
and it gets its ethical and politcal viability from the context in which it is used.
0:06:31.539,0:06:35.562
Not simply because of things inherent to itself.
0:06:35.562,0:06:40.356
Third major criticism: what is a successful DDoS action?
0:06:40.356,0:06:48.715
Basically it's really hard to take down a large corporate website with an all volunteer manual DDoS action.
0:06:48.715,0:06:51.977
If you and all your friends are really just sitting in your chairs
0:06:51.977,0:06:58.173
hitting refresh a bunch of times on like paypal.com you're not gonna bring it down.
0:06:58.173,0:07:02.331
So then what are we going to consider a successful DDoS action
0:07:02.331,0:07:07.927
if we can't rely on downtime to be a measure of success?
0:07:07.927,0:07:10.594
So there are a couple of different answers to this questions.
0:07:10.594,0:07:16.308
The first is we want to look at the value of the tactic as something which draws and focuses attention.
0:07:16.308,0:07:20.129
And this is way more important now that it has become
0:07:20.129,0:07:24.618
much more of a media magnet than necessarily it was maybe 10 years ago.
0:07:24.618,0:07:29.919
Another use for the tactic is the biographical impact on the participants
0:07:29.919,0:07:33.465
and expanding opportunities for engagement and participation.
0:07:33.465,0:07:38.782
If you have never participated in a political action and you get to participate in a DDoS action
0:07:38.782,0:07:43.424
and you're in the IRC channel with all of these new friends who you didn't know you had
0:07:43.424,0:07:46.132
who you didn't know had the political views that you had
0:07:46.132,0:07:49.667
and you didn't know were willing to participate in ways that you are.
0:07:49.667,0:07:53.352
That has a huge biographical impact on you and it helps you consider yourself.
0:07:53.352,0:07:57.329
And activism helps you move up the ??? the ladder of engagement.
0:07:57.329,0:08:03.070
This enables what Ricardo Dominguez of the EDT calls a permanent culture of resistance
0:08:03.070,0:08:10.175
where resisting modes of power and resisting oppressive systems is part of the culture.
0:08:10.175,0:08:16.002
And it isn't simple something you do for special on weekends but it is something that you do all the time.
0:08:16.002,0:08:18.270
And the value of this symbolic resistence is
0:08:18.270,0:08:23.214
not necessarily its overt effect on the system that its ostensibly targets
0:08:23.214,0:08:28.210
but rather its effects on participants and on the reflective fields that surround it as it occurs
0:08:28.210,0:08:30.201
including media and culture.
0:08:30.201,0:08:36.920
Basically DDoS acts is a tool for the relevation of what James Scott called hidden transcripts of resistance.
0:08:36.920,0:08:39.518
It serves as an open action where an individual participant
0:08:39.518,0:08:43.511
can join a community of resistance with others.
0:08:44.896,0:08:46.785
Moving on to the second major section:
0:08:46.785,0:08:48.904
the analytical framework that I'm presenting.
0:08:48.904,0:08:52.997
There are four major parts of it that I'm gonna talk about in this talk.
0:08:52.997,0:08:58.150
I'm hoping to expand to maybe five or six later, but not right now.
0:08:58.150,0:09:01.564
The first is intended effects and actual effects.
0:09:01.564,0:09:05.567
The second is contacts within a greater campaign which we've already talked about a little bit.
0:09:05.567,0:09:09.218
The third is technology being utilized in the action.
0:09:09.218,0:09:13.799
And the fourth is the specific participant and organizer populations ??at play??.
0:09:13.799,0:09:16.678
I'm gonna go through these one by one.
0:09:16.678,0:09:19.277
The first is intended and actual effects.
0:09:19.277,0:09:26.140
What I mean by this is what the group that is waging the action intends to happen by its use of the action
0:09:26.140,0:09:28.072
what actually happens.
0:09:28.072,0:09:31.442
So there is a good example of this from 1997.
0:09:31.442,0:09:40.047
It's called the IGC Euskal Herria Journal action and that's Basque and I totally butchered it but I'm not Basque.
0:09:40.047,0:09:44.763
Basically what happened was there was an ISP called IGC
0:09:44.763,0:09:50.234
which was hosting a Basque newspaper publication, an online newspaper.
0:09:50.234,0:09:54.338
This was during a time in Spain when the Basques were not terribly popular.
0:09:54.338,0:09:58.068
There was a lot of violence going around Basque seperatives actions.
0:09:58.068,0:10:06.772
A popular DDoS action was started by people who I don't know, so don't ask me,
0:10:06.772,0:10:10.876
to pressure IGC to take this website down,
0:10:10.876,0:10:16.500
the Euskal Herria Journal website down. People didn't like it.
0:10:16.500,0:10:18.880
It got a lot of popular support.
0:10:18.880,0:10:22.285
Actually several major newspapers in Spain eventually
0:10:22.285,0:10:27.270
published target email addresses for email bombs and other things
0:10:27.270,0:10:29.745
until they eventually decided that was probably a bad idea
0:10:29.745,0:10:32.937
and they retracted their support.
0:10:32.937,0:10:37.135
But the stated goal of the actions was always to get the website offline.
0:10:37.135,0:10:39.923
People didn't like it, they wanted it gone.
0:10:39.923,0:10:46.529
Eventually it did go down because IGC was flooded with these packets and mail bombs and it was horrible.
0:10:46.529,0:10:52.639
It rendered inaccessible the websites and emails of their over 13000 subscribers
0:10:52.639,0:10:56.682
and they couldn't function as a business while this attack was going on.
0:10:56.682,0:11:00.671
So they did eventually stop hosting the site but under firm protest.
0:11:00.671,0:11:05.621
As an ISP IGC exists primarily in fact entirely online.
0:11:05.621,0:11:11.186
Removing its ability to function online removes its core as an organization
0:11:11.186,0:11:13.034
and its ability to function.
0:11:13.034,0:11:17.284
So the goal of this action was to remove content
0:11:17.284,0:11:23.682
by waging the action as long as the DDoS was successful the content was removed.
0:11:23.682,0:11:30.702
So actually the goal of the action was the permanent imposition of the state of the action.
0:11:30.702,0:11:35.613
Its intended effects were its actual effects as it was occurring.
0:11:35.613,0:11:38.586
This fits very well with the criticism that we saw before.
0:11:38.586,0:11:41.304
This was actually just plain censorship.
0:11:41.304,0:11:44.052
This was people saying: I don't like that you're hosting that content
0:11:44.052,0:11:50.386
therefore I'm going to to make you not host that content until you don't host it anymore.
0:11:50.386,0:11:55.073
This is not very cool and is unethical and bad.
0:11:55.904,0:12:01.931
The second example that I have up here is the EDT electronic disturbance to Lufthansa action from 2001.
0:12:01.931,0:12:07.652
This is an example where disrupting content does not equal silencing speech
0:12:07.652,0:12:11.063
as opposed to the example that I just showed which was depressing.
0:12:11.063,0:12:16.519
So in this example rather than removing content from the Internet
0:12:16.519,0:12:21.255
the goal of this action was to raise awareness of Lufthansa's
0:12:21.255,0:12:25.739
allowing the German government to deport immigrants using its flights.
0:12:25.739,0:12:31.457
It's part of a much greater action called the deportation class action.
0:12:31.457,0:12:36.770
While the Lufthansa website itself was rendered inaccessible for brief periods of time,
0:12:36.770,0:12:40.889
the actual communications of the airline, its ability to fly planes,
0:12:40.889,0:12:45.971
maintain normal operations and communicate internally with itself and with the media
0:12:45.971,0:12:49.624
remained for all practical purposes unaffected.
0:12:49.624,0:12:52.500
So while the stated goal of the Lufthansa action was
0:12:52.500,0:12:56.835
to draw public attention to a specific aspect of the Airline's business model
0:12:56.835,0:13:00.486
and through focused attention changed that corporations behavior
0:13:00.486,0:13:02.767
it was actually rather successful in that.
0:13:02.767,0:13:08.214
The airline did eventually stop allowing the government to deport immigrants with its flights.
0:13:08.214,0:13:12.725
Though the action took place on the Internet the effect it sort of had
0:13:12.725,0:13:17.808
was not limited to, was not even really present in the online space.
0:13:17.808,0:13:20.797
And in and of itself this action could not have achieved
0:13:20.797,0:13:23.759
what the electronic disturbance theatre set up to accomplish.
0:13:23.759,0:13:29.623
It took positive behavior on the part of Lufthansa for the deportation class action to achieve its goals
0:13:29.623,0:13:38.014
as opposed to the IGC example which was designed to accomplish its intended effects by gross fear.
0:13:38.014,0:13:44.531
So the third example I'm gonna talk about is something called toywar, or the etoy/toywar campaign.
0:13:44.531,0:13:51.865
The twelve days of Christmas campaign took place in 1999 and was an online attempt to draw attention to
0:13:51.865,0:13:56.161
a legal dispute between etoy which was a performance art collective
0:13:56.161,0:14:04.279
and eToys which was a toy company, an ecommerce company that sold toys online
0:14:04.279,0:14:07.699
and they were fighting over the domain etoy.com.
0:14:07.699,0:14:11.909
And writing about this is very kamikaze because etoy and eToys,
0:14:11.909,0:14:14.649
you have to be very careful.
0:14:14.649,0:14:21.195
So this action was designed to draw attention to that legal battle.
0:14:21.195,0:14:27.590
But it had the additional effect of having a fairly significant impact on eToys' bottom line
0:14:27.590,0:14:30.969
because it took place the twelve days before Christmas
0:14:30.969,0:14:33.704
which was the primary shopping season.
0:14:33.704,0:14:37.170
And it did have a major how their website ran.
0:14:37.170,0:14:44.596
So though their main goal was this attention-oriented campaign in targeting this ecommerce site
0:14:44.596,0:14:48.178
they were targeting the central purpose of their competitor.
0:14:48.178,0:14:53.460
They were attacking, they were going after what they were which is an online organization.
0:14:53.460,0:14:57.550
Etoy, the art ensemble, eventually triumphed in a court case
0:14:57.550,0:15:01.594
and claimed their role in the financial losses suffered by eToys Inc.
0:15:01.594,0:15:03.321
that occurred over the course of that actions.
0:15:03.321,0:15:05.639
Their stock price pretty much plummeted
0:15:05.639,0:15:11.003
which you can rather blame on the bubble or the action, whichever makes you feel better.
0:15:11.003,0:15:20.536
So in this instance we have a combining of direct action and attention-oriented activism into the same action.
0:15:20.536,0:15:24.968
The next part of the framework is context within a larger campaign.
0:15:24.968,0:15:27.641
As I said DDoS actions very rarely occur by themselves
0:15:27.641,0:15:31.067
and in fact if they did occur by themselves you'd probably never hear about them
0:15:31.067,0:15:33.418
because there would be no reason why that site you like
0:15:33.418,0:15:35.757
is down, it would just be down.
0:15:35.757,0:15:39.252
Like physical world sit-ins DDoS actions must be embedded
0:15:39.252,0:15:41.700
within a greater campaign of publicity and messaging
0:15:41.700,0:15:45.520
to ensure that content disruptions are registered by viewers
0:15:45.520,0:15:50.049
and passers-by as protest actions and not as mere technical glitches.
0:15:50.049,0:15:53.400
The EDT/Lufthansa campaign took place within the context of
0:15:53.400,0:15:55.837
a coordinated multi-pronged campaign
0:15:55.837,0:15:59.041
which included physical world actions at stock holder meetings,
0:15:59.041,0:16:02.370
press releases and the distribution of special seatback
0:16:02.370,0:16:05.720
information cards on Lufthansa airlines that explained
0:16:05.720,0:16:07.206
what the protest was about.
0:16:07.206,0:16:12.351
I don't know how they got them into the planes but they did end up in the planes somehow.
0:16:12.351,0:16:17.112
Similirarly toywar was also embedded within a larger campaign of press coverage.
0:16:17.112,0:16:20.857
They were covered by Wired, the New York Times, and the AP
0:16:20.857,0:16:24.306
and there were also solidarity actions and physical world actions
0:16:24.306,0:16:26.389
at court houses.
0:16:26.389,0:16:29.559
So if you are going for this type of action,
0:16:29.559,0:16:32.242
it has to be embedded within many other actions.
0:16:32.242,0:16:35.256
It can't just be your sole activist ???
0:16:35.256,0:16:39.158
You have to use with a bunch of other tools as well.
0:16:39.158,0:16:42.957
The technology problem is a really interesting one.
0:16:42.957,0:16:47.368
As I mentioned it's really difficult for a purely volunteer-based DDoS action
0:16:47.368,0:16:49.425
to bring down a targeted site.
0:16:49.425,0:16:52.906
As a result we started to see the use of botnets,
0:16:52.906,0:16:56.087
traffic multipliers, automated attack tools and other exploits
0:16:56.087,0:17:01.373
to bring the power of such actions in line with the defenses employed by targets.
0:17:01.373,0:17:04.889
While the use of such technological tools doesn't automatically
0:17:04.889,0:17:08.466
negatively affect the validity of these actions,
0:17:08.466,0:17:12.400
the use of non-volunteer botnets is the one thing
0:17:12.400,0:17:14.086
that is particularly worrying.
0:17:14.086,0:17:17.622
And the other things do need to be considered within a larger context.
0:17:17.622,0:17:20.489
Volunteer botnets present their own ethical concerns
0:17:20.489,0:17:22.924
but are less immediately objectionable.
0:17:22.924,0:17:26.865
Like marches, sit-ins and other crowd-based tactics
0:17:26.865,0:17:30.436
DDoS actions gain their ethical and political validity
0:17:30.436,0:17:33.641
from large numbers of willing participants.
0:17:33.641,0:17:35.885
The use of traffic multipliers and exploits,
0:17:35.885,0:17:38.887
while tempting to achieve downtime,
0:17:38.887,0:17:46.533
undercuts claims by organizers that the actions represent a unified political voice of many different people.
0:17:46.533,0:17:50.573
So as an organizers, you would have to balance the
0:17:50.573,0:17:53.668
"do I want downtime at press coverage" or
0:17:53.668,0:17:57.104
"do I want to remain true to the number of participants
0:17:57.104,0:18:01.484
that I have and value their participation over publicity".
0:18:01.484,0:18:05.771
And this is something that lots of organizers have to deal with.
0:18:05.771,0:18:10.409
Non-volunteer botnets, such as those that were used over the course of
0:18:10.409,0:18:13.500
Anonymous's operation payback campaign in
0:18:13.500,0:18:15.694
addition to volunteer botnets,
0:18:15.694,0:18:17.169
they were used together,
0:18:17.169,0:18:19.824
present a serious ethical problem.
0:18:19.824,0:18:22.341
The use of someone else's technological resources
0:18:22.341,0:18:24.459
without their consent in a political action,
0:18:24.459,0:18:27.394
particularly one that carries high legal risk,
0:18:27.394,0:18:29.503
like DDoS actions do,
0:18:29.503,0:18:35.023
is a pretty extremely unethical action.
0:18:35.023,0:18:39.091
Moreover it cheapens the participation of activists
0:18:39.091,0:18:40.784
who are consensually participating and
0:18:40.784,0:18:43.920
makes it easier for critics to dismiss DDoS actions as
0:18:43.920,0:18:47.791
criminality cloaked in free speech.
0:18:47.791,0:18:51.008
Even though, again, it may be tempting to be like
0:18:51.008,0:18:53.394
"oh let's just rent this creepy-ass botnet
0:18:53.394,0:18:58.259
from wherever to bring down the site for five minutes"
0:18:58.259,0:19:02.888
Really not in fitting with ethical use of mass participation
0:19:02.888,0:19:05.491
in political activism.
0:19:05.491,0:19:09.398
This brings us to volunteer botnets such as those that were enabled
0:19:09.398,0:19:12.702
by the hive mind mode of low-orbit ion cannon, again,
0:19:12.702,0:19:14.461
during operation payback.
0:19:14.461,0:19:18.062
Participants could pledge their support to an action and then
0:19:18.062,0:19:19.592
basically walk away.
0:19:19.592,0:19:21.667
They could say "great, use my computer"
0:19:21.667,0:19:23.894
"to DDoS whatever you want"
0:19:23.894,0:19:27.666
"because I trust you and I believe that we are all fighting for the same cause"
0:19:27.666,0:19:30.945
"I'm gonna go walk the dog now"
0:19:30.945,0:19:33.197
So they pledge their support for an action and place
0:19:33.197,0:19:37.144
their computing resources under the control of the organizers of that action.
0:19:37.144,0:19:42.064
This places on those organizers a strong responsibility
0:19:42.064,0:19:45.355
to maintain open communication channels to participants
0:19:45.355,0:19:48.807
and to not make significant changes to the operation of the campaign
0:19:48.807,0:19:51.148
without the consent of those participants.
0:19:51.148,0:19:54.772
Changing plans, tactics or targets without the consent
0:19:54.772,0:19:57.906
of the participant population constitutes a major breach
0:19:57.906,0:20:03.006
of trust and really should not happen.
0:20:03.006,0:20:06.255
This brings us to the final ?? bit in the framework
0:20:06.255,0:20:08.082
which I'm going to go over in this talk
0:20:08.082,0:20:11.631
which is different participant and organizer populations.
0:20:11.631,0:20:14.548
The great thing about DDoS actions is that
0:20:14.548,0:20:16.498
they're relatively easy to join and
0:20:16.498,0:20:18.867
they're fairly relatively easy to wage in the first place
0:20:18.867,0:20:21.816
meaning many of these participants in these actions
0:20:21.816,0:20:26.987
are inexperienced and unaware of the risks they could potentially be taking
0:20:26.987,0:20:32.418
like accidentally committing a felony from the comfort of your own living room.
0:20:32.418,0:20:35.857
Therefore it is ??? on organizers to make sure
0:20:35.857,0:20:39.507
that all participants have enough information to usefully
0:20:39.507,0:20:43.006
consent to participate in such actions.
0:20:43.006,0:20:48.150
This includes information about risks that they could be taking
0:20:48.150,0:20:51.105
and ways to mitigate those risks.
0:20:51.105,0:20:53.868
This was a very big issue in the fallout from
0:20:53.868,0:20:55.403
operation payback.
0:20:55.403,0:20:58.356
when during the course of the campaign a great deal
0:20:58.356,0:21:02.217
of misinformation was present in organizing channels
0:21:02.217,0:21:05.841
and the use of the low-orbit ion cannon tool was encouraged
0:21:05.841,0:21:09.538
despite significant concerns about its security.
0:21:09.538,0:21:12.789
Training should be provided to participants in ways
0:21:12.789,0:21:15.387
to mitigate risk and support should be provided in the
0:21:15.387,0:21:17.874
event of arrest or other negative outcomes.
0:21:17.874,0:21:21.791
This is similar to the way the physical world activists provide
0:21:21.791,0:21:23.871
training for their participants in the
0:21:23.871,0:21:26.685
"we're gonna go outside today and we're gonna hold up
0:21:26.685,0:21:28.188
a bunch of signs and yell at some people.
0:21:28.188,0:21:30.066
These people may yell back.
0:21:30.066,0:21:32.336
These people may also try to physically harm us.
0:21:32.336,0:21:33.774
If you're totally not interested in that
0:21:33.774,0:21:35.904
that's ok, we still think you're cool."
0:21:35.904,0:21:38.851
There should be that type of effort to educate and
0:21:38.851,0:21:41.969
provide different channels for participation for electronic
0:21:41.969,0:21:46.231
civil disobedience in the same way there is in the physical world.
0:21:46.231,0:21:48.888
There are two big things that I want to do with this model
0:21:48.888,0:21:52.008
in the future as I continue to work on my thesis.
0:21:52.008,0:21:55.502
The first is: I want to develop an analysis for
0:21:55.502,0:21:56.986
state/state related actors,
0:21:56.986,0:22:00.470
particularly patriotic hackers
0:22:00.470,0:22:02.768
and see how they fit into this framework
0:22:02.768,0:22:05.537
and how the entrance of states into this area
0:22:05.537,0:22:08.302
affects the ethical validity of these actions
0:22:08.302,0:22:13.123
or whether we're just wandering full force into cyberwar territory there.
0:22:13.123,0:22:14.989
The second thing I want to do is adapt the framework
0:22:14.989,0:22:17.933
from a reflective model, which it currently is,
0:22:17.933,0:22:19.771
to a prescriptive model,
0:22:19.771,0:22:22.091
so be more useful to activists who want to
0:22:22.091,0:22:24.952
organize their own DDoS campaign and want to find out
0:22:24.952,0:22:28.653
how to do it effectively and ethically.
0:22:28.653,0:22:29.983
And that's actually it.
0:22:29.983,0:22:31.502
Who has questions?
0:22:31.502,0:22:42.203
applause
0:22:42.203,0:22:43.778
Dude who stood up first.
0:22:43.778,0:22:46.082
Mike: No other questions.
0:22:46.082,0:22:48.265
Hi, I'm Mike. I'm from Poland.
0:22:48.265,0:22:51.514
I was heavily involved in the anti-ACTA campaign in Poland.
0:22:51.514,0:22:53.526
I was not doing any DDoSes,
0:22:53.526,0:22:55.553
I was doing the, you know, subject matter work.
0:22:55.553,0:22:57.908
Molly: You don't have to incriminate yourself in this talk.
0:22:57.908,0:23:01.508
Mike: Yes. But I can, right?
0:23:01.544,0:23:03.909
laughter
0:23:03.970,0:23:07.641
Mike: Thank you for this talk
0:23:07.641,0:23:11.413
because I feel there is much to little talking
0:23:11.413,0:23:17.896
about ethics in the whole DDoS and hacking area.
0:23:17.896,0:23:19.560
So thank you for this.
0:23:19.560,0:23:23.198
Second thing that I would like to add to this talk is that
0:23:23.198,0:23:26.550
I think the framework works quite well
0:23:26.550,0:23:31.445
because there is a criticism that I am going to make
0:23:31.445,0:23:33.484
about DDoS campaigns right now.
0:23:33.484,0:23:38.444
That is already kind of handled in this framework.
0:23:38.444,0:23:43.200
The criticism is that while the anti-ACTA campaign in Poland
0:23:43.200,0:23:46.529
was at full speed and doing stuff and people were
0:23:46.529,0:23:47.860
protesting on the streets,
0:23:47.860,0:23:52.149
suddenly Anonymous started DDoSing Polish government websites.
0:23:52.149,0:23:52.968
Molly: I've heard about.
0:23:52.968,0:23:58.294
Mike: And this had the exact opposite effect.
0:23:58.294,0:24:01.791
Maybe it was there, but I didn't see that in your presentation
0:24:01.791,0:24:04.421
that you have to be very very careful with
0:24:04.421,0:24:05.590
DDoS campaigns
0:24:05.590,0:24:09.676
because they can actually cause harm to the cause
0:24:09.676,0:24:11.339
that you're trying to do.
0:24:11.339,0:24:15.402
I think it was a little bit in the success part
0:24:15.402,0:24:18.143
but I don't think it was highlighted enough
0:24:18.143,0:24:19.573
that you have to be very careful
0:24:19.573,0:24:21.637
because there is this huge framework,
0:24:21.637,0:24:23.791
other actions that are happening.
0:24:23.791,0:24:26.621
And maybe, just maybe, doing DDoS right now
0:24:26.621,0:24:28.822
might actually harm because it will give the
0:24:28.822,0:24:31.272
government, as was this case,
0:24:31.272,0:24:34.693
the government the excuse to actually do bad stuff
0:24:34.696,0:24:35.993
that you don't want them to do.
0:24:35.993,0:24:38.352
Because they will say: "Oh they're DDoSing our websites."
0:24:38.352,0:24:40.560
"They are hackers and we don't have to do
0:24:40.560,0:24:42.770
anything good for them."
0:24:42.770,0:24:46.954
Well done, because the framework already kind of works for that. Thanks.
0:24:47.416,0:24:49.635
Molly: Yeah, I agree with that.
0:24:49.635,0:24:52.534
This tactic is right now extremely controversial
0:24:52.534,0:24:54.328
but people keep using it.
0:24:54.328,0:24:57.233
My view is that as long as we're gonna use it
0:24:57.233,0:24:59.583
we should at least be using it in some sort of
0:24:59.583,0:25:03.530
reflective way in which we consider our actions
0:25:03.530,0:25:06.778
before we just do them.
0:25:07.502,0:25:08.978
Dude over there.
0:25:08.978,0:25:10.935
Male: Hi, I just have a question.
0:25:10.935,0:25:18.827
You said that disrupting a business which just
0:25:18.827,0:25:23.048
relies on the Internet is unethical.
0:25:23.922,0:25:26.610
I just ask why you make this assumption.
0:25:26.610,0:25:28.926
I would make a different assumption.
0:25:28.926,0:25:32.972
I would have said that maybe running an unethical business
0:25:32.972,0:25:36.627
on the Internet is unethical and disrupting it is ethical.
0:25:36.627,0:25:39.714
Molly: So, really good point. Yay.
0:25:39.714,0:25:42.825
applause
0:25:42.825,0:25:46.717
Something that I didn't maybe have make clear is that each of these bits
0:25:46.717,0:25:49.192
of the framework should not be taken as a
0:25:49.192,0:25:52.427
"oh you didn't do that, therefore you are totally unethical."
0:25:52.427,0:25:57.225
This should all be taken as sort of a big lump of stuff which you can
0:25:57.225,0:25:58.644
sort of massage and be like
0:25:58.644,0:26:02.239
"well, you're 60% here on that and 45% here on that
0:26:02.239,0:26:04.087
and we'll figure it out from there".
0:26:04.087,0:26:06.195
Yes, you're right.
0:26:06.195,0:26:08.322
That's actually sort of one of the issues that I'm really
0:26:08.322,0:26:11.702
interested in looking at in the WTO/electrohippies example
0:26:11.702,0:26:15.154
because I usually don't like it when people are like
0:26:15.154,0:26:19.055
"I'm gonna protest you by making you fall off the face of the planet"
0:26:19.055,0:26:22.009
That seems like a bit of an overkill to me.
0:26:22.009,0:26:28.240
On the other hand disrupting the Internet for the WTO meeting
0:26:28.240,0:26:31.696
at the Seattle World Trade Organization meeting
0:26:31.696,0:26:33.428
I'm kind of for that
0:26:33.428,0:26:37.735
that seems like a good use of resources to me.
0:26:37.735,0:26:42.342
So I'm very interested in pushing those weeds aside
0:26:42.342,0:26:45.937
and figuring out when exactly it's ok to basically
0:26:45.937,0:26:48.220
attack the root of something,
0:26:48.220,0:26:52.189
as opposed to having a more symbolic protest
0:26:52.189,0:26:53.878
which I'm generally more in favor of.
0:26:53.878,0:26:56.619
But you're right, I like you.
0:26:56.619,0:27:00.005
We're just gonna switch to this mic and then we'll bounce.
0:27:00.005,0:27:03.475
Female: I was wondering what your thoughts are on these action impacts
0:27:03.475,0:27:05.057
on non-participants.
0:27:05.057,0:27:08.935
Like say you DDoS eBay and then other companies lose business
0:27:08.935,0:27:12.343
or you say DDoS a health care provider and people can't access health care.
0:27:12.343,0:27:14.436
Is that a factor in your mind?
0:27:14.436,0:27:17.989
Molly: Well, you sort of brought up two wildly divergent examples of
0:27:17.989,0:27:24.722
eBay which means I can't buy my awesome collectable Battlestar Galactica glasses anymore
0:27:24.722,0:27:27.787
and my health care provider which means I can't get my tests
0:27:27.787,0:27:30.922
from that thing that I had that may be cancer.
0:27:30.922,0:27:33.776
Those seem like very divergent targets to me ,
0:27:33.776,0:27:35.772
just to address that off the bet.
0:27:35.772,0:27:39.285
Second point, yes, collateral damage is something that does
0:27:39.285,0:27:41.344
definitely need to be considered.
0:27:41.344,0:27:44.856
But it is not actually sort of specific to DDoS in itself.
0:27:44.856,0:27:47.659
Like if you just stay sit-in at a lunch counter,
0:27:47.659,0:27:49.941
I just wanted to eat lunch.
0:27:49.941,0:27:52.571
I'm not a bad guy, I really just wanted lunch.
0:27:52.571,0:27:56.543
But you have a political voice and you're using it to sit-in at this lunch counter.
0:27:56.543,0:28:02.162
That needs to be part of the overall consideration of
0:28:02.162,0:28:05.255
"do we think this is an appropriate tactic for whatever question is
0:28:05.255,0:28:08.690
that you're trying to address with your activism at this time."
0:28:08.690,0:28:12.223
Because not all tactics are appropriate for all questions.
0:28:13.685,0:28:14.567
Female: Thanks.
0:28:14.567,0:28:15.871
Molly: Ok, cool.
0:28:17.641,0:28:19.030
That guy.
0:28:22.353,0:28:25.433
Sorry, we have a question from the Internet.
0:28:25.433,0:28:26.817
It hasn't gotten to speak yet.
0:28:26.817,0:28:29.905
Male: I have this kind of comment and question.
0:28:29.905,0:28:31.306
Thank you very much for your talk,
0:28:31.306,0:28:34.030
it was very original material and I enjoyed it.
0:28:34.030,0:28:37.665
But however you announced to talk about the ethics of DDoS
0:28:37.665,0:28:40.073
but you didn't say anything about ethics at all
0:28:40.073,0:28:42.608
except for some personal beliefs.
0:28:43.040,0:28:43.965
Molly: laughs
0:28:43.965,0:28:49.554
What kind of ethical framework would you actually suggest to use to analyze DDoS?
0:28:49.554,0:28:54.131
Molly: The four bits of the framework that I set out.
0:28:54.131,0:28:57.252
I'm looking at you because you were talking, not because you're the Internet.
0:28:57.252,0:29:00.014
laughter
0:29:00.014,0:29:06.442
Basically you cannot just say that DDoS is ethical or unethical.
0:29:06.442,0:29:10.336
The way that I'm looking at, you have to look at it
0:29:10.336,0:29:15.140
in the context of these at least four aspects, possibly more.
0:29:15.140,0:29:18.192
But you can't just simply slam your hand down and be like
0:29:18.192,0:29:22.500
"nope, this one action which actually has very little political value
0:29:22.500,0:29:25.805
because it's just a bunch of bits swimming around a bunch of tubes,
0:29:25.805,0:29:31.437
has real ethical value."
0:29:31.437,0:29:34.012
I'm sure a lot of people were gonna be like
0:29:34.012,0:29:37.363
"she's gonna say that DDoS is right or wrong one way or another
0:29:37.363,0:29:40.157
and then I will feel good and/or bad about myself."
0:29:40.157,0:29:41.711
laughter
0:29:41.711,0:29:45.605
I'm sorry, that wasn't what was gonna happen.
0:29:45.605,0:29:48.630
I'm far more interesting in looking at these very nuanced questions
0:29:48.630,0:29:52.298
of how this fits into political economy and protest methodology
0:29:52.298,0:29:53.976
which is far squishier than just saying
0:29:53.976,0:29:57.012
this is ethical or unethical straight off the bet.
0:29:57.012,0:29:59.379
I hope that answers the Internet's question.
0:29:59.379,0:30:02.126
Male: Yeah, I would also come back to the ethics.
0:30:02.126,0:30:06.644
Because I wouldn't like to start talking whether DDoS is good or bad.
0:30:06.644,0:30:09.056
But I think DDoS is a very interesting example
0:30:09.056,0:30:14.358
because it can make us question our ethics again
0:30:14.358,0:30:16.946
because basically I, like you, I believe that DDoS
0:30:16.946,0:30:20.484
is really a pretty violent act of censorship
0:30:20.484,0:30:22.693
but I think it can be very often justified
0:30:22.693,0:30:27.506
because this violent act can simply give us benefits
0:30:27.506,0:30:30.291
that couldn't be made any other way.
0:30:30.291,0:30:35.169
So basically I think that when we think about DDoS and when we want to act with DDoS
0:30:35.169,0:30:42.472
we have to think about violence and making violence an ethical act, actually.
0:30:42.472,0:30:44.245
Your comment?
0:30:44.245,0:30:47.337
Molly: Violence is a pretty prejudicial term.
0:30:47.337,0:30:49.097
I prefer not to use it.
0:30:49.097,0:30:51.324
You also notice that I usually don't say DDoS attacks.
0:30:51.324,0:30:55.443
I try to say DDoS actions because attacks is also a pretty prejudicial term.
0:30:55.443,0:30:59.961
I think a lot of the "violence" inherent in DDoS has a lot to do with
0:30:59.961,0:31:04.728
the inherent power structures that play among the people who are participating.
0:31:04.728,0:31:11.978
For instance, if I am a state government and you have a free press blog
0:31:11.978,0:31:14.492
and you like to critize me in your blog
0:31:14.492,0:31:18.780
and I hire a bunch of people to DDoS your blog
0:31:18.780,0:31:20.957
that's not really cool.
0:31:20.957,0:31:22.613
That's fairly violent.
0:31:22.613,0:31:27.073
I am silencing your speech using my superior power as a big state.
0:31:27.073,0:31:31.340
On the other hand, if you are a private citizen
0:31:31.340,0:31:36.794
and you and a bunch of friends use floodnet to attack whitehouse.gov
0:31:36.794,0:31:41.012
I feel that there's less violence inherent in that system.
0:31:41.012,0:31:44.577
Male: I would partially agree but I think that both acts
0:31:44.577,0:31:47.715
are violent but basically the ethics are different.
0:31:47.715,0:31:52.166
So instead of avoiding the word I think that we should just think about the term.
0:31:52.166,0:31:54.362
That's my opinion.
0:31:54.362,0:31:59.590
Molly: The grad student in me wants to come up with a new word, but yeah.
0:31:59.590,0:32:03.426
Male: Hello, has the decision process who attacks
0:32:03.426,0:32:10.696
which website at what point any effects on the ethical part?
0:32:10.696,0:32:12.049
Molly: On the organizing?
0:32:12.049,0:32:14.811
Male: Yeah.
0:32:14.811,0:32:17.327
Molly: I can't say that I do.
0:32:17.327,0:32:21.602
I think that falls into the purview of the people who are actually organizing these actions.
0:32:21.602,0:32:24.731
As someone who is not an organizer I can't really comment
0:32:24.731,0:32:28.756
on the organizing process, having never sat in one.
0:32:28.756,0:32:31.610
Yes? That makes sense? Okay.
0:32:31.610,0:32:33.705
We're gonna switch back to this mic.
0:32:33.705,0:32:44.463
Male: Aside from the coercive vs. non-coerciveness of volunteer vs. non-volunteer action
0:32:44.463,0:32:49.069
which maybe falls into ethical standpoint
0:32:49.069,0:32:53.376
other than that, there's a question of liability.
0:32:53.376,0:32:57.627
If you're for instance participating in a volunteer action
0:32:57.627,0:32:59.661
and you have a packet sniffer going on that network,
0:32:59.661,0:33:01.331
then you can trace it back to
0:33:01.331,0:33:03.367
"ok you obviously volunteered to this action,
0:33:03.367,0:33:06.160
therefore you're obviously culpable for those actions"
0:33:06.160,0:33:15.927
vs. if it's "box that's been compromised" and ???
0:33:15.927,0:33:21.528
that person is theoretically not liable for those actions
0:33:21.528,0:33:27.331
because it was a ??? or a virus or ???
0:33:27.331,0:33:28.823
Molly: Yes.
0:33:28.823,0:33:32.986
Male: I just wanted to point that out.
0:33:32.986,0:33:34.329
Molly: Yes, no, you're right.
0:33:34.329,0:33:36.218
That is a thing that also needs to be considered
0:33:36.218,0:33:37.665
but it also comes back to
0:33:37.665,0:33:40.897
"there needs to be more education" upon people who
0:33:40.897,0:33:42.732
are organizing these actions to be like
0:33:42.732,0:33:45.651
"hey, you know you could be committing a felony."
0:33:45.651,0:33:47.143
"you could lose your house."
0:33:47.143,0:33:50.834
"that's a thing that could totally happen if you get arrested in the course of this action."
0:33:50.834,0:33:53.032
as oppossed to if you get arrested for chaining yourself to
0:33:53.032,0:33:54.118
the ??? of the White House
0:33:54.118,0:33:55.808
because you don't like the tarsands pipeline.
0:33:55.808,0:33:59.329
You really unlikely lose your house in that instance.
0:33:59.329,0:34:02.139
This is something that I have a huge problem with.
0:34:02.139,0:34:06.099
I think the state response to these actions is completely out of proportion
0:34:06.099,0:34:10.294
and bad and chilling and not good at all.
0:34:11.464,0:34:14.566
Until that changes there just needs to be
0:34:14.566,0:34:17.678
way more education, way more informed consent happening
0:34:17.678,0:34:23.613
among the activist population who participating in these actions.
0:34:23.613,0:34:30.906
Male: In terms of looking to the sources of products used to make DDoS,
0:34:30.906,0:34:35.892
how do you think about the ethical responsibility of a company based in Redmond,
0:34:35.892,0:34:40.930
allowing with their products to very easy make big botnets
0:34:40.930,0:34:42.903
and use it for DDoS.
0:34:42.903,0:34:44.059
Molly: laughs
0:34:44.059,0:34:46.597
Male: Especially this company is working in a country where
0:34:46.597,0:34:51.404
DDoS is a crime so they could be forced to change this very easily.
0:34:51.404,0:34:52.921
Molly: That's a hell of a question.
0:34:52.921,0:34:56.057
applause
0:34:56.057,0:34:59.167
Molly: And I think I'm going to politely decline a comment
0:34:59.167,0:35:00.489
until I learn more about it
0:35:00.489,0:35:04.033
but we can totally talk about this, not right now.
0:35:04.771,0:35:07.752
laughs Sorry.
0:35:09.120,0:35:11.014
Molly: Sorry, was there more of that?
0:35:11.014,0:35:11.755
Male: Why?
0:35:11.755,0:35:16.177
Molly: Why? Because I don't like to talk about things that I don't know
0:35:16.177,0:35:18.729
a lot about and that I'm not competent talking about.
0:35:18.729,0:35:21.979
I'm a grad student, sorry.
0:35:21.979,0:35:28.293
Male: Do you really think that DDoS attacks will have a big role in activism in the future?
0:35:28.293,0:35:36.141
Because I think the media interest in those kind of attacks is diminishing.
0:35:36.141,0:35:42.580
When I think of, I mean, you talk about this partially as
0:35:42.580,0:35:45.895
very useful means of activism
0:35:45.895,0:35:51.279
but when I think of DDoS I think of a few people sitting in their cellars,
0:35:51.279,0:35:58.837
being bored in the IRC room and just hitting their LOICs just like they hit the retweet button
0:35:58.837,0:36:00.789
and think they save the world
0:36:00.789,0:36:05.525
I don't think that this will make any difference in the future.
0:36:05.525,0:36:11.277
Molly: So you roled up a lot of things in that, including a valid, not-so-valid critism of slacktivism
0:36:11.277,0:36:13.263
which I will also address in this answer.
0:36:14.539,0:36:16.036
You're right.
0:36:16.036,0:36:21.006
There are a lot of DDoS attacks happening, not a lot of them getting a lot of coverage.
0:36:21.006,0:36:23.865
On the other hand there are a lot of street marches happening
0:36:23.865,0:36:25.770
and not a lot of them get a lot coverage.
0:36:25.770,0:36:30.659
People still get their signs together and march in the streets sometimes.
0:36:30.659,0:36:35.327
There's a concept in social movement theory called the ladder of engagement
0:36:35.327,0:36:37.289
which is basically like it's what it sounds like
0:36:37.289,0:36:39.459
you start at the bottom and you work your way up
0:36:39.459,0:36:44.386
to more and more complex modes of political engagement over the course of time.
0:36:44.386,0:36:46.738
You can't just jump straight to the top of the ladder
0:36:46.738,0:36:49.441
because you're not Superman and you don't do that usually
0:36:49.441,0:36:52.628
cause you'd fall off and hurt yourself.
0:36:52.628,0:36:56.675
DDoS is a very useful tool to get on that first rung.
0:36:56.675,0:37:01.208
It's easy, it's low financial cost,
0:37:01.208,0:37:03.751
it's generally pretty easy to advertise,
0:37:03.751,0:37:07.338
it doesn't look like it will cost you a lot of time and money.
0:37:07.338,0:37:11.124
All you have to do is really press a button and suddenly you are participating in this thing.
0:37:11.124,0:37:16.787
The sense of participating has a big impact on something that is called biographical impact
0:37:16.787,0:37:19.595
which is how you view yourself as an activist.
0:37:19.595,0:37:23.744
It is really pushing people over the edge to view themselves as activists
0:37:23.744,0:37:26.876
and the beginning is very very important.
0:37:26.876,0:37:35.360
So while DDoS may not be "effective" or "successful" as a standalone protest tactic,
0:37:35.360,0:37:41.153
as part of larger system I think it is still useful.
0:37:41.153,0:37:43.910
I think it will probably continue to be useful,
0:37:43.910,0:37:49.258
just like retweeting someone saying something vaguely political
0:37:49.258,0:37:52.508
on Twitter is also useful.
0:37:52.508,0:37:56.041
Or liking someone's status or sharing something on Facebook
0:37:56.041,0:37:59.579
or turning your Twitter icon green because you like the Iranian election.
0:37:59.579,0:38:02.642
No one in Iran cares that you turn your Twitter icon green.
0:38:02.642,0:38:03.570
They don't even know you.
0:38:03.570,0:38:05.510
They don't know that you've turned your Twitter icon green
0:38:05.510,0:38:10.070
but what that does is that it connects you with all the other people
0:38:10.070,0:38:12.657
on Twitter who turn their Twitter icons green.
0:38:12.657,0:38:15.622
You can see all the other people who turn the Twitter icon green.
0:38:15.622,0:38:18.012
Suddenly you're not just sitting there in your living room
0:38:18.012,0:38:20.775
saying I really support democracy in Iran.
0:38:20.775,0:38:24.823
You are part of this community of green people on Twitter
0:38:24.823,0:38:27.171
who all support democracy in Iran.
0:38:27.171,0:38:30.405
That's way more powerful to you as a person.
0:38:30.405,0:38:36.505
Not necessarily to anybody else. But to you as a person it matters. laughter
0:38:36.505,0:38:38.845
And that's important.
0:38:38.845,0:38:41.271
That's important for getting people onto that ladder of engagement
0:38:41.271,0:38:43.407
and making them feel like activists.
0:38:43.407,0:38:47.595
Feeling like activists is just a couple of ladders away from being an activist
0:38:47.595,0:38:49.708
which is even better.
0:38:49.708,0:38:50.613
Yeah.
0:38:50.613,0:38:57.492
applause
0:38:57.492,0:38:59.048
Molly: They're clapping for you.
0:38:59.048,0:39:02.741
Male: laughs I'm from Austria and we have an organization
0:39:02.741,0:39:06.929
in Austria, it's called Austromechana.
0:39:06.929,0:39:17.837
Its website got DDoSes on May 11, 2012
0:39:17.837,0:39:22.157
and they didn't get the website on until now.
0:39:22.157,0:39:24.128
They used this as an argument:
0:39:24.128,0:39:27.255
"Oh my god, the Internet is so cruel."
0:39:27.255,0:39:34.488
"It's bad and we can do nothing against them."
0:39:34.488,0:39:44.690
"They play with... they have weapons we can't do something against it."
0:39:44.690,0:39:51.653
I'm not sure if in this case the DDoS was the right tool
0:39:51.653,0:40:01.807
to get Aufmerksamkeit, attention.
0:40:01.807,0:40:08.391
I'm not sure if it was helpful in this case.
0:40:08.391,0:40:20.062
I don't think it's a good weapon for everything and there was not enough messaging with it.
0:40:20.062,0:40:21.130
Molly: No, you're right.
0:40:21.130,0:40:23.079
DDoS is not appropriate for all cases.
0:40:23.079,0:40:27.044
Given that I know nothing about your organization and didn't hear about that action
0:40:27.044,0:40:30.258
they probably didn't have enough messaging.
0:40:30.258,0:40:31.604
I don't know.
0:40:31.604,0:40:33.496
But I'm sorry your website went down.
0:40:33.496,0:40:37.008
Male: Not my website.
0:40:37.008,0:40:45.689
It was from the people who want to have the Festplattenabgabe, I don't know the English word.
0:40:45.689,0:40:47.656
It was their site.
0:40:47.656,0:40:48.523
Molly: Okay.
0:40:50.399,0:40:51.071
Hi!
0:40:51.609,0:40:52.628
Female: Hi.
0:40:52.628,0:41:01.293
What exactly are your parameters for deciding if a DDoS action was ethical right or wrong?
0:41:01.293,0:41:03.919
I'm still waiting for this.
0:41:03.919,0:41:07.305
Molly: Like I said, this is a very holistic model
0:41:07.305,0:41:10.124
in that you look at a bunch of different factors and say
0:41:10.124,0:41:14.473
"well, these things fell on one or either side of these different factors,
0:41:14.473,0:41:16.671
therefore I'm gonna look at it, squint my eyes
0:41:16.671,0:41:19.270
and say ok, I think that this was ethical
0:41:19.270,0:41:21.158
and that this was unethical".
0:41:21.158,0:41:24.052
Like I said, this is probably much less scientific
0:41:24.052,0:41:26.294
than a lot of people here were looking for.
0:41:27.294,0:41:30.614
Liberal studies major. What do you want?
0:41:30.614,0:41:31.947
laughter
0:41:31.947,0:41:36.743
So, this is not gonna give you sort of a tick list for things
0:41:36.743,0:41:40.263
that you can say "oh we did this, oh we didn't do that
0:41:40.263,0:41:44.266
therefore we're totally on the right side of god and the law".
0:41:44.266,0:41:51.206
Instead what I'm hoping that this system will give people is a way to look at these actions
0:41:51.206,0:41:53.426
to give them different factors to consider
0:41:53.426,0:41:57.474
when saying yes this was appropriate or yes this wasn't appropriate.
0:41:57.474,0:42:01.991
Cause I feel right now the debate right now is really a bunch of people being like
0:42:01.991,0:42:04.143
"this is always awesome"
0:42:04.143,0:42:05.228
and a bunch of other people going
0:42:05.228,0:42:07.076
"this is never awesome"
0:42:07.076,0:42:09.593
and that's not very useful.
0:42:09.593,0:42:12.046
Female: But don't you think that's quite outstanding that
0:42:12.046,0:42:16.310
you are the one who is getting to decide which is ethical right and wrong?
0:42:16.310,0:42:17.778
Molly: You can also decide.
0:42:17.778,0:42:20.228
I would love it if someone else would come up with a framework
0:42:20.228,0:42:21.751
so that I didn't have to do all the work.
0:42:21.751,0:42:23.915
Female: I thought it's your scientific study, so...
0:42:24.315,0:42:26.091
Molly: It's not terribly scientific.
0:42:26.091,0:42:29.540
It's me reviewing a bunch of case studies
0:42:29.540,0:42:31.415
and saying these are the things that happened,
0:42:31.415,0:42:35.929
this is were they fall on these different factors
0:42:35.929,0:42:38.725
and this is now what I think of this action.
0:42:38.725,0:42:43.656
For instance, Lufthansa/EDT action, I think that actually was ethical.
0:42:43.693,0:42:48.358
I think it was ethical because it occurred within the framework of a much larger campaign
0:42:48.358,0:42:57.041
because it focused on a corporate website that didn't attack the central core of the corporation.
0:42:57.041,0:42:58.472
It didn't stopped it from communicating,
0:42:58.472,0:43:01.229
it didn't stop it from responding to the action,
0:43:01.229,0:43:04.858
it just made itself known in that way.
0:43:04.858,0:43:07.311
And it did a great deal of publicity work.
0:43:07.311,0:43:09.972
In the end it actually worked,
0:43:09.972,0:43:12.825
The effect that it wanted to have in that,
0:43:12.825,0:43:16.456
they wanted Lufthansa to stop flying immigrants out of the country,
0:43:16.456,0:43:17.634
actually took place.
0:43:17.634,0:43:20.892
And that also has an impact on the ethical validity of an action
0:43:20.892,0:43:23.412
which is why this is currently a reflective framework
0:43:23.412,0:43:25.031
and not a prescriptive framework.
0:43:25.031,0:43:28.613
Female: Thanks. Good luck with your studies then.
0:43:28.613,0:43:30.322
Molly: Yay.
0:43:31.722,0:43:33.220
There's another question.
0:43:33.220,0:43:37.965
Male: My naive approach to judge the ethics of a DDoS attack
0:43:37.965,0:43:41.315
would have been to compare it to usual demonstrations,
0:43:41.315,0:43:43.405
just marching on the street.
0:43:43.405,0:43:47.290
Because I guess what has a rather good feeling on what the ethics are there.
0:43:47.290,0:43:49.602
You didn't highlight that too much in your talk.
0:43:49.602,0:43:52.337
Was this on purpose or can you say something about that?
0:43:52.337,0:43:57.148
Molly: People really like, and lots of people really like to say
0:43:57.148,0:44:02.030
"oh DDoS is just a sit-in, except on the Internet".
0:44:02.030,0:44:04.438
I really don't like that comparison.
0:44:04.438,0:44:12.023
I think it's really attractive because it sort of feels like a sit-in,
0:44:12.023,0:44:14.969
You feel like you are monopolizing resources in the same way
0:44:14.969,0:44:17.455
that sitting in a lunch counter is monopolizing resources.
0:44:17.455,0:44:22.339
But it's not in the physical world, it's on the Internet.
0:44:22.339,0:44:24.272
And frankly, these are two different things.
0:44:24.272,0:44:27.035
We can't just say "oh this is just like it"
0:44:27.035,0:44:27.856
because it's not.
0:44:27.856,0:44:30.371
What it is just like, it is just like a DDoS.
0:44:30.371,0:44:33.085
It's not just like a sit-in.
0:44:33.085,0:44:37.001
Disruptive tactics in both areas are very parallel
0:44:37.001,0:44:39.457
but they are very different.
0:44:39.473,0:44:43.281
That is something that I want to go into much greater detail on,
0:44:43.281,0:44:47.760
specifically both in sort of the socially acceptable disruptive tactics
0:44:47.760,0:44:49.550
like sit-ins and street marches
0:44:49.550,0:44:52.311
but also the non-socially-acceptable disruptive tactics
0:44:52.311,0:44:54.732
like black bloc tactics.
0:44:54.732,0:44:57.592
I'd really love to compare that to other modes of
0:44:57.592,0:44:59.576
disruptive activism online,
0:44:59.576,0:45:01.957
and other modes of disruptive activism
0:45:01.957,0:45:03.531
and destructive activism.
0:45:03.531,0:45:07.067
So that is, if you are interested in reading my Master's thesis,
0:45:07.067,0:45:09.294
I will have a whole chapter on this
0:45:09.294,0:45:12.344
that I could not fit into this talk.
0:45:12.344,0:45:15.392
Because there is a lot of that there.
0:45:15.392,0:45:19.647
But the instinct to fall back on the physical analogy is,
0:45:19.647,0:45:22.412
I think, inherently damaging to the discourse of
0:45:22.412,0:45:27.076
electronic civil disobedience and digital activism
0:45:27.076,0:45:29.679
because you fall back on these tropes
0:45:29.679,0:45:31.998
that don't really fit and then
0:45:31.998,0:45:34.591
when people point out that they don't really fit
0:45:34.591,0:45:37.230
you're sort of left with nothing.
0:45:37.230,0:45:39.944
When you say like "that's not actually a sit-in, that's a DDoS"
0:45:39.944,0:45:42.771
you sitting there going "but I said it was a sit-in
0:45:42.771,0:45:44.981
and you like sit-ins, right?"
0:45:44.981,0:45:47.580
and then you're sort of: that's it.
0:45:47.580,0:45:51.479
So I'd like to push the argument beyond that point.
0:45:51.479,0:45:53.110
Male: Thanks.
0:45:54.680,0:46:01.145
Male: Ok, so it looks like we have no more questions. Thank you very much, Molly, for the talk.
0:46:01.145,0:46:12.383
applause