Around this time yesterday, I, along with countless others, tried to bring down the Web sites of Iran’s information and justice ministries, and state-sponsored media outlets. The idea was to silence the pro-Ahmadenijad, anti-dissent messages coming from these outlets, and in so doing, strengthen the opposition protests in Tehran.
You didn’t have to be computer smart to take part: a developer in San Francisco had set up a push-button tool that would, upon your click, immediately start bombarding 10 Web sites with requests. I clicked Start, and in the 10 little boxes below, I could see the pages load and reload. About half of them were already down.
This was exhilarating. The goal was to promote democracy, and I could actually watch as it happened. Empowering.
But there’s more to it than that. I’m conflicted about the virtue of this idea. I’m still trying to sort out my thoughts about what happened, but I know that we will be talking about yesterday morning for years to come. We turned our collective power and outrage into a serious weapon that we could use at our will, without ever having to feel the consequences. Network warfare became available to the general public. That is frightening. Here is how my thinking evolved throughout the day:
After a few minutes of watching these Web sites sputter, I spread the word on Twitter. I was met with a few dissenting replies. Clay Shirky felt that by doing this, we were validating the idea of Denial of Service attacks, and that if we endorsed it now, we couldn’t argue against it when the state uses it against dissidents.
I disagreed. While our use of it may make us look hypocritical the next time we complain about a state’s actions, I don’t think we can avoid tactics simply because of that risk. If we forsake every weapon that the enemy uses, simply because the enemy uses it, what options do we have left?
I don’t think the idea of disabling your enemy’s communications is right or wrong. That judgment hinges on a few factors. First, “sticking it to The Man” is not a standard philosophical justification, but there is something about it that feels so right. There were reports that the Iranian government disabled SMS on election day and attacked Moussavi’s campaign site. Giving a citizenry the ability to turn the tables on its own government is, I think, what governance is all about. The public’s ability to strike back is something that every government should be reminded of from time to time.
The nature of the information being silenced also counts. And when the loudest voice is distributing pure drivel, that voice has to be stopped.
I should also mention that the US military is the preeminent practitioner of communications hacking: when we invade, the telephone switches are the first to go.
Fernando Cervantes made a good point: when you attack a Web site, you don’t just attack that site, but every other site on that host as well. You also clog bandwidth. And as I write this, we in the West are still heavily relying on the Internet to tell us what is going on over there; though it’s unclear to what extent, we can also assume protestors are using the Internet to coordinate. By attacking these sites, we’re hurting not just the state, but the people we’re trying to help as well.
This is true. But if government is disabling services that we do want to be available (SMS, Twitter, etc), then we’re allowing the public to be exposed to whatever news the state deems fit, and this is the worst possible outcome. Google gave up the “Don’t Be Evil” mantra on the day they gave in to China and agreed to filter news.google.cn, on the basis that some news is better than no news at all. This argument reeked of B.S. And now that I had the ability to upend that judgment just a tiny bit, I was going to take advantage of it.
I still agree with all of my thinking above. But after a few minutes of letting the attacker run in the background, I stopped it. I don’t know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions. All I had to do was click a button. And while my intentions were honest, there is something inherently wrong with the ability to so easily cause harm, without bearing any of the ill effects. I could have been causing the failure of emergency services that I was not relying on. I wouldn’t even suffer the guilt of knowing what I’d done, as it’s unlikely I would ever find out.
(UPDATE, just to elaborate: When people want to attack someone or something, they usually can’t do it immediately. It takes time to prepare. And during that preparation, they are repeatedly forced to reconsider their actions before going trough with it. Each step–buying/building a weapon, choosing a time and place of attack, traveling to the location of the attack and finally seeing their potential victims–forces the sane mind to pass through “moral checkpoints” that force them to think twice. Carrying out the plan is both physically and psychologically difficult. Even heat-of-passion criminals are forced to deal with seeing their victims. I am sure these two factors weed out lots of would-be criminals who didn’t have the heart or the means to go through with it.
The DDoS tool does away with these barriers. Nothing forces us to think through the act before we click Start. And we remain safe from the threat of retaliation. The thing about war is that you can’t do it without exposing yourself to danger, thus discouraging you from starting it in the first place. But that is no longer the case. Scary.)
We can assume that from now on, something like this is going to happen every time a citizenry butts heads with its government. (If there was any doubt, the creator of the DoS tool made the code available on his site; the target sites can be easily modified.) It’d be silly to think that we could contain it by declaring it invalid. Still, we–the technopolitics community–need to consider the morality of this tactic, as our collective ability to spread the “Attack!” message is not inconsequential.
For comments, see the original post on Personal Democracy Forum.