Anonymous is an interesting and problematic group. I often agree with their aims and goals. I have a much more varied reaction to their tactics and methods — their street protests have often been masterpieces of surrealism, and also quite effective at lampooning their targets, but their online intrusions and DDoSes annoy me with their legal and ethical dubiousness.
But I’ve never before had a problem with their basic logic. This time, I do.
Anonymous has put a petition on We The People (the White House’s — damn cool — open petitions site), asking the Obama Administration to recognize DDoSes as a legal form of protesting. Their petition reads, in part:
Distributed denial-of-service (DDoS), is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any “occupy” protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.
First off, the one part I agree with: DDoSing isn’t hacking. Nor is it cracking; it really doesn’t take any technical skill at all. There have been automated DDoSing tools for quite a while, and people have been renting botnets for at least 8 years now. Botnet time is even cheap enough to be within the financial grasp of the average teen, as long as they’re not doing it every day.
So being able to knock a site off the Net for a few hours isn’t some kind major technical achievement. It isn’t even a minor one. It basically just means you know how to use a search engine, and you’ve got a handful of Jacksons to wave around.
But on to their major point: That DDoSing a site is just like staging a protest in front of it. It’s not. In fact, there are fairly few ways in which they’re equivalent, and two crucial ways in which they aren’t.
- A protest doesn’t block entry
- A standard protest, or even a picket line, doesn’t block people’s access to the place being protested. I should know; I work in San Francisco’s FiDi, and I work for one of the largest banks in the US. Do you think we haven’t been picketed and protested, multiple times, by Occupy in the past two years? There have been times when I had to walk past hundreds of people to get to the door of my workplace.
But I could do so, without even feeling unsafe. The building was still usable. With a properly-executed DDoS, the site becomes completely unusable, by anyone, for any purpose. That’s what “denial of service” means: you want to get in? Dee-nied! Whereas one of the distinguishing features of a legal protest or picket is that it is porous: It does not actually block passage, but merely ensures that anyone passing by will notice the protesters and their message.
- A protest sends information
- Speaking of “message” — a protest is a means of speech in itself. Protesters can chant, carry signs, and send their message to people who are entering or leaving the targeted place. But a DDoS causes the complete absence of communication. Not only can the targeted site not communicate with anyone, the people launching the attack don’t get to send any message, either. In fact, there’s no way for the average user to tell the difference between a site that’s being DDoSed and one that’s just down because of a technical problem. They certainly don’t come away going, “Ah, now I understand who is protesting against this site and why”.
The real-world equivalent of a DDoS wouldn’t be a standard protest. It’d be to padlock the front doors of the business and hang up a “closed” sign — and then have the protesters vanish. No signs, no message, and no way for anyone to get in or out of the building.
Actual protests strengthen democracy, by supporting the free flow of ideas. But DDoSes? They do the exact opposite. That’s why making them a legal form of protest would be a tragic, misguided mistake. The analogy doesn’t hold.