How the law caught up with the internet

The decentralised, ungovernable nature of the early internet was an intentional design feature and not a bug. As a result, today’s internet is an open network, where unprecedented creative and economic innovation, art, commentary and citizen journalism flourish.

But child pornography, hate speech and copyright infringement have also thrived, leading to mounting pressures to bring online activity under government control. As nations push for these changes, global interconnectivity and freedom of expression are at risk.

As long as computers speak the TCP/IP protocol, or ‘language’, they can exchange information without centralised controls, standardised operating systems or consideration of geographic location. Users do not need to register or identify themselves. These networks are both simple and robust, and there is no single point of failure.

The Innocence of Muslims film was widely censored

The laissez-faire design principles of the network are reinforced by the legal regime of its birthplace, the United States. The US allows private, unregulated businesses to connect to and innovate on the network without government permission. The First Amendment guarantees that the vast majority of online communications will not result in governmental sanction. Section 230 of the Communications Decency Act of 1996 (CDA), which states that online platforms should not be treated as if they are the speaker or publisher of user-generated content, ensures that online companies are not required to review user posts in advance to avoid liability, a precaution that would be impossible anyway, considering 72 hours of video are uploaded to platforms like YouTube every minute.

While the founding fathers of the internet weren’t envisioning Facebook or YouTube, the TCP/IP protocol made these innovations possible. Photos of cats, indie music and films from around the world can all be found online, along with fraudsters, Nazi propaganda and videos about how to be anorexic.

Activist and co-founder of the Electronic Frontier Foundation John Gilmore said in 1993: ‘The net interprets censorship as damage and routes around it.’ But in the face of the darker uses of the network, Gilmore’s celebration has become a rallying cry for regulation. Apprehending individuals who behave illegally online can be difficult.

An individual posting illegal content might be pseudonymous and their identity not readily ascertained. Or the user might be based outside the jurisdiction where legal proceedings have been initiated. If one service provider blocks access to content or removes a video or song, another user, or users, will almost certainly repost the material, giving it far more attention than it originally received and far wider distribution.

This phenomenon is so common it has been given a name, the Streisand Effect, based on Barbra Streisand’s extensive but ineffectual legal attempts to stop online publication of photographs of her Malibu, California beach house.

Tools for government control

Nevertheless, despite the assertion that technology has outpaced the ability of the law to regulate it, as a result of technological, economic and political changes, online speech on today’s internet is no longer beyond governmental control.

The vast majority of activity is not anonymous – it’s branded with a unique identifier that links details to a particular network account. Internet Service Providers (ISPs) collect and store which IP address information was assigned to what subscriber for billing and operational purposes. Moreover, online businesses increasingly collect IP address information to identify repeat customers, tailor services and target advertising.

These services associate IP address data with other information that can be used to profile, track, physically locate or otherwise identify a user. Governments and civil litigants are learning how to use this information to identify individuals. The old joke was that on the internet, no one knew you were a dog.

Today, everyone knows your breed and what kind of kibble you buy. Not long after the implementation of TCP/IP protocol, its creators decided that easy-to-remember domain names like stanford.edu or facebook. com were better monikers for networked sites than the original IP addresses, which consisted of a long string of numbers.

They set up the domain name system (DNS), a system of databases that translates unique identities into machine-readable addresses. Without accurate and cooperative DNS servers, users cannot find and connect to pages. DNS has become a powerful tool for governments to control the internet.

DNS redirection or filtering, called DNS poisoning, is increasingly common. The Chinese government uses this technique extensively. When a user attempts to connect to sites the government does not want them to access, he or she is simply redirected elsewhere. Domain names themselves are targets for government control.

In 2011, the United States Immigration and Customs Enforcement (ICE) agency automatically shut down over 700 websites for alleged copyright infringement, including the sports streaming sites rojadirecta.com and rojadirecta.org and music site http://dajaz1.com. In many cases, ICE was able to seize these domain names without an adversarial hearing, meaning that website owners were not able to defend their practices in court.

The secrecy of the proceedings was another huge challenge. For both rojadirecta and dajaz1, the government eventually gave the names back, without providing probable cause for the seizure. But the harm was done. In a fast moving economic environment, a business that loses its domain name for even a few months is basically dead.

Governments have also found ways to control online expression by controlling the services people use to connect to the network: electricity providers, ISPs, broadband and cellular providers. Companies that lay power lines or fibre optic wires to users’ homes or operate cellular networks to which internet-enabled devices connect are usually highly regulated and have a cosy relationship with the government. In some countries, these services cannot operate without government approval.

The Arab Spring

During the 2011 protests the Egyptian authorities cut internet access

During the 2011 Arab Spring protests, some reports say that the Egyptian governmentsimply shut off power at an important internet exchange point where ISP lines connected to the network outside the country. The government contacted those ISPs that were not directly affected by this move and instructed them to discontinue services or risk losing their communications licences.

Similarly, Syria has only one domestic internet provider and it is owned by the government. So Syrian authorities have a direct avenue for monitoring, filtering and blocking traffic. Authorities in that country have also disconnected the mobile 3G network to prevent access through the phone network; they have been known to disconnect the electricity supply to control citizens during clashes between the military and protesters or rebel forces.

Unable to use normal means of communication, activists have no choice but to give news and footage to those who know how to circumvent bans so that the information gets out to the world. These kinds of wholesale shutdowns obviously produce a lot of collateral damage for ‘innocent’ users of electricity and communications services.

There is a public cost to this kind of obvious, direct censorship. In the case of Tunisia, the tactics were less obvious. There were reports that the government manipulated Facebook login pages to obtain activists’ passwords and delete their accounts, along with pages organising protests. During Iran’s 2009 Green Revolution, the government prevented citizens from accessing popular dissident websites and used DNS blocking to redirect activists attempting to organise protests via Facebook or Twitter. Since much of the data transmitted over the Iranian (and global) network is unencrypted, the Iranian government has an easy time spying on its citizens.

Blocking offensive material

Communications platforms like Gmail, Twitter, Facebook and YouTube are ripe targets for censorship. In September, Google refused to delete the YouTube-hosted video The Innocence of Muslims, which depicted the Prophet Mohammed and insulted many around the world. The video has been widely regarded to be connected to attacks on the US consulate in Libya, in which the US ambassador and three other State Department employees were killed. As word of the video spread, there were violent protests around the world and governments faced demands to remove the video from the internet.

As a result of the protests, Google initially blocked access to the video in Libya and Egypt by blocking IP addresses associated with those countries’ ISPs so that they could not connect to the YouTube server. It also blocked access in India and Indonesia and, in response to government requests, in Saudi Arabia and Malaysia. Google also blocked the video using geographical filtering. Eventually, it restored access in Libya and Egypt. The video continues to be accessible to the rest of the world and people in blocked countries may view the clip by routing requests through non-local IP addresses.

It’s not surprising that the video remains online – the First Amendment and a decentralised network guaranteed that. What’s surprising is that Google actually blocked the video. The company has such considerable international business interests that following local law in the jurisdictions concerned was in its best interests.

A purely US-based company or an online speech platform with no business interests might have chosen to do nothing. But these days it’s rare for an internet platform to ignore international demands for censorship or for user data. Companies have a potentially international user base and in order for them to exploit it, they increasingly give foreign government demands substantial weight, and not only when they have staff or assets on the ground.

When intermediaries like ISPs fail to comply, this doesn’t stop national censorship. Thailand has blocked the entire YouTube site for hosting videos that mock the Thai king. Turkey has blocked access to webpages about evolution. A decade ago, France successfully stopped Yahoo!’s local subsidiary from hosting auctions for Nazi memorabilia and fined its US division for failure to block French users. Today copyright holders are pressuring European ISPs to block The Pirate Bay, a website dedicated to the sharing of copyrighted materials.

Network problems like unwanted spam and malware have encouraged providers to develop tools that can analyse and disrupt traffic. The economic consolidation of network providers and entertainment companies has encouraged conglomerates to look at favouring and disfavouring – essentially blocking – certain content or applications on their networks. Some countries are now asking these providers to block access to certain content, or to collect transactional data about users’ internet access for subsequent monitoring and potential prosecution.

In 2009, a German man convicted of murder sued Wikipedia and various news outlets for posting information about his crime, asserting his ‘right to be forgotten’, which is recognised in Germany. Wikipedia’s German language service removed the entry, but the English language version has so far refused.

In 2010, Italy criminally convicted three Google executives in response to a YouTube video depicting a disabled child being bullied. Though the content was removed within hours of the company receiving notification, the court faulted it for not screening the video prior to posting. And a court in Brazil ordered the arrest of Brazil Google’s senior executive for failing to remove a video critiquing a mayoral candidate, which violates local election laws.

Also in 2010, various US businesses and government agencies took steps to block the WikiLeaks website after it published a classified cache of leaked diplomatic cables. Private companies, including Amazon and PayPal, stopped doing business with WikiLeaks on the grounds that it violated their terms of service, although, according to reports, the US State Department encouraged the decision. Copyright is a particularly salient cause for censorship in the West.

In one you-can’t-believe-it’s-true example from earlier this year, Amazon remotely deleted copies of George Orwell’s 1984 and Animal Farm from Kindle devices because the books had been added to the Kindle store by a company that did not have the rights to distribute them. No censor could ever hope to seize and burn every paper copy of Fahrenheit 451, and yet digital books can easily be disappeared.

The end of the global network?

Today, our global network is evolving into a parochial one. China already has its own surveilled and monitored internet. Iran is in the process of creating its own domestic network and has started blocking American companies like Google from providing online services to its citizens. As companies block or are blocked in compliance with international assertions of sovereignty from countries around the world, we are in danger of fragmenting the network along national borders.

International efforts to regulate the network are even more frightening. Taking place behind closed doors, the International Telecommunications Union (ITU), a United Nations organisation representing 193 countries, is reviewing international agreements governing telecommunications with a view to expanding its regulatory authority over the internet.

During the meeting, many countries hope to seize power over internet policy, taking it out of the hands of the US. Authoritarian and democratic countries would have equal say. Of those 193 countries, 40 of them currently block or otherwise censor the internet. Voices around the world, including the US Congress and Vint Cerf, one of the creators of TCP/IP, have called for the ITU to keep its hands off the internet.

Under the ITU, the internet would be pushed towards the lowest common denominator, with the potential for rampant civil rights abuses, widespread surveillance and fragmentation of creative and political freedoms. Most experts believe that the days are long gone when internet companies could simply follow US law alone.

Some international legal regulation of the internet is inevitable. Still, it’s important for any changes to be made slowly and incrementally, and to be aware that any major changes applied to internet technology or its network might be hard to reverse. Nations must understand the risk of fragmentation and companies must resolve to restrain sovereign demands.

Multi-stakeholder agreements on how to manage cross-border problems, even without the force of law, may alleviate the urgency of addressing some online crimes. Choices made by communications intermediaries, rather than just governments, will continue to have a disproportionate effect on individual freedoms, so we must be very careful about imposing liability on those platforms for their users’ conduct.

Policy should encourage provider diversity and network neutrality, or else deviation from the internet’s original design as a global, open network will threaten economic growth, creativity and political activism. None of these precautions will be taken, however, until we accept the fact that the law is, indeed, catching up with the internet.

Jennifer Granick is an American attorney and educator. She tweets from @granick

Digital Frontiers. Click here for subscription options and more

Beacons of freedom: The changing face of Anonymous

It’s late January 2012. Governments all over the world are considering signing up to a new US-led trade proposal intended to curtail copyright violation, the Anti-Copyright Trade Agreement (ACTA). There have been widespread protests, on and offline: the loose-knit collective of activists, hackers and internet denizens of all stripes known as ‘Anonymous’ believe ACTA represents an attempt by governments to limit and control the core freedoms of the internet, in particular the massive cultural exchange of ideas and information made possible by file-sharing online.

In Poland, the agreement has already been signed off; all that is needed for it to be adopted into law is a majority vote in parliament. The government website is offline, taken down by a distributed denial of service (DDoS) attack launched by Anonymous, which sends a message to politicians who are considering voting in favour. By the final week of January, over 10,000 people gather in Krakow in a last-ditch protest to influence the vote.

Members of the Palikot Movement Party protest against the ratification of the Anti-Counterfeiting Trade Agreement

And then something unexpected happens: on 26 January 2012, while casting their votes in parliament, some members of the Polish government conceal their faces with paper Guy Fawkes masks. The mask, by now the signature icon for Anonymous, has become common protest regalia among rabble-rousers across the globe, from Egypt’s Tahrir Square to London’s Occupy protests. But this is the first case of public servants adopting the symbol. The image is circulated far and wide on social media platforms. Although Polish politicians used it to launch a specific protest against ACTA, the gesture and its photographic memorialisation worked in a much broader capacity to legitimate Anonymous. ‘These parliamentarians were wearing Anonymous Guy Fawkes masks,’ one Anonymous activist blogged, ‘while the parliament’s website was down due to DDoS by Anonymous. We can’t emphasise that point enough – this is a game-changer.’

Less than a month later a very different image of Anonymous was circulated. On 21 February 2012, the Wall Street Journal reported that General Keith Alexander, the director of the United States National Security Agency (NSA), had briefed officials at the White House in secret meetings, claiming Anonymous ‘could have the ability within the next year or two to bring about a limited power outage through a cyberattack’. So only weeks after the ‘game changer’, the group was described as an imminent and credible threat.

The ‘ability’ to bring about a power outage was undefined. Could it mean that hackers had already acquired passwords that would give them access to power facilities? Or was the warning based on information supplied by an informant who had been working with Anonymous? Either way, General Alexander’s claims were frightening and bold, as well as vague. An attack on the power grid systems would cause havoc and potentially even threaten lives.

It is unlikely that we will ever find out whether the NSA assessment was based on credible intelligence or whether it was simply meant to smear and discredit Anonymous. Further news reports quoted activists and security experts and dismissed NSA claims as ‘fear-mongering’. The group, for all its varied tactics, both legal and illegal, has to date never been known to publicly call for such an attack – and there is no evidence to suggest that it would so much as consider it. A tactic like this would be very out of character for the collective, which, though often subversive, generally conforms to ethical norms and defends civil liberties.

While Anonymous has never occupied a controversy-free place on the world stage, by February 2012 it began to be portrayed as an open source brand of radical protest politics and not necessarily as hooligans hell-bent on unleashing extremist, chaotic acts like taking down power grids. More significantly, while the name has been used to pull together a range of unrelated causes, from environmental rights to snuffing out paedophilia rings, Anonymous activists are most effective and forceful when fighting censorship.

With campaigns like Operation Payback, which targeted corporations like MasterCard when it stopped providing services to WikiLeaks, OpTunisia, which responded to Tunisian government tactics against protesters and journalists, and OpJapan and OpMegaupload, launched in response to proposed copyright legislation, it is when Anonymous activists defend the internet’s core freedoms and expose the shadowy workings of state and corporate surveillance that it has the most impact. The NSA news story about the exigent threat from Anonymous failed to gain traction in the public consciousness. Perhaps it would have if it had come earlier, for instance between May and July 2011, at the height of attacks led by Lulzsec.

Anonymous launched Operation Megaupload

In contrast to most Anonymous actions, Lulzsec, a break-away hacker group, acted whimsically, its hacks not always tethered to a political issue. Lulzsec sometimes hacked to make a political statement and, in other instances, for lulz, internet slang for laughs. During this period, media attention, which was colossal, was most heavily focused on Anonymous as hackers rather than as a general protest group. Activities under the Anonymous banner, such as those of Lulzsec, show that even though Anonymous has gained a measure of respect because it champions free speech and privacy causes, it is also notorious for its irreverent and controversial approach to dissent.

To be sure, most of its activities are legal, but a small subset of tactics – such as DDoS attacks and hacking – are illegal, a criminal offence under all circumstances. These tactics also score the most headlines. Some, like ‘doxing’ (the leaking of personal, sensitive information, such as social security numbers and home addresses), reside in a legal grey zone because mined information is found on publicly accessible websites. During the course of a single operation different participants might deploy all three modes – legal, illegal and legally grey tactics.

Take Operation Bart, in August 2011. Anonymous focused on getting the word out when San Francisco Bay Area Rapid Transit (BART) officials disabled mobile phone reception on station platforms to thwart planned anti-police brutality protests. Soon after, Anonymous helped organise street demonstrations. But a couple of individuals also hacked into BART’s computers and released customer data in order to garner media attention – at least that’s how one participant explained the incident to Amy Goodman on television and radio programme Democracy Now. Someone also found a racy, semi-nude photo of BART’s official spokesperson Linton Johnson on his personal website, which was then republished on the ‘bartlulz’ website with considerable fanfare, along with the brazen rationalisation: ‘if you are going to be a dick to the public, then I’m sure you don’t mind showing your dick to the public.’

During the course of an operation, vulnerability and weakness is often identified and exploited. These sorts of actions provoke controversy (even within Anonymous) and also find their way into headlines, boosting the group’s public profile. At times, members of the loose collective are purposely deceitful and propagate false information about their activities. This can be a tactic for self-protection in some cases, and in other cases an antic to coax headlines out of the media, which can be somewhat enamoured with hacking.

Antisec, one of the more well-known hacker groups affiliated with Anonymous, might claim an exploit without having actually been involved in the activity. Hackers will often rely on botnets – networks of compromised computers – to momentarily knock a website offline, but won’t advertise this fact in press releases. Between 10 and 11 September 2012, for instance, Antisec claimed to have procured 12 million unique device identification numbers from Apple iOS devices by hacking into an FBI agent’s laptop computer. As it turns out, while the identification numbers were verified, the source turned out to be an iPhone and iPad app developer, Blue Toad. Because tactics range from the frivolous to the controversial to the illegal and because it has been known to generate hype around its own activities, it can be easily targeted itself. Obfuscation and deceit contributes to Anonymous’s mystique and its power, but also makes it vulnerable to misinformation campaigns spread by others.

Antisec – One of the more well-known hacker groups affiliated with Anonymous

The biggest lesson that can be learned from Anonymous is that the internet will judge – often quite swiftly – the actions of individuals, corporations and governments. And by the internet I mean the countless hackers and geeks from São Paulo to Sydney who understand how the web works, a smaller class who know how to subvert routers and protocols, and a larger number who will rally when the internet and values associated with it are in danger.

This is not to say that every geek and hacker supports Anonymous. In fact, many rather dislike it or its controversial tactics, such as DDoS; some hackers are resolute and unyielding in their view that DDoS is a species of censorship in itself. There are also many different ways to defend the internet, such as writing open source software or joining the Pirate Party. Anonymous is a distinct, emerging part of this diverse and burgeoning political landscape. Its real threat may lie not so much in its ability to organise cyberattacks but in the way it has become a beacon, a unified front against censorship and surveillance.

It might be best thought of as the irascible and provocative protest wing of the internet’s nascent free speech and privacy movement. Though it works to publicise specific issues at the most inconvenient time for the individual, group or company being exposed, it also brings into sharp focus an important trend, dramatising the value of privacy and anonymity in an era where both are rapidly eroding.

Anonymous, of course, champions anonymity, and this is echoed in both the iconography associated with it and its ethical codes. Seeking individual recognition and especially fame is taboo, for example; you are expected to do work for the team, not for one’s own personal benefit or status. The movement, therefore, provides a rare countermeasure in deeds, words and symbols against a world that encourages people to reveal their lives, where the internet remembers everything about us, where our histories are permanently stored in search indexes and government databases – and at a time when governments’ ability to surveil its citizens has grown exponentially thanks to low-cost, ubiquitous digital technologies and new public-private partnerships.

 

However explosive Anonymous is today, its continued presence on the world stage is certainly not guaranteed to last. It is plagued by infighting, fragmentation, as well as brand fatigue. Paranoia exploded in spring 2012 after the news broke that Hector Xavier Monsegur, known more commonly by his hacker handle ‘Sabu’, had been exposed as an FBI informant. Most troubling for its long-term survival is government crackdown: since summer 2011, over 100 alleged participants have been arrested around the globe, from Romania, Turkey, Italy, the UK, the US, Chile and Germany. But even if the loose-knit collective fades away, irreverent political protest on the internet is unlikely to end.

Since 2008, when individuals started to organise diverse collective actions under the banner of Anonymous, a living model was created, demonstrating to the world what a radical politics of dissent on the internet looks like. Even if Anonymous was to vanish, its history, exploits and propaganda material are here to stay; there will likely be others — in different forms and with distinct twists — who will take its place.

What is a little less clear is what will eventually become of freedom of expression online, given the increasing capabilities for surveillance, censorship and control all over the world. Is Anonymous merely the party at the funeral of online freedom? Or does it represent the irreverent clowns, rabble rousers, and tricksters who are keeping the reaper at bay and enabling others, from protesters on the street to elected representatives in parliament, to join the raucous political carnival and challenge threats to personal privacy and freedom?

Gabriella Coleman is Wolfe Chair in Scientific and Technological Literacy at the Department of Art History and Communication Studies at McGill University. She tweets from @BiellaColeman

This article appears in Digital Frontiers. Click here for subscription options and more