Molly Sauter’s quest to make political DDoS legitimate
In 'The Coming Swarm,' Sauter argues that denial of service should be no more controversial than sit-ins.
This is an excerpt of a story from Passcode, the Monitor's forthcoming section on security and privacy. Read the full article here.
When digital agitators intentionally overload an opponent's website with a distributed denial of service attack, or DDoS, it’s a crime with sentences akin to manslaughter. To Molly Sauter, the punishment doesn’t fit the crime. In her new book, “The Coming Swarm,” Sauter explores the case of 14 members of Anonymous who shut down PayPal’s blog to protest the company cutting ties with WikiLeaks. They each faced up to 15 years in prison and $500,000 fines. Had they formed a human chain to shut down PayPal’s headquarters instead, the maximum penalty would have been six months in jail and a $1,000 fine for trespassing.
Sauter argues that political DDoS should be treated as a legitimate form of protest and not result in felony convictions. Passcode spoke with her about the ethics, limits, and philosophies of DDoS as activism.
Edited excerpts follow.
Passcode: DDoS attacks can be destructive, knocking sites offline for extended periods of time and causing tens of thousands of dollars in damage. When you say DDoS is a legitimate form of protest, does that mean you’re giving protesters free reign to do substantial damage?
MS: There should be a legal, social, and cultural recognition that this can be a valid form of political activism. Disruptive activism — not just DDoS attacks, but real life activism, too — becomes a necessary part of a healthy democracy when it’s used by people who have no other way to make their points heard, people who have been systematically denied what we would consider mainstream political participation. And that the legal, social, and cultural political costs of this tactic should be made much more equivalent to standard penalties for participating in disruptive activism offline, which are things like getting charged with trespassing or disturbing the peace. Or often getting arrested and released not getting charged with anything.
My idea is that these penalties that are attached to computer-based disruptive activism, including DDoS, have a chilling effect on speech and political action, because they’re so extreme. And this is preventing people from participating in certain zones of activism that might be most appealing. If you’re fighting an online event, doing your protest where that structure of power is could be the most effective way to express those views.
Passcode: So, when the “event” is PayPal cutting ties with WikiLeaks, the “structure of power” protesters might find most appealing is website everyone thinks of and engages with as PayPal rather than the corporate headquarters?
MS: Exactly. And this — this point has been made in offline activism as well. There’ve been a couple of attempts to only allow protests at the national Democratic and Republican conventions in free speech zones that are usually hundreds of yards away from where the convention is happening. And the attempts to establish a political free speech zone far from the convention itself was overturned by [the Massachusetts] Supreme Court, which said that this is actively interfering with the free speech right of protesters, for whom it was invaluable.
Passcode: A major difference between accepted offline protests and using a denial of service is that people who sit-in are physically present and put themselves in jeopardy. The most prominent use of DDoS was carried out by a group literally called Anonymous. Does anonymity matter?
MS: I don’t think anonymity is a bad thing. It’s disingenuous on the part of people in power to demand that people who are not in power put themselves in jeopardy in order to participate in an action. What you’re doing is restricting the core people who can participate in this type of activism to people who have nothing to lose. If you’re a single parent with two jobs, two kids, and you’re also taking night classes, you have a lot to lose. What I would prefer is to open up the pool of participation as wide as possible, to as many people as possible. By saying that there should be a cost for the expression of dissent, you’re taking so many people out of the equation of politics in this country.
[Editor's note: Due to an error in transcription, the original version of this interview mistakingly used the word "destructive" when it should have used "disruptive." Ms. Sauter characterized DDoS attacks as disruptive actions, not destructive. This is an excerpt of a story from Passcode. The full interview is here.]