 All right, welcome everyone. My name is Sarah Watson. I'm a fellow at the Berkman Center, and I have the distinct pleasure of introducing our book launch today with Molly Satter for The Coming Swarm, her awesome new book that's coming out. So thank you all for joining today. We're going to have a kind of fireside chat discussion between Laurie Penny and Molly Satter. Molly is actually a fellow here at the Neiman Center, Neiman Foundation, excuse me. And she is also the recent author of a new book and a activist and journalist and many other things which maybe she can talk a little bit more about. And Molly is a longtime Berkman friend, fellow research assistant, all of the above and continues to be a huge part of the Berkman community. So we're really from Canada and participates in the ceiling from Canada. So really pleased to have her here at home in Berkman to launch her book. So this event, just a few housekeeping items. The event is live, sorry, not live streamed, but recorded. So anything you say will be recorded. And I would draw your attention to the Twitter hashtag Coming Swarm, right there, all over the place. And Molly and Laurie's Twitter handles are odd letters for Molly and Laurie's is Penny Red. And what else? So the format is going to be kind of fireside chat for a little bit and then questions towards the end, but there will be plenty of time questions. So, yeah, take it away. Great, fantastic. Well, thank you everybody for coming. I just wanted to say before we start, I'm really, really honored to be asked to do this intro because I've been a massive fan of Molly's for a long time. I first met her at NewsFoo in 2012 when she rescued me from a hotel room fandangle. It's a technical term. And I've been really, really excited to watch her research developing over the past year and she's super smart and amazing. And the inside jacket of her book, which is amazing and is available for purchase over there, which you can do during the talk or afterwards and then get to sign it, describes her as a rising star, which she apparently has nothing to do with, but I nonetheless think is extremely accurate. So my first question to Molly is let's pretend that none of us here know anything about what the background of this book is about. Molly, can you tell us, please, what is a didos? So how many people here have younger siblings and took road trips with their younger siblings to Disneyland? So I have a younger sibling and something that he used to do during road trips to Disney wherever was in the back and go, hey, Molly, hey, Molly, hey, Molly, hey, Molly, hey, Molly. So now imagine you're a server and your little brother is sitting in the back of your parents' van with all of his friends and they're all going, hey, Molly, hey, Molly, hey, Molly, hey, Molly for like 20 minutes. That's what a distributed denial of service action is, except it's a bunch of other servers and they're not related to you. So that's what it technically is. It's a bunch of servers pinging a targeted server, a bunch of bunch of bunch of bunch of time until the server eventually crashes and falls down. And an activist distributed denial of service is when you do this to WhiteHouse.gov. When you go to WhiteHouse.gov with all your friends at four o'clock on Wednesday and hit refresh a bunch of times in the hopes that WhiteHouse.gov will crash, which in the 90s you used to be able to do. And a couple of actions actually were like, hey, it's four o'clock on Wednesday. Everybody get on WhiteHouse.gov and hit refresh over and over and over again. But you can't do that anymore. And we'll get into reasons for that later. But that's the entertaining definition of what a distributed denial of service action is. And reading your book, I didn't actually realize that this had a long, long history as an activist tactic. I think like a lot of other people, I just assumed that this started with Anonymous just before the WikiLeaks dump in and it was all started in 2010, 2011. But it's a much, much older kind of form of action than that, isn't it? I'm wondering if you could talk a little bit about the history with the battle in Seattle and all these other activist things that people like me are like. I wish I was there. I was so young. I would make a great sea turtle. Yeah. So distributed denial of service has been around at least since the early 90s. And tactics like it, which involve lots of people trying to utilize a technical service at the same time in the hopes of crashing it, have also been around for a very long time. So there's a tactic in Quebec called red phoning, which is when you all call the same political switchboard in the hopes of making it so other people can't call that political switchboard or that event. Whenever anyone has asked you to flood your congressman with more mail than they can read, that all says the same thing. That's a type of denial of service. So that's an interesting thing to put into context. But distributed denial of service as this particular type of tactic has been around at least since the early 90s. The first one that I found was something called the strano net strike, which happened I think in 1991. Someone go through the book and figure that out and then tell me. And actually involved an Italian organization DDoSing a French government website to protest French nuclear policy. So that's interesting because it crosses national borders and we get into transnational activism and we can also talk about that. But then also there was the electronic disturbance leader, which was very active in the mid and late 90s, who were primarily concerned with pro-Zappatista actions. There was the electro hippies actions, which were in connection with the WTO battle for Seattle, which were an example of direct action DDoS. So not attention oriented DDoS, but actually we're interested in breaking up and disrupting the email server that the WTO was using during the Seattle conference. Can you draw that out a little bit? I'm interested in the distinction between attention getting and direct disruption as different forms of action. Yeah, so attention oriented activism is a really prevalent model of how we think of protest in the US right now. The sort of theory of change is you are upset about something. You hold a public event of some kind, a march or a conference or standing outside or a picket line or something and then the press covers it. And then through the press coverage, you make more people angry about the thing that's happening. And it's through this wave of attention that you get the change you want to get. So there's that. Then there's direct action, which is there's a thing that is happening that you don't like. You are going to directly interact with that process in the hopes of stopping it, changing it, slowing it down. So the environmental movement is very keen on direct action. So spiking trees to prevent logging is a piece of direct action. Say it like going after whaling ships with your own ship and like trying to drive whales out of hunting grounds is a form of direct action. And the electro hippies trying to keep the WTO from emailing itself is a form of direct action. Well, Ulrich and minehub famously said that protest is when I say I don't like a thing. And resistance is when I stop that thing from happening directly. So where would you say that DDoS actions fall on that spectrum? Well, they can be either. It really depends on what it is you're trying to say and what it is you're trying to do. A lot of them are attention oriented, like mostly because, especially the more recent ones, because it's just so easy to sort of ping the press attention to be like, I'm d-dossing this thing. And then they go, oh, really? And this has been much more prevalent over the past couple of years since Operation Payback, which is the 2010 anonymous action we were talking about earlier. And also it's harder to stop processes with volunteer DDoS now. Web infrastructure has simply, the arms race of web infrastructure has simply progressed to a point where it's very difficult for you and all of your friends to stop the WTO from emailing itself. So it's much easier to do an attention oriented DDoS than it used to be. But it has historically been used for both. So I'd really like to get into some of the more theoretical things you draw out in the book, but first, can we talk more specifically about, for example, Operation Payback, just in case there are any journalists in the room? Because I think that was the time, wasn't it, when this tactic really came to national attention. And I remember trying to educate myself back in 2010 about what the hell this was and why it was important. Because attention getting activism is only really effective if the media actually understands what's going on. So if you could tell that story, I would be really pleased, because I love it when you tell stories. Okay. So Operation Payback was in the fall, the late fall to early winter of 2010. And everybody remembers Cablegate. This is the right audience to remember WikiLeaks and Cablegate. Yes. Raise your hand. Like, don't just nod at me. Okay. You're not going to have to discipline here. Yeah. So WikiLeaks got this tranche of diplomatic cables. They released them. People got upset. And in the course of the United States government getting upset, the United States government asked nicely or demanded. It's a little unclear. Or just appealed to the patriotic interests of PayPal, Visa, MasterCard, a number of other credit card providers, in addition to the DNS provider of WikiLeaks, to stop providing services to WikiLeaks, to stop processing credit card donations, and to stop operating as their DNS host, effectively cutting off WikiLeaks' stream of donations. So making it impossible for them to really financially operate. Anonymous, who at this point was engaged in an operation, confusingly called Operation Payback, which targeted the MPAA, the RIA, and a number of other copyright organizations because of a complicated thing that may or may not have happened, in which I will not explain right now. The technical term. That's the technical term. Heard about the banking blockade. And said, my, that's terrible. That they're, these are people, we like WikiLeaks for reasons why Anonymous likes anything. And we don't like that this is happening. So we will very generously expand our target pool to the MP, from the MPAA and the RIA, to include PayPal, Visa, MasterCard, a couple of politicians, homepages, post-finance, which was a Swedish banking site, and a couple of other things that just got sort of thrown in there. And engage, and continue to engage in these large-scale DDoS actions that we've been engaged in thus far. And this was around the second week of December 2010. And this phase of Operation Payback, which is also known as Operation Avenger Sange, lasted for about a week, more or less a week, and then also sort of continued to exist in other different sub-operations and other groups which sprung out of the main Anonymous hive. Right. So what then happened to the people who were involved in that approach? Because can we talk about the PayPal 14? Yes, we can, yes, we can talk about the PayPal 14. So. Which I think by the way is a fantastic name. It is, it's great. It sounds like something out of the Wild West of the PayPal 14. It sounds really important is what it sounds like, which is great. So, when Anonymous targeted PayPal, and weirdly enough did not target their credit card processing servers, but targeted their blog, the PayPal blog. If you didn't know that PayPal had a blog, I didn't, they have a blog. I'm sure you could go there for many important pieces of information that you're desperate to know. The majority of people using that site, using, like targeting that site, used a tool called low orbit ion cannon or LOIC, and I go into a very detailed analysis of LOIC in the book, which I won't repeat now because it's long and fascinating. So you should read it. LOIC had some problems. One of LOIC's problems was it had no user end security. So when you sent a stream of bits at the targeted website, you also sent a return address, basically. And nobody knew this. It's a slight overstatement. Some people knew this and tried to tell other people in the Anonymous IRC channels about this. And you can interpret what happened next as either people didn't believe them and thought they were federal agents who were trying to disrupt the op and so banned them from the IRC channels. Or you can think that the bug was intentionally introduced into the tool and the people who kicked banned them from the IRC channel were federal agents trying to disrupt the op, whichever one makes you happier that day. I don't, it's up to you, whichever way you lean in history. But what happened was PayPal collected a list of the top 1,000 IP addresses that were sending bits and gave that list to the FBI. And the FBI arrested a bunch of people. And these are the 14 for whom the charges stuck, basically. And they went, they did not go to trial. They pled out, which is an issue we can talk about pleading out later. And actually, I think today was the last legal check-in for a lot of them. So the internet was happy about that today. And the levels of pleading, we can also talk about how that fit in with the CFAA and various reasons for that. But yeah, people got arrested because of a bug in a tool, basically. And what happened when they pled out? What they pleaded out for? Well, it was different. Some of them pled out to serve a small amount of jail time and not take a felony conviction on their record. Some of them pled out to take a felony conviction on their record but not have to serve any jail time. All of them ended up having to pay a certain amount of restitution to PayPal, which I think was around $1,600 a piece. So it was a combination of either jail time, no felony conviction and a fine or a fine no jail time and a felony conviction. And then two members of the PayPal 14 were not eligible for a plea deal because they're facing related charges in different jurisdictions. That's what happened. So who will play the PayPal 14 in the movie? Is the important question. Well, there probably won't be 14 of them. No, they'll all be played by Benedict Cumberbatch. They're all gonna be played by, they're all gonna be played by Benedict Cumberbatch's cheekbones. Which one will play a member of the PayPal 14? Or Otters. Or Otters. It'll be like that scene in the fifth estate where there's just infinite Benedict Cumberbatch. Yeah, they're all, yes, they're all hackers. Yeah, it's gonna be great. So now we get on to one of the interesting bits, which is the legal status of this kind of attack, which of course, as you explained in the book, is also practiced by states and by government again, to precisely these kind of actors. And could you explain a little bit about the legal status of this kind of action and about the CFAA because there are some people in here. Well, is there anyone in here who doesn't know what the CFAA is? Don't be shy. Okay, that's cool. Okay, okay, the CFAA is the Computer Fraud and Abuse Act and is the major piece of anti-hacking or computer crime related legislation in the U.S. It's terrible. It's like, that's about, that's all, that's my opinion of it. It's a terrible law. It's terribly written. It's terribly implemented. It allows for vast prosecutorial or variation misconduct. And one of its major problems is that it's a fraud statute. It's called the Computer Fraud and Abuse Act. It is based on fraud statutes. And this means that it gets more intense, like the sentencing recommendations get more intense. The more people are involved and, or involved like on the victim end and the higher the financial damage is. And so, as an example, if I was snidely whiplash and I was really excited about defrauding little old ladies out of their social security checks in Atlantic City and I defrauded 200 little old ladies out of their social security checks, I am really serious about being snidely whiplash. I really am very serious about like, engaging in fraud and taking people's money. And that is my life's work and I'm clearly a bad person. However, if I'm a person who's excited about anonymous and I participate in a DDoS action and we knock a website offline that impacts 200 customers that website may have been offline for five minutes. The CFAA simply does not scale based on the type of law it is to internet economies of scale, which means that it's very easy to get very high sentencing recommendations based on numbers that are actually fairly small and minor in internet terms. This is in addition to the fact that there is no recognized legal calculus for determining damages under the CFAA. I'm not saying that corporations make up the numbers out of whole cloth. I'm not not saying that corporations make up numbers out of whole cloth. There was a DDoS action in Wisconsin related to the Wisconsin gubernatorial recall that a sort of a bunch of people who were affiliated with anonymous were involved in that targeted the Koch brothers website. The Koch brothers being major conservative fundraisers and donators. And they have a corporate website apparently. I'm sure it's very fascinating. It contains much useful information. And that website went down for something like 15 minutes. One guy got arrested for it and he's a truck driver. He ended up having to pay the Koch brothers nearly $200,000 in restitution payments because the Koch brothers said that that was how much it cost them to hire a consultant to redo their web infrastructure after the DDoS action. And because of something called joint and several liability it didn't matter that more than that he was just one person who was involved in this action. He's responsible for the whole amount. That must be a fantastic website. It must be great. It opens me go to Narnia as mentioned by the Koch brothers. I don't want to ever go to Narnia. You load that website and kittens come out of your disk drive. Really tiny flat kittens. But the power differential, sorry. What we're talking about here and what you get a lot in this book is the power differential in cases like that. So can you bring that out a bit? Does it matter that it's people like truck drivers targeting people like the Koch brothers and is it always that clear? It's not always that clear. I like to tell that story in an angry voice because it's particularly egregious and illustrates very well specific problems with the law and how it's applied. But it's not always that obvious. It's not always that cut and dried DDoS is just a tactic. It's just a series of actions you can take with other people or by yourself using a botnet. So it can be used by many different actors for many different purposes. It can be used as a tool of extortion. Like, hi, I'm DDoSing Sarah's website and I won't stop until she buys me a teddy bear or gives me $2,000 or something. I could DDoS you. A $2,000 teddy bear. A teddy bear filled with money. So it can be used as a tool of extortion. It can be used as a tool of harassment and is currently being used as a tool of harassment in a online thing that I'm not going to identify but you all know what I'm talking about. It can be used as a tool of censorship and the Berkman Center actually did a really great report in 2010 about the use of DDoS by governments to silence minority media outlets. It's a great report. I highly recommend that you read it. So no, simply as there's no ethical safeguards built into the tactic. Anyone can use it for a variety of aims, some criminal and some not. So let's talk about freedom of speech. Which, ooh, that's, yes, ooh, right. So in this book you contend that DDoS actions are not just attacks on freedom of speech, they can also be speech acts themselves. And do you think there are cases where it's just straight up action of censorship or and cases where it's just a straight up action of speech? I think that when governments use DDoS to silence media outlets, that's actually like the definition of censorship. Like you don't even have to get into like, you can't say that censorship because it's not a government doing it. It's like, no, then that's a government doing it. And then it's like, yeah, actually that's, we don't even have to have that argument at censorship. There are other instances where you have a slightly more tricky power dynamic happening, there was a DDoS action in Spain that targeted a ISP called, I think it was, I don't remember what the ISP's name was, that's embarrassing. But they were hosting a BASC publication, like a BASC separatist publication. And I don't know how many of you are really familiar with the relationship between Spain and BASC separatists, but it's not great, especially at this time where there was a bunch of violence around this issue of BASC separatism. And there was a DDoS action launched against that website by people as of yet unidentified to, for them to just stop hosting this publication. And that was a demand on the part of a nameless group of people to remove content from the internet. And there's a difference in my mind, there's a difference between saying, we don't like what this content says, we want you to take it down. And eventually the ISP did take it down because it was impossible for them to run their business and it was disrupting lots of things. But they took it down under protest. There's a difference between that and saying we don't like how PayPal is no longer processing donations to WikiLeaks. So we're going to protest that by DDoSing their website. You're not objecting to content, you're objecting to the actions of a corporation and you are drawing attention to the actions of that corporation by targeting their online presence. You're not disrupting their business. They don't process credit card transactions through the PayPal blog. They're not disrupting your business. They're not even preventing them from talking to the outside world. Like they don't talk to the outside world through the PayPal company blog. They talk to the outside world through their press office and press releases and interviews and the media. And if anything, this is drawing attention to the media presence of PayPal because they're suddenly going to get 300 journalists calling them being like, what do you think of this DDoS that's happening to you and how does this reflect on your WikiLeaks policy? Like so that is not censorship. That might be other things that we can talk about but it's certainly not censorship. So what makes the difference in terms of a legitimate act of free speech? Is it just the power differential or is it something else? I think the power differential is really important. It's very different when someone who's not a corporation tries to have an impact on a corporation because that's really hard for like John Q. Public to do. And so the power differential matters whether or not you're trying to remove speech explicitly as your goal matters. Because if you're trying to silence something, that's obviously a massive ethical and free speech issue but if you're doing this as an indirect thing to draw attention to or to disrupt a process then that's a different question. So besides whether disrupting this is a- Can we do questions later? We're gonna do questions later. No, actually we're not. We don't- Am I disrupting? Yes, we're sorry. I can see speech. I'm just trying to call attention to the better question that you spoke. That's cool. And you can- Mr. House, we'll have it in the- Decide whether it is disrupting a process. Excuse me, you are disrupting this process. All right, I'm done. The consensus can continue. That was super important. I'm so glad you did that. Okay, so this would be a good time to talk about democracy on the internet. Yay! Now that this little bit of disruption has been. So in this book you wrestle with the question of comparing online activism to previous instances of civil disobedience and civil disruption. And one of the things you bring up is that DDoS is often compared to, for example, a sit-in which in the US has a particular association with the civil rights movement. I was wondering if you could talk about that some more. Yeah, so the sit-in metaphor actually comes from early DDoS practitioners like the Electronic Disturbance Theater who were primarily interested in drawing this one-to-one comparison between street activism and online activism. The EDT was actually primarily made up of people who had been previously engaged in street activism. And in the book I call them digitally enabled activists to differentiate them from hacktivists who were people who were primarily engaged in computer networks and then moved to a political use of those networks as a secondary step. So digitally enabled activists come from this tradition of street actions and street activism and one person, one voice kind of economics. And so they were very interested in making what they were doing online relevant in the vocabulary of street activism. So instead of saying like this is a new crazy thing that we're doing online and it just exists online and it has very specific impacts that particularly involve computers and networks, they said no, no, no, this is like a sit-in. And then all of their friends were like, oh, I get that. That's vocabulary, I know, I understand that now. This, while it served its purpose as a metaphor at the time, this is a very problematic metaphor. So for one, it invites a comparison to the civil rights movement and not just a comparison to the historic civil rights movement but the narrative of the civil rights movement that we have. So the cleaned up, narrativized, historicized and in many cases romanticized narrative of how the American civil rights struggle went down. And this is unfair to a growing, burgeoning, evolving body of tactics because it's demanding that they live up to a perfection that we have retroactively applied to historic activism and which arguably wasn't there at the time. So that's my first problem with the sit-in metaphor. My second problem with the sit-in metaphor is it's simply inaccurate. A sit-in is primarily constructed to illustrate what is actually a denial of service on the other end. You say I will sit at this lunch counter until you serve me lunch and the denial of that service is actually the illustrative part of that sit-in at least in that historical context. And for those reasons, DDoS is far more similar to a blockade or an occupation because you're not illustrating how you're being denied something. You are in fact creating the obstruction yourself. So the sit-in metaphor both creates awkward and unnecessary historical comparisons and also just illustrates the mechanism incorrectly. But so, Molly, right. But say I'm very angry about a thing on the internet, which of course I never am. Because the internet's great. The internet's fantastic. I have no issues with the internet today. But say that I did. Why would I choose to use a tactic like this? Why would, I mean, because it's criminal, surely it's really bad. I mean, surely I could just sign a petition or send an email to my MP as it would be for me. You know, why would I do something like this? What's the value of it? Yeah, so the value of both this tactic and of disruptive tactics overall is that they don't rely on your faith that the system will respond to you in good faith. So if you are an activist and you believe that the late-stage capitalistic, like Republican Democratic model that we have going now works and that if you write enough emails to your senator, you can get your legislative agenda paid attention to, you're gonna do that because it's socially respected. Maybe the senator will invite you to have coffee. Maybe you're into that. I don't know. And it's easier. It's just so much easier to go through the recognized channels of our current Democratic process. However, if you don't believe that the system will respond to you in good faith, and in many cases, people have very good reasons for not thinking that the system will respond to them in good faith, those avenues are effectively closed to you because you will be ignored because you're not using the right language, your issue doesn't rank, it's not important, it's not gonna get responded to in time for many reasons. And so moving to a disruptive tactic like DDoS, like an occupation, like a strike, like monkey wrenching is the best option available to disrupt the status quo to the point where what you want paid attention to will get paid attention to. Because most, a lot of people simply cannot rely on people taking their concerns seriously enough. There is a really great article floating around today about like the disruptive tactics of suffragettes before women got the vote. And it's very hard for us now to be like to sort of look at those actions with the eyes of what was the dominant public at the time and who must have said, these women are insane. They're starving themselves in jail, they're throwing themselves in front of racing horses, trying to tie flags to the winner of the Kentucky Derby. They're chaining themselves to the front gate of the White House, why can't they just write to their senator? Because their senator doesn't think women are people. Because their senator doesn't think that women are people. It's a really interesting comparison because back in the day, the suffragettes were really were seen as crazy terrorists and people doing things that weren't even properly understood by the mainstream public. And that kind of action was, I mean, Emily, sorry, Emily and Pankhurst said that in a society that values property above everything else, the destruction of property is the only way to get the attention of people who care about that most. And that's a really interesting point about DDoS is that DDoS, I think, really brings into focus this conflict between free speech and property rights. And it's often not about the destruction of property, but it's about the sort of the interruption of someone's use of their property. The interruption of capital. It's the interruption of capital flow, it's the interruption of the use of property. And that conflict, I find very fascinating as something I generally, I'm very interested and I focus on a lot, but it's so I'm not, clearly I'm not saying that everyone who uses DDoS as a tactic of political disruption is a suffragette, but it's worth noting that people use disruptive tactics for a reason. And it's because it's often the only way to get on the agenda. So, what I find most fascinating about this book, actually I find a lot of things fascinating about this book, but it's the way you draw those issues out of this particular tactic you've focused on. One of the most exciting things you say in the book is that there is no public space on the internet. So, how are we to create a notion of the public and of civics on the internet? And I can't, I don't think you get the conclusion here, but do you have any ideas? About how we can make public space on the internet. About how we respond in as a public online when there is no public space on the internet effectively. Like this is the interesting thing is that people have been trying to make public online spaces through municipal Wi-Fi, ad hoc mesh networking. And what you have is a concerted, concentrated, and tireless effort on the part of telecoms and the federal government to disrupt those efforts. To like, in many jurisdictions now, it's actually illegal to have municipal Wi-Fi, like not even just like maybe we don't wanna have it and we decided that as a community, but it's actually illegal to roll out municipal Wi-Fi in many jurisdictions in this country, which is ridiculous. It's just, there's no reason for it except for the fact that it abridges the telecom's ability to maintain monopoly or duopoly status in all of these communities. So, there are attempts to make public space online for a number of reasons, most of which aren't sort of directly related to the free speech issues I bring up in the book, but are certainly, it wouldn't hurt. And they're just systematically being cut off at the knees. And it's shocking that we're letting that happen. So, it could get better, but it's not. I have so many more questions I wanna ask you, but I really wanna bring us into an open Q&A session soon. But, so, one of the things I really wanted to ask is why you chose to position this book as a less purely academic book? Well, look, it's got a really cool cover. It does have an awesome cover. It's a really awesome cover. The cover's amazing. You probably can't see it from there, but it's really really cool. But if you buy it, you can look at it as much as you want. You can, yeah. You can sit there with it just looking. The space invaders are shiny. Got space invaders on it. So, I wanted this to be more than just an academic book for a couple of reasons. One of which is that I think this is important. I think this isn't, I wouldn't have spent four years of my life writing this book during my first year of PhD coursework. That was a bad plan. If I didn't think that this was important, I think that these are questions that people aren't asking or they're not asking them in the right ways. I think this is relevant both to activists, academics, people who spend too much time on the internet, people who care about the internet as a zone of speech and democracy. And I knew that writing it in just an academic style wasn't going to get to those people. Also writing it in an academic style is deeply boring. If I had done that for 180 pages, I wouldn't have finished the book. So it was primarily to appeal to a wider audience and to entertain me while I typed. All right, so what is the end game of this kind of action? Because one thing you say towards the end of the book is that this specific action, DDoS actions are time limited because of the arms race of capabilities. But it's really interesting to me that there are things you can draw out of this which are applicable to internet activism and to online democracy in general. So what's the end game? Where is this going to go? Well, I think that DDoS in and of itself as it exists as a disruptive tactic is going to stay a fringe tactic because it is incredibly legally risky. And it's also a little scary because many people who are not already sort of on the political fringe are not going to just jump to it or don't see themselves as being on the political fringe or not going to jump to it. But I think the issues around DDoS are issues around disruptive online activism and online civil disobedience in general. So that was one thing I was trying to do with the book was extrapolate these points and try to apply them outside of this very specific and in many ways narrow tactic. So even though I think that DDoS itself is going to stay fringe and possibly sort of decline in popularity as a political tactic, I think that it's still highly valuable as a very low bar to entry for disruptive and civil disobedience tactics online. So there's in activism, you talk about a thing called the ladder of engagement where you get someone to step on the first rung of the ladder of engagement and that's usually by signing a petition or sending a donation when the Sierra Club sends you that cute little book of address labels with puppies on them. And as soon as you step on that ladder, you can keep going up. You sign the petition and then you go to a lecture and then you go to a march and then maybe you volunteer at an event and then maybe you go to a bigger march that's further away from your house and then maybe you start volunteering more and this is how we conceive of how people get involved in these causes. You don't just sort of jump into really serious activism from the get-go. You have to be brought into the organization or the culture or just the awareness that you can be political in that way. And what DDoS does is it opens that door to online civil disobedient action at a very low level of commitment at technological knowledge. And so in that way it's very useful. But as you've already said, some of the penalties for doing this kind of action are incredibly risky one might if one was on objective say disproportionate. Do you see this as a trend that is gonna continue in the next few years? Because I mean, I come from a background of reporting mainly on sort of what one might if one was a digital dualist called real world protest. And I'm seeing a very similar thing happen in that realm where people, I mean certainly where I'm from in the UK, people are being locked up for extended periods of time just for participating in, for example, a sitting. So what is it about this particular kind of action at this particular time that scares the government and that scares corporation? What do you think? So the thing that I think scares the government about disruptive online activism is that it is a direct threat to the government monopoly of force online which they are trying to expand in order to declare the online space as a war fighting zone which has extreme implications for what type of surveillance and intervention is allowed in civilian areas online. Boom. Okay, questions. Thank you. Thank you so much. So everyone please wait for the mic if you have a chance. Yeah, I'm actually quite blind because I'm getting hands up that I'm brilliant. This guy here was first. Skyler, yeah. All right, you were talking about not believing that the system will respond in good faith and therefore you move on to disruptive action immediately. So. Or eventually. So eventually is the point of my question. One of the big areas of work that I've done is in responsible disclosure of security vulnerabilities where engagement in the normal ways is an important first step if for nothing else so that you can tell a more compelling story later when you have to move to full disclosure is that are there people consciously thinking about that and knowing I'm going to disruption but I'm going to set myself up to tell the more appropriate story on the line? I think there are. This is something that activists deal with a lot. So one example of this that's not online is in the great variety of anti-Iraq war protests that have existed. There was one in San Francisco that a friend of mine was involved with that involved setting up a type of disruption that involved sitting in the middle of the road holding hands with a bunch of other people in handcuffs inside PVC pipes. This is makes it really hard to move you out of the road to like separate you from all these other people and they had a discussion before that action where they said, what happens if an ambulance comes? When do we get up? Like if an ambulance comes, do we move? Do we not move? If what if it's a school bus? What if it's a pregnant woman who's going into labor? And so people have these conversations about what disruption means and what is going to happen. So and what levels of disruption are acceptable? I'm not saying that anonymous did this. I'm not saying that anonymous didn't do this. I don't know but there is a very long established tradition in activist circles that you take account of the harm you're going to be doing. And part of that is establishing this backstory of, well, we wrote PayPal a really nice letter. We wrote PayPal a slightly meaner letter. But also I feel like in many ways there are certain activist populations that they've reached a point of frustration with that. And so like let's take ACT UP as an example. ACT UP was the organization that was primarily responsible for agitating the federal government to improve AIDS research in the 80s. It was ACT UP fight back fight AIDS. They engaged in scientific research. They engaged in sit-ins and occupations of the Food and Drug Administration of individual pharmaceutical companies. They were a very disruptive organization and in many ways that they had been engaged in this fight for a very long time and you get to a point where there is so much damage happening to your community that there is nothing else to do but cause disruption on a massive scale as big as you can make it. And so that's why disruption is appealing because when you've reached the point where it's like, no, you don't understand people are dying, thousands of people are dying and you're doing nothing. You're not gonna write letters about that. Like so there are responsibilities that come with disruption but at a certain point those become moot I think. And a good example of this is also the extreme environmental movement. If you believe that the destruction of this piece of property is going to destroy irreparably huge amounts of our planet. Yeah, you spike trees. Yeah, you blow up sections of the tar sands pipeline. That sort of depends on what hurts your heart more. I have a question. Go on. Sorry, did I make that cigarette? Come on, Ma, that's a question. Let's lighten the tone a bit. The internet is fun. I've got a question. There's one at the back. Oh, that's right. Yes, Sarah's in the back. Yes, you. I've got the mic. So I am hearing a lot of like you're talking about law and you're talking about kind of political theory and ostensibly maybe kind of spending time in IRC channels. So I'm curious how you did some of the research for the book and kind of what your methods are for this academic audience. So if you read the book, you'll notice that I don't have any interviews in it. I don't interview activists. And I did that because DDoS is a felony and I was really excited about not having my notes subpoenaed by the Justice Department. And I was interested in not having people incriminate themselves in the course of me asking them, so like how does a DDoS action get planned? Because that's bad academic ethics to me. However, I am extraordinarily fortunate that Gabrielle Coleman is my advisor, who's done a lot of work with Anonymous. So she was able to help me out with some of the stuff about how these actions got planned inside the channels. I did a lot of press analysis. There's a big section on the press and how the press covers these actions. I did a lot of analysis of tools themselves, so FloodNet and Loik. And that's a lot of me doing the thing that I love best, which is sitting in a dark corner of my room with my laptop and a pile of paper and underlining things and circling them and writing little explanation points all in a row. And I'm a media theorist sort of at heart. So that was primarily the research methodology is using media theory and social movements theory to look at this new phenomenon, which I had a sneaking suspicion wasn't that new. Unfortunately, I was right. Otherwise, that would have been a lot of work that was wasted. I've been over here. Thank you, this is great. Did you look at international comparisons at all, both Canada and maybe perhaps on the more open side of Western Europe or perhaps not, and also Asia at least? I looked primarily in Western Europe and the United States. I tried to learn Mandarin to look at China and that was a mistake that lasted for a year. I was restricted by what languages I could speak and what primary documents I could read fortunately or perhaps awkwardly, the Electronic Disturbance Theater is a primary mover behind a lot of the actions that happened in the 90s in the early 2000s. So they had their own archive of material online that I was able to access. And most of that was in English. The German actions had very good English translations available, but I was simply unable to process material from the Syria Free Army. I just simply, I don't speak that language. So yeah, it's scoped in that way. And I focused primarily on American legal regimes because for better or for worse, maybe mostly for worse, the American legal doctrine about the internet is dominant. And so while I could have taken the time to sort of read, I'd read a lot of treaties and I read a lot of sort of international lawmaking in that way, but it's primarily based on American jurisprudence. Just got back. Hi. In the US, do you think that this is a naive, kind of white middle-class strategy? I mean, because- No, that's a great question. When Ms. Penny referred to Ulrich Meinhof as the better Meinhof gang or one of the Panker sisters in the supper jet movement, these folks knew they were fighting capitalism. They were fighting these big systems and that they're probably gonna get their asses kicked. And they did, right? One to one degree or another. So you've got people sitting in various basements and this and that. You know in all certain basements, some of them are very sunny. No, no, I understand the question. So I think that this is an excellent point. And to a certain extent, you are grotesquely limiting your activist pool by saying you have to own a computer, having always on internet connection be able to install things on that computer, know how to install things on that computer and also care about the banking blockade of WikiLeaks. This is a very white middle-class esoteric set of both needs and concerns that you must adhere to, to be involved in operation payback, for example. There's another example. When the EDT was first rolling out their Zapatista actions, Floodnet was a web-based tool and it was all scheduled actions because it was in the age of dial-up. So it was like show up at noon Eastern Standard Time and go to this website and hit this button. But the website was constructed as a drop-down menu that said, pick the institution of Mexican neoliberalism of your choice. Which, unless you already know what those words mean and what they mean together, there's not a lot of education happening in that interface. So we're already limiting our pool by doing that. So, yes, this is a very elitist tool when used online, but also like most online tools of democracy are going to be elitist in that way because you're already just talking about people with access to the internet. Do I hope that one day everyone will be able to participate in these types of actions online or sort of the actions that they feel are most applicable to their needs at that time? Yes, but clearly there's a lot of stuff that has to happen before then. Petey? Thank you, Molly. No, kind of a building off that point of making the case and education outside of people who are kind of like already in the movement, are already committing disruptive actions. And one of the things that is the definition of a disruptive action is that it's outside the rules of the game, but there are different rules of rules that have more or less tolerance for playing outside the rules of the game. It's different forms of radical or liberal or conservative kind of along this different spectrum. I was really interested earlier when there was a disruption at this event and there's a lot of people who are very upset about it and your response was, I'm so glad that you did that. And I'd be interested in hearing you talk a little bit about why maybe that specific thing was your response and in terms of the book, how you make the cases. I know you've often had to make it to people who basically say, no, these types of disruptive actions are unacceptable, but if anything, you've done to persuade them that no, even though these are outside the rules of the game, they should be considered within a larger set of rules, or if that's not a case that you feel you're interested in making. So one of my favorite bloggers slash academics slash people is a woman named Tressy McMillan Cotton, who you may have seen give a talk at Berkman a couple months ago. And she wrote something on her blog once, which is actually, I quote it in the book and at the head of one of the chapters. And she says, in a democracy, everyone should be equally uncomfortable, which I love as something that turns sort of the general, the generic wisdom of what a democratic society is supposed to do on its head. Sort of, I think there's a passive understanding that when you live in a democracy, the goal of the democracy is to make everybody as comfortable as possible, so long as their comfort levels adhere to what makes the mainstream comfortable. So it's a very utilitarian view of what the government is supposed to be doing. And Tressy's take is that actually, and how I interpret Tressy's take is like, actually no, this democracy is about distributing discomfort, so that everyone takes on their share but no more than their share. And so disruptive activism is a way of, when someone is so outside the avenues of power that they can't get meaningful access in a timely way, and they need to have their opinion heard or their views heard, they disrupt the normal flow of things so that they can be heard. And when you're trying to get to work and there's someone with a sign blocking your car, that's really annoying. It's like, why is your opinion more important than my need to get to work and earn a living and feed my family? It's like, well, next week or next year or in 50 years, you might have something that you have to say that is really important and that no one is listening to you. And so you might have to stand in front of someone's car to make sure that your opinion is heard in a democracy. And we trade off on that. We say, like, you're angry today about this thing, so you get to stand in the corner, like stand on the street corner and shout, and then next week when I'm angry about something, I'll stand on the street corner and shout, and everyone is keeping the speaker's corner warm for each other in that kind of way. So my view of the necessity of disruption is that one day you will want that. One day you will need that. And in a democracy, we respect each other's ability to interact with the systems in the way that we can. Also, if no one keeps the system off balance, it gets too entrenched. Like if you leave a car in a driveway for 20 years, it's gonna sink into the gravel and it's gonna be really hard to move. So you have to constantly sort of go out there and try to push it over and let it resettle, but never let it get too far down into the dirt. Yay. There's a guy right there. So that's a super interesting question because it asks what we mean by violence. And that's a very personal question and it also is very contextual on what the action was. So I think that an action that exists to silence somebody or silence an organization is inherently violent. I think that an action that exists to enable people to take a stand against a multinational corporation is not violent. That is based in my theory of like what I think of the personhood of corporations and how much I value their right to make a profit. So it depends that that's a very, but that's sort of a deeply politically philosophical question depending on what you think violence is. What's the question here? There's a good question right there. Hello. Hi. So two quick things. Number one, I really like how you use the term DDOS action instead of the more canonical DDOS attack. I have like a little paragraph about that in the book. I haven't read the book yet. I bought it, but when I bought it, it hadn't come out yet. Yeah. It really came out and then I don't know. I'm sure it'll get there eventually. I'm sure it's good. I'll read it probably next to me. The second thing that was to comment, the second thing is early on in the presentation, you mentioned that you kind of mentioned like a bug in the low orbit ion cannon thing as being like revealing who you are. But in a way that bug is sort of more like just how it works in that can't really effectively do. This isn't a correction, so just to set up. No, no, no, yeah. It's not really a bug. It's sort of like a product bug in that like people don't know about it. That's like a product bug. It's not really a technical bug because if you tried the DDOS to a proxy, you would just DDOS the proxy itself. And yeah, and there were lots of people running around going like don't DDOS through TOR, you're just DDoSing TOR. So it wasn't really, saying it's a bug in the program is a sort of a misnomer, but it's a bug in the practice because people weren't told like there are ways to mask your IP that aren't going through a proxy. And there wasn't the training within the group of this was what you should be doing. So that's an ethical lapse on the part of the organizers. Yeah. But that's more of a setup for my real question, which is like despite the disproportionate punishments, do you think that perhaps like the lack of on a minute like an anonymous Ness, what's the word, anonymous? An anonymity. And the lack of that is actually kind of like a core feature of volunteer DDOS is activism since like civil disobedience itself is rarely anonymous. So I think that there are a couple of assumptions built into your question. One is that civil disobedience is rarely anonymous. The modern conception of civil disobedience is rarely anonymous. And again, this has a lot to do with the civil rights movement. This has a lot to do with Martin Luther King Jr.'s philosophy of how civil disobedience functioned, which was you go out and you let them abuse your body as a person that they can see. And by seeing you as a person, you gain support and sympathy from the dominant people in the power structure. And then that helps you get what you want. And far be it from me to say there's a problem with that, but that's where that comes from. There have been civil disobedient actions in the past that were anonymous. Many of these come from Soviet regimes where that was necessary and where that was considered to be a necessary part of that society and that type of dissent. We were talking about seeing like a state before, which is by a wonderful academic named James Scott. And he has a book about what he calls the weapons of the weak, which is people like peasants who don't have any power in their societies and how they enact resistance. And a lot of those are through either anonymous or pseudonymous or simply more just covert routes. I find it annoying that the message we hear from politicians, from CEOs of corporations, is that if you are not named in your struggle against whatever it is they're doing, then your struggle is illegitimate. Because it's basically saying I'm already in charge, but unless you let me be more in charge by mortifying your body or taking your money or putting you in jail, you are illegitimate. I find that disingenuous. And I find it to be an abuse of power. And I find it sad that people have bought into it as the one marker of political legitimacy is attaching your name to things. Because I don't think that's necessary. We've got time for a couple more questions. Veronica. Hi. Okay, so this is, my question is predicated on the notion that this isn't going to keep working. Yeah. You know, a bunch of nice kind people sitting at their browser and they reload is not going to bring down a big corporate website anymore. A huge botnet, well, maybe. But a huge botnet is its own hierarchy run by very unsavory people quite normally. I mean, Anonymous has its own enormous accountability problems now. So if you're actually interested in ethical protests on the online, I mean, what are the avenues that are open in the future? Oh, that's interesting. So, yeah, botnets, volunteer botnets which have existed and have been utilized in the past try to deal with the ethical problem of using a botnet. Because people's schedules just don't allow for them to sit in front of their computer all day and hit refresh on PayPal's blog. But the hive mind mode on Loic lets them say, like, I'm giving my resources to this action that operates in this way and I'm trusting the organizers that they'll use my resources appropriately. So that puts in an ethical responsibility on those organizers. But there's a substantial amount of evidence that Anonymous used illicit botnets. These botnets made up of compromised computers to bring down these websites. And obviously it's a huge ethical problem to use someone's resources in the support of a political cause that they are not consenting to. That has problems, yo. So what are the avenues for ethical activism online? Ethics is always this range. It's like a Kinsey scale of ethics. No one is ever perfectly ethical or perfectly not ethical. Neutral good, neutral pay off. Yeah. And so say whistleblowing. Whistleblowing is not perfectly ethical. You are undertaking certain ethical breaches. You're probably breaching a contract. You're breaching an agreement you had with people. You're probably causing a lot of damage if you engage in whistleblowing. But people generally consider that to be an ethical form of conflict broadly. Information exfiltration is one step closer to the non-ethical side of the ethics Kinsey scale. But also is considered to be probably okay depending on what information it is and what use you're putting it to. So alternative infrastructure construction. So the construction of networks and services that enable us to opt out of the surveillance state online puts on you all of the ethical responsibilities of running those services and systems. But maybe more ethical, broadly speaking, than directly attacking the systems that are already around, even though I think that they might be considered to be economically attacking the systems that are already around. And the US government really likes criminalizing economic harm, so that's a really interesting question. And I think it's very open. We've got time for just one more, I think. Over here. Thanks. Yeah, this is sort of a follow up to that question, which I thought was a good one. Like, where's this ethical line when it comes to the question of censorship? So you mentioned that PayPal anonymous just took down the blog, so it wasn't a big deal. They had a whole PR arm. Doesn't really matter. It was pretty sort of ineffectual in that sense. But if they had the ability to take down the site, would that have been censorship? I don't think that would have been censorship because you're not stopping PayPal from speaking. That would have been online censorship? That's not a meaningful distinction. So, what do you mean? I mean, it's either censorship or it's not censorship. It doesn't matter if it's just online or not. This is not a law of the horse question. So, wait, so are you saying that, like, if the Iranian government shuts down a website of a movement? Then that's censorship, but it's not online censorship. But it doesn't stop them from speaking. That's a government taking action against content, that censorship. Taking action against content is censorship. Preventing a business from doing business is not censorship. It might be something else, but it's not censorship. Okay, so would you say, like, let's say anonymous takes down, like, a news site or something like that? Would you consider that censorship? I think that's a different kind of question. Right, yeah. And it depends on what kind of site it was, what their motivations were taking it down were, what the power relationship is between the activists and the site in question, how confident their IT staff is, and how quickly it gets back online. So you're saying, like, censorship depends on whether or not, like, let's say the IT staff is competent at this. I think a definition of censorship depends on the power differential between the players at hand. It depends on how robust the target is to this influx. It depends on what the actual impact is. So if you're actually stopping speech or not actually stopping speech. Like, there are lots of questions that go into this. Even before we get into me quibbling about whether a government has to be involved for it to be censorship, which trust me, I can quibble about that for a while. Yeah, no, I mean, I generally agree with you. Like, I think there is a distinction between what the Iranian government does and what you see with PayPal and what you saw with anonymous in that sense. But I do think there's like, seems like there's quite a tension, right? So you're saying that if it's ineffectual, like if this action is ineffectual, then it's not necessarily censorship. But if it actually does have an effect, then it is censorship. So then what would be the point of doing the action if it doesn't have an effect, right? Because there are lots of reasons to do an action like this. It's not just whether or not something becomes unavailable. Like as we've been saying, it's really hard to make major content unavailable. It's really hard to take down a large corporate website. So instead, there are other things that activists go for to call themselves successful. Attention, like just, you don't need to bring a site down for the press to cover it as an event. So attention is one of them. Getting people to know about your organization is another thing. Getting people to just know and understand what the words are that you're using or to recognize you as an identity is another thing. It's not just about whether or not I can access a website on a given day that determines whether or not the action was successful or not. Okay. Can we really agree? I agree, agree to disagree, I guess. Great. Thank you, everybody. Thank you so much. Everyone clap. Thank you, yes. Come on.