Talking LulzSec and hacktivism on Triple J’s “Hack”

Triple J logoOn Tuesday, Triple J’s current affairs program Hack decided to take a look at hacktivism more generally in the wake of Matthew Flannery’s arrest — and boy was it a shemozzle!

I was interviewed for half an hour or more. Also interviewed were independent journalist and “chaos magnet” Asher Wolf, and Nigel Phair from the Centre for Internet Safety. Snippets of all that were used in the package that introduced the live studio debate. Fairly standard stuff. But…

When I listened to the program go to air, I was frustrated. Very frustrated. The discussion didn’t really go beyond “Is hacktivism good or what? Yep it is!” “No it’s not.” “Oh it is!” And with the benefit of hindsight, I think that’s because the discusion was framed the wrong way.

“Do you think that some targets are legitimate? Are groups like Anonymous a force for good? Or do you reckon that it’s a slippery slope to say that one kind of hacking is acceptable, but others are cyberterrorism?” asked presenter Sophie McNeill as she introduced the segment. Those positioning questions were repeated several times, and they kinda miss the point.

This framing pre-supposes that there’s a single, clearly-identifiable activity that we can point to and call “hacktivism”. It positions hacktivism as a neutral tool, and whether it’s legitimate to use this tool or not depends on the legitimacy of the target as an object to attack.

I guess that in this framing, hacktivism is like a baseball bat. It’s OK to hit baseballs with it, but not the fragile skulls of newborn infants. But it’s not.

Hacktivism is just the application of hacker techniques to political activism and, as the Wikipedia article points out, it covers a lot of territory.

There’s using “neat hacks” like encryption and tools to preserve anonymity to help protect the organisers of the activism. There’s the provision of alternative internet access when the government cuts off the official methods, as happened in Egypt. There’s the mirroring of otherwise censored websites to protect free speech, or setting up parody sites to mock the opponents, or spreading disinformation.

Then there’s denial of service (DoS) attacks to disrupt the opponents’ communications. And, yes, there’s the break-and-enter kind of hacking, the results of which can range from relatively harmless website defacements to the theft and “liberation” of large slabs of information — which can of course make collateral-damage victims of any individuals caught up in that process.

There’s a spectrum of behaviour there, from straightforward and long-established ways of supporting freedom of speech to edgier activities that in any other context would simply be labelled vandalism, criminal damage or worse.

If you lump all that together as a single activity, “hacktivism”, and then ask whether it’s legitimate to direct that activity in support of a particular political objective, well, the answer will depend on whether you agree with that objective or not.

“Stilgherrian says there’s a few examples where hacktivism has been really legit, like during the Arab Spring,” said journalist Julia Holman. Sure — apart from the phrase “really legit” — but not because having a disagreeable government justifies vandalism.

The hackerish acts I meant were those directed to keeping the communications channels open and organising a fairly traditional street uprising. The rest of the planet has agreed that freedom of speech is pretty fundamental stuff. They also seemed to agree that this conflict had turned hot. People were being killed, and when that starts happening it’s gloves-off all round.

I’ve included the audio of the entire discussion here, so you can listen for yourself. I’d be interested to know what you think, and whether this discussion frustrates you as much as it frustrated me.

A shout-out to Paris

First, though, I must give a special shout-out to Paris, whose hilariously out of touch comment was read on air: “This is the only form of activism our generation has… Our petitions are ignored. Anonymous is able to do justice to people who have lost a voice.”

No, Paris, all the traditional methods of political lobbying and activism still work just fine — well, in their creaky, democratic way.

It was good ol’ political lobbying of the government, and associated PR efforts in the media, that brought the controversial mandatory data retention proposals to a halt in this election year, not the vandalism of completely unrelated Queensland government websites. It was Senator Scott Ludlam asking intelligent questions of the Attorney-General’s Department in parliamentary committees, not stupidly confusing the Defence Signals Directorate (DSD) with the Queensland Department of State Development (DSD).

The trick, Paris, is to put down the hacker DoS hammer every now and then, because not everything is a nail. Choose one of the other, more appropriate, tools of democracy from the shelf when circumstances require.

Play

Note: Dr Suelette Dreyfus from the University of Melbourne, a long-time observer of hacktivism, provided a significantly narrower definition of hacktivism in the program: “Hacking, in the terminology that is used in everyday reporting, which is not necessarily what the original term was, is about unauthorised access to computers and computer systems. Hacktivism is really about engaging in that, but with a political or social message.”

The audio is of course ©2013 Australian Broadcasting Corporation. I’ve extracted the hacktivism segment to present here, but you can go to the ABC website for the full 30-minute episode (MP3).

Mark Newton on Telstra’s P2P DPI plans

Crikey logoMy Crikey story today on Telstra’s plan to trial the “shaping” of peer-to-peer internet traffic includes quotes from network engineer Mark Newton — but he said so many interesting things I though you should see his entire email.

Mark Newton writes:

From Telstra’s point of view, it’s a good thing: ISPs are a bit like electrical networks, in that they need to provision capacity for peak even though peak is only ever used for an hour or two per day (or, under adversity, a day or two per year: consider capacity planning for the ABC’s ISPs during flood events, or CNN on Sep 11 2001).

P2P users push the peak up, so in electrical network terms that’s like servicing a bunch of customers who leave their air conditioners on all the time.

Anything a telco can do to “squash” the peak is going to have an immediate impact on their bottom line.

If, by side effect, it inspires a bunch of the heaviest-using customers to migrate to other ISPs, that’ll reduce the profitability of those other ISPs and improve Telstra’s margins, so that’s a net positive. Why “fire” your worst customers when you can convince them to resign?

From a user’s point of view it’s more dismal, and the impact will depend on how Telstra uses their systems.

Continue reading “Mark Newton on Telstra’s P2P DPI plans”

ASIO’s got it easy, says terrorism expert

“ASIO don’t seem to realise how privileged they are compared to intel orgs in other Western democracies,” tweeted terrorism researcher Andrew Zammit (pictured) yesterday.

Zammit is a researcher at the Global Terrorism Research Centre (Monash University) and Australian Policy Online (Swinburne University), and he was responding to my blog post from yesterday, “Insulted, ASIO? That’s not really the problem, surely?” and the attached podcast.

Here are his subsequent tweets, turned into continuous prose:

CIA for example has ongoing congressional oversight (of actual operations) as opposed to our occasional parl[iamentary] inquiries, people can FOI CIA docs only a few years old (ASIO has 20-30 year exemption) and some of the CIA’s analytical roles are transparent, as in analysts will have CIA business cards whereas even an ASIO kitchen hand’s identity will be kept secret. And CIA isn’t even a domestically-focused agency. So yes, ASIO needs to be less precious about being asked questions.

I agree. From the perspective of the United States I’m a foreign national, yet I’ve spoken with officers from the FBI, NSA and the Secret Service — all of whom had business cards with their full names. The closest I’ve gotten in Australia is chatting briefly with a DSD chap, one of two attending Linux.conf.au in January this year — given names only, and I suspect that those given names were really in scare quotes.

The excuse always given is “operational security”, but I do think the world has changed. The tools and methods are surely not so different from SEKRIT agencies to private-sector security companies and even analysis in non-security realms, given that so much technology is now available off the shelf to all comers.

Surely these days OPSEC is more about protecting sources and the specific operations that are or are not being conducted?

Of course I really don’t know this stuff. I’ve never worked in this field. I’ve never even held a security clearance. I’m just an interested bystander mouthing off. But I am intrigued.

Talking data retention (again) on Balls Radio

My regular spot on Phil Dobbie’s Balls Radio this week was a conversation (yes, another one) about the Australian government’s data retention proposals.

Here’s the audio of my segment. As you’ll hear, it’s much the same argument as in my last post about the Patch Monday podcast, with random asides about the meaning of misogyny and what should be done with real estate agents.

Yes, there’s a few audio dropouts. Welcome to the joys of using Skype over Telstra Next G mobile broadband while 1.5 kilometres into the eucalypt scrubland.

Play

If you’d like more Balls Radio, have a listen to the full episode. You can subscribe over at the website.

Insulted, ASIO? That’s not really the problem, surely?

There aren’t many places in the world where you can openly accuse the nation’s top police and intelligence agencies of having an attitude problem, as I did on Monday, without being visited by the men in the van with the canvas sack. Which is a good thing.

In this week’s Patch Monday podcast, embedded immediately below for your convenience and CBS Interactive’s traffic logging, I departed from the usual format to present a personal opinion.

Data retention for law enforcement is one of the most important political issues relating to our use of the internet now and as far into the future as we care to imagine, I said, and it’s being mishandled.

The Australian government’s current one-page working definition (PDF) of what constitutes communications metadata (which can be requested by law enforcement agencies without a warrant) as opposed to communications content (which generally does require a warrant) is, to anyone with a technical understanding of how the internet actually works and is evolving, virtual gibberish.

“Dangerously immature” is how I described it.

I also raised three points where I think the version of reality being promoted by the Australian Federal Police (AFP) and the Australian Security and Intelligence Organisation (ASIO) is wrong.

  • This is a push for more power. We conduct so much more of our lives online than we ever did on the phone, and that means the balance of power is changing. We need to have a conversation about this.
  • The AFP says quite specifically that they’re not after our web browsing activity, but I don’t see how the working document supports that argument. And other agencies, including the Australian Securities and Investment Commission (ASIC), are after that stuff.
  • ASIO and the AFP constantly talk about the powers being needed to catch the terrorists and pedophiles. But the law will probably be modelled on the current law for the phone, which provides access to communication metadata to many other agencies with far less stringent accountability rules for many other, far less serious, crimes.

Please have a listen and tell me what you think.

Play

The podcast stands on its own, but I want to emphasise the thing that still disturbs me…

Continue reading “Insulted, ASIO? That’s not really the problem, surely?”

Talking data retention on ABC Local Radio

The current parliamentary inquiry into Australia’s national security laws has become a mildly hot media topic this week, so I ended up doing a backgrounder on ABC Local Radio last night with Dom Knight.

I should probably write more about this some time. And I will. But for now, here’s that 18-minute conversation. Including our digression into talking about that fine TV drama The Wire.

Play

The audio is of course ©2012 Australian Broadcasting Corporation, archived here because it isn’t being archived anywhere else.