Anonymous a "stateless" terror organization?

According to the Wall Street Journal the NSA is seriously considering labeling Anonymous a stateless organization. The Atlantic has some good discussion about this topic as well. I think this is something we should all be seriously concerned about. This has the serious problem of becoming something beyond scope like the War on Drugs or the War on Terror. These both allow the US to pursue military objectives in countries across the world for various different reasons. The War on Drugs mostly impacts the US, Mexico and large chunk of South America while the War on Terror allows the US to do the same in the US, nearly all of the Middle East and parts of Asia such as Pakistan and Afghanistan.

Now the US government is afraid that Anonymous was going to eventually target the US electric grid. This seems out of the scope of Anonymous for a few reasons, one they outline as that people’s lives depend on the electric grid. Additionally, there’s serious problems since Anonymous is much more dispersed than some of the other organizations that the US has focused on it will be difficult to determine something that was actually caused by Anonymous or something that some one claims was conducted by Anonymous.

It is likely that someone could claim to be a part of Anonymous and that they did an attack against something as serious as an electric grid but it will be difficult to prove that they did. Especially when there is a great deal of IP spoofing (this is a way of making a computer think your IP address (where you are on the physical internet connection this comes from your internet service provider) is a different IP address) going on and people will claim to be part of a group when they aren’t.  I think that this will open a large can of worms.

Additionally, it brings up other concerns one that may impact me directly, will the NSA start looking at bloggers that are sympathetic to the ideas of Anonymous, using the web as a protest tool. If so then I’ve been overly sympathetic. That’s not all though, during the SOPA/PIPA protests Anonymous sent out tweets with links that turned people into Low Orbit Ion Cannon (a software program) that commits Distributed Denial of Service attacks (brings down a web page). Essentially, even without being a part of Anonymous you become part simply by clicking a link on Twitter.

Are these people now linked with Anonymous and liable for any action the group does? These are serious questions that really need to be addressed if an announcement is made that Anonymous is a “stateless” organization. This also makes it very important to understand what protesting on the internet is allowed and what is not allowed. Sure Anonymous does steal information, but the information they steal seems to be fairly unsecured and not encrypted. It’s time to have a real talk about all this means.

The Government Strikes Back

The internet had thought it won a great victory with the black out of some seriously major websites, however it was a short lived victory as the Fed and its allies the vicious RIAA and MPAA have regrouped and launched a stunning counter attack destroying a rebel outpost on Hoth… errr Actually, The US government has shut down and arrested several employees for copyright infringement. You may remember MegaUpload for recently being involved in a dispute with Universal over a YouTube video. Where Universal issued false DMCA take down notices which required YouTube to take down the video. However, this video wasn’t infringing and MegaUpload sued Universal for the false claims. The interesting thing about this video is that it’s about all the legal ways you can use MegaUpload. The video is essentially an attempt by the company to show that there are legitimate uses for their services which, I’m assuming, was an attempt to get them into the safe harbor provisions of the DMCA.

To me, this action really shows that the US government doesn’t need SOPA to pass for it to censor the internet. It already has the ability to do so. SOPA would just put a rubber stamp approval on the actions that the government is already taking. This should be a wake up call. Yes, we had one with the joke of hearings for SOPA previously, however this is a slap in the face of the internet. It’s basically saying, sure we heard you, but you know what? you don’t matter.

Sure it might not be as easy as it would have been with SOPA passing and it’s not breaking the internet the way that SOPA would, but it’s still happening. As much as I hate Maddox, he’s right in his post about SOPA. We really have been pretty complacent, myself included. Yes, I’ve written a bunch, signed petitions and emailed my senators and congressmen multiple times, but big deal. Right now this is a hot button topic, but this isn’t going to go away. No one spoke up about the NDAA because it didn’t impact your ability to read Reddit or surf wikipedia. That law is as bad or worse than SOPA depending on what you think of freedom and civil liberties.

When I got home last night and saw that MegaUpload had been shut down, I was miserable. It made me feel completely impotent. That I was unable to impact the way the US government acts in any meaningful way. At this point, I’m not really sure what to do about this. If any other government would be doing this the US would be up in arms (perhaps literally) and would put a stop to it. Our government is doing this in our name and it’s horribly depressing that I can’t do anything to stop it.

Maddox is right. SOPA only failed because we were paying attention and we were able to get the tech giants behind us on it. SOPA will rear its ugly head again and we might be sleeping. The empire has struck back and we need to decide what we are going to do about it. Are we going to get some ewoks and take it down or are we going to keep signing petitions?

Anonymous has decided to fight back and has launched a large number of attacks on internet websites. As citizens that are deeply concerned with the MegaUpload action we need to ask ourselves, is this an appropriate response? Is this a way of protesting and assembling in an online space? Should anonymous be locked up for doing this? I think that this is a type of protest. Anonymous is as frustrated as I am and have decided to do something in response. It’s obvious that they felt like this is a direct attack on the internet in response to the SOPA protests and the “abuse of power” the internet displayed in taking down websites to protest SOPA.

It also begs the question, what will these website attacks actually accomplish?

What are some of your thoughts on this?

Update 1: I just saw that some 9,000 Hackers have joined Anonymous

Update 2: Apparently Anonymous is using a link that directs users to a Low Orbit Ion Canon DDoS tool that uses the users computer to attack a website. This is an interesting tactic as it will make it very difficult for agents to determine who was malicious and those that were  ignorant of what they were doing. Thus making the tool a more effective protest tool. It will be interesting to see what the ramifications of this new tactic are. I think it will be used again in the future and will make it as “easy” as signing a petition to join a DDoS without having to do the hard work of setting up the LOIC on your computer. Interesting.

What is the right to assemble online?

Sorry for the long delay in posts. I’ve been a little busy and I’ve had some trouble coming up with topics as well. So, if there are any topics you’d like to see written about feel free to shoot me a message.

In the US we have an amendment to our constitution which ensures our right to assemble. This amendment is important because it allows us to protest governmental action and activities we do not like. We do not always like the way that this right is being expressed, such as the Westboro Baptist Church protesting fallen soldiers, gay suicides and a range of other things. It also protests our right to counter protest the WBC.

In the case of a protest over a company, it’s possible to protest in front of their headquarters or in front of individual branches such as Bank of America. In many ways these tactics are effective because it drives media attention do to it’s location. If someone is protesting a bank in small town America, such as my home town, Grove City, PA no one is going to care. You might get a piece written about it in the Allied but it’s unlikely to attract the attention of the Pittsburgh Post Gazette which is only 60 miles south. Even if some how it did make the news in Pittsburgh, it’s unlikely to remain in the news, which that’s something a protest in Pittsburgh would actually be able to do.

Why does this matter? Well, for a company like much of it’s physical locations are in small town America. They don’t have large presences in many major cities. How do you effectively protest a large internet based company? How do you protest a company when the people that want to do the protesting are scattered throughout the world?

In the past I’ve written about LulzSec and Anonymous, these groups still operate and have had some interesting ideas about how to protest. The first is what is called a Denial of Service (DoS) attack, where a company’s website is overwhelmed with requests for access to the site and it kills the server. This would be the physical equivalent of creating a lined of linked arms across the doorway to the company’s headquarters or branch. Typically, these sort of attacks don’t last very long because IT departments have become very good at finding the sources of these attacks and stopping them.

It is not possible to respond by moving across the street to continue protesting where people to see you. It is also not possible to post ads in the area as a form of protest. However, it is possible to buy ads on Google or other such sites that will display something if you type Bank of America, however, I’m not sure if this is effective or not.

Another type of protest employed is the internet petition. I’ve signed plenty of them, but it’s fairly obvious that these are as worth as much as the paper their printed on (which is to say none). These really just make you feel better, without much work.

At this point, I think that when it has come to massive protests online, Reddit has created the blueprint. Redditors have worked extremely hard to protest SOPA. This has included call your senator day, getting websites to agree to an internet blackout day, where sites will completely black out all content. This is a representation of the impact of censorship that SOPA will enact.

However, this type of protest isn’t really possible for all types of government or private business action. While the denial of service attacks aren’t very effective, they do raise awareness and have lead to other types of attacks, such as hacking and the release of data that users thought was secure. Despite the fact that it is theft of data, these actions have done more to change company behavior than any other type of internet based protests.

Is that the future of assembly online? I don’t know. It’s easy to block websites that act as a rallying point, so it will be important for people to actually meet to do their protesting as protesting on the internet doesn’t really have the same impact, unless something big gets leaked. We do need to define what is acceptable as a society for online protesting. DoS might be a way to allow protests.

Data protection, anonymity and copyright

I talk a great deal on this blog about data issues, privacy and ownership, anonymity and copyright, however is there a clear connection between them? Should we care about who has access to our data, who we are and control over our access to data?

I think that these issues are so connected that we need to do something about how they are managed at a federal level. Currently, it’s rather easy for governments to request data from internet sites. Some times they require warrants or court orders other times the companies simply hand over the data. Savvy users understand how their data is collected and used by companies. I’ll be the first to admit that I’m learning about this as I’m going. It’s not easy because some times it’s really inconvenient to really protect your data. The more sites that are connected together the more likely one of your accounts are to be hacked. Linking sites also creates other problems. Specifically Facebook and Google. Twitter isn’t as bad, but it easily could be.

Why are Facebook and Google bad though? First Facebook is the worst by far. Both Zuckerbergs have made statements proclaiming privacy a bad thing.We can see this erosion with the creation of Facebook’s OpenGraph and seamless information sharing. We’ve all see the increase in the amount of information that our friends are sharing. Such as Spotify and articles they’ve read. Which now no longer click through, but end up going to some app from that company. All of this information is being stored and sold to customers with your name on it. Effectively you’ve lost your ability to view websites freely without it being stored on multiple servers by multiple companies at the same time.
Google comes in a close second with their privacy problems. They aren’t any better with Google+ as they require names at this time. We also don’t know what Google does with the information that you give them when you link accounts together. By giving access to Google when you sign into another website Google is learning more about you which will likely be used to adjust your filter bubble.

Without anonymity or at least pseudonymity it’s significantly more difficult to control access to your data. Putting a buffer between you and the people that are interested in learning about you as a person can protect you from a lot of bad people. However, whenever there are discussions about anonymity or pseudonyms some one almost always makes the argument that it will increase the safety for child molesters or terrorists.

The Copyright industry is one of the most vocal advocates of this tactic. In fact, this is one of the arguments being used for SOPA. They argue that if you don’t have anything to hide then you have nothing to worry about. Well, I don’t buy that argument. People have privacy fences for a reason around their yard. Why not do the same thing for your data? Being anonymous doesn’t mean your bad, it just means your being safe.

Anonymity makes it more difficult for copyright holders to come after people who download movies without buying the movie. They want to know if your downloading it regardless of the fact that you might actually own the movie in some other physical medium and are using the digital copy as a back up. They also don’t really care if you go out and buy the movie after watching it. In fact the Swiss government came out and said that buying a movie or song after downloading is extremely common.

Based on these three points, I believe that everyone should be pushing leaders to increase the ability for users to be anonymous on the internet. This will protect users data from identity theft, allow users better control over their data and decrease the impact of the filter bubble. We must accept the fact that people may use the freedom in unethical ways. However, this doesn’t mean that it’s unethical for people to be anonymous online and doesn’t mean that they are unethical. It means that we need to define clear laws and procedures to deal with unethical or illegal activities in these systems. Without these guidelines we are likely to have no control over our data.

Pseudonymity and Anonymity

There are so many different things going on right now that I don’t even know where to start. There’s tons going on with patents, software patents and copyright, there’s been many things going on with internet freedom and Anonymity/Pseudonymity that I’m not sure where to even start. However, you have to start somewhere. So I’ll start with this: Randi Zuckerberg said pseudonyms should go away. What’s the big deal with that?

Well, Google and Facebook both require real names on their website. There are a few links that have commented on why this is a big deal. Tom from Myspace thinks it’s a bad idea, he has a friend that is an expert in social media privacy policies, Danah Boyd, and she claims that forcing real names is an abuse of power, Tech Dirt agrees withBoyd’s assessment indicating that there’s a great amount of danger in moving away from pseudonyms. The Atlantic also notes how different with normal speech tying all actions to a single person online has become.

One of the common reasons for banning pseudonyms, which Zuckerberg argues, is that it changes online behavior. It basically forces users to comply with offline social norms. Norms that the person may actually be attempting to escape for whatever reason. Boyd also argues that Google + originally had a cultural norm without “Real names.” She pulls in Lessig’s Code book that I’ve mentioned on here a few times to support her claim. It’s a really important point she’s making. Cultural norms are established by early adopters. The early adopters of Google + didn’t go with real names. They liked their nicknames.

While Zuckerberg claims that it’s the users fault and their pseudonyms that cause the problem, others claim that the person who owns the website needs to control this. Basically by creating cultural norms that prohibit the ability to be an asshole/troll online. So when my friend bpost over at KBMOD talks about avoiding feeding the trolls, he’s either reinforcing or preventing trolling behavior. A set stance by the moderators of KBMOD should be established to control trolling behavior.

De Spiegel notes that the actions of governments and corporations amount to a war on anonymity on the web.
Which has lead to the arrest of many members of Anonymous and other hacking groups like that. This war has a few benefits like the recent ring of 72 child pornographers that were caught. Unfortunately for most users the days of freedom to untag your photos may be passed. Researchers at Carnegie Mellon have developed off the shelf products to analysis people freely from pictures pulled from facebook. To me, this is really scary, as we have no control over the privacy settings of our friends. If I’m drinking a tasty beer in a picture it could have employment ramifications. Two years ago a teacher was fired for having pictures of beer while in Europe. This is one example there are many others. While, third parties will likely create applications to determine who is whom in a given facebook picture, Germany is suing facebook over their ability to do say, and are saying it’s illegal.

So, what’s all of this mean? There’s been a lot of people talking about this and why should people care? Well, personally I have made a choice to use my real name. Well, it’s still a nickname, but I made a choice to do that. However, since I was aware of the choice when I set my handle as my last name I am conscience of what I should and should not say on the public record online. The first three Google searches for “Kapsar” are for me. Sadly, none of them is for my blog. Thus my online activity easily follows me.

That being said, I fully support the right and the ability of people to use any different name or no name online. It’s the right thing to do morally, and for freedom of speech.

In my next post I’ll discuss some of the speech issues a little bit more. Many of the people I’ve linked too have commented on these issues as well.