[written with Luca Follis, Lancaster University]
Activists who use technology to conduct political dissent – hacktivists – are increasingly threatened with investigation, prosecution and often disproportionately severe criminal sentences.
For example, in January 2015 self-proclaimed Anonymous spokesman Barrett Brown was sentenced to 63 months in prison for hacking-related activities including linking to leaked material online. Edward Snowden is currently exiled in Russia after leaking the global surveillance operations of the NSA and GCHQ.
Prosecutions of hacktivists intensified in 2013, when Andrew “weev” Auernheimer was sentenced to 41 months after exposing a vulnerability that affected 114,000 iPad users on AT&T’s service. Jeremy Hammond was sentenced to 10 years in federal prison after hacking and releasing documents about military subcontractor Stratfor. Aaron Swartz, who was facing a prison sentence of 25 years after hacking into JSTOR – a database of academic articles – committed suicide in January of that year. Chelsea Manning leaked secret military documents to Wikileaks and was sentenced to 35 years imprisonment in August.
Long arm of the law is getting longer
While these are US citizens subject to US laws and punishments, the Obama administration has recently indicated that it will also aggressively pursue hackers located overseas for alleged criminal activities.
So in July 2015, British hacktivist Lauri Love was re-arrested under a US warrant for violating the Computer Misuse Act. His case, like those mentioned above, illustrates the remarkable steps the US government will undertake in the pursuit and prosecution of hackers.
In 2013 the US District Court for New Jersey issued an indictment against Love, charging him with hacking into the US Missile Defense Agency, NASA, the Environmental Protection Agency and other government departments. The US Attorney’s Office for the Southern District of New York claims Love stole the sensitive personal information including emails of Federal Reserve employees.
The leaked Federal Reserve emails may have been part of Operation Last Resort, an Anonymous project to avenge the death of Swartz, which they linked to prosecutorial harassment and the over-zealous enforcement of outdated computer crime laws. Like all major Anonymous operations, Operation Last Resort was a visual spectacle, including hijacking an MIT website to put up a Swartz tribute, releasing the names and contact information of 4,000 banking executives, and hacking the US Sentencing Commission website.
Are hackers terrorists?
Like Hammond, Manning and Snowden before him, Love is accused of hacking into government agencies and leaking information in an effort to make federal agencies more transparent.
Love faces extradition to the US, even though a British police investigation failed to turn up any incriminating evidence. The Crown Prosecution Service acknowledged it didn’t have enough evidence to prosecute and Love was released from bail in 2014.
The impending threat of US extradition is powerful enough to have kept Wikileaks publisher, Julian Assange, holed-up in Ecuador’s London Embassy for three years – and it is not difficult to understand why. Extradition law is generally reserved for serious criminal suspects such as those accused of terrorism.
Consider some of the individuals who have been extradited from the UK to the US: Abdel Abdel Bar and Khalid Abdulrahman al-Fawwaz, wanted in connection with the 1998 terrorist bombing of US Embassies in East Africa; KGB spy Shabtai Kalmanovich; al-Qaeda operative Syed Fahad Hashmi; and Christopher Tappin, accused of selling weapons parts to Iran.
Blurring the political and the criminal
So it’s ironic that while Obama recently noted that the US criminal justice system “isn’t as smart as it should be”, his government pursues a policy that seems to blur the differences between and the sanctions against hackers, terrorists, spies and political activists.
There have been successful challenges against extradition orders aimed at those accused of hacking offences, such as Gary Mackinnon, who spent 10 years facing extradition before Home Secretary Theresa May rejected US demands. But Love’s case also offers a window into the anti-democratic operation of state power. The scale of US government response to hacktivism is disproportionate.
Love is accused of attempting to reveal secret facets of the military and financial-industrial complexes so that they might be held accountable. If, as it is alleged, his activities were associated with Operation Last Resort, they were part of a broader digital civil disobedience action involving a form of cyber-squatting on two federal websites as a coordinated protest against the persecution of a fellow hacktivist. Were this activity to have been conducted in the offline world – sit-ins, placard-waving protests, even obtaining and leaking information to journalists – the punishments would not be nearly as severe.
That Love has been doggedly pursued by the US, a year after being released in the UK, reveals that the apparatus of state power is increasingly aimed at criminalising dissent as it is conducted online.
Just to clarify – Aaron Swartz did not hack into JSTOR, he simply used a university network and wrote a script that automatically downloaded articles. There was no proof of any wrong doing or intentions, maybe besides getting illegal access to an MIT room.
Not all hacktivists must be hackers and we should be careful in using those as synonyms. As in the example of the Low Orbit Ion Cannon DDoS attacks- a simple tool to block (not steal from) chosen services or web sites that must be used by an organized crowd at the same time in order to be effective. Lack of categories for Internet public and civic life is a problem not only in the US. The oppression from such states as the US or the UK is tremendous, but most countries fail to recognize Internet activism or journalism as such. Somehow many fail to recognize this medium as fully-fledged part of social world. Such is the case with netzpolitik.org that has been accused of high treason for releasing “secret documents” of high public interest. After protest and critique the main prosecutor has been fired, however the political involvement remains unclear.
At the same time most governments invest heavily in mass surveillance and cyber weapons, often paying big amounts of money for information about yet unknown software vulnerabilities (so called zero-day vulnerabilities and exploits) in order to use it as a potential weapon instead of reporting and repairing them. Those abuses of state power and attack on privacy also show the understanding of cyber-space as not ruled by the same political, legal and ethical standards.