Rainblog

Yesterday, many Internet sites participated in a one-day blackout in protest against the Protect-IP Act (PIPA) and the Stop Online Piracy Act (SOPA). The protests, combined with a letter-writing and phone-call campaign, apparently convinced several senators that there was real opposition to the poorly-conceived legislation. The bills, which had seemed unstoppable, suddenly look less of a certainty. It was almost as if the senators had realized for the first time that people who use or work on the Internet represent a real political constituency, made up of voters who are informed, articulate and organized, and who would have to be taken seriously.

Today, the Department of Justice shut down the Megaupload file locker and arrested several of its operators. In response, attackers allegedly from the Internet group Anonymous unleashed a wave of DDoS attacks, targeting the DoJ, the US Copyright Office, the MPAA, the RIAA and the websites of several major record labels.

Let’s think about the impact of that for a moment. While the website takedowns are probably annoying for the record companies and the industry associations, the attacks aren’t exactly a death-blow. On the other hand, in propaganda terms it’s a gift that the Big Content companies couldn’t have bought at any price. “Look,” they’ll say “this is what we’ve been telling you all along. These people are anti-social, extremists, terrorists. They commit criminal acts in defense of other criminals! This is why we need laws like PIPA and SOPA.”

I don’t believe that Megaupload is an entirely innocent victim. Pretty much any time I’ve seen a link to megaupload.com, there’s been pirated content at the end of it. I’ve seen a few exceptions - the service certainly has some legitimate users, who will be hurt by the takedown. Megaupload also removed at least some of illegal content on their site in response to complaints, but they did so knowing that there would always be more uploaded tomorrow and that the complaints would take time to come in. And I think they were fine with that, because their business model was based on getting people to upload and download stuff, and it wasn’t the legitimate content that drove the real traffic. This takedown may be just the latest round in an ongoing grudge match where the Big Money is playing as dirty as it knows how, but don’t make the mistake of thinking that the charges against Megaupload are without any substance.

“But the big corporations are wicked and greedy!” say the everything-should-be-free Torrent kiddies. No doubt, although whether that justifies you stealing from them for your own benefit is another question. At least Robin Hood gave to the poor, he didn’t just upload whatever he took to his iTunes library. More to the point, it isn’t just the big corporations who the pirates rob. My partner is a writer: all her work is now listed on ‘free ebook’ sites that host lists of links to electronic copies of her books on file lockers like Megaupload. Other writers, artists and software developers I know have had similar experiences. They aren’t Universal Records; they aren’t even Dan Brown or J.K. Rowling. They are people who work hard for very little money, and the pirates then come along and give their work away for free. That’s not exactly what I call sticking it to the Man.

Let me propose a simple rule. If you give away your work for free on the Internet, you’re a hero. If you give away someone else’s work for free on the Internet, you’re scum.

And if you build a business model on the back of other people’s work being given away, then you’re probably Megaupload, or one of a bunch of similar sites.

And if you rally to the ‘cause’ of something like Megaupload by participating in a DDoS attack that hands those big corporations you claim to hate a gigantic propaganda victory just at the point that they’ve suffered the first serious setback in their ongoing campaign to screw us all, about the nicest thing I can find to call you is ‘a dupe’.

Something tells me that while Anonymous are having their fun with Mastercard and Visa, staffers in Joe Lieberman’s office are probably exchanging high-fives and gleefully putting the finishing touches to a forthcoming Mandatory Biometric Identification for Internet Users Act.

The events of the past few days have reminded the Powers that Be why an open Internet is intolerable, and now a reaction is probably not only inevitable but imminent. In five years time, maybe you’ll have to thank Anonymous for the fact that you’re not.

From time to time, the topic of ‘cyberwar’ comes up in the media, usually accompanied by breathless speculation about the impact on our lifestyle when They (whoever They are) finally launch Their attack on Us, and sometimes by a picture of a steely-haired Air Force general who has been charged with keeping us all safe. No one knows exactly what a cyberwar will look like (my best guess: ridiculously long ping times) but everyone is sure that it’s only a matter of time. When the cyber-attack hits, our electronic defenses will be overwhelmed in a heartbeat and the shattered nation - unable to download Justin Bieber clips, shop on Amazon or receive timely Farmville updates - will suffer a collective collapse of morale that will render us easy pickings for foreign invaders. Something like that, anyway.

This kind of thinking is oddly reminiscent of NATO’s picture of a Warsaw Pact invasion of Europe in the 1980’s, except that instead of tank divisions pouring through the Fulda Gap it’ll be rogue Chinese packets flooding across Comcast and Level3.net. But just as the long-expected armored invasion never materialized and we had to hastily retool our war-fighting plans to take on hirsute fanatics in the cities of Iraq and the mountains of Central Asia, it’s possible that the coming cyberwar won’t look exactly the way we expect.

In fact, there seems to be a cyberwar - or at least a cyberskirmish - going on right now and it resembles nothing so much as an extended streetfight. In the red corner, anonymous ‘patriots’, opposed to the dissemination of leaked government information by the Australian whistleblower, seducteur extraordinaire and current guest of Her Majesty, Julian Assange; in the blue corner, an equally anonymous group fighting under the banner of “transparency right or wrong”. Battlegrounds - or collateral damage - include the Wikileaks website and hosting or DNS services that supported it, Paypal, Mastercard, a Swedish law firm, and a Swiss bank. The weapons used include various forms of homebrew DDoS tools, including 4chan’s infamous ‘low orbit ion cannon’ (LOIC), the switchblade of choice for street punks fighting for control of the Intertubes.

Pandalabs has a more detailed description of the current wave of DDoS attacks. Reading it, it’s hard not to think of Matthew Arnold’s line about “where ignorant armies clash by night” … actually, no, it’s very easy not to think of that. I just threw it in because it sounded cool. Seriously, though, it starts to look as if a better model for cyberwar might be the drug-gang wars in Mexico. There too we have ‘non-state actors’ whose identities and objectives are more or less mysterious (and some of whom may be deniable proxies for the state). We have the state intervening as just another combatant, and not necessarily a successful one. And we have a kind of take-no-prisoners ferociousness that threatens to spill over and make life unlivable for everyone. 

Looking further back, it’s possible to see analogies in medieval times, where each walled village was pretty much responsible for its own defense. If your website arouses the ire of some angry gang of zealots or the cupidity of professional extortionists, the state isn’t going to leap to your defense. The feudal lord to whom you pay shield money - known these days as an internet service provider - might send troops, but if the action gets too hot and threatens to embroil him in a battle he can’t win, he’ll probably cut you loose.

All this doesn’t offer much scope for steely-haired Air Force generals. They don’t have the interest or the resources to fight in a dozen brushfire wars raging simultaneously. Whatever big guns the state is able to dream up are likely to sit idle most of the time for lack of suitable targets. Cyberwar is asymmetric warfare par excellence: having the most resources or a professional standing army doesn’t guarantee you victory when you have so many weak spots that are vulnerable to hit-and-run attacks by scrappy bands of irregulars. 

The Chinese electronic invasion may come one day or it may not. In the meantime, the cyberwars have already started and they aren’t playing out quite the way the media said they would.