Tag Archives: internet freedom

Who Controls Peoples’ Data?

The McKinsey Global Institute estimates that cross-border flows of goods, services and data added 10 per cent to global gross domestic product in the decade to 2015, with data providing a third of that increase. That share of the contribution seems likely to rise: conventional trade has slowed sharply, while digital flows have surged. Yet as the whole economy becomes more information-intensive — even heavy industries such as oil and gas are becoming data-driven — the cost of blocking those flows increases…

Yet that is precisely what is happening. Governments have sharply increased “data localisation” measures requiring information to be held in servers inside individual countries. The European Centre for International Political Economy, a think-tank, calculates that in the decade to 2016, the number of significant data localisation measures in the world’s large economies nearly tripled from 31 to 84.

Even in advanced economies, exporting data on individuals is heavily restricted because of privacy concerns, which have been highlighted by the Facebook/ Cambridge Analytica scandal. Many EU countries have curbs on moving personal data even to other member states. Studies for the Global Commission on Internet Governance, an independent research project, estimates that current constraints — such as restrictions on moving data on banking, gambling and tax records — reduces EU GDP by half a per cent.

In China, the champion data localiser, restrictions are even more severe. As well as long-established controls over technology transfer and state surveillance of the population, such measures form part of its interventionist “ Made in China 2025 ” industrial strategy, designed to make it a world leader in tech-heavy sectors such as artificial intelligence and robotics.

China’s Great Firewall has long blocked most foreign web applications, and a cyber security law passed in 2016 also imposed rules against exporting personal information, forcing companies including Apple and LinkedIn to hold information on Chinese users on local servers. Beijing has also given itself a variety of powers to block the export of “important data” on grounds of reducing vaguely defined economic, scientific or technological risks to national security or the public interest.   “The likelihood that any company operating in China will find itself in a legal blind spot where it can freely transfer commercial or business data outside the country is less than 1 per cent,” says ECIPE director Hosuk Lee-Makiyama….

Other emerging markets, such as Russia, India, Indonesia and Vietnam, are also leading data localisers. Russia has blocked LinkedIn from operating there after it refused to transfer data on Russian users to local servers.

Business organisations including the US Chamber of Commerce want rules to restrain what they call “digital protectionism”. But data trade experts point to a serious hole in global governance, with a coherent approach prevented by different philosophies between the big trading powers. Susan Aaronson, a trade academic at George Washington University in Washington, DC, says: “There are currently three powers — the EU, the US and China — in the process of creating separate data realms.”

The most obvious way to protect international flows of data is in trade deals — whether multilateral, regional or bilateral. Yet only the World Trade Organization laws governing data flows predate the internet and have not been thoroughly tested through litigation. It recently recruited Alibaba co-founder Jack Ma to front an ecommerce initiative, but officials involved admit it is unlikely to produce anything concrete for a long time. In any case, Prof Aaronson says: “While data has traditionally been addressed in trade deals as an ecommerce issue, it goes far wider than that.”

The internet has always been regarded by pioneers and campaigners as a decentralised, self-regulating community. Activists have tended to regard government intervention with suspicion, except for its role in protecting personal data, and many are wary of legislation to enable data flows.  “While we support the approach of preventing data localisation, we need to balance that against other rights such as data protection, cyber security and consumer rights,” says Jeremy Malcolm, senior global policy analyst at the Electronic Frontier Foundation, a campaign for internet freedom…

Europe has traditionally had a very different philosophy towards data and privacy than the US. In Germany, for instance, public opinion tends to support strict privacy laws — usually attributed to lingering memories of surveillance by the Stasi secret police in East Germany. The EU’s new General Data Protection Regulation (GDPR), which comes into force on May 25, 2018 imposes a long list of requirements on companies processing personal data on pain of fines that could total as much as 4 per cent of annual turnover….But trade experts warn that the GDPR is very cautiously written, with a blanket exemption for measures claiming to protect privacy. Mr Lee-Makiyama says: “The EU text will essentially provide no meaningful restriction on countries wanting to practice data localisation.”

Against this political backdrop, the prospects for broad and binding international rules on data flow are dim. …In the battle for dominance over setting rules for commerce, the EU and US often adopt contrasting approaches.  While the US often tries to export its product standards in trade diplomacy, the EU tends to write rules for itself and let the gravity of its huge market pull other economies into its regulatory orbit. Businesses faced with multiple regulatory regimes will tend to work to the highest standard, known widely as the “Brussels effect”.  Companies such as Facebook have promised to follow GDPR throughout their global operations as the price of operating in Europe.

Excerpts from   Data protectionism: the growing menace to global business, Financial Times, May 13, 2018

From Subversive to Submissive: the internet

The corridor where WWW was born. CERN, ground floor of building No.1

Free-Speech advocates were aghast—and data-privacy campaigners were delighted—when the European Court of Justice (ECJ) embraced the idea of a digital “right to be forgotten” in May 2014. It ruled that search engines such as Google must not display links to “inadequate, irrelevant or no longer relevant” information about people if they request that they be removed, even if the information is correct and was published legally.

The uproar will be even louder should France’s highest administrative court, the Conseil d’État, soon decide against Google. The firm currently removes search results only for users in the European Union. But France’s data-protection authority, CNIL, says this is not enough: it wants Google to delete search links everywhere. Europe’s much-contested right to be forgotten would thus be given global reach. The court… may hand down a verdict by January.

The spread of the right to be forgotten is part of a wider trend towards the fragmentation of the internet. Courts and governments have embarked on what some call a “legal arms race” to impose a maze of national or regional rules, often conflicting, in the digital realm
The internet has always been something of a subversive undertaking. As a ubiquitous, cross-border commons, it often defies notions of state sovereignty. A country might decide to outlaw a certain kind of service—a porn site or digital currency, say—only to see it continue to operate from other, more tolerant jurisdictions.

As long as cyberspace was a sideshow, governments did not much care. But as it has penetrated every facet of life, they feel compelled to control it. The internet—and even more so cloud computing, ie, the storage of vast amounts of data and the supply of myriad services online—has become the world’s über-infrastructure. It is creating great riches: according to the Boston Consulting Group, the internet economy (e-commerce, online services and data networks, among other things) will make up 5.3% of GDP this year in G20 countries. But it also comes with costs beyond the erosion of sovereignty. These include such evils as copyright infringement, cybercrime, the invasion of privacy, hate speech, espionage—and perhaps cyberwar.

IIn response, governments are trying to impose their laws across the whole of cyberspace. The virtual and real worlds are not entirely separate. The term “cloud computing” is misleading: at its core are data centres the size of football fields which have to be based somewhere….

New laws often include clauses with extraterritorial reach. The EU’s General Data Protection Regulation will apply from 2018 to all personal information on European citizens, even if the company holding it is based abroad.

In many cases, laws seek to keep data within, or without, national borders. China has pioneered the blocking of internet addresses with its Great Firewall, but the practice has spread to the likes of Iran and Russia. Another approach is “data localisation” requirements, which mandate that certain types of digital information must be stored locally or remain in the country. A new law in Russia, for instance, requires that the personal information of Russian citizens is kept in national databases…Elsewhere, though, data-localisation polices are meant to protect citizens from snooping by foreign powers. Germany has particularly stringent data-protection laws which hamper attempts by the European Commission, the EU’s civil service, to reduce regulatory barriers to the free flow of data between member-states.

Fragmentation caused by government action would be less of a concern if other factors were not also pushing in the same direction–new technologies, such as firewalls and a separate “dark web”, which is only accessible using a special browser. Commercial interests, too, are a dividing force. Apple, Facebook, Google and other tech giants try to keep users in their own “walled gardens”. Many online firms “geo-block” their services, so that they cannot be used abroad….

Internet experts distinguish between governance “of” the internet (all of the underlying technical rules that make it tick) and regulation “on” the internet (how it is used and by whom). The former has produced a collection of “multi-stakeholder” organisations, the best-known of which are ICANN, which oversees the internet’s address system, and the Internet Engineering Task Force, which comes up with technical standards…..

Finding consensus on technical problems, where one solution often is clearly better than another, is easier than on legal and political matters. One useful concept might be “interoperability”: the internet is a network of networks that follow the same communication protocols, even if the structure of each may differ markedly.

Excerpts from Online governance: Lost in the splinternet, Economist, Nov. 5, 2016

For Money and the State: the internet

internet advertising. image from wikipedia

Rarely has a manifesto been so wrong. “A Declaration of the Independence of Cyberspace”, written 20 years ago by John Perry Barlow, a digital civil-libertarian, begins thus: “Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.”

At the turn of the century, it seemed as though this techno-Utopian vision of the world could indeed be a reality. It didn’t last… Autocratic governments around the world…have invested in online-surveillance gear. Filtering systems restrict access: to porn in Britain, to Facebook and Google in China, to dissent in Russia.

Competing operating systems and networks offer inducements to keep their users within the fold, consolidating their power. Their algorithms personalise the web so that no two people get the same search results or social media feeds, betraying the idea of a digital commons. Five companies account for nearly two-thirds of revenue from advertising, the dominant business model of the web.

The open internet accounts for barely 20% of the entire web. The rest of it is hidden away in unsearchable “walled gardens” such as Facebook, whose algorithms are opaque, or on the “dark web”, a shady parallel world wide web. Data gathered from the activities of internet users are being concentrated in fewer hands. And big hands they are too. BCG, a consultancy, reckons that the internet will account for 5.3% of GDP of the world’s 20 big economies this year, or $4.2 trillion.

How did this come to pass? The simple reply is that the free, open, democratic internet dreamed up by the optimists of Silicon Valley was never more than a brief interlude. The more nuanced answer is that the open internet never really existed.

[T]e internet, it was developed “by the US military to serve US military purposes”… The decentralised, packet-based system of communication that forms the basis of the internet originated in America’s need to withstand a massive attack on its soil. Even the much-ballyhooed Silicon Valley model of venture capital as a way to place bets on risky new businesses has military origins.

In the 1980s the American military began to lose interest in the internet…. The time had come for the hackers and geeks who had been experimenting with early computers and phone lines.  Today they are the giants. Google, Apple, Facebook, Amazon and Microsoft—together with some telecoms operators—help set policy in Europe and America on everything from privacy rights and copyright law to child protection and national security. As these companies grow more powerful, the state is pushing back…

The other big risk is that the tension between states and companies resolves into a symbiotic relationship. A leaked e-mail shows a Google executive communicating with Hillary Clinton’s state department about an online tool that would be “important in encouraging more [Syrians] to defect and giving confidence to the opposition.”+++ If technology firms with global reach quietly promote the foreign-policy interests of one country, that can only increase suspicion and accelerate the fracturing of the web into regional internets….

Mr Malcomson describes the internet as a “global private marketplace built on a government platform, not unlike the global airport system”.

Excerpts from Evolution of the internet: Growing up, Economist, Mar. 26, 2016

+++The email said Google would be “partnering with Al Jazeera” who would take “primary ownership” of the tool, maintaining it and publicizing it in Syria.  It was eventually published by Al Jazeera in English and Arabic.

Internet and Facebook are the Same and No Shame

download

And then there’s Free Basics, the two-year-old project Chief Executive Officer Mark Zuckerberg has called an online 911. In about three dozen developing countries so far, Free Basics—also known as Internet.org—includes a stripped-down version of Facebook and a handful of sites that provide news, weather, nearby health-care options, and other info. One or two carriers in a given country offer the package for free at slow speeds, betting that it will help attract new customers who’ll later upgrade to pricier data plans…

Facebook says Free Basics is meant to make the world more open and connected, not to boost the company’s growth….On Dec. 21, 2016,  the Indian government suspended the program, offered in the country by carrier Reliance Communications….

“Who could possibly be against this?”
Opponents, including some journalists and businesspeople, say Free Basics is dangerous because it fundamentally changes the online economy. If companies are allowed to buy preferential treatment from carriers, the Internet is no longer a level playing field, says Vijay Shekhar Sharma, founder of Indian mobile-payment company Paytm....“We don’t see Free Basics as philanthropy. We see it as a land grab, says Pahwa.

[On Feb. 8, 2016, the Telecom Regulatory Authority of India ruled against Facebook’s scheme.]

Adi Narayan, Facebook’s Fight to Be Free, Bloomberg Business Week, Jan. 14, 2016

The Wikipedia Lawsuit against the National Security Agency

wikipedia

Excerpts from the Lawsuit of Wikipedia against the NSA

UNITED STATES DISTRICT COURT DISTRICT OF MARYLAND

Case 1:15-cv-00662-RDB

Filed 03/10/15

Plaintiff Wikimedia Foundation communicates with the hundreds of millions of individuals who visit Wikipedia webpages to read or contribute to the vast  repository of human knowledge that Wikimedia maintains online. The ability to exchange information in confidence, free from warrantless government monitoring, is essential to each of the Plaintiffs’ work. The challenged surveillance violates Plaintiffs’ privacy and underminestheir ability to carry out activities crucial to their missions. Plaintiffs respectfully request that the Court declare the government’s Upstream surveillance to be unlawful; enjoin the government from continuing to conduct Upstream surveillance of Plaintiffs’ communications; and require the government to purge from its databases all of Plaintiffs’ communications that Upstream surveillance has already allowed the government to obtain….

The government conducts at least two kinds of surveillance under the The Foreign Intelligence Surveillance Amendments Act of 2008 (FAA).  Under a program called “PRISM,” the government obtains stored and real-time communications directly from U.S. companies—such as Google, Yahoo, Facebook, and Microsoft—that provide communications services to targeted accounts.

This case concerns a second form of surveillance, called Upstream. Upstream surveillance involves the NSA’s seizing and searching the internet communications of U.S. citizens and residents en masse as those communications travel across the internet “backbone” in the United States. The internet backbone is the network of high-capacity cables, switches, and routers that facilitates both domestic and international communication via the internet. The NSA conducts Upstream surveillance by connecting surveillance devices to multiple major internet cables, switches, and routers inside the United States. These access points are controlled by the country’s largest telecommunications providers, including Verizon Communications, Inc. and AT&T, Inc. ….

. With the assistance of telecommunications providers, the NSA intercepts a wide variety of internet communications, including emails, instant messages, webpages, voice calls, and video chats. It copies and reviews substantially all international emails and other “text-based” communications—i.e., those whose content includes searchable text.

More specifically, Upstream surveillance encompasses the following processes, some of which are implemented by telecommunications providers acting at the NSA’s direction:

• Copying. Using surveillance devices installed at key access points, the NSA makes a copy of substantially all international text-based communications—and many domestic ones—flowing across certain high-capacity cables, switches, and routers. The copied traffic includes email, internet-messaging communications, web-browsing content, and search-engine queries.

• Filtering. The NSA attempts to filter out and discard some wholly domestic communications from the stream of internet data, while preserving international communications. The NSA’s filtering out of domestic communications is incomplete, however, for multiple reasons. Among them, the NSA does not eliminate bundles of domestic and international communications that transit the internet backbone together. Nor does it eliminate domestic communications that happen to be routed abroad.

• Content Review. The NSA reviews the copied communications—including their full content—for instances of its search terms. The search terms, called “selectors,” include email addresses, phone numbers, internet protocol (“IP”) addresses, and other identifiers that NSA analysts believe to be associated with foreign intelligence targets. Again, the NSA’s targets are not limited to suspected foreign agents and terrorists, nor are its selectors limited to individual email addresses. The NSA may monitor or “task” selectors used by large groups of people who are not suspected of any wrongdoing— such as the IP addresses of computer servers used by hundreds of different people.

• Retention and Use. The NSA retains all communications that contain selectors associated with its targets, as well as those that happened to be bundled with them in transit….

, NSA analysts may read, query, data-mine, and analyze these communications with few restrictions, and they may share the results of those efforts with the FBI, including in aid of criminal investigations….. In other words, the NSA copies and reviews the communications of millions of innocent people to determine whether they are discussing or reading anything containing the NSA’s search terms. The NSA’s practice of reviewing the content of communications for selectors is sometimes called “about” surveillance. This is because its purpose is to identify not just communications that are to or from the NSA’s targets but also those that are merely “about” its targets. Although it could do so, the government makes no meaningful effort to avoid the interception of communications that are merely “about” its targets; nor does it later purge those communications.

PDF document of Lawsuit

The Equinet: decentralization v. enclosure of internet

Internet, image from wikipedia

“The Internet governance should be multilateral, transparent, democratic,and representative, with the participation of governments, private sector, civil society, and international organizations, in their respective roles. This should be one of the foundational principles of Internet governance,” the external affairs ministry says in its initial submission to the April 23-24 Global Multistakeholder Meeting on the Future of Internet Governance, also referred as NETmundial, in Sao Paulo, Brazil.  The proposal for a decentralised Internet is significant in view of Edward Snowden’s Wikileaks revelations of mass surveillance in recent months.

“The structures that manage and regulate the core Internet resources need to be internationalized, and made representative and democratic. The governance of the Internet should also be sensitive to the cultures and national interests of all nations.”The mechanism for governance of the Internet should therefore be transparent and should address all related issues. The Internet must be owned by the global community for mutual benefit and be rendered impervious to possible manipulation or misuse by any particular stake holder, whether state or non-state,” the ministry note says.  NETmundial will see representatives from nearly 180 countries participating to debate the future of Internet…

The US announced last month of its intent to relinquish control of a vital part of Internet Corporation for Assigned Names and Numbers (ICANN) – the Internet Assigned Numbers Authority (IANA).  “Many nations still think that a multilateral role might be more suitable than a multistakeholder approach and two years back India had proposed a 50-nation ‘Committee of Internet Related Policies’ (CIRP) for global internet governance,” Bhattacharjee added.

The concept of Equinet was first floated by Communications Minister Kapil Sibal in 2012 at the Internet Governance Forum in Baku, Azerbaijan.  Dr. Govind, chief executive officer, National Internet Exchange of India, is hopeful that Equinet is achievable. “Equinet is a concept of the Internet as a powerful medium benefiting people across the spectrum. It is all the more significant for India as we have 220 million Internet users, standing third globally after China and the US.”  “Moreover, by the year-end India’s number of Internet users are expected to surpass that of the US. The word Equinet means an equitable Internet which plays the role of an equaliser in the society and not limited only to the privileged people.”

He said the role of government in Internet management is important as far as policy, security and privacy of the cyber space is concerned, but the roles of the private sector, civil society and other stakeholders are no less. “Internet needs to be managed in a more collaborative, cooperative, consultative and consensual manner.”  Talking about the global strategy of renaming Internet as Equinet, he said: “Globally the US has the largest control over the management of the Internet, which is understandable since everything about Internet started there. Developing countries have still not much say over the global management of the Internet. But it is important that the Internet management be more decentralised and globalised so that the developing countries have more participation, have a say in the management where their consent be taken as well.”  The ministry note said: “A mechanism for accountability should be put in place in respect of crimes committed in cyberspace, such that the Internet is a free and secure space for universal benefaction. A ‘new cyber jurisprudence’ needs to be evolved to deal with cyber crime, without being limited by political boundaries and cyber-justice can be delivered in near real time.”

But other experts doubt the possibility of an Equinet or equalising the Internet globally.  Sivasubramanian Muthusamy, president, Internet Society India, Chennai, who is also a participant in the NETmundial, told IANS that the idea of Equinet is not achievable.  “Totally wrong idea. Internet provides a level playing field already. It is designed and operated to be universally accessible, free and open. Internet as it is operated today offers the greatest hope for developing countries to access global markets and prosper.”  “The idea of proposing to rename the Internet as Equinet has a political motive, that would pave way for telecom companies to have a bigger role to bring in harmful commercial models that would destabilize the open architecture of the Internet. If India is considering such a proposal, it would be severely criticized. The proposal does not make any sense. It is wrong advice or misplaced input that must have prompted the government of India to think of such a strange idea,” he said.

Excerpt from India wants Internet to become Equinet, Business Standard, Apr. 20, 2014

The Nationalization of Internet: example 1

emergency switch at nuclear power plant Switzerland. Image from wikipedia

The Swiss government has ordered tighter security for its own computer and telephone systems that could block foreign companies from key technology and communications contracts.  The governing Federal Council’s decision Wednesday cited concerns about foreign spies targeting Switzerland.

National Security Agency leaker Edward Snowden, who worked for the CIA at the U.S. mission to the U.N. in Geneva from 2007 to 2009, has released documents indicating that large American and British IT companies cooperated with those countries’ intelligence services.According to a Swiss government statement, contracts for critical IT infrastructure will “where possible, only be given to companies that act exclusively according to Swiss law, where a majority of the ownership is in Switzerland and which provides all of its services from within Switzerland’s borders.”

Swiss govt tightens tech security over NSA spying, Associated Press, Feb. 5, 2014

The Damaged Credibility of Internet Security

NIST. Image from wikipedia

On Nov. 6, 2013,  the Internet Engineering Task Force (IETF), an organisation which brings together the scientists, technicians and programmers who built the internet in the first place and whose behind-the-scenes efforts keep it running, debated what to do about all this. A strong streak of West Coast libertarianism still runs through the IETF, and the tone was mostly hostile to the idea of omnipresent surveillance. Some of its members were involved in creating the parts of the internet that spooks are now exploiting. “I think we should treat this as an attack,” said Stephen Farrell, a computer scientist from Trinity College, Dublin, in his presentation to the delegates. Discussion then moved on to what should be done to thwart it….

Even America’s government is getting in on the act. The credibility of its National Institute of Standards and Technology, which sets American cryptographic standards with the help of the NSA, has been dented by Mr Snowden’s revelations. On November 1st it announced it would review the way it carries out its work, in an effort to rebuild trust. The unspoken implication was that it would try harder to stop spooks attempting to slip “unreliable” technology past its vetting procedures.Other security experts are re-examining existing products. Dr Green and his colleague Kenn White are leading a forensic audit of Truecrypt, a popular program that enciphers a user’s hard disks but which displays some odd-looking behaviour and has rather murky origins (it is open-source, but its designers are anonymous, and are thought to live in eastern Europe).

Fixing cryptography is only part of the problem. Intelligence agencies can also tap data cables, allowing them to capture unscrambled information being sent between a user and a server, regardless of whether it is later encrypted.  Mr Snowden’s leaks seem to have boosted the market for better ways of dealing with this behaviour, too. Mike Janke, a former commando who now runs Silent Circle, a firm that offers “end-to-end” encryption software (meaning all messages are transmitted pre-scrambled), counts everything from corporations worried about industrial espionage to the Dalai Lama among his customers. He says that “business is up about 400% since the summer of Snowden”. In the wake of Mr Snowden’s revelations, his firm shut down its e-mail service and is preparing a new one that will transmit all messages pre-scrambled, meaning that only the recipient, not even the company itself, will be able to decode them…

On October 30th the Washington Post reported that America’s spies have bugged private, unencrypted fibre-optic cables which carry bits and bytes between the data centres in the worldwide networks of Google and Yahoo, without the companies’ knowledge. Google, which, of course, must be able to read its customers’ e-mail in order to inflict advertisements on them, nevertheless relies on people trusting it to guard their data, observes Dr Green.  “There’s a lot of anger out there,” says Christopher Soghoian, principal technologist at the American Civil Liberties Union, a lobbying group. “I’ve seen two blog posts by Google engineers in the last three days that contained the words ‘fuck you, NSA’.”

Excerpts, Internet security: Besieged, Economist, Nov. 9, 2013 at 83

The U.S. Punishment for Civil Disobedience and Direct Action: the Jeremy Hammond case

Jeremy Hammond Left with his twin brother.  Image from wikipedia

Cyber-activist Jeremy Hammond was sentenced to 10 years in federal prison on November 15, 2013 by Judge Loretta A. Preska in a federal courtroom in lower Manhattan for hacking the private intelligence firm Stratfor. When released, Hammond will be placed under supervised control, the terms of which include a prohibition on encryption or attempting to anonymize his identity online.Hammond has shown a “total lack of respect for the law,” Judge Preska said in her ruling, citing Hammond’s criminal record – which includes a felony conviction for hacking from when he was 19 – and what she called “unrepentant recidivism.” There is a “desperate need to promote respect for the law,” she said, as well as a “need for adequate public deterrence.”

Prior to the verdict, [Hammond] read from a prepared statement and said it was time for him to step away from hacking as a form of activism, but recognized that tactic’s continuing importance. “Those in power do not want the truth exposed,” Hammond said from the podium, wearing black prison garb. He later stated that the injustices he has fought against “cannot be cured by reform, but by civil disobedience and direct action.” He spoke out against capitalism and a wide range of other social ills, including mass incarceration and crackdowns on protest movements.

The Stratfor hack exposed previously unknown corporate spying on activists and organizers, including PETA and the Yes Men, and was largely constructed by the FBI using an informant named Hector Monsegur, better known by his online alias Sabu. Co-defendants in the U.K. were previously sentenced to relatively lighter terms. Citing Hammond’s record, Judge Preska said “there will not be any unwarranted sentencing disparity” between her ruling and the U.K. court’s decision.

Hammond’s supporters and attorneys had previously called on Judge Preska to recuse herself following the discovery that her husband was a victim of the hack she was charged with ruling on. That motion was denied….Hammond’s defense team repeatedly stressed that their client was motivated by charitable intentions, a fact they said was reflected in his off-line life as well. Hammond has previously volunteered at Chicago soup kitchens, and has tutored fellow inmates in GED training during his incarceration.

Rosemary Nidiry, speaking for the prosecution, painted a picture of a malicious criminal motivated by a desire to create “maximum mayhem,” a phrase Hammond used in a chat log to describe what he hoped would come from the Stratfor hack. Thousands of private credit card numbers were released as a result of the Stratfor hack, which the government argued served no public good.

Sarah Kunstler, a defense attorney for Hammond, takes issue with both the prosecution and judge’s emphasis on the phrase “maximum mayhem” to the exclusion of Hammond’s broader philosophy shows an incomplete picture. “Political change can be disruptive and destructive,” Kunstler says. “That those words exclude political action is inaccurate.”

Many supporters see Hammond’s case as part of a broader trend of the government seeking what they say are disproportionately long sentences for acts that are better understood as civil disobedience than rampant criminality. Aaron Swartz, who faced prosecution under the Computer Fraud and Abuse Act – the same statute used to prosecute Hammond – took his own life last year, after facing possible decades in prison for downloading academic journals from an MIT server. “The tech industry promised open access and democratization,” says Roy Singham, Swartz’s old boss and executive chairman of ThoughtWorks, a software company that advocates for social justice. “What we’ve given the world is surveillance and spying.” Singham says it’s “shameful” that “titans of the tech world” have not supported Hammond.

Following his first conviction for hacking, Hammond said, he struggled with returning to that life, but felt it was his responsibility. That decision ultimately lead to the Stratfor hack. “I had to ask myself, if Chelsea Manning fell into the abysmal nightmare of prison fighting for the truth, could I in good conscience do any less, if I was able?” he said, addressing the court. “I thought the best way to demonstrate solidarity was to continue the work of exposing and confronting corruption.”

Cyber-Activist Jeremy Hammond Sentenced to 10 Years In Prison, Rolling Stone, Nov. 15, 2013

How to Get Rid of Hacktivists: the approach of the United States

operation payback tweet

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd