The U.S. government has justifiably taken a lot of heat for its relative silence regarding -- and occasional complicity in -- the human rights abuses committed by Hosni Mubarak's regime in Egypt. But it's worth highlighting an exception in a recently WikiLeaked November 2008 cable from the U.S. Embassy in Cairo, signed by Amb. Margaret Scobey, in which American diplomats did the right thing -- while Silicon Valley played it safe.

The cable concerns an Egyptian blogger whose name is redacted in the document, but who CNET thinks is most likely Wael Abbas, a celebrated dissident journalist whose efforts to distribute videos of human rights abuses by Egyptian authorities have in one case led to convictions of the perpetrators (and who, incidentally, was arrested on Friday in Cairo, though according to his Twitter feed he's since been released):

Prominent Egyptian blogger XXXXXXXXXXXXX, contacted us November 17 to report that YouTube removed from his website two videos exposing police abuses -- one of Sinai bedouin allegedly shot by police and thrown in a garbage dump during the past week's violence (ref A), and the other of a woman being tortured in a police station.  XXXXXXXXXXXXX told us that YouTube is also preventing XXXXXXXXXXXX from posting new videos, and asked us for assistance in urging YouTube to re-post his removed videos and reinstate his access to uploading new material.  XXXXXXXXXXXXX said XXXXXXXXXXXXXX has tried to contact Google, but has not received a response.

The cable notes that the same thing happened to the blogger the previous year -- which again suggests that the blogger in question is Abbas, who had his YouTube access restored in December 2007 after getting kicked off for posting videos of Egyptian police brutality. At the time, YouTube explained in a statement that the company's general policy banned videos depicting graphic violence, but that "Having reviewed the case, we have restored the account of Egyptian blogger Wael Abbas -- and if he chooses to upload the video again with sufficient context so that users can understand his important message we will of course leave it on the site."

While the incident was widely reported at the time, there was no mention of any involvement of the State Department in YouTube's decision. But the 2008 cable notes:

In December 2007, DRL [State's Bureau of Democracy, Human Rights, and Labor] and Embassy Cairo worked to convince Google [which owns YouTube] to restore XXXXXXXXXXXXX' YouTube access after a similar incident. We believe that a similar Department intervention with Google representatives could help in restoring XXXXXXXXXXXXX' access again. XXXXXXXXXXXXis an influential blogger and human rights activist, and we want to do everything we can to assist him in exposing police abuse.

A YouTube spokeswoman wouldn't confirm or deny the cable's account of the two incidents, saying in an emailed statement that "In order to protect the privacy of our users, we do not comment on actions taken on individual videos or accounts."

Britain's New Statesman has an interview with Julian Assange in its new issue out tomorrow, and the magazine is teasing a few excerpts from it today. While there's no love lost between the WikiLeaks founder and the U.S. government -- which is still trying to figure out how to extradite and charge him -- Assange says that China, not the United States, is his true "technological enemy":

China has aggressive and sophisticated interception technology that places itself between every reader inside China and every information source outside China. We've been fighting a running battle to make sure we can get information through, and there are now all sorts of ways Chinese readers can get on to our site.

Asked about his relationship with alleged document source Bradley Manning -- whose interactions or lack thereof with Assange prior to Manning's acquisition of the State Department documents is central to the question of whether the U.S. government has a case against the Australian hacker -- Assange says that "I'd never heard his name before it was published in the press," adding that "WikiLeaks technology was designed from the very beginning to make sure that we never knew the identities or names of the people submitting material."

Assange also claims to have State Department documents concerning the parent company of his media bête noire Fox News, telling the New Statesman's John Pilger that "There are 504 US embassy cables on one broadcasting organisation and there are cables on [Rupert] Murdoch and News Corp."

Sweden's Pirate party has been a key supporter of WikiLeaks throughout its recent travails. In August, the party, which is dedicated to the repeal of copyright laws and electronic privacy, agreed to host WikiLeaks on its servers. This month, the party's Swiss branch registered WikiLeaks' new URL after it lost its .org address. 

But the Pirate Party is also the subject of some of the cables. One, from shortly after Sweden's 2009 EU elections, comes with the attention-grabbing subject line, "Aargh! Swedish Pirates Set Sail for Brussels":

The big winner was the Pirate Party -- which campaigned on reformation of copyright and patent law and opposition to a wiretapping law proposed by the Swedish security services. The Pirates secured a whopping 7.1% and one seat in Parliament. The party, founded in January 2006, attracted young voters angry over the guilty verdict in the Pirate Bay trial, the unpopular EU Ipred directive, and new national laws criminalizing file sharing and authorizing monitoring of emails. The party has not yet announced what EP party group it would like to belong to, and the current thinking espoused by Pirates is that the classic political right-left scale is outdated. Rather, the Pirates see themselves as an historic movement analogous to working-class and the green movements. The party is now looking to negotiate with both the liberal ALDE group and the Greens/EFA group.

4. A side effect of the Pirates' success is that it most likely reduced the chances for the far-right nationalist Sweden Democrats to gain representation in the EP. The Pirates have some of the same voter base -- young men with mistrust for politicians. Although the Sweden Democrats tripled their results to 3.3%, up from 1.1% in 2004, they remain below the threshold for representation in either the EP or Swedish Parliament. In any case, the Pirate's landslide among younger voters caught the attention of the larger parties, our contacts tell us, who are now scrambling to come up with policies to woo the youth back to the mainstream.

Not sure I quite buy that the Pirates and the Sweden Democrats share a political base. "Young men with mistrust for politicians" is a pretty broad category. In another cable, Sweden's deputy prime minister also cites the Pirate Party's success as proof that young voters "do not trust us."

I'm hardly an expert on Swedish political movements, but I find it a little odd that the emphasis here seems to be on young Swedes' distrust for the political establishment, rather than support for the Pirate Party's stated goal of reforming copyright laws and legalizing filesharing. Sounds like a winning formula for getting out the youth vote to me.  

After I found one of my earlier FP blog posts quoted in an Anonymous press-release, I thought that I need to clarify my position. Here is my piece for Slate where I attempt to do just that. (Warning: some light political philosophy ahead).

The crux of my argument is that there are certain conditions, which, if met, could make DDoS attacks a form of civil disobedience. However, the case of Anonymous doesn't meet all of them, mostly because the Anonymous attackers don't want to take legal responsibility for their actions.

The part of my original blog post quoted in the press-release -- the one that mentioned DDoS as a "legitimate expression of dissent" -- is not at all ambiguous: what I was suggesting is that the actions of Anonymous would not be interpreted as such by the U.S. media/political circles and may thus result in more control over the Internet by the governments and complete de-legitimization of DDoS attacks as civil disobedience. So I was surprised that Anonymous took those words somewhat out of context and used them to imply that I actually viewed their acts as "legitimate"; I did not. This, however, does not mean that I view all DDoS attacks as illegitimate!

So let me just repeat this once again:

1. To understand whether DDoS attacks can be viewed as civil disobedience, we need to examine the context in which they occur.

2. As far as I can judge the context of the Anonymous case, they failed the test (for more on the specifics of the test, see my Slate piece; I rely on John Rawls's views on civil disobedience n his A Theory of Justice).

3. Operation Payback and its successors may, indeed, harm the causes of Internet freedom but this is NOT what makes them illegitimate.

There is a vibrant debate about DDoS as a legitimate expression of dissent in the blogosphere -- see this excellent summary of positions at TechPresident and this blog post by Deanna Zandt. There is an interesting comment by Ethan Zuckerman in response to Deanna's original blog post that I would like to examine a big more closely.

In short, Ethan is arguing that DDoS attacks are increasingly used to silence down independent publishers; they don't have the same resources as MasterCard or PayPal to deal with them; as a result, for them DDoS causes real rather than just temporary damage; Operation Payback has given DDoS as-a-silencing-tactic a lot of PR; and, finally -- and I am really putting words into Ethan's mouth here -- Anonymous and others should consider the consequences of their actions for others.

As much as I would like to agree with Ethan, I am not sure I am buying the (rather implicit) prescriptive part of his argument. First, it seems to conflate the issues of legitimacy and efficacy -- something that I explicitly caution against in my Slate piece. I'm strongly opposed to making efficacy a factor in evaluating the morality of particular DDoS attacks, not least because efficacy is too fickle of a concept and tends to undervalue the deterrence value of civil disobedience.

How do we know that the reason why Facebook and Twitter still have not removed WikiLeaks' account was not because they feared DDoS retaliation from Anonymous? Of course, it's much easier to measure the costs -- greater crackdown on the Internet, more NSA types in 4chan chatrooms, etc -- but it's not so easy to measure the benefits; will PayPal be as forceful in freezing the funds when it comes to the next WikiLeaks? We simply don't know -- but I'd venture to suggest that the attacks have probably had some impact on corporate decision-making.

This is not to suggest that we shouldn't try to assess the efficacy of DDoS but only to suggest that tying it to legitimacy seems misguided. That an entity like Anonymous has a good moral reason to act on something does not mean that they should necessarily act on it. In the end, it all boils down to good judgment -- and this is where wise Internet intellectuals should step in and theorize about potential fall-outs, crackdowns and what not, so that any of us can make the right (for us) call on whether to join the DDoS effort.

The other thing that bothers me about Ethan's comment is that it doesn't really make an effort to reconcile my right to protest injustice by engaging in acts of civil disobedience (forget Anonymous, we are talking abstract DDoS which doesn't fail the test) with some independent web-site's right to publish what they want and when they want online. (Remember: the theory at play here is that as DDoS get popular/mainstream, this would result in more attacks across the board, thus having a very negative impact on independent/poor publishers).

Is it really always the case that I shouldn't engage in DDoS to right some moral wrongs just because this may potentially make it harder for some third-party to conduct their affairs? I can think of conditions when this would be the case -- but critics of DDoS as civil disobedience need to spell out those conditions in great detail before they assume a particular resolution of competing claims. I can, for example, also think of conditions where my right to protest an injustice might trump a third-party's right to publish.

Otherwise, we end up with very simplistic moral and ethical frameworks where all attacks are presumed to be good or bad simply because of the intrinsic qualities of DDoS. This is an outlook that I reject as technology-centrism (in The Net Delusion, I am actually very critical of a similar tendency in "Internet freedom studies," where the assumptions about the Internet's inner logic seem to outweigh the assumptions about the context in which it manifests itself).

Unfortunately, I can't sign up to Ethan's call -- "Just don't give moral and ethical air cover to the bastards who are using DDoS to silence sites for whom a DDoS is a shut down, not a sit in" because "giving moral and ethical cover to bastards" is often the unfortunate result of allowing those who are NOT bastards to act in morally justifiable ways (as opposed to ways recommended by the estimable Berkman Center).

Until we hear some cogent arguments as to why the possibility of digital shutdowns should always prevent us from participating digital sit-ins, I would like to urge more caution on this subject. My own guess these arguments would never work in the abstract and would still need to be evaluated on a case-by-case basis in the particular contexts they are set in. Which, to return to my original post, was my whole point: we shouldn't prejudge DDoS to be "good" or "bad" simply because it's illegal or because it is "DDoS."

p.s. plenty of folks -- check comments to Deanna Zandt's post -- suggest that there are better, more constructive ways to express one's solidarity with WikiLeaks or one's indignation with the companies that dumped it. Sure, there are. However, most of the "constructive" activities mentioned in the comments are fully legal and thus do not meet the definition of "civil disobedience," which presumes a breach of law. So, once again, this is the question of efficacy, not legitimacy.

The current chapter in the WikiLeaks saga has finally forced me to come out of my blogging semi-retirement! While I'm still trying to make sense of everything that has happened in the last ten days, here are some analytical notes on Anonymous and the challenges facing the Obama administration as it mulls an appropriate response to WikiLeaks.

The impact of the recent wave of cyber-attacks launched by Anonymous on a handful of companies that dropped WikiLeaks as their client -- Amazon, EveryDNS, MasterCard, Visa and others -- is hard to gauge. I'm certain these attacks won't make any of these firms to reconsider, strike peace with WikiLeaks, and offer them some vouchers in compensation. But could the attacks serve as a deterrent to other firms that have been considering dropping WikiLeaks?

Perhaps -- but I don't know how many such companies there are. Right now, WikiLeaks is heavily dependent on Twitter and Facebook as their primary channels for external communications; it's these two firms that need to be watched most closely. (I don't expect many people to call on Google to remove WikiLeaks from its search results -- but let's wait and see...) So far, both Twitter and Facebook have been taking rather bold steps: they declined to stop doing business with WikiLeaks and actually removed the accounts of Anonymous (alas with little success, as new accounts were created within minutes). It's clear that should these two companies succumb to pressure and part with WikiLeaks this would result in a major online backlash.

Now, the fact that Anonymous chose to go after Visa and MasterCard has created all sorts of other challenging issues. While the attacks targeted only the public web-sites of these companies -- rather than the underlying infrastructure that allows card transactions to be processed -- such subtleties are likely to get lost in the public debate. As far as policymakers are concerned, these attacks would be viewed as striking at the very of the global economy (even if they obviously aren't in reality). It's still not clear to me whether any credit card data has been leaked or compromised as a result of such attacks, even though Anonymous posted some links to such data on their Twitter feed. This too won't matter, as most people would assume that data has, in fact, been stolen.

I seriously doubt that U.S. authorities would be able to effectively go after Anonymous, in part because there are too many people involved, they are scattered all over the globe, and attributing cyber-attacks to them would be impossible (and would surely require reading a lot of chat transcripts from IRC). The only other possible policy response at their disposal is to make it easier to trace such attacks in the future -- most likely by empowering the likes of NSA/Cyber Command. I would imagine that after the current cyber-attacks on credit card companies -- even if they didn't cause much damage -- this would enjoy bipartisan support in the United States.

As far as long-term developments are concerned, I think that much depends on whether the WikiLeaks saga would continue being a debate about freedom of expression, government transparency or whistle-blowing or whether it would become a nearly-paranoid debate about the risks to national security. Anonymous is playing with fire, for they risk tipping the balance towards the latter interpretation -- and all the policy levers that come with it.

That said, I don't think that their attacks are necessarily illegal or immoral. As long as they don't break into other people's computers, launching DDoS should not be treated as a crime by default; we have to think about the particular circumstances in which such attacks are launched and their targets. I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don't criminalize all sit-ins, I don't think we should aim at criminalizing all DDoS.

I can spend hours debating this subject but, in short, while Anonymous' actions may result in greater government oversight of the Internet, they are not necessarily illegal or immoral just because they involve DDoS attacks. The danger here is obviously that if the narrative suddenly becomes dominated by national security concerns, we can forget about DDoS as legitimate means of expression dissent -- that possibility would be closed, as they would be criminalized.

What is the impact of these attacks on WikiLeaks? The organization has been silent about its own relationship to Anonymous -- I didn't see any tweets, let alone press-releases, that either spoke out against or in favor of cyber-attacks. As far as strategy is concerned, I think it's a big mistake for WikiLeaks to stay silent on the issue. In the absence of any statements from their end, most people -- especially those who have never heard of Anonymous before -- would assume that they are part of the same hacker gang. (Sarah Palin seem to have implied as much when she accused WikiLeaks about attacking her site).

That WikiLeaks chose not to address this issue publicly suggests that the organization is either overstretched or has not yet reached a level of maturity that some of us expect from it before expressing our unqualified support for what they do. As long as most people link WikiLeaks to the cyber-attacks on credit card companies, it's a net loss for WikiLeaks. It would also make it easier for certain cyber-hawks in Washington to justify classifying them as a "terrorist" organization -- at least whenever they appear on Fox News. Arguably, this is not a battle they can win with facts anyway -- but they should at least be leaving some public record of their stance on such issues. I'm also not sure about the overstretching argument: I'm sure plenty of smart people would volunteer to do PR for WikiLeaks for free...

All in all, if the public continues to associate WikiLeaks with hacking and cyber-attacks -- rather than, say, providing a safe platform for whistleblowers -- this will greatly erode the goodwill that WikiLeaks has built over the course of the last few months by increasing their cooperation with media organizations and NGOs. That "normalization by third parties" allayed the concerns of many -- but cyber-attacks may once again seed doubt in many people's minds.

Looking beyond Anonymous, I'd like to note that when it comes to crafting an appropriate response to WikiLeaks, the Obama administration is in a very delicate position. On the one hand, the domestic pressure to do something about WikiLeaks is growing -- and it will get even worse, as Anonymous continues its attacks and adds more political targets to their list (and I'm sure they will as there is some vicious circle at play here: the more attacks they launch, the more people condemn WikiLeaks, the more new targets Anonymous has). On the other hand, it's obvious that going after WikiLeaks would put the final nails in the coffin of the State Department's Internet Freedom Agenda, which is the most obvious victim of the last ten days.

I have always had mixed feelings about this Internet Freedom drive. While I think it's misguided and led by highfalutin techno-boosters unaware of the geopolitical background to their own actions, it's also obvious to me that there is some good that may come out of the U.S. government's interest in such matters -- for example, the support they offered to tools like Tor has been most appreciated. (That support, however, predated the formation of the Internet Freedom Agenda as articulated by Clinton in January 2010).

The real question here is whether, as the public attitudes towards tools like Tor -- which provide the very anonymity that benefits leakers -- quickly turn negative, the State Department and agencies like the National Endowment for Democracy would lose the ability to fund anything in this space. It's also not clear to me whether many of the geeks associated with the "Internet freedom" movement would feel comfortable taking money from the U.S. government, given that the latter are actively pursuing people like Assange.

I think this partly explains why the U.S. government has been so slow/low I key in lashing out against WikiLeaks, leaving the rhetorical heavy-lifting to populists like Sarah Palin, Rush Limbaugh and Joe Lieberman. Leaving in their hands also means abandoning control of the conversation; so far, it seems to me that such approach has been quite detrimental.

For example, many foreign politicians are already calling on Washington's duplicity and lack of media freedoms and disrespect of human rights -- all because Glenn Beck and Sarah Palin said something radical. As far as most foreign audiences are concerned, few draw distinctions between the elected officials, those in the opposition, and the punditry -- they are all part of "Washington"; so whatever the radicals says would, of course, eventually be associated with the White House and the State Department. I don't know how long the administration can afford to stay on the sidelines of this debate.

Another possible unfortunate consequence of the current backlash is that more U.S. government funding would go to tools that don't provide full anonymity but that still allow to circumvent censorship in authoritarian states. These are the tools developed by the Falun Gong technologists who already enjoy vast support from various neocon interest groups in Washington.

This would be most unfortunate and would further alienate geeks from policymakers, as Falun Gong tools are less effective and, well, they don't provide much security at all. This would only further reveal the duplicitous nature of Washington's Internet Freedom Agenda: it will seem as if all they want to promote is the ability to break through China's firewall -- but not the ability to say and publish what one wants without attribution. Many people in the State Department are not very keen on the Falun Gong crowd either, so I can't imagine that they would be interested in highlighting such issues (and yes, I know that State Dept is not monolithic but getting into internal squabbling inside Foggy Bottom would add another page or two to this post!).

I hope to post more analysis soon! In the meantime, make sure to check my Twitter feed, where I do post occasional observations and share links about WikiLeaks.

Update #1: There is now a statement on Anonymous/DDoS posted on WikiLeaks' site. They distance themselves from the attack -- which is good -- but don't really say what they feel about it (which is not so good...)