Development (4:10 PM CST): The State Department has been in contact with Twitter to make sure that the service remained available for protestors in Iran. (reuters)
Last Friday, Twitter started to digest the Iranian election results, and the tool became a powerful vehicle for protest and coordination for student protestors within Iran and interested parties outside the country. American Twitterers used the power of the medium to push our own media machine to increase coverage of the story via #CNNFail and #iranelection, and several dedicated observers did some important work to create proxies allowing the Iranian opposition to circumvent network restrictions. While it is amazing to see individuals using technologies such as Twitter to sidestep repressive government censorship, Twitter has also made it easier for observers, a world away, to become active participants in an unfamiliar political system at times taking vigilante action against the server infrastructure of a nation-state.
Figure: Graph of #iranelection from Twist.
Like many of you, I am not familiar with the nuance and context of much of what is happening, but, like other observers, you can’t watch peaceful student protestors mowed down by a phalanx of motorcycles and not feel some sympathy. I certainly don’t know what to make of the complex political questions involved in this election. As a technologist, I’m really very focused on the idea that technology can provide a mechanism for the oppressed to circumvent oppressive regimes. It doesn’t matter if I agree with the platform of Moussavi, I resonate with Tom Watson’s “The Revolution Will NOT Be Twittered” article. This is not my presidential election.
That being said, I do think that peer-to-peer, real-time communications media like Twitter are making it increasingly difficult to control the flow of information. Technology enabled something that would have otherwise been impossible, and we will continue to see more and more situations where technology neutralizes repression. “The cat is out of the bag.” I might not be a Moussavi supporter, but I support the rights of peaceful protesters anywhere to text one another, to speak freely, to demonstrate, and to communicate with the outside world. If you are a repressive regime, there are fewer and fewer ways for you to control the flow of information. We’re moving closer to Pesce’s world where hyperconnectivity begets hypermimesis begets hyperempowerment.
Operation Ajax (it had nothing to do with XMLHttpRequest)
One of the things to keep in mind about the current protests is how technology was used in the 1953 coup which was called Operation AJAX. Operation Ajax was the CIA’s first covert operation against a foreign government. Organized with MI6 in 1953, this coup overthrew the existing government and installed a monarchy which lasted until the Islamic Revolution in 1979. You can read about the historical context on Wikipedia, but one of the interesting technological facts about the coup in ’53 is that the “go code” for the coup was transmitted over a new technology – the BBC. In fact, if you pay attention to the Iranian election twitters, you’ll notice that there are some references to “53”: “this feels like ’53”. This is important because one of the themes that emerged in Twitter was the idea that interested Western observers should “support” the revolution by engaging in collective denial of service attacks against Iranian government infrastructure.
Power to the People or A New Operation AJAX?
From TechPresident, Nancy Scola first reported that “Josh Koster of the DC-based political firm Chong and Koster, along with others, has been attempting to crash www.IRIB.ir” using a web application called Page Reboot. Users show up at Page Reboot from a link that directs a browser to continuously reload a page, and such a service can be used to coordinate a Denial of Service attack. On Twitter, many heralded this as a free, “legal” way to shut down the Iranian Government’s information ministry.
It is easy to click on that link and participate in cross-border activism, but before you click that link, there are some interesting questions you should consider. I don’t intend to pass judgement on such action, just to raise some questions about private, cross-border activism.
Private Action Against a Nation-State?
By engaging in a coordinated DDOS against Iranian infrastructure, are you taking part in a private attack against a foreign government? Are you comfortable with the idea of citizens of other countries such as Russia engaging in similar actions in last year’s Georgian conflict? While it feels exhilarating to take part in such action, the fact that citizen actors can engage in such attacks might make it all the more likely that nation-states (including our own) will start to place restrictions on which traffic can cross a particular political border. On an Internet that is ruled by collective action, it feels odd to raise these questions, but it is essential to start the discussion. Is the use of network disruption something that you feel comfortable with? What if the tables were turned?
Are we comfortable with the idea of private citizens using private networks to engage in network “warfare”? By doing so, do we make our civilian network infrastructure a valid target to an adversary? What risks are associated with a group of private citizens sending an unintended message to a potential adversary in the form of a coordinated network disruption?
Violating the Law: Breaking a EULA
When you participate in a coordinated DDOS attack, are you sure that you are not violating the private agreements that cover your access to the Internet itself? While we tend to equate the Internet with free and unrestricted discourse and debate, many of us connect to the Internet via private networks covered by draconian End-User License Agreements. While the legality of coordinated clicks may be up for debate, the fact that it violates the various EULAs you’ve agree to is not. Here’s an excerpt from Comcast’s Terms of Service which (surprisingly) states that you need to not only comply with US laws but other non-US laws which govern your use of the Internet:
[you agree not to] undertake or accomplish any unlawful purpose. This includes, but is not limited to, posting, storing, transmitting or disseminating information…which in any way constitutes or encourages conduct that would constitute a criminal offense, or otherwise violate any local, state, federal, or non-U.S. law, order, or regulation;
By using my Comcast Cable Modem to connect to the Internet, I’ve agreed not to encourage conduct that would violate non-U.S. law. What does this mean in this context? If I retweet someone’s call to participate in a DDOS, am I in violation of this EULA? Check your own EULA for Internet service, and I’m sure you’ll find similar clauses.
Inadvertently Reinforcing Paranoia
One assumes that the protestors are hoping that non-violent protests will inspire a positive reaction from the government they are petitioning. Does broad US participation in a distributed denial of service attack against Iranian government infrastructure legitimize the paranoia and fear that the current regime seems to thrive upon? Most people clicking on PageReboot links distributed via Twitter are not thinking about ’53 coup and the ’79 revolution. Are DDOS participants activating the Iranian leadership’s memory of an earlier time when a government was overthrown with the aid of a new communications technology? If a bunch of Americans start launching “attacks” against Iranian infrastructure, is it going to make it easier for someone to say that the student protestors are clearly aligned with foreign agents?
Thinking about this in terms of Pesce’s work, we’ve entered into a world in which the individual has an unprecedented amount of power. Together, groups of people can take collective action to affect outcome of conflicts a world away. I’m not suggesting that Twitter made the difference on the streets of Tehran, but everyone seems to be in agreement that it did have some effect.