Info-hactivism, 24 Aug 2011
From Driscollwiki
Info-hactivism
- Jack Lerner, Prof., USC Gould SChool of Law
- Nathan Hochman, Partner, Bingham McCutchen, LLP
- David Sarno, Tech reporter, LA Times
- Doug Thomas, Prof., ASCJ
- Chris Ridder, Partner, Ridder Costa & Johnston (?) LLP
This event seems to emphasize Wikileaks/"info liberation"
Thomas intro
Exploiting "gap" between using, being
- "Dirty little secret" == social engineering, "so much easier"
- Exploiting "anxiety"
"Delighting in embarrassing ppl w power"
- Identifying vulnerability (which they may understand as "hypocrisy")
Q: what would implications, outcomes be of google-down for a day?
- Would it be "catastrophic"? Or is it anticipated to be?
Ridder follow-up
In addition to liberating info, "retaliatory"/"defensive" actions
- Versus Sony after they pursued legal action against someone who "jailbroke" ps3
Sarno
Utility of "sub-dividing" hackers into different groups
- What are the different kinds/types?
Proposes two loose categories:
- Those who don't want their actions known
- Paid by others, industrial espionage
- "Most skilled," evidence of "covering their tracks"
- Those who act with the purpose of publicity
- DDoS using (in)voluntary botnets, Low Orbit Ion Cannon
- "Not hacking but more like vandalism, civil disobedience"
- The "low end" of hacking
In journalism: "No security system strong enough to prevent break-ins"
- Evidence? Response by security industry?
Sarno's categories = high/low hierarchy based on "skill"
- People using "prefab" are the "low end"
- "You don't have to know anything"
- "YouTube-ization", comparison to cinema
- Not "trained specialist" -- do self-trained specialists count?
Hochman "government perspective"
- Previously in Bush administration DoJ
- Federal prosecutor in LA
Government balance:
- Public safety
- "Government's primary function"
- First amendment
- "What we cherish the most"
Government doesn't "have the luxury of getting it wrong"
- 9/11 is the spectre that hangs over their heads
- Asking themselves: "[How many people] are gonna die on their watch?"
Example:
- BART police shot "knife-wielding" Hill
- Activists trying to disrupt services on BART
- Steep demands
- "Anonymous shows up", contrast Anonymous to "anonymity" of a mob/crowd
- Anonymous retrieved info on users of BART.org and BART officers' private info
- "What if... someone torched an uninvolved BART officer's house."
- BART shuts down cell network
Fundamental question for Hochman: "Where do you draw the line?"
- When is it OK to suppress communication technologies?
Thomas rebut
Does the availability of information "transform law-abiding people into terrorists"?
Or is concern built on the assumption that there are terrorists (latent terrorists?) for whom information is the trigger to violence?
Lerner rebut
Contrasting two hackerish scenarios:
- Releasing personal information
- Causing automated routing to fail
"Real world consequences"
Hochman 2nd round of hypotheticals
What if...
- Expert lockpick enters your home, gathers information from you, etc.
"Worship culture" regarding "modern-day safecracking"
- If they aren't "punished," "you might be the next target"
What is "media's role" publishing things they "didn't solicit"?
- Information that was "stolen" and "given"
Thomas "reframing"
Computer Fraud and Abuse Act of 1986
- Treats any invasion of a computer system like espionage
- "A pretty heavy stick"
Doesn't know a single case of a hacker that has gone to trial
- Always plea bargain
As a result, bad laws are rarely tested
- "All or nothing", either kids are "terrorists" or "heroes"
Balancing act is a core conflict of democracy
- Freedom/ Security
Lerner, Ridder, Hochman on relavant law
What are the available "legal tools"?
- Computer Fraud and Abuse Act of 1986
- Wiretap Act
- Wire fraud
- Espionage Act
- Trade secret
- Copyright
- Foreign Intelligence Surveillance Act (FISA)
Prior restraint and the Pentagon Papers
- Prior restraint impossible in the context of the net?
More likely scenario: What do you do after the info is leaked?
Atty General: spending half of his time was spent approving FISA warrants
When can the govt "hack"/"tap" citizen private communication? (Bureaucratic overview)
- FBI: Intercepting mail, bug, "trash search," undercover agent
- Three levels of FBI review
- Office of Enforcement Operations (OEO)
- 9 levels of oversight/approval gets 30 days approval
- Cost: minimum $50k, agents, translators, attys
- Point: high barrier to "legitimate" wiretapping
- Excepting national security
- FISA only applies to "a foreign group" on US soil
- A third process for national sec surveillance of US citizens
Lingering spectre: "the next 9/11"
- Powerful discursive tool
"If the check on the system is Wikileaks, it's not a very good check"
- People involved with leaked cables are no longer involved with govt service
- "99% ... you don't know about"
"Biggest protection" == systemic checks
- Challenge for citizenry involves trusting the government
Grand Jury subpoena
- Enforcement tool
- Approaching journalist who has leaked something critical to a govt investigation
- Judge can require journalist (or employer or ISP) to reveal the info
Sarno on subpoena, role of journalist
Hasn't been tested but believes he would protect the source
- "A principle of being a reporter"
Balance of harms
- What if I do publish this piece of information...?
- What if I don't publish...?
Anonymous "electronic dropbox"
- Erases the connection to the source, key principle of journalism
Thomas, privacy / secret
Where is the boundary drawn?
- Privacy, no one else's business
- Shouldn't be leaked
- Secret, other's have an interest
- May be appropriate
Comparison to True Threats
Ridder
- Trade secret is content-neutral, also not of public interest
- No news-worthiness exception to trade secret
- Free speech not activated
Sarno, on stolen documents in practice
Using illicit information/doc as a "seed" to grow a story around
