Skip to main content
SpringerLink
Log in

Contemporary Norms and Law and Hacktivism

  • Chapter
  • First Online:
Living With Hacktivism

Part of the book series: Palgrave Studies in Cybercrime and Cybersecurity ((PSCYBER))

Abstract

This chapter focuses on the socio-political norms and the legislation that relate to cybercrime and hacktivism more particularly and dictate how hacktivism is dealt with currently in the USA and the UK. This chapter discusses the predominance of command and control policies that prioritise security and risk minimisation norms. Furthermore, it assesses how recent socio-political developments, media influences, and cybersecurity experts maintain and exacerbate such a framework and how this impacts on hacktivism as a cybercrime-related, contestational political practice. The discussion then moves to analyse the current legislative framework regarding cybercrime and cyberterrorism in the USA and the UK. It offers examples of how such legislation applies and has been applied to hacktivist actions and highlights the concerns that legislative broadness, vagueness, and punitiveness can entail for hacktivists. This chapter essentially provides a first-level critique of the current responses to hacktivist incidents in order to prepare the ground for offering an alternative rationale that moves away from the conflict-based model that currently is predominant into a more symbiotic framework of action.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.00
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Mark E. DeForrest, ‘Civil Disobedience: Its Nature and Role in the American Legal Landscape’ (1998) 33 Gonzaga Law Review 653, 654.

  2. 2.

    Juergen Habermas and Martha Calhoun, ‘Right and Violence: A German Trauma’ (1985) 1 Cultural Critique 125, 137.

  3. 3.

    Joseph Raz, The Authority of Law: Essays on Law and Morality (Oxford University Press, Oxford 1979); Raz (n 72) 236–237.

  4. 4.

    Noah Hampson, ‘Hacktivism: A New Breed of Protest in a Networked World’ (2012) 35 Boston College International & Comparative Law Review 511, 531–532.

  5. 5.

    See Habermas and Calhoun (n 2) 127–129; Stuart M. Brown Jr, ‘Civil Disobedience’ (1961) 58 The Journal of Philosophy 669, 672; For hacktivism, see Dorothy Denning, ‘Hacktivism: An Emerging Threat to Diplomacy’ (2000) 77 Foreign Service Journal 43; for recent anonymous virtual sit-ins being considered anarchist or terrorist acts, see Crosstalk, ‘From Hacktivism to Wikiwarfare’ (RT, 17 December 2010) http://www.youtube.com/watch?v=mFJa9RHAfOk; Tim Black, ‘Hacktivism: The Poison Gas of Cyberspace’ (Spiked-Online, 14 December 2010) http://www.spiked-online.com/newsite/article/10001#.Wl3fMq5l9hE.

  6. 6.

    For decentralised regulation, see, for example, Clifford Shearing and Jennifer Wood, ‘Nodal Governance, Democracy, and the New “Denizens”’ (2003) 30 Journal of Law and Society 400; Julia Black, ‘Decentring Regulation: Understanding the Role of Regulation and Self-Regulation in a “Post-Regulatory” World’ (2001) 54 Current Legal Problems 103; John Braithwaite, Restorative Justice and Responsive Regulation (Oxford University Press, Oxford 2002); for cyberspace, multi-actor regulation, see Lawrence Lessig, Code v.2.0 (Basic Books, New York 2006); Henry H. Perritt Jr, ‘Towards a Hybrid Regulatory Scheme for the Internet’ (2001) 2001 The University of Chicago Legal Forum 215; Joel R. Reidenberg, ‘Technology and Internet Jurisdiction’ (2004) 153 University of Pennsylvania Law Review 1951.

  7. 7.

    Julia Black, ‘Proceduralisation and Polycentric Regulation’ (2005) Especial 1 RevistaDIREITOGV http://direitogv.fgv.br/sites/direitogv.fgv.br/files/rdgv_esp01_p099_130.pdf, 102.

  8. 8.

    Black has identified some of the most common problems for state-based regulation. She argues that law can be poorly targeted or too unsophisticated to deal with complex problems (instrument failure), there can be insufficient knowledge on behalf of state actors involved in identifying the causes of problems and generating solutions or identifying non-compliance (information and knowledge failure), and also inadequate implementation of the designated measures (implementation failure). Black, ‘Proceduralisation and Polycentric Regulation’ (n 7) 102; Julia Black, ‘Critical Reflections on Regulation’ (2002) 27 Australian Journal of Legal Philosophy 1, 2.

  9. 9.

    John Palfrey, ‘Four Phases of Internet Regulation’ (2010) Social Research 77/3 981 http://cyber.law.harvard.edu/publications.

  10. 10.

    Zygmunt Bauman, Modernity and Ambivalence (Polity Press, Cambridge 1991) 4; David Garland, The Culture of Control: Crime and Social Order in Contemporary Society (Oxford University Press, Oxford 2001).

  11. 11.

    Garland (n 10); Michael McGuire, Hypercrime: The New Geometry of Harm (Routledge Cavendish, Oxford 2007) 32; Jonathan Simon, Governing through Crime (Oxford University Press, Oxford 2007) 4; Barbara Hudson, Justice in the Risk Society: Challenging and Re-Affirming Justice in Late Modernity (Sage Publications, London 2003) 43–45, 49–50.

  12. 12.

    Cass R. Sunstein, Laws of Fear: Beyond the Precautionary Principle (Cambridge University Press, Cambridge 2005) 4, 15, 18, 21.

  13. 13.

    Garland (n 10) 18–19; Manuel Castells, Communication Power (Oxford University Press, Oxford 2009) 28–29.

  14. 14.

    Lucia Zedner, ‘Pre-Crime and Post-Criminology?’ (2007) 11 Theoretical Criminology 261, 265.

  15. 15.

    Security contractors have an interest in the intensification of security concerns and, thus, the need for security measures they offer. Moreover, governments increase their popularity by appearing strict and supportive of order and elimination of risk (ibid).

  16. 16.

    Naomi Klein, The Shock Doctrine (Penguin Books, London 2007).

  17. 17.

    Zedner, Security (Routledge, New York 2009) 117.

  18. 18.

    Johan Eriksson and Giampiero Giacomello, ‘The Information Revolution, Security, and International Relations: (Ir) Relevant Theory?’ (2006) 27 International Political Science Review 221, 222–224.

  19. 19.

    Garland (n 10) 134; Alex Callinicos, ‘The Anti-Capitalist Movement after Genoa and New York’ in Stanley Arownowitz and Heather Gautney (eds), Implicating Empire: Globalization and Resistance in the 21st Century World Order (Basic Books, New York 2003) 133, 140–141; Giorgio Agamben, Means without End: Notes on Politics (University of Minnesota Press, Minneapolis 2000) 6–7.

  20. 20.

    Simon (n 11) 275.

  21. 21.

    Dr Maximilian Forte, ‘Is “Virtual” Activism Not “Real” Activism’ (Cyberspace Ethnography: Political Activism and the Internet Blog, 29 January 2010) http://webography.wordpress.com/2010/01/29/is-virtual-activism-not-real-activism/; as Castronova has shown, even Internet role-playing games can have serious cultural and economic implications for real-world economies. See Edward Castronova, Synthetic Worlds: The Business and Culture of Online Games (University of Chicago Press, Chicago 2005).

  22. 22.

    Majid Yar, ‘Public Perceptions and Public Opinion About Internet Crime’ in Yvonne Jewkes and Majid Yar (eds), Handbook of Internet Crime (Willand Publishing, Devon 2010) 104–119, 106–107.

  23. 23.

    Wendy Holloway and Tony Jefferson, ‘The Risk Society in an Age of Anxiety: Situating Fear of Crime’ (1997) 48 The British Journal of Sociology 255, 260; Garland (n 10) 108–109; David Wall, Cybercrime: The Transformation of Crime in the Information Age (Polity Press, Cambridge 2007) 16.

  24. 24.

    Joshua B. Hill and Nancy E. Marion, ‘Presidential Rhetoric and Cybercrime: Tangible and Symbolic Policy Statements’ (2016) 17 Criminology, Criminal Justice, Law & Society 1–17.

  25. 25.

    Verizon, ‘2011 Was the Year of the “‘Hacktivist,” according to the Verizon 2012 Data Breach Investigations Report’ (Verizon, 2012) http://newscenter.verizon.com/press-releases/verizon/2012/2011-was-the-year-of-the.html; Verizon focuses more on data breaches and information thefts rather than on more symbolically expressive tactics and, thus, manages to portray hacktivism normatively as a cybersecurity threat.

    The FBI highlighted hacktivism as a very important issue for security. Marcos Colon, ‘RSA Conference 2012: Hacktivism Forcing Organizations to Look Inward’ (SC Magazine, 29 June 2017) http://www.scmagazine.com/rsa-conference-2012-hacktivism-forcing-organizations-to-look-inward/article/230051/; Sophos security also named 2011 the year of the hacktivist to reflect the change in motives for cybersecurity breaches from purely criminal to more political. Sophos, ‘Security Threat Report 2012’ (Sophos, 2012) https://www.sophos.com/en-us/press-office/press-releases/2012/01/security-threat-report-2012.aspx.

  26. 26.

    McGuire (n 11) 94–95; for example, the Department of Homeland Security has defined critical infrastructure as ‘the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.’ United States Department of Homeland Security, ‘What Is Critical Infrastructure?’ (undated) http://www.dhs.gov/what-critical-infrastructure; for the UK, the UK’s national infrastructure is defined by the Government as ‘those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends.’ Centre for the Protection of National Infrastructure ‘The National Infrastructure’ http://www.cpni.gov.uk/about/cni/.

  27. 27.

    See Graham Meikle, ‘Electronic Civil Disobedience and Symbolic Power’ in Athina Karatzogianni (ed), Cyberconflicts and Global Politics (Routledge, London 2009) 184–185; the fear of crackdowns is also reflected in the views expressed by various activists and Internet freedom groups, who find that legal developments even from the beginning of 2000 would have a serious impact on the treatment of online activism. See The Electrohippies Collective, ‘Cyberlaw UK: Civil Rights and Protest on the Internet’ ( iwar.org , 2000) http://www.iwar.org.uk/hackers/resources/electrohippies-collective/comm-2000-12.pdf; Electronic Frontier Foundation, ‘Letter to Governor Pataki’ (Electronic Frontier Foundation, 12 March 2003) https://w2.eff.org/Privacy/TIA/20030314_letter_to_pataki.php.

  28. 28.

    Meikle (n 27) 179.

  29. 29.

    Alexandra W. Samuel, ‘Hacktivism and the Future of Political Participation’ (DPhil Thesis, Harvard University 2004) 243.

  30. 30.

    DJNZ and The Action Tool Development Group of the Electrohippies Collective, ‘Client-Side Distributed Denial-of-Service: Valid Campaign Tactic or Terrorist Act?’ (2001) 34 Leonardo 269, 269.

  31. 31.

    Andrew Couts, ‘US Gov’t Ramps up Anti-Anonymous Rhetoric, Warns of Power Grid Take-Down’ (Digital Trends) https://www.digitaltrends.com/web/us-govt-ramps-up-anti-anonymous-rhetoric-warns-of-power-grid-take-down/.

  32. 32.

    Holloway and Jefferson (n 23) 260.

  33. 33.

    Garland (n 10) 135.

  34. 34.

    Simon (n 11).

  35. 35.

    Sara S. Beale, ‘What’s Law Got to Do with It? The Political, Social, Psychological and Non-Legal Factors Influencing the Development of (Federal) Criminal Law’ (1997) 1 Buffalo Criminal Law Review 23, 49; Garland (n 10) 7.

  36. 36.

    Lucia Zedner, ‘Securing Liberty in the Face of Terror: Reflections from Criminal Justice’ (2005) 32 Journal of Law and Society 507, 513.

  37. 37.

    See Giovanna Borradori, Philosophy in a Time of Terror: Dialogues with Jürgen Habermas and Jacques Derrida (University of Chicago Press, Chicago 2003) 40–41.

  38. 38.

    Katja F. Aas, Globalization & Crime (Sage Publications, London 2007) 164, 167; Wall (n 23) 16.

  39. 39.

    Ohm Paul, ‘The Myth of the Superuser: Fear, Risk, and Harm Online’ (2008) 41 University of California Davis Law Review 1327.

  40. 40.

    Ian Walden, Computer Crimes and Digital Investigations (Oxford University Press, New York 2007) 62, 66; McGuire (n 11) 94.

  41. 41.

    Kristin Finklea and Catherine Theohary, ‘CRS Report for Congress: Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement’ (Congressional Research Service, 2013) http://www.fas.org/sgp/crs/misc/R42547.pdf; Meikle (n 27) 184–185.

  42. 42.

    Skibell (n 41) 921.

  43. 43.

    David M. Zlotnick, ‘The War within the War on Crime: The Congressional Assault on Judicial Sentencing Discretion’ (2004) 57 South Methodist University Law Review 211, 247.

  44. 44.

    Castells, Communication Power (n 13) 89, 424; Beale, ‘What’s Law Got to Do with It?’ (n 35) 44–46; Wall (n 23) 15.

  45. 45.

    Adam G. Klein, ‘Vigilante Media: Unveiling Anonymous and the Hacktivist Persona in the Global Press’ 82 Communication Monographs 3, 384–385.

  46. 46.

    Media increase the salience of certain sociopolitical issues by projecting these more intensely and, thus, set social agenda priorities. Subsequently, they prime audiences to believe in the increased importance of those social issues. ‘Priming’ is based on ‘cognitive accessibility’ theory, which supports that when people make judgements they employ shortcuts in the subconscious that make use of the most mentally accessible information, which is recently acquired, commonly employed, or sensational. Sara S. Beale, ‘The News Media’s Influence on Criminal Justice Policy: How Market-Driven News Promotes Punitiveness’ (2006) 48 William & Mary Law Review 397, 441–444.

  47. 47.

    Aas (n 38) 155; McGuire (n 11) 89–90; Marcus J. Ranum, The Myth of Homeland Security (Wiley Publishing, Indiana 2004) 135; Yar, ‘Public Perceptions and Public Opinion About Internet Crime’ (n 22).

  48. 48.

    Adam G. Klein, ‘Vigilante Media: Unveiling Anonymous and the Hacktivist Persona in the Global Press’ 82 Communication Monographs 3, http://nca.tandfonline.com/doi/abs/10.1080/03637751.2015.1030682.

  49. 49.

    Sunstein, ‘Laws of Fear’ (n 12) 102; Aas (n 38) 155; McGuire (n 11) 116–117.

  50. 50.

    Beale, ‘The News Media’s Influence on Criminal Justice Policy’ (n 46) 437–438; Yochai Benkler, The Wealth of Networks: How Social Production Transforms Markets and Freedom (Yale University Press, London 2006) 241–242.

  51. 51.

    Benkler (n 50) 245.

  52. 52.

    Cass R. Sunstein, Republic.com 2.0 (Princeton University Press, Princeton 2007).

  53. 53.

    Moral panic ensues when ‘a condition, episode, person or group of persons emerges to become defined as a threat to societal values and interests’; Stanley Cohen, Folk Devils and Moral Panics (Paladin, St Albans 1973) 9.

  54. 54.

    Aas (n 38) 167; Yar, ‘Public Perceptions and Public Opinion about Internet Crime’ (22) 105–106.

  55. 55.

    Kemshall Hazel, Understanding Risk in Criminal Justice (Mike McGuire ed, Open University Press, Maidenhead 2003) 6.

  56. 56.

    Deborah Lupton, Risk (Taylor & Francis E-Library, 2005) 61–62.

  57. 57.

    Hudson (n 11) 70.

  58. 58.

    Ales Zavrsnik, ‘Cybercrime Definitional Challenges and Criminological Particularities’ (2008) 2 Masaryk University Journal of Law & Technology 1, 4; Garland (n 10) 17.

  59. 59.

    Hudson (n 11) 64; Wall (n 23) 17–18, 23–24.

  60. 60.

    Wall (n 23) 13; Stefan Fafinski, William H. Dutton and Helen Margetts, ‘Mapping and Measuring Cybercrime’ (2010) OII Forum Discussion Paper No 18.

  61. 61.

    Ibid. 17.

  62. 62.

    Fafinski et al. (n 60) 14–15.

  63. 63.

    John Leyden, ‘Webroot Guesstimates Inflate UK Spyware Problem’ (The Register, 20 October 2005) http://www.theregister.co.uk/2005/10/20/webroot_uk_spyware_guesstimates/.

  64. 64.

    Wall (n 23) 23–24.

  65. 65.

    Sophos (n 25); Verizon (n 25).

  66. 66.

    Hudson (n 11) 25.

  67. 67.

    The rhetoric of Anonymous can often be characterised as retaliatory and threatening, with videos suggesting that governments should abide by certain standards that Anonymous designates in its declaration videos in order for the group to refrain from organising protests against those targeted. Anonymous, ‘Anonymous Press Release: Open Letter from Anonymous to the UK Government’ (Anonymous, 27 January 2011) https://www.indymedia.org.uk/en/2011/01/472905.html. In other instances, Anonymous has also publicised a code of practice for protesters who are oriented towards preventing any violence and radical tactical choices and in avoiding arrests due to provocation and illegal acts. Anonymous, ‘Anonymous—Code of Conduct’ (YouTube, 21 December 2010) https://www.youtube.com/watch?v=-063clxiB8I.

  68. 68.

    Jana Herwig, ‘Anonymous: Peering Behind the Mask’ (The Guardian, 11 May 2011) http://www.guardian.co.uk/technology/2011/may/11/anonymous-behind-the-mask.

  69. 69.

    Couts (n 31).

  70. 70.

    For the views that public opinion is influencing public policy, but also for the compromising of the impact of public influence by the pressures of interest groups and strong financial actors, see many sources in Benjamin I. Page and Robert Y. Shapiro, ‘Effects of Public Opinion on Policy’ (1983) 77 The American Political Science Review 175, 175–176; as Burstein argues, although many theorists agree on the relationship between public opinion and public policy, the extent of the influence is often perceived differently. Paul Burstein, ‘The Impact of Public Opinion on Public Policy: A Review and an Agenda’ (2003) 56 Political Research Quarterly 29, 30.

  71. 71.

    Skibell (n 41) 910.

  72. 72.

    Ibid. 910–911.

  73. 73.

    Charlotte Decker, ‘Cyber Crime 2.0: An Argument to Update the United States Criminal Code to Reflect the Changing Nature of Cyber Crime’ (2007) 81 South California Law Review 959, 961.

  74. 74.

    The analysis of US law will focus only on federal cybercrime laws, even though there is an abundance of state laws, not only for reasons of brevity, but mainly because hacktivist actions usually relate to federal offences, as will be seen throughout the analysis.

  75. 75.

    18 U.S.C., Part I, Title 47, Section 1030 (Fraud and related activity in connection with computers). Here the commonly used name of the provision as the Computer Fraud and Abuse Act 1986 (CFAA) will be used.

  76. 76.

    The most important amendments were introduced in 2001 with the PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001—USAPA) 115 Stat. 272 (2001) and Identity Theft Enforcement and Restitution Act, 122 Stat. 3560 (2008).

  77. 77.

    Initially, ‘protected computer’ was defined as a computer ‘used by the federal government or a financial institution’ or one ‘which is used in interstate or foreign commerce.’ The current, considerably broader definition is ‘a computer “(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or (B) which is used in or affecting interstate or foreign commerce or communication including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States”.’ Section 1030(e)(2).

  78. 78.

    Eric Sinrod and William Reilly, ‘Cyber-Crimes: A Practical Approach to the Application of Federal Computer Crime Laws’ (2000) 16 Santa Clara Computer & High Tech Law Journal 177, 212–213.

  79. 79.

    United States Senate (1996) ‘The National Information Infrastructure Protection Act of 1995’ (Report 104–357) 6–7 cited in Charles Doyle, Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws (Congressional Research Service, Report for Congress, DIANE Publishing, 2011) 16.

  80. 80.

    Section 1030(c)(2)(A).

  81. 81.

    Section 1030(c)(2)(B).

  82. 82.

    Section 1030(c)(2)(C).

  83. 83.

    Sections 1030(c)(2)(A) and (c)(2)(C).

  84. 84.

    Orin Kerr, ‘United States v. Auernheimer, and Why I Am Representing Auernheimer Pro Bono on Appeal Before the Third Circuit’ (The Volokh Conspiracy, 21 March 2013) http://volokh.com/2013/03/21/united-states-v-auernheimer-and-why-i-am-representing-auernheimer-pro-bono-on-appeal-before-the-third-circuit/.

  85. 85.

    (c.18).

  86. 86.

    John Worthy and Martin Fanning, ‘Denial-of-Service: Plugging the Legal Loopholes?’ (2007) 23 Computer Law & Security Report 194, 196; Stefan Fafinski, ‘The Security Ramifications of the Police and Justice Act 2006’ (2007) 2 Network Security 8, 10.

  87. 87.

    CMA Section 2: This section applies to offences

    1. a.

      for which the sentence is fixed by law; or

    2. b.

      for which a person of 21 years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or, in England and Wales, might be so sentenced but for the restrictions imposed by section 33 of the Magistrates’ Courts Act 1980).

  88. 88.

    Richard Walton, ‘The Computer Misuse Act’ (2006) 11 Information Security Technical Report 39, 41.

  89. 89.

    Section 2(5).

  90. 90.

    Section 1030(e)(11).

  91. 91.

    Marshall Jarrett et al., ‘Prosecuting Computer Crimes’ (Criminal Division Computer Crime and Intellectual Property Section Criminal Division, Department of Justice, Washington D.C., undated) http://www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf, 34–37.

  92. 92.

    Section 1030(c)(4)(A)(i)(I).

  93. 93.

    Section 1030(c)(4)(A)(i)(V).

  94. 94.

    Section 1030(c)(4)(A)(i)(VI). Harms that relate to meddling with medical records and causing physical injury and threat to public health or safety are also included but will not bother us, since hacktivists, as we have seen in Chapter 1, avoid protesting against such sensitive targets. See also Sections 1030(c)(4)(A)(i)(I-VII).

  95. 95.

    Jarrett et al. (n 91) 37–39.

  96. 96.

    Reasonable costs to any victim include the cost of responding to an offence, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offence, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; Section 1030(e)(11).

  97. 97.

    Section 1030(e)(11) See (n 49).

  98. 98.

    Gabriella E. Coleman, Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous (Verso, London 2014) 141.

  99. 99.

    Josh Halliday, ‘Anonymous Hackers Jailed for Cyber Attacks’ (The Guardian, 24 January 2013) http://www.guardian.co.uk/technology/2013/jan/24/anonymous-hackers-jailed-cyberattacks.

  100. 100.

    Pierre Omidyar, ‘WikiLeaks, Press Freedom and Free Expression in the Digital Age,’ Huffington Post http://www.huffingtonpost.com/pierre-omidyar/wikileaks-press-freedom-a_b_4380738.html.

  101. 101.

    Gabriella E. Coleman, Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous (Verso, London 2014) 141–142.

  102. 102.

    Jarrett et al. (n 91) 43.

  103. 103.

    Fafinski et al. (n 60) 16.

  104. 104.

    Section 1030 (g).

  105. 105.

    Sections 1030(c)(4)(A), (c)(4)(D), (c)(4)(G).

  106. 106.

    Ohm (n 39).

  107. 107.

    Sections 1030(3)(2) (a-d).

  108. 108.

    Sections 1030(3)(6)(a-c).

  109. 109.

    Home Office, Serious Crime Act 2015 Fact Sheet: Overview of the Act (2015) available at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/415943/Serious_Crime_Act_Overview.pdf.

  110. 110.

    Charlotte Walker-Osborn and Ben McLeod, ‘Getting Tough on Cyber Crime’ (1 June 2015) 57/2 ITNOW 32–33. doi:10.1093/itnow/bwv042.

  111. 111.

    See CMA 1990, Sections 1(3), 2(5), (3)6.

  112. 112.

    Section 3(3).

  113. 113.

    Serious Crime Act overview—Gov.uk p.2.

  114. 114.

    Neil MacEwan, ‘The Computer Misuse Act 1990: Lessons from Its Past and Predictions for Its Future’ (2008) 12 Criminal Law Review 955, 964.

  115. 115.

    Ibid. 964.

  116. 116.

    As Lord Bingham stated in R v G and Another [2003] UKHL 50,

    a person acts ‘recklessly’ with respect to: (i) a circumstance when he is aware of a risk that it exists or will exist; (ii) a result when he is aware of a risk that it will occur; and it is, in the circumstances known to him, unreasonable to take the risk.

  117. 117.

    EU Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems (Framework Decision).

  118. 118.

    Ian J. Lloyd, Information Technology Law (6th edn Oxford University Press, Oxford 2011) 234; see Section 3(5)(c).

  119. 119.

    Council of Europe, ‘Convention on Cybercrime’ (ETS No. 185, Budapest, 2001) (Cybercrime Convention).

  120. 120.

    David Hess and Brian Martin, ‘Repression, Backfire, and the Theory of Transformative Events’ (2006) 11/2 Mobilization: An International Quarterly 249–267.

  121. 121.

    Jennifer Earl and Jessica L. Beyer, ‘The Dynamics of Backlash Online: Anonymous and the Battle for WikiLeaks’ (2014) 37 Intersectionality and Social Change 207–233, 209–210.

  122. 122.

    Ibid.

  123. 123.

    Ibid. 210–212.

  124. 124.

    See Sections 1030(b) and (c).

  125. 125.

    Section 206.

  126. 126.

    Fafinski, ‘The Security Ramifications of the Police and Justice Act 2006’ (86) 10.

  127. 127.

    (c.45).

  128. 128.

    Section 72.

  129. 129.

    See David Kravets, ‘Virtual Sit-Ins Doom Online Animal Rights Activists’ (Threat Level, 16 October 2009) http://www.wired.com/threatlevel/2009/10/animals/. See also Us V Fullmer 584 F.3d 132 (3rd Cir. 2009).

  130. 130.

    Chief Judge Stein Schjølberg, ‘ITU Global Cybersecurity Agenda [GCA]’ (High Level Experts Group [HLEG] Global Strategic Report, International Telecommunications Union, Geneva 2008) http://www.itu.int/osg/csd/cybersecurity/gca/docs/Report_of_the_Chairman_of_HLEG_to_ITU_SG_03_sept_08.pdf, 26–28.

  131. 131.

    ‘Any card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds.’ 18 U.S.C. Part I, Chapter 47 Section 1029 (Fraud and related activity in connection with access devices) Section 1029(e)(1).

  132. 132.

    See Section 2B1.1(b)(10).

  133. 133.

    Section 3A was introduced by Section 37 of the PJA 2006, in order to incorporate into UK law the Framework Decision (n 117).

  134. 134.

    Stefan Fafinski, ‘Computer Misuse: The Implications of the Police and Justice Act 2006’ (2008) 72 Journal of Criminal Law 53, 60–62.

  135. 135.

    Cybercrime Convention (n 119) Art. 6.2.

  136. 136.

    Peter Sommer, ‘Criminalising Hacking Tools’ (2006) 3 Digital Investigation 68, 71; the wide scope of the provision, especially Art. 6.2, has led Bainbridge to propose that the ‘likelihood’ of criminal use of the article might be construed as an objective criterion founded on the belief of a similarly knowledgeable, reasonable person; David I. Bainbridge, Introduction to Information Technology Law (6th edn Pearson Education Limited, Essex 2007) 463.

  137. 137.

    US v Czubinski, 106 F. 3d 1069 (1st Cir. 1997) (Czubinski).

  138. 138.

    EF Cultural Travel BV v Explorica, Inc 274 F.3d 577 (1st Cir. 2001).

  139. 139.

    Ibid. 581–582; it is also established that access is defined as the transmission of code (the Scraper software) to the publicly accessible website of the plaintiff in order to assess the exceeding of authorisation to access.

  140. 140.

    318 F.3d 58 (1st Cir., 28 January 2003).

  141. 141.

    In addition to the previous rationales, there have been cases where the unintended use of employer information by employees has also been interpreted as eliminating authorisation, rather than exceeding it. However, these cases are based on a duty of loyalty between employer and employee and will not be as relevant to hacktivist incidents. See, for example, Shurgard Storage Centers, Inc. v Safeguard Self Storage, Inc 119 F.Supp.2d 1121 (Dist. Court, Washington D.C. 2000), which follows the termination of authorisation of employees when their motives for accessing information contradict those of the authorising employer. International Airport Centers, Llc v Citrin, 440 F.3d 418 (7th Cir. 2006) (Citrin) also adopts the elimination of the authorisation approach based on the common law of agency, since the violation of the duty of loyalty of the employee towards the employer terminates their relationship and, consequently, the authorisation of access based on that relationship.

  142. 142.

    United States v. Nosal, 676 F.3d 854, (9th Cir. 2012) (en banc)(Nosal I).

  143. 143.

    United States v. Nosal, 828 F.3d 865 (9th Cir. 2016), reh’g denied and amended by 2016 WL 7190670 (9th Cir. 8 December 2016) (Nosal II).

  144. 144.

    For a list of cases following the Nosal rationale, see Stephanie Greene and Christine N. O’Brien, ‘Exceeding Authorized Access in the Workplace: Prosecuting Disloyal Conduct under the Computer Fraud and Abuse Act’ (2013) 50 American Business Law Journal 1, 22–23.

  145. 145.

    Rep. Zoe Lofgren (D-CA) and Sen. Ron Wyden (D-OR) have suggested the elimination of the term ‘exceeding authorised access’ and retention only of the term ‘access without authorisation,’ which will mean as introduced in the Bill suggested by Ms Lofgren ‘(A) to obtain information on a protected computer; (B) that the accessor lacks authorization to obtain; and (C) by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information’; see Bill to amend title 18, United States Code, to provide clarification to the meaning of access without authorization, and for other purposes. (2013) 113 Congress, 1st Session, http://www.lofgren.house.gov/images/stories/pdf/aarons%20law%20-%20lofgren%20-%20061913.pdf.

  146. 146.

    Zoe Lofgren and Ron Wyden, ‘Introducing Aaron’s Law, a Desperately Needed Reform of the Computer Fraud and Abuse Act’ (Wired, 20 June 2013) http://www.wired.com/opinion/2013/06/aarons-law-is-finally-here/. https://www.eff.org/deeplinks/2011/09/senate-committee-agrees-violating-terms-service-shouldnt.

  147. 147.

    Electronic Frontier Foundation, ‘Aaron’s Law Reintroduced: CFAA Didn’t Fix Itself.’ 29 April 2015. https://www.eff.org/deeplinks/2015/04/aarons-law-reintroduced-cfaa-didnt-fix-itself.

  148. 148.

    Facebook, Inc. v. Power Ventures, Inc., 828 F.3d 1068, 1075–1079 (9th Cir. 2016).

  149. 149.

    Jamie Williams, ‘Ninth Circuit Panel Backs Away From Dangerous Password Sharing Decision—But Creates Even More Confusion About the CFAA’ (Electronic Frontier Foundation, 15 July 2016) https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even.

  150. 150.

    See US v Auernheimer, Criminal No.: 2:11-cr-470 (SDW) (Dist. Court, New Jersey 2013).

  151. 151.

    648 F.3d 295 (6th Cir. 2011).

  152. 152.

    Orin Kerr, ‘United States v. Auernheimer, and Why I Am Representing Auernheimer Pro Bono on Appeal Before the Third Circuit’ (The Volokh Conspiracy, 21 March 2013) http://volokh.com/2013/03/21/united-states-v-auernheimer-and-why-i-am-representing-auernheimer-pro-bono-on-appeal-before-the-third-circuit/.

  153. 153.

    US Senate Report 104-357 (n 79) 11: ‘In sum under the bill, insiders, who are authorized to access a computer, face criminal liability only if they intend to cause damage to a computer, not for recklessly or negligently causing damage. By contrast, outside hackers who break into a computer could be punished for any intentional, reckless, or other damage they cause by their trespass,’ cited in US v Phillips, 477 F.3d 215, 219 (5th Cir. 2007).

  154. 154.

    US v Guzner No. 2:09-cr-00087 (New Jersey Dist. Court) (Guzner); Anonymous ‘Teenage Hacker Admits Scientology Cyber-Attack USA V. Guzner—Information’ (Secretdox, 18 October 2008) http://secretdox.wordpress.com/2008/10/18/usa-v-guzner-plea-agreement-for-defendant-dmitriy-guzner/; see also US v Mettenbrink Case 2:09-cr-01149-GAF (Dist. Court, California 2010) (Mettenbrink); David Kravets ‘Guilty Plea in ‘Anonymous’ DDoS Scientology Attack’ (Threat Level, 26 January 2010) http://www.wired.com/threatlevel/2010/01/guilty-plea-in-scientology-ddos-attack/; in the case of Mettenbrink, the protester is charged with negligent damage and loss, while in the former, Guzner is charged with intentional damage. Both received one-year imprisonment amongst other sanctions (probation, restitution, community service), which for Mettenbrink was the maximum, while for Guzner the maximum statutory penalty was ten years.

  155. 155.

    [1999] All ER (D) 972 (Allison).

  156. 156.

    [1998] 1 Cr App R8 (Bignell).

  157. 157.

    DPP v. Lennon [2006] All ER (D) 147 (Lennon).

  158. 158.

    Ibid.

  159. 159.

    The changes suggested by the new Directive can be found in the guidance (Recital 17) and provisional wording of the illegal access offence (art.3) (unauthorised access in other words), which now explicitly suggest that there should be a requirement of bypassing of technological controls in order for access to be considered unauthorised. More particularly in Recital 17 we can see the following explanation:

    In the context of this Directive, contractual obligations or agreements to restrict access to information systems by way of a user policy or terms of service, as well as labour disputes as regards the access to and use of information systems of an employer for private purposes, should not incur criminal liability where the access under such circumstances would be deemed unauthorised and thus would constitute the sole basis for criminal proceedings.

    Also Art. 3 provides:

    Member States shall take the necessary measures to ensure that, when committed intentionally, the access without right, to the whole or to any part of an information system, is punishable as a criminal offence where committed by infringing a security measure, at least for cases which are not minor. (Emphasis added)

  160. 160.

    (I) Loss to one or more persons during any one-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only; loss resulting from a related course of conduct affecting one or more other protected computers) aggregating at least $5,000 in value; (V) damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security.

  161. 161.

    Fullmer (n 128).

  162. 162.

    The protesters’ behaviour also included other illegal elements, such as harassment and threats against employees of animal-testing facilities, in addition to ECD tactics.

  163. 163.

    18 U.S.C. Part I, Chapter 3, Sections 43(a)–(c). The penalties provided by this act can be very high depending on the damage and losses they cause. For example, if the economic damage to the animal enterprise exceeds the amount of $10,000, the penalty could be a term of imprisonment of up to five years. (b)(2). The definition of economic damage (d)(3)(A) here includes loss as well.

  164. 164.

    According to the U.S.S.G. Manual 2016 Section 3A1.4, ‘[i]f the offense is a felony that involved, or was intended to promote, a federal crime of terrorism, increase by 12 levels; but if the resulting offense level is less than level 32, increase to level 32.’ This would actually amount to 121–151 months of incarceration and a fine of up to $175,000.

  165. 165.

    Ellen Podgor, ‘Computer Crimes and the Patriot Act’ 17 Criminal Justice, 61, 62; The USAPA also includes extended provisions, concerning surveillance and interception powers with Internet Service Provider cooperation, securing electronic communications wiretaps and intensifying jurisdiction and enforceability of federal agencies and secret services. Dana L. Bazelon, Yun J. Choi, and Jason F. Conaty, ‘Computer Crimes’ (2006) 43 American Criminal Law Review 259, 269, 301–302; Tara M. Raghavan, ‘In Fear of Cyberterrorism: An Analysis of the Congressional Response’ (2003) Journal of Law Technology & Policy 297, 304–305.

  166. 166.

    UK Terrorism Act 2000 (c .11).

  167. 167.

    The Electrohippies Collective (n 27).

  168. 168.

    (1)(4)(a).

  169. 169.

    Fafinski, ‘Computer Misuse: The Implications of the Police and Justice Act 2006’ (n 133) 55–56.

  170. 170.

    Clive Walker, ‘Cyber-Terrorism: Legal Principle and Law in the United Kingdom’ (2005) 110 Penn State Law Review 625, 632; Out-Law.com, ‘UK Law Makes Hacking an Act of Terrorism’ (Out-Law, 21 February 2001) http://www.out-law.com/default.aspx?page=1409; Walden (n 40) 183; The Electrohippies Collective (n 27).

  171. 171.

    Terrorism Act 2000, Section 1(4).

  172. 172.

    See account of global hacktivist protests against Mexican President Website and Frankfurt Stock Exchange website. Dorothy E. Denning, ‘Hacktivism: An Emerging Threat to Diplomacy’ (2000) 77 Foreign Service Journal 43.

  173. 173.

    Chief Judge Stein Schjølberg, ‘ITU Global Cybersecurity Agenda [GCA]’ (High Level Experts Group [HLEG] Global Strategic Report, International Telecommunications Union, Geneva 2008) http://www.itu.int/osg/csd/cybersecurity/gca/docs/Report_of_the_Chairman_of_HLEG_to_ITU_SG_03_sept_08.pdf; Logan also argues that the Terrorist Act 2006 is in fact so extensive as to threaten those who express a controversial political opinion with deportation from the UK. Christina C. Logan, ‘Liberty or Safety: Implications of the USA Patriot Act and the UK’s Anti-Terror Laws on Freedom of Expression and Free Exercise of Religion’ (2006) 37 Seton Hall Law Review 863, 865.

  174. 174.

    Clay Wilson, ‘Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress’ (Library of Congress, Congressional Research Service, Washington D.C. 2008) 4; Harinda Vidanage, ‘Rivalry in Cyberspace and Virtual Contours of a New Conflict Zone: The Sri Lankan Case’ in Athina Karatzogianni (ed), Cyberconflicts and Global Politics (Routledge, Oxon 2009) 146–161, 159.

  175. 175.

    Cited in Ricardo Dominguez, ‘Electronic Disobedience Post-9/11’ (2008) 22 Third Text 661, 663.

  176. 176.

    Walker (n 172) 642.

  177. 177.

    Ibid. 643.

  178. 178.

    Samuel (n 29) 54–55; Ayres and Braithwaite (n 6) 25.

  179. 179.

    Roger Eatwell, ‘Community Cohesion and Cumulative Extremism in Contemporary Britain’ (2006) 77 The Political Quarterly 204.

  180. 180.

    Jon Leyden, ‘Anonymous Unsheathes New, Potent Attack Weapon’ (The Register, 4 August 2011) http://www.theregister.co.uk/2011/08/04/anon_develops_loic_ddos_alternative/; Sean Gallagher, ‘High Orbits and Slowlorises: Understanding the Anonymous Attack Tools’ (Ars Technica, 16 February 2012). http://arstechnica.com/business/news/2012/02/high-orbits-and-slowlorises-understanding-the-anonymous-attack-tools.ars.

  181. 181.

    Apart from USAPA there are also other relevant acts such as the Homeland Security Act of 2002 116 Stat. 2135 and the Intelligence Reform and Terrorism Prevention Act of 2004, 118 Stat. 3638, 2004 (IRTPA). The US Criminal Code also includes an abundance of provisions that relate to terrorism, which are out with the scope of the current analysis; also, in the UK, beyond the Terrorism Act of 2000, which is the most relevant for our case, there is an abundance of interrelated and amending counterterrorism acts, such as the Anti-Terrorism, Crime and Security Act of 2001 (c.24), Prevention of Terrorism Act 2005 (c.2), and the Terrorism Act 2006 (c.11), which all constitute a concerted effort to intensify the government’s and law enforcement’s capacity to monitor and punish activities which might be even remotely and inchoately related to terrorism. For more detail, see Clive Walker, ‘Clamping Down on Terrorism in the United Kingdom’ (2006) 4 Journal of International Criminal Justice 1137; Logan (n 175) The arbitrariness has been somehow ameliorated with the changes introduced by The Terrorism Act 2000 (Remedial) Order 2011, No.631, which requires reasonable suspicion for the stop and search powers of the authorities.

  182. 182.

    Logan (n 175) 869–871; Fafinski, ‘Computer Misuse: The Implications of the Police and Justice Act 2006’ (n 133) 56.

  183. 183.

    Jarrett et al. (n 91), 3–4.

  184. 184.

    (n 76).

  185. 185.

    Ibid., Section 207.

  186. 186.

    Richard Walton, ‘The Computer Misuse Act’ (2006) 11 Information Security Technical Report 39, 42; see CMA, Sections 4–5.

  187. 187.

    Ellinor Mills, ‘Anonymous to Target Iran with DoS Attack’ (CNet, 29 April 2011) https://www.cnet.com/news/anonymous-to-target-iran-with-dos-attack/; Mojit Kumar, ‘Anonymous Hit Egyptian Government Websites as #Opegypt’ (The Hacker News, 9 December 2012) http://thehackernews.com/2012/12/anonymous-hit-egyptian-government.html.

  188. 188.

    Examples of harmonisation efforts are the promulgation and ratification of the Cybercrime Convention (n 119) by many states or the Framework Decision (n 117) on attacks against information systems, criminalising denial-of-service attacks and distribution of hacking software, as well as the discussions for a new cybercrime/cyberwarfare convention and a new EU Cybercrime Directive.

    OUT-LAW, ‘Commission Proposes New EU Cybercrime Law’ (The Register, 11 October 2010) http://www.theregister.co.uk/2010/10/11/eu_new_cybercrime_law/print.html; Daniel Shane, ‘Think Tank Calls for “Geneva Convention” on Cyber War’ (Information Age, 4 February 2011) http://www.information-age.com/technology/security/1599193/think-tank-calls-for-‘geneva-convention’-on-cyber-war.

  189. 189.

    In the US, at the congressional level, there are multiple committees with their relevant subcommittees that have jurisdiction over cybercrime decisions and different approaches and interests, consequently leading to a fragmentation of oversight and lack of uniformity in approaching issues of online criminality. See Benjamin S. Buckland, Fred Schreier, and Theodor H. Winkler, ‘Democratic Governance Challenges of Cyber Security’ (Geneva Security Forum, 2012) http://genevasecurityforum.org/files/DCAF-GSF-cyber-Paper.pdf, 19.

  190. 190.

    BBC, ‘Gary McKinnon Extradition to US Blocked by Theresa May’ (BBC, 16 October 2012) http://www.bbc.co.uk/news/uk-19957138; as is submitted in the APIG Report for the CMA, there has never been an extradition of offenders to the UK. All Party Internet Group (APIG), ‘Revision of the Computer Misuse Act’: Report on an inquiry by the All Party Internet Group (2004) http://www.cullen-international.com/cullen/multi/national/uk/laws/cmareport.pdf, 15.

  191. 191.

    McGoogan Cara, ‘British Hacker Lauri Love to Be Extradited to the US for “Accessing Government Computers”’ (The Telegraph, 14:57, sec. 2016) http://www.telegraph.co.uk/technology/2016/09/16/british-hacker-lauri-love-to-be-extradited-to-the-us-for-access/.

  192. 192.

    Aas (n 38) 173–175.

  193. 193.

    Gregor Urbas, ‘Criminalising Computer Misconduct: Some Legal and Philosophical Concerns’ (2006) 14 Asia Pacific Law Review 95, 107; Podgor (n 167) 736; different perceptions of free speech and legal protesting could influence how these acts are perceived, while different criminal approaches with less punitive frameworks could allow for more protests.

Author information

Authors and Affiliations

  1. Institute of Criminal Justice Studies, University of Portsmouth, Portsmouth, UK

    Vasileios Karagiannopoulos

Authors
  1. Vasileios Karagiannopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 The Author(s)

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Karagiannopoulos, V. (2018). Contemporary Norms and Law and Hacktivism. In: Living With Hacktivism. Palgrave Studies in Cybercrime and Cybersecurity. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-71758-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71758-6_4

  • Published:

  • Publisher Name: Palgrave Macmillan, Cham

  • Print ISBN: 978-3-319-71757-9

  • Online ISBN: 978-3-319-71758-6

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation