An Ethical Framework for Hacking Operations

In recent years the power and reach of prominent hacker groups such as Anonymous and LulzSec has been clearly demonstrated. However, in a world where hackers are able to wield significant online power, can they do so ethically as legitimate agents? To answer this question this paper will develop an ethical framework based on the premise that hackers have exhibited instances where they have acted to protect people from harm at a time when there was no one else to do so. At its core this paper will argue that political hacking can be justified when it is done to protect the vital interests of oneself or others. Moreover, it will also argue that just because hackers are outside the state does not automatically discount them as ethical actors and that when the state fails to protect people – whether it is due to a lack of ability, political will or because the state is the source of the threat – hackers can fill the void. In order to achieve this, first it is necessary to highlight the space for hackers to operate; second, guide hacker activity by creating an ethical framework detailing what actions are justified towards what end; third, to offer mechanisms that can aid in reaching these ethically justified decisions; and as a result, inform further ethical debates on how to react to these political hackers. This means that the framework can be used to both justify and condemn hacking depending on the circumstances, allowing those on the outside to distil and evaluate a political hack, both past and present, while guiding hacker collectives by providing clearer ethical tools for determining the appropriate agendas and methods.


Introduction
In recent years the power and reach of prominent hacker collectives such as Anonymous has been clearly demonstrated.These large, politically orientated hacker collectives have targeted a range of actors over a number of issues, all without a consistent set of ethical statements to guide or evaluate their activity.On the one hand, these hacks necessarily use political violence outside the usual state-sanctioned systems without any clear moral authority and often for their own political goals.While on the other hand, many of their causestargeting terrorist groups, fighting for LGBTQ+ rights, and protecting people's freedom of expression, autonomy and privacyare intuitively good things to fight to protect.As a result, it can be incredibly difficult to apply clear-cut statements of praise or criticism.In a world increasingly obsessed with superheroes and villains, what do hackers represent?Are they a new force for good fighting against terrorists and hate groups, work the state is either unable or unwilling to do?Or do they hide in cyberspace carrying out their private wars fuelled by personal beliefs and vendettas with no oversight or control?Or both?
To navigate this tension this paper will develop an ethical framework based on the premise that hackers have exhibited instances where they have acted to protect people from harm at a time when there was no one else to do so.At its core this paper will argue that political hacking can be justified when it is done to protect the vital interests of oneself or others.Moreover, it will also argue that just because hackers are outside the state does not automatically discount them as ethical actors and that when the state fails to protect peoplewhether it is due to a lack of ability, political will or because the state is the source of the threathackers can fill the void.The aim is not to open the door to all private forms of political violence, nor is it to justify the abstract act of hacking.Rather, the purpose of the framework is to understand the ethical role a hacking operation can play in relation to the circumstances.In order to achieve this, first it is necessary to highlight the space for hackers to operate; second, guide hacker activity by creating an ethical framework detailing what actions are justified towards what end; third, to offer mechanisms that can aid in reaching these ethically justified decisions; and as a result, inform further ethical debates on how to react to these political hackers.This means that the framework can be used to both justify and condemn hacking depending on the circumstances, allowing those on the outside to distil and evaluate a political hack, both past and present, while guiding hacker collectives by providing clearer ethical tools for determining the appropriate agendas and methods.

Hacks, Hackers, Hacking and the Operation
Hacking is often used as a catchall to cover all forms of 'unauthorised access to or use of a computer system', but can encompass a very large range of different actors, intensions and activities (Conway 2003: 10;Barber 2001).From criminal hackers, or 'crackers', who maliciously attack or defraud systems for personal gain (Sheoran and Singh 2014: 112); to 'Skript Kiddies', often young males who use hacking tools created by others to vandalise or disrupt the Internet (Farsole et al. 2010: 15); to hacktivists, a portmanteau of 'hacker' and 'activist' who use 'acts of civil disobedience … carried out in the virtual realm of the Internet' (Lowes 2006: 115), to 'highlight political or social causes' (Jordon and Taylor 2004: 2; O'Malley 2013).
While the popularist terms oscillate between 'Heroes and hustlers, freedom fighters and cyber lynch mobs, political activists and anarchists' (Klein 2015: 379), and are often portrayed in media as 'lonely malicious criminals' (Thomas 2002: 6).
Of these various sub-classifications of hacking, this paper is focusing on what will be referred to as 'political hacking', where the hack is used in relation to some political or social agenda carried out by private individuals for their own political ends, often with this political element acting as a central justification for the hack.This marks political hacking as distinguishable from hacks for personal profit 1 (through theft, fraud or blackmail); hacks to test systems (white and grey hats for example) 2 ; hacks to expand or demonstrate one's ability; attacks to create chaos for its own sake; and that these are different to those hacks carried out by the state or are state-sponsored. 3This political element is widely conceived, and over their relatively short history the political agendas of hackerswhether individuals, groups with fixed-definable-members, or collectives with open and fluid membershiphave varied from nuclear disarmament, 4 government responses to local public disorders and protests, 5 government restrictions to online freedoms, 6 court decisions, 7 corruption, private actors restricting the sharing of information online, 8 organising and facilitating public protests, 9 locating and revealing the identities of online-paedophiles and hate groups, 10 demonstrating the weakness and subsequent dangers of inadequate network security, and directly protesting and disrupting the growing power and prevalence of the security powers of the state.Indeed, as Gabriella Coleman states, 'Beyond a foundational commitment to the maintenance of anonymity and a broad dedication to the free flow of information, Anonymous has no consistent philosophy or political program' (Coleman 2014:3).This does, on the one hand, make it difficult to pin the political hacking phenomenon to a particular ideology or ethical objective, especially given Anonymous' 'rhizomatic' nature, where their selfdefined 'antileader, anticelebrity ethic', with a membership that is open 'to all who care to contribute' and where the cause is king (Coleman 2011: 511;Liu 2004), prompts them to move from issue to issue without a seemingly clear set of long-term plans or underlying political objectives.
The challenge, therefore, is how to create an ethical framework that can evaluate a highly varied set of political agendas, especially when it is difficult to both access and categorise the phenomenological experiences and justifications of such a diverse set of agents.To overcome this, the ethical framework focuses on the hacking activity as part of a wider (political) situation, often best evaluated through the hacking 'operation' as the manifestation and articulation of the hacker's political role.That is, the ethical framework will enable the evaluation of the hacking operation through both its separate parts as well as the culmination of the hacking agent and their political role at that point in time.What an operation can look like can vary, from the very specific efforts of an individual such as Aaron Swartz who accessed and released academic papers from the JSTOR archives (Utterback 2013;Ludlow 2013), right through to large, open ended and inclusive movements that span a longer timeframe with multiple strands, methods and targets involved and can evolve and change over timefor example Anonymous' attacks on ISIS, which include Operation: Troll ISIS, Operation Paris and Operation CharlieHebdo (Anonymous France   5 Both Operation BART and Operation by Ferguson were Anonymous responding to the US officials restricting protests and review of police activity after the shooting of Charles Hill by the police in July 2011 and when police shot teenager Michael Brown.(Stone 2011; Rogers 2014)  6 In 1990 the 'Cult of the Dead Cow' (cDc) worked (with the help of the Hong Kong Blondes, a groups cDc later stated they fabricated) to help Chinese citizens gain access to blocked websites.(Menn 2019;McCormick 2000). 7In April 2013, the suicide of Rehtaeh Parsons prompted Anonymous to action after they became aware of the failure of the Royal Canadian Mounted Police and Canadian officials to investigate a sexual assault.(Coleman 2014:370). 8Anonymous targeted the Church of Scientology in one of its earliest political hacks, Operation Chanology, in response to the Church's secretive and controlling nature and their insistence over the removal of a video that was released online (Coleman 2014:58).Also, the support Anonymous gave to Wikileaks after the organisation's money flow was halted in Operation Avenge Assange was premised on the role of Wikileaks sharing information that people had a right to as well as that by cutting off funding to Wikileaks the government and corporations were acting as a censoring force (Coleman 2014:2, 121). 9For example, during the Arab Spring Operation Tunisia and Operation Egypt played an important role in the emerging protest movements by DDoS-ing government websites and helping dissidents circumvent online censorship.(Wagenseil 2011;mmxanonymous 2011;Emspak 2011). 10Through Operation Death Eaters and Operation Dark Net sought to collect evidence against international pedophile rings (Eleftheriou-Smith 2015).Also from 2014 onwards Anonymous targeted the US hate group Klu Klux Klan threatening to reveal the names of its members (O'Neil 2015).2015), or Operation Payback which involved targeting a range of anti-piracy organisations but changed in terms of emphasis and tactics over its time (Coleman 2014:96-105).Despite this variance, however, the hacker activity or operation can be coherently discussed and examined.It is possible to talk about who is being targeted and impacted, to detail the type of methods are used and what harm is caused, the different roles those involved are playing, and the political agenda sought.Similar to other ethical discussions of agents who are made up of fluid collectives pursuing long term political agendas through multi-streamed approaches, it is even possible to make distinctions within an operation, ethically condoning or condemning specific parts over others.Once the ethical evaluation of the hacker's activity has been made we can then use this as the foundation for further ethical discussions, such as who is responsible and to what degree, what type of praise or punishment is therefore required, and how the political community should respond to or conceptualise the hackers. 11 To achieve this mapping across a variety of political agendas the methods, targets, narratives, and ends of the operation are examined, both as individual parts as well as how they (in)congruently map to each other to create the operation as a whole.That is, in common moral discourse it is argued that the central intention or justification of an action should be reflected in the means used, targets chosen, and outcomes pursued (Thomson 1986:101-102;Scanlon and Daney 2000;Lackey 1989:32).All have a part to play in how we judge an action, and all are interrelated to each other.For example, if the justification is one of self-defence then the actions must flow directly from this and not involve tactics of domination or subjugation of the aggressor; and that we can tack back from the methods and circumstances of a situation to understand the intention.This means that by examining the key features of a hackthe techniques used, the position/role/function of those targeted, the normative narrative delivered, and what types of harms are allowedit is possible to map out and evaluate the operation.This approach allows for an evaluation of the hack as the outward expression and actions of the collective whole, rather than necessarily having to examine the singular, and potentially highly varied, motivations of all those individuals involved.This is particularly important and helpful in evaluating the actions of those operations that necessarily rely on wide and open involvement from the hacker community.For example, en masse methods such as Denial of Service attacks, virtual sit-ins, and email bombs, can utilise thousands of individuals contributing to the effort.In this instance the political agenda and actions of the collective are examined through the operation rather than any given individual.It could be that some members are involved because of their genuine belief in the stated political agenda of the collective, while others might contribute because of some other general belief (antiestablishmentism for example), whereas some might wish to feel a sense of inclusion and camaraderie and so contribute, and some might act to demonstrate their own power and 11 Indeed, this does not preclude punishing particular individuals in a collective in regard to an unjustified hack.Like many other collectives where individuals might work towards a common goal while following the same methods yet for very different personal reasons (most notably evaluating a state's decision to go to and subsequent performance in a war, the intentions of rule abiding soldiers are not necessarily included in evaluating the ethical performance of the state) it is still possible to isolate ring-leaders (politicians and commanders in the war-time example) who must represent and take responsibility of the super-organisms operational behaviour.How blame is proportionally distributed in a collective or multiple-agent operation is in turn a separate question.For useful conversations on this see Lepora and Goodin 2013, Bellaby 2018, Braham and van Hees 2012;Sankowski 1992;Williams 2003;Squires 1968.influence.However, in such an open situation it is both unhelpful and unnecessary to examine the intentions and motivations of all those involved if they all contribute towards the same ends, through the same means, with the same limitations.This allows for the hack to be evaluated as the manifestation of the collective effort, and then if needed track any necessary praise or condemnation onto those most responsible for the operation.12As a process, this type of ethical evaluation is particularly common in international ethics when evaluating the actions of collectives where a varied membership contributes through similar actions towards a common goal but for indistinguishable and potentially highly varied individual reasons.Evaluating collectives in this way has thus become an important part of our common moral discourse, altering how we talk about, speculate on, and judge the actions of states, political collectives and their representatives (Lackey 1989:32).
By focusing on the operations in this way it is possible to distil and map the political nature of a large range of activities by relating them to our core human rights, focusing on the relationship to our fundamental interest in maintaining our physical and mental integrity, autonomy, liberty and privacy.Indeed, political hacking has gravitated towards our key human rights, predominantly those ideals found within Steven Levy's early 'hacker ethic' work on the freedom of information and a mistrust in authority, reflecting the importance of autonomy and privacy in people 's lives (metac0m 2003).For Christian Greenberg this has manifested as Anonymous having some overarching political orientation where it 'attacks whatever target offended its values, like freedom of speech and anti-corporatism' (2012a: 183).While Andy Fuchs, David Golumbia and Steven Levy see Anonymous as reflecting a socialist worldview, or cyber-libertarianism with a primary focus on free-speech and deregulation (Fuchs 2013: 7, 15;Borsook 2000;Levy 2000;Krauth 2012).In practice therefore, even within the most fluid of collectives where there are multiple voices calling for a variety of different political agendas it is still possible to see a 'shared awareness', where 'otherwise uncoordinated groups begin to work together' and to act towards a common goal (Shirky 2008: 163).The so-called 'hive-mind' of Anonymous, for example, operates as a super-organism, with many individuals working individually but possessing the nature of a single entity, and outwardly expressing a significantly coherent political rationale and narrative as a result.As Anonymous stated in an early video, 'Hello Internet.I am one Anonymous.Anonymous is a collective of individuals united by an awareness.We promote the truth, promote free speech, stand up against human injustice, we fight corrupt corporations and protest governments who bastardise freedom' (FLSnag 2011).Such ideals were then further detailed in their 2011 Anonymous manifesto which argued for the upholding of the rights and liberties of its citizens, free from undue influence from those privileged by greater resources, influence and power; to circulate uncensored information in order to guarantee these rights; that citizens should not be the target of any undue surveillance; that privacy is a common interests of humanity; and that it is the responsibility of all citizens to take actions and maintain an open and transparent society (Anonymous, 2011).Other self-theorising communicated often makes reference to fighting 'the loss of more liberties such as censorship, phone and Internet surveillance and eminent domain laws' (Kumar 2011), stopping 'campaigns of misinformation' and the 'suppression of dissent' (Vamosi 2008), while Anonymous' 'anti-hate' stance has resulted in them targeting governments for passing homophobic legislation (Boone 2013;Littauer 2013).It can be argued, therefore, that many of the political operations can be mapped onto our core rights, with a significant proportion relating to our autonomy, including the right to protest, to be an informed, fair and equal political agency, and to carry out one's political will.Or the right to privacy and the subsequent restrictions on surveillance this creates (both government and corporate).Or targeting hate groups and paedophiles as a way of preventing physical and mental harm that such groups are causing or fostering.
As will be shown, sometimes the hacker's actions are justified given the core right being threatened, but at other times they are unjustified when those methods do not match the threat or where the hack causes a greater harm to our core rights.What is important, is that it is only by distilling the different political agendas and hacker activities it in this way that we can make such comparisons across a diverse phenomenon.

Filling the Void: Hackers Using Political Violence
One of the key criticisms levied at hacker activity is that they are private actors carrying out their own political ends through the use of political violence.So, while collectives such as Anonymous have engaged in what can broadly be referred to as digital resistance (Delmas 2018), digital disobedience (Scheuerman 2016) or digital activism (Sauter 2014) and use methods which range across the activist spectrum, a distinguishing feature of the type of political hacking examined here is the use of political violence, which arguably distinguishes it from some of the conceptualisations and discussions on 'hacktivism' and those related justifications based on non-violence and often through a civil disobedience framework.For example, Kenneth Himma argues hacktivism is 'the commission of an unauthorized digital intrusion for the purpose of expressing a political or moral position' and is 'nonviolent in nature ' (2008: 200).Indeed, Candice Delmas describes the standard approach to the definition and justification of hacktivism as involving acts that are a 'public, non-violent, politically motivated, and conscientious breach of law undertaken with the aim of bringing about a change in laws or government policies' (2018: 65), while other emphasise the 'peaceful breaking of unjust laws' with 'non-violent means to expose wrongs, raise awareness, and prohibit the information on perceived unethical laws by individual, organisations, companies or governments' (Manion and Goodrum 2000: 14.Also see Hampson 2012a, b, c;Dittrich and Himma 2006;Crosston 2017;Goode 2015;Pavli 2019;Taylor and Harris 2006).Indeed, Cult of the Dead Cow, Oxblood Ruffin, defined hacktivism as something that uses 'technology to improve human rights.It also employs non-violent tactics and is aligned with the original intent of the Internet, which is to keep things up and running' (Smallridge et al. 2016: 61).Furthermore, Delmas notes that 'painting hacktivism as civil disobedience highlights their principles and communicative intentions' where their actions are 'speech acts, grounded in sincere political commitments', situating it to the 'broader public as a protest' and therefore well within the 'respectable tradition of civil disobedience' (2018: 64.Also see Auty 2004;Hampson 2012a, b, c;Jordan 2014).
In comparison, the type of political hacking discussed here often relies on methods that use some level of destruction, harm or damage and are powerful because of the (threat of) coercive power or damage they cause. 13This can include: Distributed Denial of Service (DDoS) attacks where the normal traffic of a targeted server, service or network is disrupted by overwhelming it or the surrounding infrastructure with a flood of Internet traffic with the aim of either temporarily or permanently shutting it down, causing damage to both the target's infrastructure as well as their ability to interact with their client and those client's ability to pursue their own ends; doxxing, whereby private information about an individual or organisation is collected and widely released online, causing harm through the violation of people's privacy, and potential loss of reputation and income; leaks and the unsanctioned release of confidential information (whether state or corporate) to news media outlets, which can cause both direct damage through the leak, or subsequent harm through how others use the information; and viruses and malware with the aim of causing damage to a network system. 14he question, therefore, is what moral authority hackers have to use violence for a political objective when they act outside of the system.This is often contrasted against the normative authority states claima claim often made through its representation of the political body or protector of the polis.Indeed, there are strong arguments that the state is the only actor who can legitimately use political violence (Duff 2011: 6).This includes the argument that, firstly, there is a broad social contract where individuals give up their absolute rights to carry out their own private wars or pursuit of personal justice in return for the comfort and protection provided by the state. 15The state therefore has the duty to ensure that individuals are protected, that rules are maintained, and differences are arbitrated.In return there is a prima facie obligation to obey the rules and mechanisms established (Markel 2011: 54).Hackers do not have any of this and, moreover, when they carry out harmful activities, they in turn break the agreement to not carry out private acts of violence, marking themselves as the threat to the social whole and the good found in the stability of the rule of law.
However, this does not necessarily reject hacking completely.The state's legitimate authority is not derived from its de facto position or its coercive sovereignty, but from its role as representative and protector of the political community (Norman 1995: 118).States have value because of the role they play in an individual's life as the moral unit of concern: their moral authority or legitimacy of the state is based on its role in protecting vital interests and fundamental human rights (Fabre 2008: 964).So, while there can be arguments in favour of the general obligation to obey authority when the state is furthering the protection of this moral unit, if the state is absent in its application of this role then others can, and should, act.If the state fails to uphold its end of the bargain, due to lack of will, capability, negligence, or because itself represents an unjustified source of harm, then it loses its legitimate authority in this specific instance.
Indeed, arguments can be made that rather than fighting against the political community and even the state, private actions such as those carried out by political hackers can reinforce the importance of social norms and are replicating the important protective role the state should play: that they can 'claim to respect the law even more than the sitting government officials, since he takes it seriously enough to want to see it enforced' (Dumsday 2009: 59).Johnson argues that through organised and coordinated forms of political violence, non-state actors can be justified when they act as the state should be acting.For example, when the state has good laws that are misapplied or not being enforced; when the state has failed to enact good laws; or where unjust laws are being enforced (Johnston 1996, 220;Dumsday 2009;Reynolds 2015).Such activities, while outside the normal state-sanctioned infrastructure, are instances where private actors represent what the state should be doing or where they seek to circumvent the harm the state is causing.When the hacker, for example, provides people with technology that allows access to the Internet when it is blocked by their government, or raises awareness about or seeks to directly stop a particular political agenda that actively harms or discriminates part of society, they are not denouncing key ethical and social norms but are emphasising them, while highlighting the failure of the state or marking it as the source of the wrong.These hackers are seeking to maintain those ethical and social norms that are already in existence, that are widely already agreed upon and have already moral authority.Developing an ethical framework for hacking therefore rests on the core argument that this activity is about replicating that good the state represents in people's lives by acting to protect people as the state should, albeit outside the usual mechanisms.
Therefore, in instances where good laws are not being enforced then the laws themselves can act to provide both legitimacy and guidance to the hacker.Such laws already represent a source of good in society, are agreed upon by the political community and are recognised as being worthwhile.In this instance the hacker can appeal to the law as it stands, and in doing so acts as the state should.This allows a more nuanced and detailed set of instances for when the hacker can act given the established body of law that exists.Whereas in cases where the state is enforcing 'laws that are actually evil or unjust and, as such, do not afford protection to members of society that they should' (McReynolds 2015: 441), to make this determination reference should be made to the fundamental vital interests to determine the threat posed to an individual's physical or mental integrity, autonomy, liberty, or privacy.For example, Carl Cohen argues that certain laws can be deemed as invalid if they deprive someone from constitutionally guaranteed rights (1970: 7); while David Lefkowitz refers to the need for a clear 'undefeated moral reason ' (2007: 206); and Rawls that the laws must be clear 'principles for assigning and servicing fundamental rights and liberties ' (2009: 245).Recognising such transgressions as well as what counts as a good law can be aided by appealing to universal statutes, the Universal Declaration of Human Rights for example, as they offer a codified version of our vital human interests and can act as a source of international authority from which the hackers can draw.However, due to the various localised interpretations of such norms they can only act to provide a thin layer of protection, a minimum level to which all people's vital interests should be ensured.For example, that people should, other things being equal, be free from pain and mental anguish, should have spaces where they know and can reasonably expect to be in private and have control over their information, have freedom of movement, value their self-worth, and have the capacity to decide for themselves how to make decisions, an important aspect of which is being aware of relevant information and being able to access information to aid in their decision-making processes.
Significantly, in making this calculation the initial position is such that legitimate authority rests with the state, and only when it fails to fulfil its ethical obligation can other actors intervene.This means recognising that, on the one hand, that no state is perfect and such imperfections do not make the whole state a failure and undermine all its legitimate laws and activities, but on the other hand even near-just states can fail in specific areas and thus create a space for intervention.This means distinctions are needed between instances where the state fails because it is not infallible in an uncertain world, and those where the state has acted negligently.In the case of the former if the processes are generally sound and are not in themselves problematic, then the failure or the occasional miscarriage of justice is not sufficient to argue that the state has failed in its attempt to offer protections.Failure is different to negligence whereby the latter denotes deficiency in exercising appropriate care and judgementwhether wilful or notthat results in the harm of another.This can include intended and unintended negligence where the actor fails to maintain the general ethical expectations of society as well as the specific additional standards of their profession. 16For example, systematic discrimination such as racism or homophobia, corruption, failure of the duty of care, are instances of negligence, while plea-bargaining, unforeseen accidents, or rules that in the majority of cases provide just results but do fail and whose failure could not have been anticipated, represent mistakes in an otherwise just system.Therefore, the hack should be targeted only on those instances where the state has neglectfully failed, recognising that nearliberal states can have such instances due to negligence, incompetence, inability or lack of will.It is just that in authoritarian states such failures are more likely to be widespread, systematic and of a greater magnitude.This can include for example, first, when the state is the source of the threat.For example, en masse violations of vital interests such as freedoms of speech, privacy or association means the state loses its legitimate authority and the hackers can intervene.Or second, when the state is unwilling or unable to prevent harm because it does not have the technical ability or manpower-although hackers should relinquish authority once the ordinary mechanisms are sufficiently available.For example, dark web activity entails a large degree of technical skills and manpower, but once information of harmful activity has been collected it should be forwarded for state authorities to act.Third, this also includes cases in which the state is unwilling to act to protect peoplethrough a lack of political will for exampledespite clear and compelling evidence of a threat.Appealing to legal cannon on evidence and balance of probabilities can aid the hackers in knowing how and when to act.However, simply disagreeing with the state's legitimately arrived decision is not sufficient.If, for example, the court has reviewed a case, the correct processes were followed and the judgement was one of not guilty then, short of new evidence, the hackers should not act.Therefore, the aim is not to justify all forms of private political violence, but only in very specific instances where the state has negligently failed, and then only when there is a just end as detailed in the next section.

Ethical Framework: Justifying the Act
As it has been previously detailed, the political justifications often directly stated by hackers can be quite varied, ranging from delivering punishment against wrongdoers including paedophiles, hate groups, and corrupt businesses, to protecting key civil and human rights, such as the right to information, expression and speech.17Or they can reflect a broad political orientation or ideology, ranging from generic left-leaning and socialist ideals, to anti-rightwing sentiments, to specific statements on anti-establishment or anti-corporativism, to radical freedom of online information where information should be free for sharing regardless of the original owner of the information. 18To this end, despite the different objectives put forward by hackers it will be argued that acting in self-defence/defence of others can offer a way of understanding if and when the hack is justified.Moreover, by examining the hack in terms of self-defence, it is possible to further see how private individuals can act to use political violence as legitimate agents.
In terms of self-defence, while there is significant debate regarding its underlying justifications, and Fiona Leverick offers a very strong review of consequentialist and person partiality approaches, it will be argued here that at its core the individual first and foremost has the right to protect their own life, even at the expense of another's; and that when an attacker represents a threat they forfeit their usual protections that prevent the victim from killing them (Alexander 1976;Kasachkoff 1998;Montague 1989;Otsuka 1994;Thomson 1991;Leverick, 2006).The starting position here is that the right to life is considered a fundamental, if not the fundamental, human right.Moreover, this is a Hohfeldian claim-right where the importance of the right to life is such that it places duties on other individuals to act so as not to violate that right (Hohfeld 1913).There is a duty to respect the right to life.This duty means that it is not just the victim who has a right to act, but others can intervene to prevent the attack.(Thomson 1991: 306;Christopher 1998;Wasserman 1987).Fabre extensively discusses this point arguing that the victim's 'fundamental interest in surviving A's attack is not merely protected by a right to kill A: it is also protected by a prima facie power to transfer that right' to a third party and to 'claim otherwise is to impose an arbitrary restriction on V's ability to promote this fundamental interest of hers' (Fabre 2012: 62-63).This duty created not only prevents violating an individual's right to life, but actively promotes others to avoid violating it and also allows defenders to intervene when appropriate.Importantly, this means the individual's right to self-defence has primacy over other considerations, such as limiting the legitimate use of violence to only state representatives.That is, the victim or defender need not wait for a state representativesuch as the policeto intervene before they can carry out their necessary protections.While there are practical considerations that often promote turning to state representatives, the individual's fundamental right to defend themselves comes first.
While much of the self-defence literature, especially that which focuses on wartime killing, is often interested in protecting life and limb and the right to use deadly force to protect oneself as a result, this can be expanded to recognise the other key aspects of the human condition that need protection.That is, protecting oneself should include protecting all our vital interests: those preconditions that all individuals have, by virtue of the human condition, that need to be fulfilled if they are to continue living their own version of the good life.Feinberg calls these requirements 'welfare interests ' (1984: 37) and John Rawls calls them 'primary goods ' (1971: 62), whereby regardless of an individual's conception of the good life these preconditions must be satisfied first in order to achieve them.In this way, these interests are the most important a person has, and thus cry out for protection (Feinberg 1984: 35;Nussbaum 2000: 76).These vital interests include, probably most obviously, the interest in maintaining one's physical integrity and the need to be free from pain, but also includes psychological and emotional integrity, autonomy, liberty and privacy.Moreover, these vital interest work as a matrix, each contributing to the human experience and all needing to be maintained to a minimal level and where an excess of one cannot make up the absence of the other.
These rights are so important that they cry out for protection, and indeed create obligations on others not to infringe upon them.So, while self-defence is often examined in terms of maintaining one's physical integrity it can also be understood as the right of the individual to protect their privacy, autonomy and liberty.Using the 'self-defence' terminology to refer to protecting one's non-physical vital interests might cause some to pause, but this is more because of the focus in the literature on discussions over when it is right to kill another to stop an impending aggressor, rather than there being any lack of there being a right to act to protect one's other vital interests from the unjustified infringement by others.For example, the privacy literature extensively discusses the different instances and types of defensive barriers one can erect and the actions one can take to stop others from accessing personal informationwhether legal, physical or metaphorical. 19Equally, the literature on autonomy argues for even forcible responses on those who wish to control one's ability to make and perform one's own informed decisions. 20This conceptualisation helps give greater credence to arguments where a victim could be justified in harming an attacker who threatens their non-physical vital interests, such as those who suffer psychological and emotional harm.For example, this stresses the uniquely horrific harms of rape as it adds the severe psychological, emotional and autonomy harms to the physical (Laugerud 2019); or it could also give greater weight to victims of spousal abuse who suffer psychological torment, or are abused through controlling and manipulative behaviour; or even torture which relies on psychological and emotional attacks such as degradation, humiliation, and fear.What is key is that an individual's vital interests are fundamental to the human condition, require protection, place duties on others not to unjustly infringe on them, and in turn give the individual the right to defend through some appropriate and proportional action from others infringing on them.Importantly for this paper, understanding self-defence as being more than just physical protections is important because it highlights other key, cyberrelated interests that need protectionsuch as the interest in autonomy and the implications this has for the right to information.
This expansion also nuances the connected defensive action, highlighting the relationship between the vital interest threated, the type of threat posed and thus the justified appropriate means for achieving the necessary protection.A key part of this is understanding that these interests are not binary, whole one minute and destroyed the next, but occur and are impacted in different ways and to different extents, and in turn shape different types of justified defensive activities.The type of self-defence justified, therefore, is determined by the particular vital interest threatened, the severity and duration of the threat, and its temporal proximity.(Feinberg 1984: 37;Rescher 1972: 5).For example, each of our vital interests can be impacted to different degrees: people can suffer various levels of physical and mental pain; their autonomy can be circumvented to different degrees; their physical liberty restrained for different periods of time; and their privacy can be perceived as consisting of different levels where the more personal or intimate the information the greater the expectation of privacy and the greater the harm caused when violated (Marx 2004: 234;Hirsch 2000;Feinberg 1984: 46).Thus, for threats that are of lesser magnitude than killing or severe pain, while there might not be a justification to kill in self-defence there could be justification for a low-level physical response, loss of property and resources, or sanctions (Pattison 2018).
Furthermore, this more flexible conceptualisation of self-defence has a key temporal aspect.Many self-defence justifications include a feeling of imminence, such as Thomson's innocent who is about to be run down by a truck, where the threat posed to the victim is very nearly upon them, which means the probability of the threat materialising is high and there are no opportunities for less harmful counterattacks (1991: 283).However, imminence is not always helpful when considering threats which are highly likely to occur but are far away; or where the threat is the systematic and widespread erosion of core vital interests; or where the only viable form of defence is when the threatening actor themselves no longer represents an immediate threatmost notably in the case of women who kill their abusive husbands while they sleep.As a result, the self-defence literature makes the distinction between 'self-defence against present definite threats… definite future threats… as well as indefinite potential threats' (Lee 2018: 346;Walzer 2000).These temporal and probability distinctions in turn shape the type of defensive action the potential victim can take.That, while imminent threat to life is often used in justification of killing in self-defence, threats which are more temporarily distant can still be defended against through non-lethal, though still harmful, defensive actions such as restricting the liberty of the threat, reputational and financial harms, and temporary physical harm such as unconsciousness (Pattison 2018).
In terms of hacking, therefore, what this means is that the hack used should reflect the threat posed.That is, in those instances where the individual's rights to information are being circumvented then the defence act justified is to provide individuals greater online protections or the ability to circumvent state online censorship tools to protect people's vital interest in privacy and autonomy. 21In comparison, if the threat posed is to the individual's physical and mental integrity then following the more traditional arguments of self-defence the hackers are justified in using more destructive means, though given the likelihood that an individual's life is not going to be in imminent danger then deadly force would not be justified.While instances where the threat has more direct implications for an individual's ability to act as a free political agent then the hack should be used to provide that agency, using proportional force to the degree to which the individual's autonomy is being controlled or subverted.

Wider Consequences and Protecting Innocents
Additional limits are necessary in order to aid guide the hacker while also preventing unjustified harm in terms of level of attack and the targets impacted.One limit is that of proportionality, which itself raises two different requirements: first, there needs to be a threshold that must be reached before the hacker can act because not every small insult or injury warrants the type of damage caused.Second, that the response itself must be proportional to the problem faced.For the first point, hacking is essentially an extraordinary response, a situation where the normal mechanisms of the state and its institutions are deemed to have failed.The private action is supporting the ethical role of the state in its idealised form; it is not intended to replace the state per se.It should therefore seek to not be the norm.In an idealised situation it would not be needed.Therefore, it should limit itself only to those failings that are clear and significant.For example, 'rude behaviour in traffic even where there isn't an adequate police presence would not suffice to justify a vigilante response.Nor would rude behaviour on an Internet message board' (McReynolds 2015: 427).
To make the second calculation on the overall benefit of the hack, key critical questions can be asked to help guide decision-making, including first, what level of harm is caused by the hack?Most hacks will necessarily entail some form of damage.For example, this could range from financial costs as a website or network is rendered inoperable, or reputational costs as systems are undermined and / or embarrassing information is revealed; to costs to one's privacy or autonomy as private information is stolen and released; to even costs to people's lives if critical infrastructures are shutdown or hindered.These damages must not exceed the perceived benefit of the hack, and in doing so this limits the hack from escalating.This means detailing what benefits the hack will provide as a positive in the calculation, such as providing increased access to online information and enabling freedom of expression, or actually preventing the violation of an individual's privacy or autonomy.Finally, what harms are allowed to continue if the hack is not carried out?For example, who is being harmed or is likely to be harmed and what is the extent of the harm if the status quo is allowed to continue.So, if an individual's right to information is being limited then the hack must correspond and correct this harm by giving them greater access; whereas if their physical security is threatened then this would represent a justification for a greater hacker attack that sought to prevent this harm from happening, such as coercing or even harming the threatening agent.There are, however, limits to the necessary calculation hackers have to make.For example, unforeseen and/or unintended consequences cannot be expected to be included in the moral calculation made by hackers.Similar to the doctrine of double effect, whereby actions with foreseen damage can be permitted when the harm is not directly intended, nor is a means to achieving the good and proportionate end (Mangan 1949: 43).
Finally, the attack must discriminate between legitimate and illegitimate targets.The underlying argument is that those individuals who make themselves a threat or do wrong essentially waive or forfeit the normal protections they have from being interfered with (Nagel 1986: 162; Moore 2010: 1).It can be argued, therefore, that the harm directly inflicted through the hack should only negatively affect those who have either done wrong or who pose a threat.This can include not only individuals who have caused or will cause others harm, but organisations and states as well.In these latter cases the attacks can either be targeted against the offending systems or structures, or those individuals directly responsible for them and for the continuation of the harm.Broadly speaking this would mean that the hack should only directly affect those who are the source of the problem and not impact 'innocent' bystanders.This can be quite flexible however, with different hacks being justified against different actors depending on their role.In this way, involvement can be seen as a spectrum, where depending on one's role in the threat the level of harm caused by the hack should vary.At one end are those who (whether people or institutions) have actively fostered an highly unethical state of affairsincluding perpetuating or carrying out systematic physical attacks against others for examplemaking them legitimate targets for harmful hacks, while at the other end those who are minimally complicitby failing to act when they reasonably could have but who have not directly contributed for example are only just targets for hacks that minimally impact them, a mild irritation or inconvenience for example.

Decision-Making and Limiting Bias
At the core of this paper is the argument that hackers can legitimate when their activities are used to protect others from unjustified harm and when there are no other actors, traditionally the state, who are able or willing to intervene.This places the right to defend others as primacy over making sure that more established actors are the ones to act.That is, one does not need to wait for the police before defending someone else's life.However, there are still some ethically important practical mechanisms used to help guide decision-making that, as much as possible, aim to achieve the best ethical end; so that the correct individual is subjected to the appropriate type and level of response.Indeed, traditional mechanisms such as due process, right to appeal, transparency, right to representation, and complaint mechanisms are valuable because they represent key mechanisms for ensuring the best form of action; for trying to ensure the right action is carried out to the right individual, or that all individuals' rights are treated equally.The concern is that hackers could be prone to making biased, politically partisan, or incorrect decisions.
So, while the ethical framework can be used to inform hackers and society on what an ethically justified hack might look like, there are additional mechanisms that can also help the decision-making process itself while also reassuring the rest of the political community.To aid hackers we can draw out some of the key lessons from deliberative democracy concepts and institutions.For example, Chambers argues that even in secretive environments, a deliberative ethos can still be replicated 'applying the publicity test by welcoming diversity of opinion ' (2004: 408).For hackers this highlights the need for mechanisms that instil a process of engagement and dialogue; that they have mechanisms for discussion, interrogation and review.The devil, however, is often in the detail and, while it is not the aim of this paper to give organisational specifics but to highlight underlying principles, it is possible to foresee what useful tools might look like.This would include, firstly a deliberation process to allow critique, debate and reflection to minimise the likelihood of personal bias.Hacker intentions, objectives and demands should be made public to allow for others to reflect on their reasoning.Second, a means for publicly debating these objectives and intensions can help ensure the logic is sufficiently interrogated.This could be supported by a means of collecting and sharing different opinions and giving individuals opportunity to voice objections or provide new information.Finally, a means of collating and distilling an overall decision can shape a coherent justification and matching methods.While these mechanisms do not guarantee an ethical decision will be made, their aim is to increase its likelihood, and by presenting the process publicly reassure the political community as to the deliberative process.
While there might be concerns that such mechanisms are not feasible due to hacker anonymity and given their decentralised and anti-hierarchical structure, this is not necessarily the case.In practice being decentralised, anti-hierarchical and anti-leader does not necessarily mean that there are no decision-making processes or discussions in place, nor that they cannot be made more systematic and engagingand can in fact prove to be a benefit to the collective itself.Philip Gray (2013) argues in regard to other protest organisations, having an anti-leader, non-hierarchical structure can act to facilitate discussion and action, allowing for greater flexibility, adaptability, wider appeal and inclusivity, while still being able to make decisions in a timely and directive manner.While these principles might initially seem counter to the idea of the lone hacker wreaking havoc from their private rooms, many hacker collectives exhibit such behaviours.Indeed, the Anonymous super-organism, whereby individuals coalesce around a particular cause and cooperate to produce the necessary results, operates in a similar methodology to the 'occupy movement' whereby individuals came together to fulfil a particular goal but move away again once the movement is over (Serracino-Inglott 2013).This fluid and open structure necessarily invites dialogue and debate, albeit through non-traditional avenues.The internal decisions are already typified by horizontality and consensus, where plurality of opinion and a reliance on mass contribution limits bias, and as Coleman details through the 'public channels' Anonymous does debate and vote on operations (2014: 101-105).Indeed, the anti-leader ethos actively promotes discussion and voting procedures in order to enable a decision-making process.Though these processes should be encouraged through more explicit, public and open dialogue on online public forums with an established decisionmaking process.For example, there are already established platforms for sharing of ideas that rate ideas and have proven useful in generating a collective understanding on a topic from a diverse global membership.Most notable among these is reddit.com,a social news aggregation and content rating website that allows members submit content -such as links, text posts, and imagesthat is then voted up or down by other members. 22Anonymity can still be maintained and it can reflect an anti-hierarchical ethos, though making it more officially open to outside involvement and formalised to ensure alternative points of view.
The overall framework therefore does not discount individuals or smaller groups from acting, just that these inclusive mechanisms increase the likelihood of a more reflective decision being made and that agents should be aware of their own shortcoming in making decisions and their implications.
5 Applying the Framework: Hackers, Online Rights and Real-World Fights In one set of attacks hackers have focused on government institutions and representatives in order to protect freedom of information, expression, association and autonomous political engagementall key manifestations of the vital interests' people have in maintaining their autonomy and privacy.During the Arab Spring, for example, Operation Tunisia and Operation Egypt, Anonymous aided the emerging protest movements by shutting-down government websites and helping dissidents circumvent online censorship.On 2nd January 2010, Anonymous began Operation Tunisia by landing a successful DDoS attack against several Tunisian government websites include the President, Prime Minister, and Ministry of Industry, Minister of Foreign Affairs, Stock Exchange, and the government Internet agency that had been censoring online dissidence.Operation Egypt started on 26th January 2011 with DDoS attacks on Egyptian Cabinet Ministers and provided online 'core packages' to aid communications during the protests; while in 2012 Anonymous attacked Syrian government websites in an attempt to fight government censorship (Greenberg 2012b).Anonymous announced in relation to Operation Tunisia: 'A time for truth has come.A time for people to express themselves freely and to be heard from anywhere in the world.The Tunisian government wants to control the present with falsehoods and misinformation in order to impose the future by keeping the truth hidden from its citizens.We will not remain silent while this happens' (Coleman 2014: 148).In other non-Arab Spring examples Anonymous attacked the Thai government through Operation Single Gateway after it was reported that all Internet activity would be routed through a single node that would allow for government monitoring.Anonymous stated, 'We saw the situation in Thailand for the past months going too far, restricting basic access to freedom of speech, protests and basic human rights against anyone who criticised the Thai Junta' (Bangkok Post 2015).
Each of these attacks focuses on the importance of online freedoms, seeking to preserve or reinstall civil and human rights, and aims at damaging state infrastructure through DDoS attacks or undermining the legal restrictions on digital access.In all of these cases the state directly limited the people's access to information, an extension of the right to the freedom of speech recognised in international law as a fundamental human right, causing them harm.Freedom of expression and information goes to the heart of the vital interest individuals have in protecting and carrying out their own fully autonomous life and preserving their privacyboth vital to the human condition.It can be argued, therefore, that tools that damaged or destroyed excessive government control of cyberspace offers a means to remedying that harm.In Tunisia 'Ben Ali's government tightly restricted free-expression and political parties' (Anderson 2011: 2), while in Egypt as the protests started social media websites were increasingly blocked (Woodcock 2011), and in Libya Gaddafi's government severed Internet access and international phone calls (Hill 2011).The DDoS attacks represent a direct attack on the government as the source of the harm, and while the attack was damaging and a form of low-level violence, the impact is still lesser compared to the larger harm caused by limiting people's freedom of expression.Also, as the source of the threat there is no authority to appeal to or legal route to work through, offering no other resorts.Therefore, these attacks can be justified.While freedom of expression is a contested concept and determining its exact nature difficultwith courts debating where to draw lines between free speech and saying offensive, aggressive or hateful thingsthe right to expression or information access can be strongly established both in international law and in reference to the important role it plays in people's autonomy (Nussbaum 2000: 79;Frankfurt 1971: 7).Indeed, if individuals do not have the full facts before them or could not reasonably be able to comprehend its meaning then they are unable to make an informed decision; their capacity to reflect on options and determine for themselves their most appropriate action is prevented and they are therefore unable to act autonomously.Therefore, providing people with technology that stops state control and unjustified state monitoring plays an important role in re-establishing people's vital interest in autonomy.Also, anonymising technology can promote a realm of greater autonomy exploration as people's actions would be unmonitored and preventing the stifling effect that outside monitoring can have as particular standards of 'correct', 'right' or 'true' are imagined or imposed.What anonymising technology creates is a more open space for individuals to explore these issues themselves.
These cases do raise an important broader question of whether hacks that argue for the freedom of information should use tactics that ultimately restrict people's access to information.Indeed, this is a concern Coleman notes that hackers themselves have raised: 'whether DDoSing is an exercise of the right to free speech or an act aimed at precluding the same right for other ' (2014: 132), and as one Anonymous contributor argued 'i dont think DDoS can be in the name of freedom of speech ' (2014: 133).As previously argued, however, by distilling the different political acts to their relationship to our core vital interests such comparisons can be made.That is, in Operation Tunisia and Operation Egypt, there is a much greater and systematic limit to a general right to free speech that make the localised government shutdowns the lesser of the rights violations.In comparison, when the US government shutdown video and file sharing platform Megaupload for illegal distribution of copyrighted data and Anonymous responded with hacks that shut down US Department of Justice, Warner Music Group, Motion Picture Association of America and Universal Music Group's websites, it can be argued that this was essentially an unjustified hack.The justification given by Anonymous was based on a freedom of information mandate (Waqas 2012).While the right to share information does have virtue when it has been decided by the owner of that information, to go against the originator's wishes is essentially a violation of their right to privacy. 23There is therefore no justification in that there is no threat to someone's vital intereststhere still exists a general right to share information which is yours to share, something not seen in the case of Tunisia and Egypt.
In a slightly different set of attacks, hackers have sought to apply pressure and blackmail governments to prevent legislation that will discriminately harm a section of their society.For example, in both Nigeria and Uganda, Anonymous launched hacker attacks in response to their anti-gay legislation, taking down government websites in response to the 'intent to pass a law that would jail LGBT people for up to 14 years' along with other discriminatory policies (Littauer 2013; Ford 2012).Anonymous declared, 'Nobody should live in fear of being jailed, when their only action is loving another consenting adult, regardless of gender… Failure to follow our order will unleash a torrent of fury aimed directly at the direction of your administration, starting with some startling but unsurprising evidence of corruption in your ranks' (Littauer 2013;Boone 2013).In these cases it can be argued that given the political and social climate that homosexuals (or even those wishing to act on their behalf) have suffered in these political communities, there is a clear threat to their physical, emotional and psychological interests.Examples of violent, public abuse to homosexuals -by official authorities including the policeserves to highlight the social problems and the harm that homosexuals are likely to face as a result of a law that encourages discrimination and the normalization of existing abusive treatment (Walker 2016).Furthermore, social stigmatization and institutional abuse is likely to limit individuals coming forward, restricting ordinary legal avenues.In terms of authority, the state represents the source of the threat and so calls out for a new entity to act on behalf of those who would be harmed.For proportionality, given the threat to the lives of homosexuals in Uganda and Nigeria, using hacks that caused a minimal amount of physical damage in order to raise awareness of the problem to the wider public and to put pressureeven blackmailon the government is justified as it seeks to prevent harms and defend homosexuals against clear physical and social harms.While shutting down government websites might negatively impact people, the damaged caused to inconveniencing people is less than legislation that encourages and fosters severe harm to a portion of society, especially when the websites concerned are predominately for information and the attack was more symbolic rather than limiting necessary information or services.These cases represent an instance of the state erecting bad laws that unjustly discriminate a portion of their community while also fostering and promoting a homophobic atmosphere that will cause harm to the LGBTQ+ community.
A third key set of hacker attacks has been made against what would be considered to be more 'liberal-democratic' states, mainly the USA.Operation BART, for example, was in response to the San Francisco's Bay Area Rapid Transit (BART) team turning off cellphone service in reaction to a planned peaceful protest that itself was being held to protest the fatal shooting of Charles Hill by the police in July 2011.In one video Anonymous argued that such tactics represented a direct threat to the rights and safety of US citizens, and announced that it would 'show those engaging in censorship what it feels like to be silenced' (anon2world 2011,) and bombarded BART officers with copies of its political message; attempted to bring down the BART website through DDoS; and finally released 2400 BART customer's information in an attempt to embarrass the organization.In a similar case, after police shot teenager Michael Brown, Operation Ferguson supported local protests by applying pressure to have the shooting police officer's name released by shutting down City Hall websites and phone services.When the name failed to be released @TheAnonMessage threatened to publish St Louis police chief's daughter's personal details, including social security number and phone number (Rogers 2014).Finally, in yet another similar case in Cleveland, Anonymous attacked the city's official website after 12-year-old Temir Rice was shot by local police, with the aim of raising awareness to the incompetence of police training and again calling for the names of the shooters (Stone 2014).
These hack attacks were aimed at raising awareness and forcing what they saw as suitable responses from the police as well as seeking to punish those who caused the harm by shaming the authorities and encouraging official steps to be made against those involved.In the case of BART the hackers were seeking to re-install the ability of protesters to carry out their protest successfully.There is a justification, therefore, for some action as the state threatens without reason the general right to protest.However, when the attacks turned to revealing personal information of BART customers the justification is lost as it affects those who were not involved.The personal information of these customers is their property to determine who has access to it; the hacker's information dump undermines their vital interest in privacy (Fried 1969: 475;Gross 1971: 169;Thomson 1975: 303;Breckenridge 1970: 1).Equally Operation Ferguson's aim to force the authorities to release the names of the shooters can be justified as encouraging already established oversight mechanisms.However, again when it comes to doxxingreleasing the police chief's daughter's private informationthis crosses the discrimination line.While collateral damage could be justified in-line with the doctrine of double effect if the harm was foreseen but unintended, this was directly aimed at causing to daughter distress to alter the police chief's activity.While arguably the chief of police is a legitimate targethe is aware of his rank, position of authority and his part in the game being played (Pfaff and Tiel 2004: 7)and so has agreed to the responsibilities and dangers that come with his position, his family and friends are not legitimate targets: they hold no position of authority nor have they acted in such a way as to waive their protective rights.While doxxing would often therefore be discounted as an ethical tool given its reliance on sharing private information of those who are not involved in the threat, if the release was such that it included evidence of those involved causing harming then this harm would justify the violation of privacy.For example, the doxxing of Klu Klux Klan members in 2014 who were issuing threats to protestors who were responding to the police shooting of Michael Brown, and in the 2011 Operation Darknet, 2015 Operation DeathEaters and 2017 Operation Darknet Relaunch where Anonymous sought to collect evidence against international paedophiles rings so to 'bring them to justice' by revealing their identity (O'Neil 2015;Eleftheriou-Smith 2015).Though to whom the information is released and in what format will be determined by the type of threat and required remedy.
Finally, there have been some hacks that, while they have a clear political message, are more a representation of the personal politics and beliefs of the hackers.For example, in 2015 the World Trade Organisation was compromised when hackers leaked more then 53,000 email addresses, with 2100 names, phone numbers and job titles.In addition to the breach there were concerns this personal information could place the workers at risk of 'phishing attacks' whereby their emails are used to defraud them or to install malicious programs.The hack was accompanied by a vague anarchist statement against large corporations and governments: 'We are here to hack all your systems.We will not stop.We will not give up.We have enough rope to hang you and your puppets.Expec us [sic]' (Hackett 2015).The attack itself has been tied to the 'operation green rights' cause that attacks governments and corporations for environmental reasons and included shutting down websites for French conglomerate Areva over its plans to build a nuclear power station stating: 'Areva can't even secure their website, how can they secure their nuke?' (Hackett 2015).However, there is no justification in that there is no threat to someone's vital interests and in fact these actions represent a clear threat to some people's right to privacy.

Conclusion
The use of political hacking clearly raises some important ethical questions around who can use political violence and to what ends.For some, hackers act outside the state and so do not have the moral authority to use violence, and that there are no clear and systematic cultural or ethical guidelines for shaping and informing behaviour.However, it has been argued that there are instances where the state has either failed in its role or is a source of a threat in people's lives, and so limiting the right to defend oneself or other is not ethically correct.It has been argued that even states that have extensive established human rights protections in place can fail in specific cases and so justify some form of response from a non-state actor.As such, individuals, groups and collectives can act as ethical agents; they can act to prevent others from violating our core vital interests and that by being outside the state does not automatically discount this.However, hacking is a complicated, multifaceted and fluctuating phenomenon.A variety of agents, acting for a variety of causes with open and fluid opportunities for others to engage makes developing any systematic review incredibly difficult.The Anonymous of today could be different to the Anonymous of tomorrow.However, this ethical framework gives us a place to start: by examining the activities of a hacking agent in relation to political situation through the distilling their actions and the mapping of them to our core rights we can start making ethical judgements and statements about their actions as a form of defending people against some of those threats which others have failed to prevent.This can then inform both those on the outside and within on how to react and what the next set of steps should be.This ethical framework is the first step in understanding what an ethical hacker looks like and can form the basis of a new ethical hacker culture.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material.If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.