Protest, hacktivists and cyber-terrorism

Once mapped as an array of 109 definitions,[i] perhaps little wonder “the search for the legal definition of terrorism … [has been likened to] the quest for the Holy Grail”.[ii] To mix Monty Python references, too seriously considering ‘Operation Titstorm’ as terrorism (cyber or otherwise), or certain naïve ideologues[iii] as terrorists, is to recall "[h]e's not the Messiah, he's a very naughty boy!"

That is not to belittle the contribution of Hardy’s cited article.[iv] Australia’s broad legislative response to the threat of terrorism typifies identified knock-on effects in recent ‘western’ developments of criminal justice policy and practice.[v] Systems become oriented toward pre-emptive action against risk, effecting the distinction between crime control and security in more ordinary contexts. ‘Normalisation’ follows - extra-ordinary powers become part of normal governmental discourse, worst-case scenarios define the law, even for lesser crimes. Intrusions upon liberty become embedded so as to no longer merit notice.

In such a climate, concern must arise where Hardy argues ‘hacktivists’ under the current definition in Australian law[vi] face criminal liability for a terrorist act. However the article possibly underplays two factors in concentrating upon certain interpretations of the laws (particularly those of politicians) and advocating insertion of an alternative (though potentially useful) standard.

Firstly, law struggles to keep pace with technology. Arguably the challenge for law makers is to formulate general definitions reflecting contemporary understandings of concepts such as ‘data’, ‘technology’ or even ‘terrorism’ (i.e. not solely the specific (or inductive) approach of laws re hijack, bombing, etc.) in a form consistent with rule of law principles. ‘Terrorist act’ is defined with phrases that retain scope such as ‘intimidating the public or a section of the public’, ‘an information system’, ‘advocacy, protest, dissent or industrial action’, among others. Such lack of definition results in legislation being a starting point, vitally the ultimate determination of what constitutes a (cyber)terrorist act will be judicial.[vii]

Secondly and interrelated to general drafting, the legislation provides exceptions[viii] where an act will not be terrorism if it be ‘advocacy, protest, dissent or industrial action’ and is not intended[ix] to cause serious physical harm, death, endanger life or serious risks to public health and safety. Storms of tits and dicks upon largely political websites seem short of this standard.[x] Disruptive effects due to similarly brutish attacks upon truly critical infrastructure systems or the spectre of more sophisticated intrusions[xi] as a prelude to terrorist acts do not.

Therein ‘hacktivism’ and arguably use by ‘terrorists’ of cyber-attack techniques incapable of outcomes contemplated by s 100.1(2) might better be considered through reform of the ‘Computer offences’.[xii] The challenge is to ensure legislatures do not embark from a normalised version of the anti-terrorism legislation. Mitigating the criminality of hacktivism in this context could arguably be guided on the basis of such actions being a species of public disorder.

Protestors conspicuously and directly participate in the political process. Thus demonstration may not simply be lawful, it can be virtuous.[xiii] Considering the right to demonstrate and protest, Lord Denning stressed:[xiv]

“the need for peace and good order. Only too often violence may break out: and then it should be firmly handled and severely punished. But so long as good order is maintained, the right to demonstrate must be preserved.”

We may therefore say these rights exist at common law. Recent civil disobedience in the UK demonstrates distinctions will always be drawn between the rational and irrational, between “issue-oriented” and “issueless” disorder.[xv]

Lawfulness creates additional uncertainty, analogous trespassing (entry on inclosed lands without lawful excuse or without the consent of the owner, occupier or person apparently in charge) is unlawful.[xvi] Protesting is not a lawful excuse in this context.[xvii] Of interest, and returning to the potential of hacktivism being censured as cyber-terrorism, the legislation as initially tabled in Parliament[xviii] provided that the advocacy, protest or dissent exception must be lawful. When enacted, reference to lawfulness was omitted.

The public order analogy strains as the internet environment provides little in the way of readily accessible public space to occupy[xix] in a manner considered a demonstration, let alone public disorder. The utility of the ‘e-mail bomb’ category of denial-of-service attack arises, as does greater legitimacy or lawfulness. Organisations of the ilk of GetUp! (just by example) are unlikely to generate a pro forma e-mail campaign capable of disruptive effect. Perhaps not a bad thing for the quality of public discourse. Yet with a potential ‘base load’ of 550,000 people,[xx] if not capable of the epic lulz of taking a system down, a well synchronised campaign would be resource intensive, potentially disruptive, and - importantly if truly for activism - of great media interest. Moreover, where a government website provides for receiving comments, is it ripe and legitimate for disruptive mass insertions of non-intimidatory and otherwise meaningful comments until the point at which the server expires?

Ultimately it is the crude almost violent nature of an attack such as Operation Titstorm that is difficult to approve - as Denning stated, the legitimacy of such acts will be determined by how peaceably and orderly they are conducted.

---

[i] Alex P Schmid and Albert J Jongman, Political Terrorism: A New Guide to Actors, Authors, Concepts, Databases, Theories, and Literature (1988) 5.
[ii] Geoffrey Levitt, ‘Is “Terrorism” Worth Defining?’ (1986) 13 Ohio Northern University Law Review 97, 97.

[iii] http://www.smh.com.au/technology/security/meet-the-hacktivist-who-tried-to-take-down-the-government-20110314-1btkt.html

[iv] Keiran Hardy, Operation Titstorm : hacktivism or cyber-terrorism?, University of New South Wales law journal 33(2) 2010: 474-502.

[v] Lucia Zedner, Security (2009), 116-125.

[vi] Criminal Code (Cth), s 100.1(1), 100.1(2), particularly s 100.1(2)(f).

[vii] Ben Golder and George Williams, What is ‘terrorism’? Problems of legal definition, University of New South Wales law journal 27(2) 2004, 288-292

[viii] Criminal Code (Cth), s 100.1(3).

[ix] Not enough words to explore the interesting legal importance of this.

[x] Again without the space, would be interesting to question whether Operation Titstorm or similar attacks would not fail at s 100.1(1)(c), 100.1(2)(f)(i),(ii) or (iii)).

[xi] http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

[xii] Criminal Code (Cth), Part 10.7.

[xiii] P. A. J. Waddington, Policing citizens (1999), 66.

[xiv] Hubbard v Pitt [1976] 1 QB 142, 178-9 (Lord Denning MR). His Lordship had been reflecting in part upon the 'Peterloo Massacre' upon St Peter's Field, Manchester in 1819, often considered when discussing notions of public (dis)order.

[xv] P. A. J. Waddington, Policing citizens (1999), 71, 77-78.

[xvi] Inclosed Lands Protection Act 1901 (NSW), s 4.

[xvii] O'Donohue v Wille [1999] NSWSC 661.

[xviii] Security Legislation Amendment (Terrorism) Bill 2002 (Cth)

[xix] http://occupywallst.org/; http://edition.cnn.com/2011/10/11/us/occupy-wall-street/

[xx] http://www.facebook.com/GetUpAustralia

October 12, 2011.