I think this is setting a very dangerous precedent. Yes, it was lame what Mastercard did to Wikileaks, but it wasn't technically illegal. What Anon is doing to Mastercard, however, is completely illegal and damaging, not only to MC but to its customers too (who are innocent bystanders in this case).
I'm going to try to articulate a position that I think that I understand but is not mine, so please bear with me.
Let's put aside what is "legal" and focus on what is "socially desirable" business behavior from the perspective of Anon. MasterCard, as a private entity, has wide leeway in how it chooses to deal with other private entities such as Wikileaks. Is this socially desirable? While I have no special insight into what Anon is thinking, I would surmise that they are not pleased that private entities are restricting free-flow of information and acting as a state's agents even when not compelled to do so by the force of law.
We've heard from many business (Amazon, PayPal, etc) that blocking WikiLeaks (and consequently inhibiting free distribution of classified US documents and secret corporate information) is, at its core, a profitable business decision. I would guess that Anon is trying to send a message that such an "anti-freedom" decision (scare quotes intentional) can instead become very expensive.
It's not a dissimilar concept to strike action, in that it may well have a negative effect on customers, but is believed to be neccesary none-the-less.
I fully support unions and strikers, however I'm not sure how I feel about this kind of action. The similarity ends with differences such as strikers have names, faces, spokespeople, they decide together if they are for or against striking, it isn't one or more people with nothing to do with the company who makes the decision.
Strike actions have symmetry and boundedness. Withholding labor obviously affects both the company and the workers and the action can only go so far since both sides need each other to survive.
This kind of action is asymmetric and unbounded: Anon can hurt MasterCard without cost to himself (presumably) and he can theoretically carry it out for as long as he wants. This can only lead to some kind of escalation if MasterCard (and similar entities) want to survive.
I wouldn't be so sure. This was organized somewhere and I doubt every one of the people involved was technically good enough to completely hide their IP address. Don't be shocked if someone gets jail time and a fine of millions of dollars over this.
Well the you can compare it with commercial sanctions to Cuba, Irak or North Korea that the international community don't suffer too much (they're not big players) but the people of those countries do, not only their governments.
OTOH, you can't let dictators use their own population as hostages, when they buy weapons instead of feeding the populations (Saddam, which you mentioned, had lots of money from smuggling).
Also, is it better to let those populations suffer in "jail" for generations? (If I was Eastern European, I'd be pretty pissed to have been left to rot until 1989.)
If nothing else, the dictators spread their problems (support of terrorists, atom weapon programs etc).
Look at WW II for what will happen when democracies are pressed. At the start of the war, British military argued against bombing private property (German factories). Compare that to a few years later.
(I guess the place where this is closest to happen next, is Israel and the humongous Hezbollah (/Hamas?) arsenals of rockets optimized for attacks against civilians.)
Point is, those juntas are arguably a blight on humanity that needs to be solved, the longer it takes the worse it might be.
Ah well, this is both after the discussion and irrelevant to Wikileaks.
"Socially desirable" is the right way to think about it. Law has always been "mob rule", with competitive courts competing to define what this entails.
"Legal" just means the government agrees with it. The state claimed a monopoly on "law" along the way.
The tension we see today is that the "legal" does not represent the "socially desirable" / "law" anymore.
Granted, a binary offline/online result using DDOS attacks is a very rude reputation system, but the reputation feedback processes can be improved upon by competition (semantic web startups anyone?).
Law has always been "mob rule", with competitive courts competing to define what this entails.
Exactly. In the US we have a system of checks in balances to pit competing mobs against each other in a way such that it is sufficiently difficult for a mob to rule over a large population. But if the mob gets sufficiently large, they can rule. And likewise, for small geographic regions we often do have mob rule.
But what is "socially desirable" is a completely subjective thing though. There could be a small group of Anons that think banning gays from entering the military is "socially desirable" and use that as a basis for taking down websites of companies who work with the military.
It's Mastercard's choice whom they do business with, and by launching this attack Anon is only further solidifying the misguided popular belief that Wikileaks is akin to a terrorist organization. It may seem like a victory in the short term, but in terms of Wikileak's PR I think it's a huge setback.
The only people who are going to blame this on Wikileaks are the people who are uninformed enough to already think they're a terrorist organization anyway. I wouldn't spend too much time worrying about what such people think because unless you can get a spokesmen on Fox News you can't change their mind anyway.
I'm really interested in this, and I'm confused as to why people are voting you up. You provided an answer with absolutely no evidence to support what you said and people find the answer either, a) Helpful or b) Interesting.
Can you explain how it isn't their choice? Mastercard, VISA and American Express turn down applicants ALL the time, so doesn't this go against what you are saying here?
I'm not sure what his point was, but technically it's true, at least in the U.S. There are a host of "protected classes", and if you refuse to do business with someone because they're in that protected class, you get in Big Trouble. This includes race, color, gender, age, etc.
It's not true, otherwise signs that say "no shirt, no shoes, no service" would be illegal. You're referring to laws against discrimination based on race, sex, or disabilities. This says nothing about refusing service to people for other reasons, such as a rowdy bar patron or someone who violates Terms of Service.
It's generally understood that refusing to do business with someone for political reasons, unless the person's politics involve genocide or something, is against the social contract. Not illegal, but generally not approved of by anyone (unless you have the whole US media playing the mccarthy card against the person, apparently).
I think there are many people who, given the chance, would not do business with WikiLeaks (on the grounds that their actions are perceived to be against the US national interest and potentially putting lives in danger). So I'm not sure where you're getting the idea that this would be "generally understood ... to be against the social contract."
If you're a small business and people can take their money elsewhere, that's one thing, if you're one of two giant corporations providing a vital service, that's another.
There is a difference between turning down an individual for financial reasons and turning down an organization due to political pressure (whose money they were completely okay with taking before the hammer fell down).
I'm not saying it isn't their choice, but there is no real advantage to them angering politicians who could screw them on votes or funding at some point in the future.
They're now collectively turning down something. That's not something they should be allowed to do, given that they control a lot when it comes to moving money. It puts a consumer in a position where he has no choice.
Another thing, the people who think that bringing down Mastercard is going to help Wikileaks in any way need a serious reality check.
Why would anyone do business with someone if there was even a tiny chance that they would get screwed over the next day to the tune of MILLIONS and MILLIONS of dollars. The fact that mastercard.com is down and their SecureCode service is offline has already cost thousands of small businesses millions of dollars. Do you think these companies are going to support something like Wikileaks after this event?
Except your assertion requires that the availability of imported tea was an essential component to the American Revolution's success. The founders didn't reduce their available resources by making people less likely to import tea.
Anon has reduced Wikileaks' available resources by making people less likely to facilitate donations to them.
Visa and MasterCard can block payment providers if they believe those generate a lot of fraudulent activity, not because they disagree with those organisations activities.
Making Rosa Parks get out of her seat was lame but not technically illegal. Her refusal was completely illegal and plenty of folks argued it was damaging.
I don't see why civil disobedience should cease to be civil disobedience just because it's on a computer.
I think its a good problem solving tactic to try to look for analogous situations and gain insight into our current dilemma in doing so.
I think a better analogy might be a sit in. If you occupy all the seats in a restaurant, I think it kind of qualifies as a meatspace DOS. I guess the difference is that in civil rights sit ins of the 60s, the people sitting in actually wanted service.
I guess the digital analogue would be a bunch of people requesting permission to donate to Wikileaks, rather than permission to load the page. It seems the subtle difference is that civil rights groups actually wanted the service that they deny to others, while anon wants a service different from the one they are denying to others.
I guess its up to individuals whether they think the difference is significant.
> Under a 1921 ordinance, 156 protesters were arrested for "hindering" a bus, including King. He was ordered to pay a $500 fine or serve 386 days in jail.
A boycott is only effective if the disgruntled group has enough population to affect the business of the target. There in lies the problem with a DDoS attack. It is not a symmetrical response. A small group of people could execute such an attack, while the majority of actual customers may not have an issue with their actions.
A small group of MC lawyers and executives also has say on whether you can use of the three largest payment methods on the planet to fund a group you sympathise with.
When it comes to oligopolies, the usual rule of corporations as private, independent entities that can do whatever they please, goes out the window.
Not that I approve of MC's actions, but I think they're perfectly in their right to deny service to WL. I don't think their excuse of "illegal actions" cuts it, because as it's been pointed out, the illegality of their actions is still in a very gray area. However, I think they should be able to sever ties with a customer and I cannot see what law would prevent them from doing so in this case. WL is not in any protected class (http://en.wikipedia.org/wiki/Protected_class).
I don't like that they've denied them service, but I believe it is and should be perfectly legal for them to do so. Can you explain why you think it should be illegal?
By arbitrarily accepting or rejecting clients, they essentially determine the existence or lack thereof of these organizations. In the same way that Google has suffered legal action for alleged manipulation of search results (though I must credit them for being very consistent in that regard), MasterCard should also be accountable as not just an actor in a market, but a gatekeeper.
A market that's guarded by a couple of monolithic entities with similar interests is not open, and without credit card transactions a lot of international business is essentially impossible. I believe that's too critical an issue to be left to the whims of corporations.
The situation would be very different if we had dozens of easily available credit card providers who would take our money with no hassles. Whether you consider that a failure of the states or the corporations is no the issue at hand. The problem is one of assigning too much power to aisngle entity.
Seeing as "Political Affiliation" isn't in that list of protected classes, does that mean that a private (i.e. non-government) corporation can legally say "I won't sell to you because you're a {Republican,Democrat,insert-your-party-here}"?
Bad credit and fraud are actually good reasons to deny a service, and fraud is, you know, an actual criminal offence that is easily demonstrable, unlike the arbitrary decision of the Department of State to not like an organization and whine about it to their corporate friends.
Actually if you read the updated story, the State Department didn't say anything to Paypal. It was Paypal's decision.
That said, Paypal is not making nearly enough on transaction fees to cover wasting a single minute of a lawyer's time. If there's even a chance of there being legal issues with an account holder, it's almost certainly in their business interest to end that account.
Don't be naive. Credit card companies have lobbies which operate in their interests and help pass legislation which favors their industry, much like other financial interests.
There doesn't even need to be explicit conversation between government officials and Visa/MasterCard for there to be a conspiracy; it's more of a matter of a gentleman's agreement to cover each other's backs.
And here's the HN comment comparing an anonymous DDoS attack to Rosa Parks physically and nonviolently resisting an unjust law. The reverse-Godwin, right on schedule.
Just because the issue of race is still emotionally charged doesn't mean there isn't an equivalence to freedom of information and protection of whistleblowers.
And let me add: if I'm going to get downvoted into the light greys, I'm proud that it's for mocking people who compare anonymous DDoS attackers to Rosa Parks.
You're not getting very downvoted. And you seem to be missing the point. It's not to compare the value of what's being done; this is clearly nowhere near fighting for rights. It's to compare the damage done to the company.
If a bunch of script kiddies (albeit in considerable number) can take down MasterCard, then it's pretty much MasterCard's fault alone. It's not like they didn't have the money or opportunity.
When MasterCard does millions of dollars a day worth of online transactions, which can be halted by LOIC, then yes, blame them.
LOIC is really, really basic, and anon has never really gathered any respectable amount of bandwidth. Most small botnets put them to shame.
What I suspect, however, is that actual botherders are using these raids as cover. They can still DDoS the target, but 4chan takes the blame. The recent addition of "hivemind" functionality to LOIC, which slaves the user's computer to an irc feed that controls targeting and firing, seems like the perfect opportunity for a botherder to set their botnet to take orders from same.
Online transactions weren't halted, mostly just the corporate brochure-ware sites.
And attacking a website is never justified. It is wrong regardless of how much effort the owner puts into securing it. Likewise, it's exactly the same crime to steal a car that has an alarm as one that doesn't.
Meh. I'm not defending the attacks. I do think, however, that the moral landscape is significantly greyer than you depict. No nascent movement in history has been morally acceptable by the standards of the establishment. Whether this becomes the American Revolution, the Khmer Rouge, or That One No One Ever Heard Of Or Remembers remains to be seen.
As to your specific point, leaving my car unlocked with the windows down overnight on a dark street in Detroit doesn't make the inevitable thieves justified, but it does make me retarded, and completely undeserving of sympathy.
I guess it goes to show that Mastercard should think about what is best for their customers as opposed to what is best for the government. The reality is that, nowadays, if you make an unpopular decision with a large part of internet users you may get DDOS'ed.
Meh. In a few years when we all depend on the internet even more, the law will catch up with this sort of internet petty vandalism. A couple of people will get sued and thrown into jail, joe schmoe user will be cut off from the internet the moment a ddos is detected from his ip, and people coordinating 4chan ddos'es will be tracked and arrested.
The only reason these things work today is because of a lack of urgency. I mean, when this starts happening every week, people will call for regulation, it may take a few years to get it sorted out politically, then another few before the policy catches up, and things like this won't be possible any more.
In the mean time, the damage done is relatively small. Yes it sucks for some online merchants, but let's not blow this out of proportion.
I remember 10 years ago there was a 'digital sit in' (the term 'ddos' didn't exist yet) on my at that time employer's website. There were camera crews coming in, interviewing our CEO's, it was big news. In reality, the effect was minor; averaged over the few days around it, the loss of sales was not even statistically significant.
I for one can't wait for the day when a government agency can detect that I'm initiating a DDOS from my home connection the second I start and immediately disconnect me, without a warrant, court order or trial.
When you drive too fast with your car, the policy will stop you and give you a fine, or take away your car on the spot. All within the bounds of the law, court-supervised. I'm not seeing the difference.
Imagine 100 years ago, when building and driving cars was practiced by enthusiasts only, how they must have lamented the prospect of not being able to drive as fast as they would like to on all roads! I'm not saying I'm looking forward to more control over the internet, but the Wild West days are over, and as the internet and computers become more fundamental in societal functioning, some form of oversight to safeguard a good functioning are inevitable.
Seriously, if you thought enforcing traffic laws was a futile affair, just wait until the other 4 billion people on this planet get online, and the Internet becomes the medium of transmission for literally every bit of shared information on the planet. Think about it: every TV show, every film shown in theaters, every phone call, every book, magazine, and newspaper; things I'm not even thinking of because they haven't been invented yet. (While we're on the subject, every speeding ticket too.)
That day will come, sooner than you think. You seriously believe we will have the capacity to police that? I am dubious.
The point of imposing speed limits is not to 100% root out risky road behavior, it's to set a framework within which a 'generally safe enough' situation is created. Enforcing traffic laws is not a 'futile affair', I have no idea where you get that idea. Are you saying that people's behavior is not influenced by traffic laws? Are you saying that these norms do not transgress from the administrative to a collective social norm, where respect for general road safety becomes ingrained in all well-adjusted participants to that society? If so you have not reflected much on changes in social mores over the last 50 years.
You can hardly expect these things to arise overnight. I'm not sure what your point is on all the data that will be generated, transmitted and consumed. There is (in the context of this discussion) no need to track all of that, only to find out what the source is of traffic deliberately causing problems. Of course we will be able to pinpoint the origin of disturbances; when we can't any more, we'll be in Singularity territory, and then all of this is moot anyway.
This 'this is the Internet, your norms don't apply to us' nonsense needs to die already. With the internet becoming institutionalized, the same order that has arisen in meatspace will arise online. Of course there will always be the fringes where subgroups hang out in to a greater or lesser degree separate order (like the downtown biker bar in meatspace), but that doesn't prevent order from existing elsewhere.
My point is that the quantity of activity I am talking about will far exceed our ability to analyse and/or control it. Hell, that's already happened; if you don't believe me, I've got a record industry I'd like to sell you.
Take your own phase, "pinpoint the origin of disturbances." What exactly is meant by that? There are literally thousands of people all over the world who loaded up LOIC and are participating in this attack. I myself contributed simply by surfing to Mastercard.com to see what all the fuss was about, as I'm sure millions of others did as well. Who is culpable? Assuming it were technically possible, how would you go about solving this problem? I hope you'll agree that the word "pinpoint" is hopelessly inadequate here.
Anyways, the entire analogy is flawed. Policing that internet is absolutely nothing like patrolling the highways. How do you account for encryption? The fact that physical presence has no bearing on your online activities? This is unlike anything we've experienced before, and I have a hard time seeing free and democratic societies putting the genie back in the bottle. China is another story.
LOL, I'm reading this while watching the news here in the Netherlands with a clip on searches by the police at a Dutch hosting company that was hosting a website that called for the DDoS on MasterCard. The legal system is already catching up.
The question is not how to control, within hours, an attack like the one that happened on MasterCard. The matter is that when it happens again, and there is enough momentum for it, everybody participating will be logged (I mean it's generally not that hard to distinguish between a regular visitor and someone running LOIC) and prosecuted. After a while it will become known that doing things like this has consequences, and the amount of people willing to participate will fall rapidly, until there is only a core left (this core is usually hard to control, but small enough to not matter much).
Take another analogy: rioters. What is the strategy when you have a group of rioting protesters? You contains the damage (police squads to keep the mob from strategic points) and you arrest a few of the core people and prosecute them. That doesn't stop rioters, but it does impose a barrier on participation; so the size of the group of people willing to riot is small enough to be restricted to some extremists (which, despite popular opinion, is quite small).
The cynical part of my brain is currently quite convinced that there several members of some US security agency currently on 4chan instigating these pointless attacks in an attempt further turn public opinion against wikileaks and their supporters. People quickly switch from indifferent to hostile once they are personally affected.
You do realize that there are actual human beings working for Mastercard who are just like you and I who are getting hurt by this, right? There are real people behind these websites.
That's not true at all. A secretary filling documents should not be held responsible for the way the corporation is run. That's just plain idiocy to claim that employees of a company are to be held responsible for corporate policy. Now if they did something illegal while working, that' another story but I don't think that's what you meant here.
Nope, that's exactly what I mean here. Now, we're talking about my own personal set of ethics here, but it's pretty straightforward:
* Your role is an employee is to help accomplish a corporation's objectives.
* (In this case) the corporation's objectives are unethical.
* You're contributing to something unethical.
That being said, nobody is perfectly ethical. But if I worked for Amazon or PayPal, I'd have quit by now, and I'd never have taken a job with MasterCard in the first place.
I also don't mean "held responsible" in a legal sense, either. They've done nothing wrong legally. Legality != morality, though.
