I recently came across an article by Noah C. N. Hampson titled, "Hacktivism: A New Breed of Protest in a Networked World"
, in the Boston College International and Comparative Law Review
. It's a great entry piece for anyone looking to become acquainted with the issue of hacktivism in relation to the First Amendment.
Hampson's main argument is that some forms of hacktivism are primarily expressive, not destructive, and that these acts sufficiently resemble traditional forms of protest enough to warrant protection from anti-hacking laws under widely accepted principles of Free Speech. Specifically, he calls out the Computer Fraud and Abuse Act
in the U.S. for being so generally worded as to be dangerous in its potentially overly broad application.
He goes on to make a several noteworthy comments:
- That "time, place, and manner" restrictions on the Internet are unclear. These are the laws that allow the authorities to determine when and how protests can occur (knowing they cannot censor or ban them altogether) in order to maintain public safety.
- The "public forum doctrine" on the Internet is also unclear. This generally protects speech in "places by which long tradition or by government fiat have been devoted to assembly or debate".
- The distinction between public versus private spaces on the Internet is often blurred. Again, this relates to the different bodies of law that have developed over time regarding the regulation of speech when it occurs on public versus private property.
- It does not follow that if ANY harm is caused, then the act should be considered criminal; some costs (inconveniences/annoyances) must be tolerated as the price for freedom of expression.
These are all important points to raise. I would like to contribute the observation that all of the first three points are really about the public versus private distinction (or lack thereof). The "time, place, and manner" of a hacktivist protest cannot be physically relocated the way a planned protest at Madison Square Garden in New York City can be relocated by the authorities to Riverside Park. On the Internet, that physical dimension is meaningless, and the hacktivist target, by definition, is a server that is most likely a private server, rather than a public sidewalk. The question is: since the overwhelming majority of cyberspatial activities occurs on private servers, to what extent can First Amendment protections that traditionally apply to public spaces still be valid? For if hacktivism is deemed to only have First Amendment protections when applied to strictly public spaces, you might as well throw out the notion of Free Speech on the Internet altogether.
Which brings us to Hampson's second point which is a foundational question: To what extent is the Internet a public or a private space at all? Yes, its functional definition is that it is a network of mostly private networks, which would indicate that it ought to be legally considered a private space in the majority of cases. However, even though I may connect to the Internet through my private ISP and then my traffic or request for data might at some point traverse the private backbone of a provider like Cogent, all so that I can access my account on one of Facebook's privately owned servers in Silicon Valley, the sum is often considered greater than its parts when it comes to understanding how this thing called the Internet works. When I engage in cyberspace, I'm typically using only private resources to do what I do, yet there's an argument to be made, and certainly an enormous public perception, that many of these publicly accessible forums are indeed public spaces even if the resources that facilitate them are not. The First Amendment applies differently to public spaces than to private spaces. So we might be in need of legal clarification as to the Internet's hybrid status before we can determine its applicability to hacktivism.
Finally, as to Hampson's fourth point listed above, I'm inclined to disagree with his argument that even some harmful acts of hacktivism should warrant First Amendment protection. Anti-hacking laws such as the CFAA are designed to prevent unlawful intrusions, destruction, and theft. Yes, perhaps they are too generally worded and in need of revision. But I'm unsure of what type of "harm" exactly that Hampson is referring to that ought to be tolerated. He discusses website defacements, denial-of-service attacks that effectively shut down target websites, and other hacktivist tactics, although even after reading the article I find myself confused as to why he believes some of these are "harmful" while others are not. What test should be applied?
Anyway, this is terrific food for thought. I'm left questioning the public-private debate and how best to define "harm" in a hacktivist context. All First Amendment considerations will stem from these starting assumptions.