It's no secret that computer crimes in the United States are severely punished. Lately you're more likely to get a life sentence for multiple counts of computer fraud than for attempting to murder someone. On the other hand, there are countless examples of hacktivists simply trying to protest and, as they see it, "make a difference," only to end up in a jail cell for life. Some even commit suicide after their draconian verdicts are handed down.
Why is the U.S. government bringing the proverbial book down on some well-meaning nerds?
The answer the government touts is "cyber terrorism," even as hacktivists vow to fight the Islamic State themselves. Following the Paris terror attacks in November 2015 that killed more than 100 people, the hacktivist group Anonymous launched #OpISIS with the declaration: “Expect massive cyber attacks. War is declared, get prepared.”
Anonymous, founded in 2003, is a loose affiliate of cyber activists who fight for social justice. They are famous for challenging the Church of Scientology in 2008 by taking down its websites. In 2011 they rose to new prominence as outspoken advocates of the Occupy movement, and became recognizable by the Guy Fawkes mask that many people wore to protests.
Now, these hacktivists form an army of terrorist-fighting mediators on social media sites, working with Telegram to identify and locate the world’s most wanted terrorists while aiding other social media sites in finding and disrupting Islamic State’s propaganda recruitment messages. The hacktivists' methods for hunting terrorists are more advanced than social media sites' search algorithms, enabling them to police wide amounts of content.
But Anonymous is not alone. A member of the hacktivist group Hellfire Club, Eric Feinberg, said, “A lot of what is going on at the social media companies is rhetoric… They are not correlating the data like we do.” Feinberg has written software to identify the behavior and typical communication used by IS across all social media platforms. Social media sites, meanwhile, are lagging behind.
“Are you telling me they can’t figure out if there’s an Isis (IS) logo in the profile of a YouTube account or Facebook account?” Feinberg declared in exasperation in an interview with The Guardian.
Even former FBI Director James Comey would have approved of this particular hacktivist trend, it seems. In March 2017, Comey announced, “Cyber threats are too fast, too big, and too widespread for any of us to address them alone.” No need to mention how many former hackers have entered the employ of the FBI, NSA and other security agencies in the wake of 9/11.
Hacktivists at Odds With the Law
However, hacktivists and the government make surprising anti-terrorism bedfellows as the U.S. has lately been sentencing cyber rebels with jail penalties similar to the kind reserved for real terrorists. The practice has been increasingly called out as unfair, considering that hacktivists are rarely convicted of violent crimes.
Hackers being prosecuted is nothing new, as the case of the famous hacker Kevin Mitmick shows. In the 1990s, Mitmick spent a decade hacking into government agencies like the North American Defense Command (NORAD) and Digital Equipment Corporation's (DEC) networks. He then spent a decade in prison to pay for his crimes. Mitmick later launched "Mitnick's Absolute Zero Day Exploit Exchange" in 2014, where he sold his stolen unpatched exploits at auction. Taken altogether, his sentence reflected the numerous counts of computer fraud he was charged with and seems to make sense.
However, by 2011 a new style of hacker prosecution was emerging, which reached headlines with the case of Aaron Swartz. Swartz, about whom a movie will be released on HBO later this year, was a renowned social justice hacktivist who broke into the MIT network in order to download JSTOR academic articles and make them publicly available for free. Swartz believed in making education and information accessible to all, in the form of creative commons, which is also the name of an organization founded by Lawrence Lessig, Hal Abelson and Eric Eldred with the involvement of Swartz.
Despite what many considered to be his noble aims, Swartz was arrested and charged with two counts of wire fraud, as well as 11 violations of the Computer Fraud and Abuse Act. His final sentence amounted to over $1 million in fines, his assets were seized, and he was given 35 years in jail to top it off. At the time, 35 years for a non-violent crime was unprecedented and Aaron Swartz was far from being a hardened criminal. He was actually given a plea deal that would reduce his sentence to just six months, but rather than take it and compromise his ideals, Swartz committed suicide in his Brooklyn apartment just two days later. He didn’t violate laws for personal gain, like Kevin Mitmick, yet Swartz was treated like a domestic terrorist by his prosecutors, the U.S. government.
The alarming trend to stamp out peaceful online civil disobedience continued when, in 2013, Andrew Auernheimer (known as “Weev”) was sentenced to over three years in prison for exposing a vulnerability in more than 100,000 ipad users on AT&T’s service network. That same year, in July, soldier Chelsea Manning was found guilty of passing 700,000 classified military documents to Wikileaks and sentenced to 35 years in prison.
Then, in January 2015, Barrett Brown, the self-proclaimed spokesperson for Anonymous, was sentenced to over five years in jail for hacking activities and for linking to leaked material on the web. Also in 2015, Jeremy Hammond was arrested and sentenced to 10 years in federal prison for hacking and releasing the documents pertaining to the military subcontractor, Stratfor, and leaking them on Wikileaks. And, of course, Edward Snowden is still at large, despite being accused of two counts of violating the Espionage Act of 1917 for releasing NSA and GCHQ documents. If he is extradited from Russia, he will very likely be made an example of, and might just beat Swartz and Manning’s thirty five years sentences.
The latest chapter in the tale is Lauri Love, a hacktivist and U.K. citizen who was arrested in the U.K. in October 2013 by the National Crime Agency on suspicion of multiple offenses under the 1990 Computer Misuse Act. However, he was released on bail, and as there was not enough evidence to convict, one year later the Crown Prosecution Service announced that they no longer intended to prosecute him. His relief was short lived, however, as Love was arrested for a second time in 2015 by the MET police. This time it wasn't the British criminal justice system that had brought forward charges against him, but the U.S. government.
Love was accused of leading cyber attacks on official government websites including NASA, the U.S. Army and the Federal Reserve in 2012 and 2013. Specifically he has been accused of stealing sensitive military data and the personal information of over 100,000 military personnel. His crimes allegedly include fraud, identity theft and conspiracy; the judicial districts of East Virginia, South New York and New Jersey are all prosecuting him. This puts Love's total accusations at a record that exceeds any terrorist. Now, four years after his arrest, Love is about to be extradited to the U.S. after a U.K. judge decided not to block his deportation. If sentenced in the U.K., Love would only face a few months in prison, according to his legal team, whereas in the U.S. he faces $9 million in fines and prison for up to 99 years.
In fact, extradition to the US from the U.K. is usually reserved for serious offences like terrorism. Previous examples include the KGB spy Shabtai Kalmanovich and al-Qaeda operative Syed Fahad Hashmi, as well as the terrorists Abdel Abdel Bar and Khalid Abdulrahman al-Fawwaz, who bombed U.S. embassies in East Africa in 1998. The big change now is that the U.S. is forcing extradition for hacktivists as well.
Wikileaks publisher Julian Assange has been hiding in the Ecuadorian Embassy in London for the last three years to avoid extradition to the U.S. Assange may finally be able to leave the embassy after obtaining Ecuadorian citizenship, since he was denied diplomatic immunityby the British Goverment.
America's aggressive sentencing against computer crimes is unmatched by any nation, despite the U.S.'s long and storied history of celebrating peaceful civil disobedience. The fact that Lauri Love’s case has been pursued this rigorously for this long, across international borders, even after he wasn't deemed a threat by the U.K. government, reveals the degree to which the U.S. now criminalizes civil dissent – especially if it is conducted online.
But rather than being the terrorists the government claims they are, hacktivists, by most measures, are simply using the tools at their disposal to try and make a difference in the world. The harsh sentences doled out for hacktivists are clearly meant to send a message. How far removed these scare tactics have become from state terrorism – where governments use fear to control their populace – is a matter of perspective. Nonetheless, hacktivists are refusing to be cowed by the longer-than-legal arm of the law. Their bravery in standing for what they believe in – and, specifically, fighting terrorists in IS even while being treated as terrorists by the very people they're trying to protect – shows that severe punishments won't quell the progressive wave of whistleblowing.