LiveJournal DDoS: An Actual Internet Human Rights Violation

Over the last few weeks I’ve been blogging about Andre Vrignaud’s data capping internet shutoff, and whether or not that could be construed as a human rights violation.  Most people seem to be of the opinion that it’s really pushing a button that doesn’t need to be pushed (the human rights card?).  But here’s something that is in fact an actual violation of human rights: the LiveJournal DDoS attack that’s happening right now.

You may or may not know about LiveJournal.  It was one of the early blogging platforms to come out in 1999 right around when blogging was the thing and Facebook didn’t exist.  But unlike other blogging platforms, LiveJournal was much more social.  You could add friends who also had LJ accounts.  You could join groups.  When you posted an update it could be made totally public, available to a group, available to all your friends, available to a customized list of your friends, or only available to yourself.  That level of granular sharing detail is unheard of in the world of blogging.  Hell, it’s unheard of on Facebook!  Only in Google+ do you get that level of customizable content sharing, and even that only started about a month ago!  LJ has been doing this for over a decade, because they understand that you don’t always want to post things to the entire world.

LiveJournal was purchased several years ago by a company called SUP, which is based in Russia.  LiveJournal had been a very global company in general prior to that, and Russian activity on LJ was very high.  Today, over 80 of the top 100 Russian bloggers use LJ professionally.

And that is a problem to the Russian government.  Many of these bloggers are extremely vocal about political corruption in Russia and they use LJ to call people out.

For the last few weeks the entirety of LiveJournal has been assaulted by a Distributed Denial of Service attack.  From what the folks at LJ can surmise, this is a direct attempt to silence bloggers who are critical of the Russian government.  The impact of this is not just on Russian bloggers though, it is effecting everyone who uses LiveJournal as a blogging platform.  Numerous friends of mine have reported frustration and site outages for days.  Unfortunately you can’t even get to the site news, because of the outage.  The LiveJournal staff have had to make site outage announcements via Twitter and Facebook.

Let’s go back to the UN Special Rapporteur’s report on the internet and human rights.  This is from the section IV.E on “cyber attacks”:

The Special Rapporteur is deeply concerned that websites of human rights organizations, critical bloggers, and other individuals or organizations that disseminate information that is embarrassing to the State or the powerful have increasingly become targets of cyber-attacks. 81. When a cyber-attack can be attributed to the State, it clearly constitutes, inter alia, a violation of its obligation to respect the right to freedom of opinion and expression. Although determining the origin of cyber-attacks and the identity of the perpetrator is often technically difficult, it should be noted that States have an obligation to protect individuals against interference by third parties that undermines the enjoyment of the right to freedom of opinion and expression.

It’s unclear whether or not this is an act being perpetrated by the Russian government, but the article linked from Time magazine at the head of this piece strongly implies that it’s the most likely candidate. Especially since Russian political candidates are gearing up for next year’s election cycle, and that an attack upon LiveJournal, the country’s most powerful blogging service, could lead readers to question the credibility of the bloggers.

But whether or not this is in fact perpetrated by the state, the DDoS attack is effecting the most powerful voice of the Russian people, one that is unmediated by the government.  By taking the site down, the hackers are silencing critics of the government, and that is a violation of freedom of speech.  By extension they are also taking down the rest of the users of the system who live in other countries, including my friends and myself here in the US.

Yes, I have a LiveJournal account, and I have had one since 2002.  In fact, I have two!  When I moved to DC LJ was the only way I was able to stay connected with the vast majority of my friends around the country (Cincinnati, Seattle, Philadelphia, New York).  I have thousands of entries on LiveJournal, and still use it for personal blogging and occasional creative writing.  I started this WordPress blog for professional purposes, because I do believe in having a public and private face, though my private side is very publicly accessible.  The WordPress is strictly for me to write about libraries, technology and apparently legal issues therefrom.  The LJ is where I talk about my religion, social activism, my family, my vacations, and other juicy, intimate details that no one from my workplace ought to know about (those are hidden to my LJ friends only).

Am I claiming a human rights violation because LJ is being DDoS’d and I can’t write about my Frappuccino?  No.  I’m claiming that this the DDoS attack that LJ is currently undergoing is most likely a result of someone trying to silence critics of the Russian government, and THAT should be considered a violation according to the document released by the U.N.  I just happen to be an innocent bystander caught in the crossfire, along with over 31 million other bloggers.

The question now is, if this is in fact a human rights violation, how does one stop it?  How do you stop a DDoS attack?  Since this is directed against a very specific web service, is the UN obligated to try to do something to help LiveJournal?  Are they going to investigate the Russian government?  Sadly, I don’t think anything is really going to come of it.  Users will continue to get error messages and see Frank the Goat eating their posts until the hackers give up. If it is an attack coordinated by the state, that probably won’t let up until long after the elections are over, if then.

All I can do is sigh…


The Internet As A Human Right

I got some feedback on the post I did last week that the guy who pushed beyond the 250 GB data cap threshold with Comcast basically shouldn’t be playing the human rights card.  The best responses were that it was a white whine or a “first world problem.”  I think that’s a legitimate criticism, but I hadn’t bothered to read the actual report to the U.N. about viewing access to the internet as a human right.  So I looked it up and read it.  So, is there a case within the report of the Special Rapporteur to the U.N. that data capping is a violation of human rights?  Let’s look at it.

The document outlines the following areas of concern in regards to people’s access to the internet in light of the Universal Declaration of Human Rights and other U.N. treaties.

  1. Arbitrary blocking or filtering of content on the Internet
  2. Criminalization of legitimate expression
  3. Imposition of intermediary liability
  4. Disconnecting users from Internet access, including on the basis of intellectual property rights law
  5. Cyber attacks
  6. Inadequate protection of the right to privacy and data protection
  7. Access to the Internet and the necessary infrastructure

Each of these elements is explained by a page or two, but here is the nutshell version.

  1. i.e. the great firewall of China.
  2. Silencing dissent and dissidents.
  3. Finding third parties culpable for facilitating illegal activities, or requiring their participation in extra-judicial censorship.
  4. France’s three strikes law and ACTA
  5. DDoS of any sort, especially when used to silence political opposition
  6. Facebook, as well as warrantless search of people’s online information
  7. Allowing systems to be in place as well as to make them cost-effective for general use.

Data capping is not explicitly addressed in the Special Rapporteur’s report.  But there are two elements here that one could construct a case against the practice of data capping, the first being point 4 (actually A-4 in the report).  While the report focuses on supposed violations of intellectual property law (a point driven by media corporations such as MPAA and RIAA), it merely does so as an example.  The point of this section of the report is that disconnection from the internet prohibits one from exercising his/her freedom of expression.  Whatever the reason put forth, disconnection from the internet is a violation of a person’s right to engage in contemporary society.

The second element to bear in mind is #3, imposition of intermediary liability.  Paragraph 45 engages the private sector actors and businesses to recognize their responsibility to respect human rights, and that the state should actively protect its citizens against private violations.

The framework rests on three pillars: (a) the duty of the State to protect against human rights abuses by third parties, including business enterprises, through appropriate policies, regulation and adjudications; (b) the corporate responsibility to respect human rights, which means that business enterpreises should act with due diligence to avoid infringing the rights of others and to address adverse impacts with which they are involved; and (c) the need for greater access by victims to effective remedy, both judicial and non-judicial.

This framework for social responsibility to safeguard against human rights violations has the State check the corporation, the corporation check itself, and that there be legal recourse for the victims to redress their grievances.  This means that the ISP needs to be regulated by the government against abuses of its users, that the ISP should be respectful of its users in the establishment of its policies and the execution of its actions, and that if all else fails the victims can take the ISP to court over the violation.  Currently there is little the FCC is doing to regulate this kind of behavior from American ISPs, and if the so-called net neutrality compromises that have been bandied about are any indication, the agency is not terribly interested in regulating on behalf of the consumer.  As it stands ISPs can engage in data capping, bandwidth throttling, exorbitantly priced service tiers and absolute shutoffs with little to no repercussions.  And given that the user signs a terms of service agreement with whichever ISP s/he uses there is little in the way of legal recourse to retaliate against an ISP lockout if one does wind up violating the ToS, for whatever reason.

So, can the case be made that the 250 GB data cap is a violation of the author’s human rights?  Yes.  I believe so.  Is it as grievous a practice as the great firewall, or complete lack of access?  No.  But qualitative distinctions aside the facts remain.  Someone was cut off from the Internet.  The action was carried out by the ISP.  The government has not regulated the industry such that it could prevent or reverse such a decision.  While the user could seek legal recourse, this requires the capital to engage in the legal battle against a massive corporation (here Comcast) who can afford corporate attorneys.  Few people would be willing to step up to that kind of challenge and hope to win.  Only in a class action lawsuit would much be likely to happen, and common cause for a class action has been tougher to prove these days.

Is this all just justification for my own self to engage in massive amounts of downloads/uploads?  Maybe, but why shouldn’t everyone have that option?