nyt room for debate: uncut

I published a solicited opinion piece in The New York Times Room for Debate in response to questions about Internet trolls, anonymity, and 4chan. The word limit was 300. Of course I initially submitted something more like 400, which was then cut down to 300-ish, but I was asked to write more to clarify and not worry about the word count. So of course I ended up with 800-ish words. The top editors then cut it down to 230, and after some back-and-forth with the editor who had solicited me (and who worked hard to preserve the integrity of the original), we settled on a version that was 311 words, that didn’t alter factual meaning, that retained the gist of the earlier drafts, and that still seemed to contribute substantively to the discussion.

As a side note, I find it both flattering and terrifying to have my headshot and bio alongside greats like Gabriella Coleman, Whitney Phillips, and others whose work I frequently cite in my own scholarship. It’s one of those “Have I arrived? No, probably not” moments where I’m straddling others’ assumptions about my expertise in, well, anything, and my own infamous self-deprecatory and cautious sense that I will never be expert in anything because expertise is unachievable. There’s always something more to observe and know.

I’ve worked with editors before on both creative and scholarly publications, but never a mass media outlet, and the differences are striking. I’m blessed to have only had to revise and resubmit a scholarly article twice, once just to make the material more accessible to a layman audience, the other time an overhaul of a couple of sections. Both times, even where sections were slashed to the bone or sentences were ghostwritten as an example of what they wanted me to do, the editors were careful in their use of language to leave my original meaning intact. With regards to creative work, my edits tend to be few and have thus far boiled down to negotiations over a handful of words. We’re talking a back-and-forth for ten emails to figure out a more accurate word than “screaming.” There was a deep respect for what I had already produced.

I’m good with fast turnaround–I had about a day after being solicited to draft the Times Room for Debate piece–but the edits initially threw me into panic mode. I’m lucky to have been solicited by an editor who cared about preserving the meaning and factual accuracy of the piece, albeit within the limitations imposed on her from above, because the round of edits from Above (capital A) not only stripped sentences of accuracy, purportedly in the interest of accessibility, but also were grammatically incorrect. (I believe there’s still a pronoun without an antecedent in the final copy.) Maybe it’s because I’m a writer/editor and I’ve developed a particularly obsessive eye for fine details, but in a few minutes my agent and myself figured out what from the old draft needed to be retained

I’m posting the old draft after the jump, for multiple reasons and readers. For readers of the Room for Debate piece who might find their way here by clicking on links in my Rutgers profile. For former students who stalk me online, and possibly for future students, because there is a teaching moment embedded here in the transformation across drafts: namely, this is what radical revision looks like, and your professors have to face it too. And to assuage my own feelings of having ever-so-slightly sold out, although the published piece is something I can live with (and had I not been able to live with it, I was prepared to rescind it).

So, without further ado:

Continue reading

Reflections on Censorship, Occupy Wall Street, and the 99%

By now I’m sure we’ve all heard about Union Square, Washington Square Park, the Brooklyn Bridge, and other city sites that have been marched on; we’ve all seen the video clips circulating on the Internet, read about the original July call put out by AdBusters, and the supposedly unintentional or accidental censorship of emails and Tweets with the Occupy Wall Street phrase or hashtag. It does seem ridiculous that with the Occupy movement spreading to Washington D.C., the White House lawn, Los Angeles, Detroit, and banks and other corporate institutions everywhere, Twitter is currently trending #PeopleWhoAreOverrated and #moviebands.

Vibe, on the other hand, is overrrun with messages from Anonymous, the hive mind, bagpiper, and other similarly (un)identified individuals updating each other on Occupy Wall Street and the other Occupy movements springing up around the country and worldwide.

Continue reading

Tricksters, 50 Days of Lulz, Effecting Change.

On June 26th, LulzSec faded back into the woodwork, ending their hacktivity with “50 days of lulz,” in which they leaked internal data from AOL, AT&T, the FBI, gaming forums, NATO bookshop, and navy.mil, among others. The leak marked the end of the Lulz Boat’s “planned 50 day cruise,” leaving its 6-member crew to “now sail into the distance, leaving behind–we hope–inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere.  Anywhere” (LulzSec).

This begs the question I’ve been dodging forever: does spectacle, ultimately, constitute impact? What did X, Y, or Z actually do? Apart from gathering numerous followers, supporters, and participants, LulzSec’s antics have impacted the way organizations view cybersecurity, drawing statements from NATO and prompting the Obama administration to propose stricter anti-hacking laws. (This is one year after the Australian government proposed that DDoS and script hacks be termed “cyber-terrorism” following Operation Titstorm, so that their import could be easily recognized. Notably, these attacks were performed in response to ISP-level censoring measures proposed by the government that year.)

Continue reading

LulzSec, Anonymous, and AntiSec: Thoughts on Lulz and Ethical Hacking

By now I think most people are familiar with LulzSec, Anonymous, and other anonymous hacking groups, as they are receiving more and more media coverage in mainstream outlets as well as tech-only reporting sources.  I’ve hesitated to blog about this, namely because I have yet to comprehend everything that is happening, but the longer I wait, the more I realize I’m never going to fully understand it.  Like much of the stuff I’m interested in, it’s too big to judge or sum up in a single blog post.

So instead, I’m going to try to break down my observations and thoughts about this phenomenon in a very basic sense.  I may have attempted in previous posts to make a distinction between malicious hacking and DDoS (distributed-denial-of-service) attacks, but I would like to refine that further using more appropriate terminology.  For some time now, the term hacker has been reclaimed in a positive or at least neutral usage, while “cracking” has been used to describe malicious hacking attempts.  A better classification system, and the one more popular with the hacking groups themselves, runs from “black hats,” or straight-up computer criminals, to “white hats,” or computer security experts.  Most pertinent to this discussion are “gray hats,” those hacking not for personal gain or out of malicious intentions but who technically commit crimes during their hacking endeavors.  Gray hats may seek improved security by breaching the cybersecurity of various organizations, or may leak internal governmental data in order to promote awareness of and accountability concerning human rights abuses by those nations.

DDoS attacks, which flood a server with so much data that the website is forced to go down, are considered gray-hat tactics.  I think I’ve stated previously my belief that DDoS attacks serve as modern-day peaceful protest.  However, I do think the gray area becomes even grayer for some when you take into consideration the motives behind these attacks.  Taking down and even defacing the Zimbabwe government’s website to protest its oppressive regime, for instance, seems more morally upright than taking down cia.gov for anti-establishment lulz.  But ultimately, neither attack is harmful, especially when compared to black-hat(?) tactics such as leaking 62,000 random logins into the hands of Twitter users, who promptly used the information to gain access to innocent individuals’ email, gaming networks, PayPal, Amazon, Twitter, Facebook, MySpace, and so on.

Despite this, I’m having a hard time condemning LulzSec.  I tend to be more supportive of them when they are targeting governments and corporations—i.e., institutions, whatever those may be—rather than when they are targeting individuals.  At the same time, if you use the same email/password for everything, can you really complain when everything is hijacked?

It’s not so simple, I realize, and the ends don’t justify the means, IRL or online.  In fact, I probably stated earlier that I support Anonymous for their ethical selection of targets, so it should be easy for me to write off LulzSec for their apparent lack of morality.  In conversations with friends and colleagues, however, I find myself against the wall trying to defend (or at least objectively view) hacker activity that can be plausibly likened to hurling bricks through a shop window IRL—damage for the sake of damage, breaking things because they can.  They have hacked, obtained, and disseminated databases from Sony, PBS, Fox, X Factor, Bethesda and other gaming servers (at the request of callers, according to them), pron.com, Infragard Atlanta (an FBI affiliate) and Senate.gov; they’ve dropped dox on Karim Hijazi, CEO/President of Unveillance and member of Infragard; they have played with the websites of individuals who exhibit unwarranted self-importance (e.g., claiming to be #1 hackers or hacker-proof).

At the same time, LulzSec has gained more media notoriety in a month or so than Anonymous has since it first entered the fray (Anon has been hacking for years, but as an ethical hacking group it really came together in 2010 during the height of WikiLeaks controversy).  And you can bet your ass Sony employees were chained to the desk toughening their defenses after being hacked multiple times in fairly rapid succession.  LulzSec has utilized “simple SQL injection and Local File Inclusion vulnerabilities, and botnet-powered Distributed Denial of Service attacks” (Ars Technica) that, to some, are too low-level to qualify as hacking.

But the Internet truly exploded on June 17, around 5:48, when LulzSec DDoS’d cia.gov.  By around 6:10, the main page had reappeared but as a facade, but none of the links were working. Immediate Twitter posts tagged #LulzSec include statements ranging from “oh shit they ddos’d the CIA” to “we’ll see who’s laughing when the FBI comes for them.”  Minutes later, th3j35t3r tweeted to LulzSec, “Gloves off […] expect me.”  And at that moment and only that moment, apparently, shit got real.

Continue reading