nyt room for debate: uncut

I published a solicited opinion piece in The New York Times Room for Debate in response to questions about Internet trolls, anonymity, and 4chan. The word limit was 300. Of course I initially submitted something more like 400, which was then cut down to 300-ish, but I was asked to write more to clarify and not worry about the word count. So of course I ended up with 800-ish words. The top editors then cut it down to 230, and after some back-and-forth with the editor who had solicited me (and who worked hard to preserve the integrity of the original), we settled on a version that was 311 words, that didn’t alter factual meaning, that retained the gist of the earlier drafts, and that still seemed to contribute substantively to the discussion.

As a side note, I find it both flattering and terrifying to have my headshot and bio alongside greats like Gabriella Coleman, Whitney Phillips, and others whose work I frequently cite in my own scholarship. It’s one of those “Have I arrived? No, probably not” moments where I’m straddling others’ assumptions about my expertise in, well, anything, and my own infamous self-deprecatory and cautious sense that I will never be expert in anything because expertise is unachievable. There’s always something more to observe and know.

I’ve worked with editors before on both creative and scholarly publications, but never a mass media outlet, and the differences are striking. I’m blessed to have only had to revise and resubmit a scholarly article twice, once just to make the material more accessible to a layman audience, the other time an overhaul of a couple of sections. Both times, even where sections were slashed to the bone or sentences were ghostwritten as an example of what they wanted me to do, the editors were careful in their use of language to leave my original meaning intact. With regards to creative work, my edits tend to be few and have thus far boiled down to negotiations over a handful of words. We’re talking a back-and-forth for ten emails to figure out a more accurate word than “screaming.” There was a deep respect for what I had already produced.

I’m good with fast turnaround–I had about a day after being solicited to draft the Times Room for Debate piece–but the edits initially threw me into panic mode. I’m lucky to have been solicited by an editor who cared about preserving the meaning and factual accuracy of the piece, albeit within the limitations imposed on her from above, because the round of edits from Above (capital A) not only stripped sentences of accuracy, purportedly in the interest of accessibility, but also were grammatically incorrect. (I believe there’s still a pronoun without an antecedent in the final copy.) Maybe it’s because I’m a writer/editor and I’ve developed a particularly obsessive eye for fine details, but in a few minutes my agent and myself figured out what from the old draft needed to be retained

I’m posting the old draft after the jump, for multiple reasons and readers. For readers of the Room for Debate piece who might find their way here by clicking on links in my Rutgers profile. For former students who stalk me online, and possibly for future students, because there is a teaching moment embedded here in the transformation across drafts: namely, this is what radical revision looks like, and your professors have to face it too. And to assuage my own feelings of having ever-so-slightly sold out, although the published piece is something I can live with (and had I not been able to live with it, I was prepared to rescind it).

So, without further ado:

Continue reading

LulzSec, Anonymous, and AntiSec: Thoughts on Lulz and Ethical Hacking

By now I think most people are familiar with LulzSec, Anonymous, and other anonymous hacking groups, as they are receiving more and more media coverage in mainstream outlets as well as tech-only reporting sources.  I’ve hesitated to blog about this, namely because I have yet to comprehend everything that is happening, but the longer I wait, the more I realize I’m never going to fully understand it.  Like much of the stuff I’m interested in, it’s too big to judge or sum up in a single blog post.

So instead, I’m going to try to break down my observations and thoughts about this phenomenon in a very basic sense.  I may have attempted in previous posts to make a distinction between malicious hacking and DDoS (distributed-denial-of-service) attacks, but I would like to refine that further using more appropriate terminology.  For some time now, the term hacker has been reclaimed in a positive or at least neutral usage, while “cracking” has been used to describe malicious hacking attempts.  A better classification system, and the one more popular with the hacking groups themselves, runs from “black hats,” or straight-up computer criminals, to “white hats,” or computer security experts.  Most pertinent to this discussion are “gray hats,” those hacking not for personal gain or out of malicious intentions but who technically commit crimes during their hacking endeavors.  Gray hats may seek improved security by breaching the cybersecurity of various organizations, or may leak internal governmental data in order to promote awareness of and accountability concerning human rights abuses by those nations.

DDoS attacks, which flood a server with so much data that the website is forced to go down, are considered gray-hat tactics.  I think I’ve stated previously my belief that DDoS attacks serve as modern-day peaceful protest.  However, I do think the gray area becomes even grayer for some when you take into consideration the motives behind these attacks.  Taking down and even defacing the Zimbabwe government’s website to protest its oppressive regime, for instance, seems more morally upright than taking down cia.gov for anti-establishment lulz.  But ultimately, neither attack is harmful, especially when compared to black-hat(?) tactics such as leaking 62,000 random logins into the hands of Twitter users, who promptly used the information to gain access to innocent individuals’ email, gaming networks, PayPal, Amazon, Twitter, Facebook, MySpace, and so on.

Despite this, I’m having a hard time condemning LulzSec.  I tend to be more supportive of them when they are targeting governments and corporations—i.e., institutions, whatever those may be—rather than when they are targeting individuals.  At the same time, if you use the same email/password for everything, can you really complain when everything is hijacked?

It’s not so simple, I realize, and the ends don’t justify the means, IRL or online.  In fact, I probably stated earlier that I support Anonymous for their ethical selection of targets, so it should be easy for me to write off LulzSec for their apparent lack of morality.  In conversations with friends and colleagues, however, I find myself against the wall trying to defend (or at least objectively view) hacker activity that can be plausibly likened to hurling bricks through a shop window IRL—damage for the sake of damage, breaking things because they can.  They have hacked, obtained, and disseminated databases from Sony, PBS, Fox, X Factor, Bethesda and other gaming servers (at the request of callers, according to them), pron.com, Infragard Atlanta (an FBI affiliate) and Senate.gov; they’ve dropped dox on Karim Hijazi, CEO/President of Unveillance and member of Infragard; they have played with the websites of individuals who exhibit unwarranted self-importance (e.g., claiming to be #1 hackers or hacker-proof).

At the same time, LulzSec has gained more media notoriety in a month or so than Anonymous has since it first entered the fray (Anon has been hacking for years, but as an ethical hacking group it really came together in 2010 during the height of WikiLeaks controversy).  And you can bet your ass Sony employees were chained to the desk toughening their defenses after being hacked multiple times in fairly rapid succession.  LulzSec has utilized “simple SQL injection and Local File Inclusion vulnerabilities, and botnet-powered Distributed Denial of Service attacks” (Ars Technica) that, to some, are too low-level to qualify as hacking.

But the Internet truly exploded on June 17, around 5:48, when LulzSec DDoS’d cia.gov.  By around 6:10, the main page had reappeared but as a facade, but none of the links were working. Immediate Twitter posts tagged #LulzSec include statements ranging from “oh shit they ddos’d the CIA” to “we’ll see who’s laughing when the FBI comes for them.”  Minutes later, th3j35t3r tweeted to LulzSec, “Gloves off […] expect me.”  And at that moment and only that moment, apparently, shit got real.

Continue reading