Kenneth Einar Himma
Hackers believe that, at the very least, non-malicious intrusions are morally permissible and have offered a number of arguments purporting to justify such intrusions. Some hackers believe, for example, these intrusions are justified by consequentialist considerations because they result in an increase in humanity’s stock of knowledge about the relevant technologies and thereby promote the development of technologies that will help ultimately to make the Internet more secure. Some believe that any barriers to information are morally illegitimate and hence deserve no respect – including barriers that separate the information on one person’s computer from another person’s computer.
Recently, a number of writers, such as Mark Manion and Abby Goodrum, have begun to argue that attacks on government and corporate sites can be justified as a form of political activism – that is, as a form of “hacktivism.” The argument is roughly as follows. Since civil disobedience is morally justifiable as a protest against injustice, it is sometimes justifiable to commit digital intrusions as a means of protesting injustice. Insofar as it is permissible to stage a sit-in in a commercial or governmental building to protest, say, laws that violate human rights, it is permissible to intrude upon commercial or government networks to protest such laws. Thus, digital attacks that might otherwise be legally or morally objectionable are legally and morally permissible if they are politically-motivated acts of civil disobedience or hacktivism.
I argue that this increasingly influential line of reasoning is problematic on a couple of grounds. First, it wrongly presupposes that committing civil disobedience is morally permissible as a general matter of moral principle. While it is plausible to think that unlawful acts of civil disobedience should not, as a moral matter, be punished because of their potential contributions to political debate, it does not follow that those acts are themselves morally permissible. The first idea concerns what morality requires of the state; the second concerns what morality requires of individuals.
Considerations of political morality frequently preclude punishing acts that are morally wrong. No mainstream political theorist believes that it would be morally permissible for the state to punish persons for breaking unilateral promises (as opposed to an exchange of promises constituting a morally binding contract) – despite the fact that breaking any sort of promise is presumptively wrong. The moral standards that govern states and individuals frequently diverge; thus, for example, states may permissibly punish wrongdoing, but individuals may not. Thus, the argument for hacktivism rests on a fundamental mischaracterization of the underlying moral issues regarding civil disobedience.
Second, and more importantly, it is morally wrong, on ordinary views, to inflict significant harm of the sort that is typically caused by acts of digital civil disobedience on the strength of a view that is deeply contested in society. Notice that acts of digital civil disobedience typically result in causing significantly greater harm than sit-ins or other acts of non-digital civil disobedience. A distributed denial of service (DDoS) attack that, for example, is intended to shut down a large commercial website can result in millions of dollars in losses to that site and potentially in losses of livelihoods; and it is just not clear, as an ethical matter, that the infliction of such harms on ordinary people can be justified as a form of free speech.
This is particularly problematic because civil disobedience is typically motivated by a moral view that is deeply contested in the culture; in many cases, the view motivating civil disobedience is one that is held by a small percentage of people in the culture. Because there is no reliable way to determine which side of the view is correct, there are moral limits on what sorts of harm or inconvenience can justifiably be inflicted on persons who are not morally responsible for the policy being protested. Hacking that can result in the loss of jobs is always problematic, but is especially so when grounded in views that have not been adequately defended – as is all-too-frequently the case.
I conclude that, at the very least, politically-motivated intrusions are morally permissible as long as they do not result in great harm to innocent persons. But this, however, seems to preclude the most common hacktivist strategies. For example, it seems to preclude digital acts contrived to deny persons access to web content because of the potential damage to both site owners and visitors; indeed, DDoS hacktivist attacks may fairly be presumed wrong because of effects on both the ultimate targets and the innocent agent machines used to stage the attacks. Similarly, it seems to preclude hacking into secure sites for the purpose of exposing sensitive information about firms or individuals.
In any event, the foregoing analysis suggests a framework for evaluating particular acts of digital protest. To fully assess the permissibility of any particular digital protest, the likely harms caused by a digital attack must be weighed against the relevant moral goods, which include the good that is achieved by politically motivated speech. However, the analysis must also take into account the extent to which the underlying political views that purport to justify the digital intrusion are reasonably contested.