AN ACT INVOLVING HACKING OF A COMPUTER OR A WEBSITE TO DELIVER A RELIGIOUS, POLITICAL OR SOCIAL MESSAGE IS KNOWN AS HACKTIVISM BUT IS IT AN ACT OF TERRORISM AS WELL?
In early 2015, the United States Federal Bureau of Investigation (FBI) made a bold move. It placed self-proclaimed hacktivist, Jeremy Hammond, already in jail, on its terrorism watchlist. While no one can argue that most cybercrime is just that: crime; is it really a logical jump from hacktivism to terrorism? The financial motivations of most cyber crime and the political motivations of hacktivists are where things get murky.
If the FBI can prove that hacktivism really is terrorism, the implications for both hacktivists and the general public are, frankly, frightening.
Most of the public knows the basic differences between hacktivism and hacking for profit or criminal gain. Yet do we really know how terrorism is defined by our governments? The FBI defines terrorism’s forms thus: “International terrorism” means activities with the following three characteristics:
- Involve violent acts or acts dangerous to human life that violate federal or state law;
- Appear to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and
- Occur primarily outside the territorial jurisdiction of the U.S., or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum.*
- “Domestic terrorism” means activities with the following three characteristics:
- Involve acts dangerous to human life that violate federal or state law;
- Appear intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination. or kidnapping; and
- Occur primarily within the territorial jurisdiction of the U.S.
- 18 U.S.C. § 2332b defines the term “federal crime of terrorism” as an offense that:
- Is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and
- Is a violation of one of several listed statutes, including § 930(c) (relating to killing or attempted killing during an attack on a federal facility with a dangerous weapon); and § 1114 (relating to killing or attempted killing of officers and employees of the U.S.).
A close reading of this code reveals that the definition of hacktivism, hacking for political motivations, typically with Denial of Service attacks, is likely not terrorism. Why?
According to the FBI, in order for an act to be considered terrorism, it must meet all of the requirements of each definition. An act must be illegal and violent or endanger human life, be coercive or intimidating, and occur in whichever jurisdiction fits. The code does not say that terrorism must meet one or all, but “means activities with these three characteristics.” Most acts of hacktivism only tick one or two of these boxes, if at all.
New Definitions Needed?
It must be noted that the FBI’s terrorism definition is at least five years old, published in 2011. While hacktivism has been a part of the world since the 80s, it looks much different in 2016 than it did even five years ago.
One could also argue that most, if not all, acts of hacktivism constitute the commission of a crime. At the same time, the Denial of Service attack on a federal repository that makes no money and offers no sensitive information is not equal to the DoS on state emergency response site. The latter does indeed endanger human life, and if it is defined as illegal in that state, it constitutes a crime.
Yet does either of these constitute an act of terrorism? Taking a broad reading of the FBI’s code, the latter might certainly be terrorism. However, DoS attacks rarely do any true damage. That is their nature. They disrupt services, they don’t destroy anything tangible. Even the former could be seen as an act of terrorism, though no one is harmed by it. Legally, however, designating hacktivists as terrorists should only occur when all three of those “boxes” are ticked
Should our definition of terrorism change to meet the changes in hacktivism? When large-scale government services are disrupted and endanger lives en masse, hacktivism could indeed be classified as terrorism. Without changing any definitions, many hacktivists will either be jailed or coerced themselves out of the good that can come from their acts. Many of the most current acts of hacktivism are aimed at disrupting the activities of terrorist organizations, ones that meet all the FBI’s requirements of the definition.
It cannot be denied that terrorism is turning digital. What is at issue is prosecuting and alienating a few people based on a narrow definition. Either the definition needs to become broader, or hacktivism needs to be excepted from it. There is no easy answer.