Decriminalizing Hacktivism: Finding Space for Free Speech Protests on the Internet

Abstract

Over the last decade there has been a large increase in the number of cyber attacks on U.S. companies and all trends indicate that these attacks will only increase in number and severity over the next several years. These attacks cost the U.S. economy billions of dollars and thousands of jobs annually. However, there are many types of cyber attacks. Some attacks are cyber terrorism and are done solely to destroy or impede U.S. infrastructure. Some attacks are espionage oriented and are more concerned with quietly stealing lots of secret and proprietary information rather than public disruptions of and damage to U.S. infrastructure. However, there are also a number of cyber attacks that are designed solely to send public messages as forms of political and social protest rather than cause lasting damage to the targets of the attack. All of these attacks have vastly different motivations and purposes. Yet U.S. policymakers, in their rush to address these serious threats to the U.S. economy, have often crafted legislation that sweeps too broadly and criminalizes modern protests movements that are analogous to protest activities that have traditionally received protection under the first amendment of the constitution. This paper surveys several of the major federal laws governing cyber crimes and argues that online hacker protests, known as “hacktivism”, should be recognized as different from other types of cyber attacks and given the protections they deserve under the First Amendment because the internet is the modern equivalent of public forums where protest activities have generally received the highest protections. The data also suggest that given the ever growing number of cyber attacks in spite of severe criminal penalties federal cybercrime laws are ineffective at preventing this type of cyber protest anyway. The paper further argues that granting hacktivism protection from criminal prosecution is acceptable because targets of these cyber attacks are still free to pursue redress on their own under tort remedies. The evidence also shows that responsible firms can greatly reduce their losses from any potential attack simply by taking common sense cybersecurity measures. Additionally, the growth of firms specializing in cyber forensics makes this a more realistic option for victims than it was even a few years ago. The paper concludes by arguing that because of the First Amendment the character of U.S. law has always been willing to accept higher levels of risk and economic disruption due to protest activities and it should do again in the new public commons of cyberspace.