Hacktivism is the subversive use of technology to promote a political or social agenda. Whilst there are those who view hacktivists as cyberterrorists, many hacktivist attacks are actually employed merely to voice civil protest, to promote freedom of information or to undermine terrorist groups' online operations.
One hacktivist group, which has recently garnered attention, is Anonymous. In a video that has been circulating on social media, a masked speaker warns the so-called Islamic State of Iraq and Syria (ISIS) to be prepared for a massive retaliation in the wake of the terrorist attacks committed by ISIS in Paris in November 2015. Since the video surfaced, there are reports that Anonymous, along with other hacktivist entities, has been successful in disrupting ISIS' presence on internet platforms, thereby inhibiting its ability to disseminate extremist propaganda and to implement its recruitment drives.
There is an old proverb that states, “An Englishman's home is his castle,” with the inference being that citizens should be entitled to protect their countries as they please, particularly if the government agencies tasked with this duty, have failed to do so. For this reason, hacktivist attacks against ISIS have been widely lauded by the public. In a time when governments' anti-terrorism measures seem to be failing, a vigilante group such as Anonymous is being glorified and extoled in the same manner as its fictional counterparts.
Hacktivist groups in particular are often amorphous beings, whose loose and decentralised systems of command can often lead to drastic shifts in motives and behaviours. Anonymous is currently focusing its attention on ISIS, but in previous years, there have been accusations of tendencies by its members to engage in recreational hacking as opposed to political activism.
However, unlike in the movies, these hacktivist groups do not always get to ride out into the sunset, branded as heroes. Legal systems around the world do not allow for vigilante justice. It is generally accepted that vigilantes are acting outside of the purview of the law. There is a fine line between true vigilantism and anarchism, and it appears to be too onerous for the law to try to govern that line.
This is particularly relevant in the South African context, where a vigilante group known as People Against Gangsterism and Drugs (PAGAD) was formed in 1996 as a response to the prevalence of drugs and gangsterism in the Cape Flats area of Cape Town. Many applauded PAGAD, like Anonymous, for its efforts but eventually it was accused of facilitating murder and terrorism and its leader, Abdus Salaam Ebrahim, was convicted of public violence and imprisoned for seven years.
Ultimately, it is apparent that authorities around the world are struggling with how best to deal with cybercrimes and cybersecurity and the complexities that result therefrom - and South Africa is no exception. With the recent publication of the Cybercrimes and Cybersecurity Bill (the Bill), our legislators have made the first step in attempting to regulate this world. It is clear that effective cybersecurity legislation is necessary, as South Africa currently has no co-ordinated legal framework and cybersecurity is regulated through a hybrid mix of legislation and the common law.
The Bill's stated aims include the promotion of cybersecurity, the regulation of aspects of international cooperation in respect of the investigation of cybercrime, provision for the establishment of various structures to deal with cybersecurity and the imposition of obligations on electronic communication service providers regarding aspects, which may impact on cybersecurity.
However, the Bill, like its American counterpart, the Cybersecurity Information Sharing Act (CISA), has been criticised for being overbroad and for failing to consider constitutional freedoms. Jane Duncan, a Professor of Journalism at the University of Johannesburg has expressed concerns that the definition of cyberterrorism may be too broad and doesn't exclude acts committed in the context of “legitimate struggles for national self-determination or national liberation.”
The Bill, like other legislation, also does not make any distinction between cybercrime and vigilantism and hackers are tarred with the same brush, irrespective of their motives. You will likely agree that this is the correct approach. In Hollywood, the superhero's good guy credentials are never tarnished but life doesn't always imitate art and, in the real world, vigilantism and hacktivism such as that practiced by PAGAD and Anonymous is a more complex, moral grey area. Society simply cannot legislate for it.
The Department of Justice and Constitutional Development (Department) invited the public to comment on the Bill by 30 November 2015 and it will be interesting to note whether any of the concerns that have been raised thus far are suitably addressed. It is hoped that the Department can strike the right balance between the promotion of the constitutional rights to privacy and free speech and the need to mitigate appropriately against cybersecurity threats and to implement innovative infiltration techniques - an achievement which has, thus far, eluded most legislators around the world.
In the meantime, there is no doubt that hacktivist groups such as Anonymous will continue to mete out their own personal versions of vigilante justice, largely unabated and without consequence. As a famous web shooting, costumed crime-fighter once said, “With great power comes great responsibility.” One can only hope that hacktivists around the world aspire to this creed.
