Convictions of politically-motivated hackers – so-called ‘hacktivists’ – have hit the headlines in recent years. Living with Hacktivism: From Conflict to Symbiosis offers one of the first legal and regulatory analyses of this evolving phenomena. Author Vasileios Karagiannopoulos attentively guides the reader through the shortcomings of the contemporary legislative cybercrime and cyberterrorism landscape, focusing specifically on the USA and UK. Although Leonie Maria Tanczer would have hoped to see a stronger engagement with the work of ‘hackademics’, the publication is an important contribution to the evolving body of cybercrime literature.
Living with Hacktivism – From Conflict to Symbiosis. Vasileios Karagiannopoulos. Palgrave. 2018.
Living with Hacktivism – From Conflict to Symbiosis is part of the Palgrave Studies in Cybercrime and Cybersecurity Series and focuses on the diverse political practices that constitute this novel form of online activism. It is released at a time where public attention on those such as Anonymous, Edward Snowden and Aaron Swartz may have declined, but a thorough study of electronic forms of civil disobedience remains important. In his first book, Vasileios Karagiannopoulos, Senior Lecturer in Law and Cybercrime at the University of Portsmouth, revives hacktivist debates and examines the norms and laws that regulate this digital conduct. The author defines hacktivism rather narrowly through its ‘law-breaking’ and ‘illegal’ (ix; vii) nature. He considers it to have ‘socially considerate goals’ (x), which should – but at the moment do not – shape and influence the response to hacktivist activities.
The book is broken into seven chapters, including an introduction and conclusion. It begins with a foundational overview of the historical developments of the hacktivist movement, as well as the groups and individuals associated with it. It thereupon dives into an in-depth legal and regulatory investigation which will particularly enlighten readers new to the field of cybercrime and cyberterrorism legislation. Across the publication, Karagiannopoulos is careful not to impose uniformity on hacktivists nor to justify the existence and practices of particular actors. He succeeds in providing a neutral but decisive account of the ambivalent status that characterises this phenomenon and accepts the ‘constant struggle to try to find concreteness in hacktivists’ fluid collectives and diverse goals and tactics’ (34).
The book really shows its originality from Chapter Four onwards. The detailed dissection of cybercrime and cyberterrorism acts and their applicability to hacktivist cases are amongst my favourite parts. Chapter Four highlights how current provisions marginalise hacktivists and explains on what grounds individuals are frequently prosecuted. The perception of hacktivism as a ‘social threat’ (100), together with governance philosophies that focus on the management of risk and the reduction of risk-related activities, make hacktivists an easy target for prosecution. At two points in the book Karagiannopoulos pointedly notes:
consecutive prosecutions become even more probable when one considers that, under normal circumstances, hacktivists protesting openly could be identified and prosecuted more easily than anonymous, skilled cybercriminals. The strict calculating philosophy that permeates cybercrime legislation thus renders the traditional route of applying the cybercrime legal regime to acts that are not meant to cause damage and loss as their primary goal problematic (106).
The same goes for the police, which wants to demonstrate maximum efficiency in dealing with the new major threat of cybercrime and thus focuses on investigations and arrests of easier-to-resolve cases (148).
Image Credit: (A M CC BY 2.0)
Following the analysis of the criminalisation of hacktivist actions and the applicability of legislative sections such as unauthorised access offences, Chapter Five assesses the role of stakeholders and mechanisms facilitating the enforcement of existing normative rationales and legal tools. It centres on the importance of prosecutors, courts and private corporations, with the scrutiny of prosecutorial discretion and the common usage of ‘plea bargaining’ being very readable. Karagiannopoulos identifies a worrying trend in which prosecutors’ ability to act as initial assessors and ultimate adjudicators as well as the expensive and slow nature of court proceedings are resulting in most hacktivist cases never reaching the courtroom, instead ending in plea deals. These unequable processes, together with the vagueness, broadness and punitive nature of the regulatory regime, also foster a ‘backlash effect’ (121) as excessive punishments can encourage resentful reactions from hacktivists.
Chapter Six closes the book effectively. It gives a forward-looking perspective by exploring potential, more fruitful regulatory responses to hacktivism’s illegal characteristics. The author walks readers through the need for fair and open legal procedures, which should also give space for multi-actor regulations, safe harbour provisions and community-focused penalties. Such measures should be based on the nature of the offences and may help create a ‘symbiosis’ – a regulatory model that harnesses relationships between actors and counteracts conflict-inducing sentences.
Whilst the latter part of the book is helpful and provides insights for researchers, policymakers and even hacktivists themselves, I am sceptical of Karagiannopoulos’s optimism regarding the scope for effective community self-regulation within hacktivist circles. Additionally, while the author clearly engages with criminology and legal scholarship, more anchoring points to the existing body of work by ‘hackademics’ such as Theresa Züger, Stefania Milan, Adam Fish or Christopher M. Kelty would have offered a richer picture of the available hacker and hacktivist research. This is particularly applicable to the earlier chapters, where the author could also have featured less renowned hacktivist collectives and given space to female, non-Western hacktivists.
Nonetheless, the legal and regulatory focus of the publication distinguishes Living with Hacktivism. The book points out fundamental weaknesses in the legislative process through which many hacktivists have been convicted in the US and UK. This can make Karagiannopoulos’s work a valuable resource for social movement and collective action modules, as much as for criminology or terrorism courses. The messages communicated throughout the book should help readers, and especially legislators, come to grips with the normative intricacies of contested online practice and may incentivise further research on best-practice examples of more considerate cybercrime and cyberterrorism legislation.
Leonie Maria Tanczer is Lecturer at the Department of Science, Technology, Engineering and Public Policy at UCL and former Fellow at the Alexander von Humboldt Institute for Internet and Society. She wrote her interdisciplinary PhD thesis on the (in)securitisation of hacking and politically-motivated hacking (so-called hacktivism), and has a track record of publications on Internet-related topics. In her work, Tanczer is particularly interested in the intersection points of technology, security and gender, with some of her further research interests including Gender Studies, online collective action and censorship and surveillance studies. You can follow her on Twitter @leotanczt.
Note: This review gives the views of the author, and not the position of the LSE Review of Books blog, or of the London School of Economics.