Stefano Bolognini/Wikimedia Commons

How a 1986 law stops the Internet from having its own Rosa Parks

Where is the Internet's Rosa Parks?


Aaron Sankin


Published Feb 4, 2015   Updated May 29, 2021, 3:07 pm CDT

On Wednesday, civil rights icon Rosa Parks would have turned 102. States around the country mark the date by celebrating Rosa Parks Day, honoring the woman who engaged in the single most iconic act of civil disobedience in American history.

With Parks in the national consciousness, we wondered: Is civil disobedience on the Internet even possible?

Parks wasn’t the first African-American woman in 1950s Montgomery, Ala., to refuse to obey the law by giving up her seat near the front of a public bus to a white person. Claudette Colvin, for example, was arrested for not making room at the front of a crowded Montgomery bus for a white woman nine months before Parks made her famous stand. Colvin’s case wasn’t publicized by black leaders because she was an unwed teen mother at the time and wasn’t as ideal of a role model as Parks, the secretary of the NAACP’s Montgomery chapter.

Is civil disobedience on the Internet even possible?

Parks’s statue as a role model is the essential, core aspect in the success of her landmark act of civil disobedience. By intentionally and openly breaking an unjust law, Parks drew attention not only to herself, but to the cause. Her courageous action sparked the Montgomery bus boycott—a massive, 13-month protest that only ended when the U.S. Supreme Court ruled the city’s bus segregation laws were unconstitutional.

In 2015, as much of the nation’s political discourse moves online, registering one’s voice in protest against something unjust, inequitable, or just plan wrong has never been easier. From hitting the “Like” button on a Facebook post to typing a name into an online petition form, the Internet has transformed political protest into something virtually effortless. As the mass demonstrations surrounding the deaths of Michael Brown and Eric Garner proved, online protest hasn’t entirely replaced real-world actions, but it’s undeniable that much of America’s dissident energy has moved online.

While this shift away from physical protest has certainly made voicing political opinions easier, it’s had the opposite effect on civil disobedience—a form of protest that breaks unjust laws to make a point. 

Even though Parks was escorted off the bus by Montgomery police officers, her only punishment was a $10 fine plus an additional $4 in court fees. People engaging in civil disobedience inherently and knowingly do so at a risk, but the legal consequences are often limited to misdemeanors for trespassing.

 A digital Rosa Parks, someone who used a computer rather than his or her corporeal body, would face far more drastic consequences thanks to the provisions of the 1986 Computer Fraud and Abuse Act (CFAA). This discrepancy between the repercussions of civil disobedience in the real and virtual worlds has created a situation where the ability to citizens to use one of the most historically effective methods of activism is becoming an increasingly risky proposition.

During the Civil Rights Era, the most popular form civil disobedience was the sit-in. Protestors could shut down a segregated Woolworths lunch counter by taking up all the seats and refusing to move. The closest Internet corollary is the distributed denial of service attack (DDoS). During a DDoS attack, an attacker sends such an overwhelming flood of fraudulent traffic to a website so that the site’s server can’t handle the load. When the site buckles, it is effectively shut down. Users legitimately attempting to access the site aren’t able to do so because site is too busy dealing with all of the fake requests for information. Think of it as the Internet’s version of taking up all the seats at the lunch counter.

Think of DDoS as the Internet’s version of taking up all the seats at the lunch counter.

DDoS attacks are incredibly common. There is undoubtedly at least one DDoS attack occurring every second of every day. Silicon Valley-based cybersecurity firm Norse tracks DDoS attacks in real time at it’s IPViking site. Head over to the site for a minute or two and watch the strangely beautiful dance of different parts of the Internet waging war on each other. (Seriously, it’s pretty cool).

People conduct DDoS attacks for a variety of reasons, ranging from a business trying to gain a temporary advantage over a competitor to hackers doing it for the lulz. It can even be used by a repressive government to censor speech it doesn’t like. However, in the hands of groups like the crusading hacktivists of Anonymous, DDoS attacks serve as an act of political protest.

Take, for example, what happened after WikiLeaks released over 250,000 classified government cables online in November 2010.

To say that public opinion about the whistleblowing site’s act of aggressive transparency would be an understatement. On one hand, there were legions of people who thought what the group, along with its controversial founder Julian Assange, did was heroic and wanted to offer their monetary support. On the other, major corporations, loathe to get on Uncle Sam’s bad side, blocked all financial transactions to Wikileaks as soon as a pledge drive was announced.

Incensed, Anonymous got involved with an action called Operation Payback, where a handful of activists targeted the financial institutions that had blocked donations to Wikileaks. In December of 2010, online payments processor PayPal was hit with a DDoS. Fourteen culprits (known as the PayPal 14) were tracked down by authorities and, facing the potential of long prison sentences, nearly all decided to plead guilty and, in most cases, managed to escape with fines rather than jail time.

Others didn’t get to play ball with prosecutors.

When hacker Christopher Doyon grew incensed that the city of Santa Cruz, where he was living, passed a law effectively criminalizing homeless people’s ability to sleep on the street, he responded by leveling a DDoS attack that temporarily brought down a city government website for half an hour. It was basically his sit-in blocking the virtual steps of City Hall.

Under the CFAA, Doyon’s penalty for carrying out the attack could have meant shelling out $250,000 and spending a decade in prison. After he was brought in for questioning, but not arrested, Doyon decided to hit the road. He eventually fled the country and now lives in Canada.

Daily Dot contributor Joseph Cox explained in an op-ed last year that the biggest problem with the CFAA is right there in the name—it treats all computer-related crime as fraud, therefore the punishment increases with the number of victims. Every person who theoretically would have attempted to access a website that was under attack would be viewed as a victim. As a result, sentences for DDoS attacks can get big fast.

Take the case of Eric Rosol. A 38-year-old truck driver from Black Creek, Wis., Rosol participated in a 2011 mass DDoS attack against the website of Koch Industries, the company run by politically active right-wing billionaires Charles and David Koch. He ran the Low Orbit ION Cannon DDoS software for approximately 60 seconds. Two years later, he was sentenced to two years probation an mandated by a court to pay over $180,000 to Koch Industries.

Information like that, Swartz believed, wanted to be free.

As recounted in a Boing Boing article by researcher Molly Sauter, who is the author of a book on the history of DDoS attacks, the CFAA’s outdated language meant Rosol’s fine wasn’t based how much money the attack cost the multi-billion conglomerate—a mere $5,000. Instead, it came from how much the firm paid to to hire an outside consultant to bolster its website’s ability to withstand future attacks.

DDoS attacks aren’t the only form online civil disobedience can take. 

Online activist Aaron Swartz not only helped build social news site Reddit and develop the RSS blog reading format, but he also founded the online activist group Demand Progress. Swartz engaged in his own act of civil disobedience by logging into online academic library JSTOR and downloading a giant trove of paywalled journal articles with the alleged intention of releasing them online. Swartz believed keeping the articles hidden away, where only those affiliated with deep-pocketed elite institutions that could afford to pay for JSTOR access, was a disservice to humanity. Information like that, Swartz believed, wanted to be free.

Like Rosol or the PayPal 14, Swartz was caught, charged violating the CFAA, and threatened with half a century in jail and over a million dollars in fines. While prosecutors eventually offered Swartz a plea bargain that would have only imprisoned him for six month, Swartz ultimately took his own life in his Brooklyn apartment.

Compare all of this to the $14 Rosa Parks had to pay for refusing to move from the front of the bus and it starts to become clear that civil disobedience in the Internet age not only fundamentally different, it’s virtually impossible to do without risk of severe consequences. 

This isn’t to say the people who braved water cannons and vicious police dogs in the 1960s had it easy—it surely wasn’t. But the criminal penalties for directly violating the laws most commonly associated with these political statements were much lower than for taking comparable actions in the online space. Someone conducting a DDoS attack may have a lower probability of getting arrested than someone who handcuffed herself to the front door of City Hall, but that person’s punishment upon getting caught would likely be much higher.

There have been some efforts to revamp the CFAA, which was first enacted nearly 30 years ago, to conform with modern technology and uses of the Internet. The most famous, Aaron’s Law, was introduced by Rep. Zoe Lofgren (D-Calif.) in 2013, but ultimately went nowhere.

The most recent movement in this legislative arena is, some say, a step backwards. President Obama introduced a new cybersecurity proposal last month, which could turn even more Internet users into criminals.

In other words, don’t expect us to have a Rosa Parks of the Internet anytime soon.

Photo by Stefano Bolognini/Wikimedia Commons (CC BY 3.0)

Share this article
*First Published: Feb 4, 2015, 4:02 pm CST