Abstract: After WikiLeaks released hundreds of thousands of classified U.S. government documents in 2010, the ensuing cyber-attacks waged by all sides in the controversy brought the phenomenon of hacktivism into popular focus. Many forms of hacktivism exploit illegal access to networks for financial gain, and cause expensive damage. Other forms are used primarily to advocate for political or social change. Applicable law in most developed countries, including the United States and the United Kingdom, generally prohibits hacktivism. However, these countries also protect the right to protest as an essential element of free speech. This Note argues that forms of hacktivism that are primarily expressive, that do not cause serious damage, and that do not exploit illegal access to networks or computers, sufficiently resemble traditional forms of protest to warrant protection from the application of anti-hacking laws under widely accepted principles of free speech.
Early on the morning of November 30, 2010, WikiLeaks.org came under assault by a hacker known as "th3j35t3r" (The Jester).1 By launch- ing what is known as a denial of service (DoS) attack with software of his own invention, The Jester overwhelmed WikiLeaks' servers with re- quests for information.2 WikiLeaks.org soon crashed, and remained down for more than twenty-four hours.3 Days before, WikiLeaks made international headlines by posting on its website roughly 250,000 classi- fied documents stolen from the U.S. government.4 On his Twitter feed, The Jester claimed credit: "www.wikileaks.org-TANGO DOWN-for attempting to endanger the lives of our troops, 'other assets' & foreign relations #wikileaks #fail. "5
To get its website back online, WikiLeaks prompdy switched hosting providers and began renting bandwidth from Amazon.com.6 DoS and other attacks against WikiLeaks continued, but were unsuc- cessful.7 Shordy thereafter, however, Amazon ousted WikiLeaks from its servers after Senator Joseph Lieberman contacted Amazon "for an ex- planation" of its decision to provide hosting services to the whistle- blower site.8 WikiLeaks then moved to another hosting service, but again was cut off by the service provider after ongoing DoS attacks threatened the stability of every other website hosted by the provider.9 Finally, after establishing a number of mirror sites (thereby multiplying the number of sites on which its content appeared), the WikiLeaks website was once again stable.10
The controversy surrounding WikiLeaks, however, was only begin- ning. Soon, major companies that provided services to WikiLeaks and its users began withdrawing support.11 Citing violations of its Accept- able Use Policy, PayPal cancelled WikiLeaks' account, preventing WikiLeaks from receiving donations through the popular online pay- ment service.12 Three days later, MasterCard suspended cardholder payments to WikiLeaks.13 The next day, Visa did the same.14 Swiss bank PostFinance closed the account of WikiLeaks founder Julian Assange, claiming that Assange provided false information concerning his place of residence.15 Bank of America, citing concerns that WikiLeaks "may be engaged in activities that are, among other things, inconsistent with our internal policies," likewise pulled the plug, refusing to process payments to WikiLeaks.16
The uproar that accompanied these corporate announcements sparked an online backlash.17 An amorphous, international group of individuals, known as "Anonymous," began to bombard the websites of entities it deemed opposed to WikiLeaks with distributed denial of ser- vice (DDoS) attacks.18 Many of the sites crashed, and others were ren- dered inoperable for some time.19 The group's declared mission, called Operation Payback, was to raise awareness of the actions of WikiLeaks' opponents, to fight what it perceived to be censorship by identifying and attacking those responsible for the attacks on WikiLeaks, and to support "those who are helping lead our world to freedom and democ- racy. …