no concrete evidence to assert that connection. But Tomaar’s hosting company did not drop them for nothing: DDoS attacks eat a lot of traffic, it takes quite some time to clean up afterward, and it’s the hosting companies that have to pay the bills. This is how online dissent can easily turn into a preexisting condition. If you have something sensitive to say and it can attract DDoS attacks, most hosting companies would think twice before signing you up as their client. Since businesses are also frequent targets of DDoS attacks, there exists a commercial market in protection services (for example, banning computers from certain parts of the world from being able to visit your site), but they sell at rates that are not affordable to most volunteer-funded sites. Eventually, Tomaar did find a new home, but cyber-attacks continued. The site was regularly down for one week out of four, with DDoS attacks eroding its community’s spirit and draining the pockets of its founders, who were naïve enough to believe that online dissent is as cheap as their monthly hosting fee.
Cases like Tomaar’s are increasingly common, especially among activist and human rights organizations. Burma’s exiled media—Irrawaddy, Mizzima, and the Democratic Voice of Burma—all experienced major cyber-attacks (the heaviest wave occurred on the first anniversary of the Saffron Revolution in 2008); ditto the Belarusian oppositional site Charter97, the Russian independent newspaper Novaya Gazeta (the one that employed the slain Russian journalist Anna Politkovskaya), the Kazakh oppositional newspaper Respublika, and even various local branches of Radio Free Europe / Radio Liberty.
Individual bloggers fall victims to such attacks as well. In August 2009, on the first anniversary of the Russian-Georgian war, Cyxymu, one of the most popular Georgian bloggers, found himself under such an intensive DDoS attack that it even took down powerful websites like Twitter and Facebook, where he had duplicate accounts. Here was a case of a dissenting voice who could not say what he wanted because all the platforms where he established online identities came under severe DDoS attacks and put immense pressure on the administrators running those platforms; they, of course, found it quite tempting to simply delete his account to enable all other users to continue with their business.
DDoS attacks present a serious and poorly understood threat to freedom of expression on the Internet, as they are increasingly used not only against the websites of institutions and companies but also against individual bloggers. In the past, conventional wisdom dictated that all it took to give voice to marginalized communities was to get them online and maybe pay their Internet bill. Not anymore. Being heard online—at least beyond the first few tweets and blog posts—increasingly involves strategizing about server administration, creating back-up plans in case of a DDoS emergency, and even budgeting for extremely expensive anti-DDoS protection services.
The worst part about DDoS-type restrictions on freedom of expression is that they lead to significant undercounting of the total amount of Internet censorship around the world. Our traditional notion of censorship is still strongly influenced by the binary logic of “blocked/unblocked,” which in cases like those of Cyxymu or Novaya Gazeta simply do not make much sense. The sites may be technically unblocked, but their users still cannot access them one week out of the month.
To solve this kind of problem, not only do Western governments and international institutions need to create new metrics for tracking Internet censorship, they also need to go beyond the usual panacea offered against Internet censorship, like circumvention tools that allow access to banned content. The problem with DDoS is that even users in countries that do not block the Internet would not be able to access sites that are under attack; circumvention tools don’t work in those situations. It’s no longer the case of brutal Soviet agents jamming Radio Free Europe; it’s the case of mostly unknown individuals—perhaps on the Kremlin’s payroll, perhaps not—erecting roadblocks around the building from which the new Radio Free Europe is supposed to broadcast. Antijamming equipment is not going to help if nobody can actually get in and produce the broadcasts.
Tearing Down the Wrong Walls
Those of us in the West who care about defending online freedom of expression can no longer afford to think about censorship based on obsolete models developed during the Cold War. The old model assumed that censorship was expensive and could only be carried out by one party—the government. Today, however, while many kinds of censorship are still expensive (e.g., software like GreenDam), others are cheap