Anonymous unmasked

On Tuesday, Gabriella Coleman spent the morning in court. She was there for the case of two Irish members of LulzSec – an offshoot of Anonymous, the international network of hactivists – who are charged with causing criminal damage to Fine Gael's election website in 2011.

“I was so amazed [in the] court,” Coleman says, sitting in a boardroom at the Science Gallery in Dublin. Watching the case, she thought, This feels so light compared to what would happen in the US. The US criminal system is one that really has a heavy hammer; it really comes down hard against forms of political protest and political dissent.

Coleman is an anthropologist and holds the Wolfe chair in scientific and technological literacy, in the department of art history and communication studies, at McGill University in Quebec. An expert on Anonymous, she describes the group as “a protest ensemble, and one which takes root differently in different places, not always direct action; but it’s a kind of protest network that uses different tactics for the sake of political operations.”

Last night, she gave a talk, Anonymous in Context: the Politics and Power Behind the Mask, at the Science Gallery.

Anonymous came to prominence for its online protests against the Church of Scientology, before launching anticopyright attacks on companies it perceived to infringe upon the concept of sharing online, and then against companies who infringed upon Wikileaks’ operations: Amazon, PayPal, MasterCard and Visa, among others.

“I just do classical anthropological stuff, which is spending as much time with people who are involved in whatever it is that you’re studying,” Coleman says. “And so then I do the same with Anonymous, but they’re a bit more challenging to study. A lot more challenging to study.”

Anonymous is everywhere and nowhere. On July 10th, six people, dressed in dark colours and wearing Guy Fawkes masks – the standard uniform of Anons – stood outside Leinster House holding question-mark signs. It is not known whether their presence related to a hack of Youth Defence’s website. The demonstration went largely unnoticed, apart from the blog Soundmigration uploading a video.

Blurring the lines
There is probably no better time to be an anthropologist examining a group such as Anonymous. The social upheaval caused by Wikileaks, the Arab Spring, the Occupy movement and, most recently, the revelations about the National Security Agency (NSA) by Edward Snowden, has blurred the lines between activism online and off.

Anonymous has no overarching mandate, no singular political philosophy. Coleman describes their “bread and butter” as “civil liberties, censorship and privacy . . . and then the other constant is that they’re irreverent.”

Having been drawn to open-source philosophy in the 1990s, Coleman found herself studying hackers (“I used to joke that we know more about tribes in Papua New Guinea than we do about hackers. Which, you know, is kind of true, I think, on some level”). She gravitated towards Anonymous at a point when they stopped trolling the Church of Scientology and started to protest it, defacing Scientology websites and launching denial-of-service acts in response to the Church calling foul over the copyright of a video of Tom Cruise talking about Scientology being posted online. “I was just floored by that conversion, that metamorphis.”

Since then, Anonymous continues to surprise her, getting involved in things she would never have expected such as KnightSec, a group within Anonymous, exposing the names of those implicated in the Steubenville rape case in the US. She talks about cabals that can form, even when there is no institutionalised centre of the group; of the diversity within it, tensions; about how its ability to reinvent and morph is powerful.

But what about the average internet user who perhaps shares the concerns Anonymous attempts to highlight: individual privacy, the transparency of government institutions and organisations, the discomfort with large tech companies gathering and monetising personal data and the passing along of that data to governmental and security authorities? There is a feeling of helplessness about how to combat these issues. How can you exist online and avoid the data gathering, targeted advertising and the unintentional collaboration with huge corporations?

Coleman doesn’t have any easy answers.

Alternative infrastructures
"Currently I do think there are not many options, and we're not in a good space. But 20 years, 15 years, five years: we already have servers that are this big" – she makes a shape half the size of a coaster with her fingers – "that we can plug in at home, and you can imagine that with the right type of software, where you have your server where all your data is, and then you have decentralised systems that help with the management of your photos and email, it can happen. You can build alternative infrastructures. And this is where the politicalisation of hackers is so important."

Coleman says she can imagine that in the future, if software is robust enough and the hardware is smaller and cheaper, the user will have more control. The real costs lie with hiring systems administrators to keep it going and competing with a huge infrastructure already in place.

“It’s hard to scale to what Gmail and what Google does: it’s really expensive, you have to hire hordes of systems administrators. The genie-out-of-the-bottle part is just the technical infrastructure in place. That is the part that scares me the most. Even if there was a political will, you’d have to build such different systems to really allow for safeguards on top of the legal safeguards. And that’s a difficult task, especially when they have built a system themselves, by which I just mean supercomputers that can crunch the data, all sorts of different points of access.

“It’s frightening. To dismantle that system does seem like a gargantuan task to me.”

But it’s a task that’s starting. Anonymously or otherwise.

Concerns about Irish data regulation 'We have great data-protection laws in Germany, but if Facebook is based in Ireland, then Irish law applies'
The last time the EU agreed common privacy and data protection rules, Mark Zuckerberg was 11 years old and Facebook was not even a twinkle in his eye.

A lot has changed since 1995. The rise of Facebook, Google and Twitter has made user data the preferred coin of today’s digital realm. But is collating all data that is technically possible – and profitable – acceptable to those who, often unwittingly, supply the information? That is the core issue in negotiations for a new EU rulebook for our brave new digital world.

Edward Snowden’s revelations about US intelligence surveilling digital communications, assisted by many US technology companies, has given a new urgency to the debate on citizen privacy. And, at the heart of Europe’s data-protection debate, Ireland plays a lead role.

Chancellor Angela Merkel drew attention to this last weekend. Under pressure about the Snowden affair, she urged a joint EU rule to force non-European companies to explain what happens to the data they collate in the EU before it leaves servers here. “We have great data-protection laws in Germany but if Facebook is based in Ireland, then Irish law applies,” Dr Merkel said on German television.

It was no coincidence that she mentioned Ireland. The current EU regime gives EU member states considerable leeway in interpreting data and privacy rules. Some countries have strict rules; others take a more liberal approach, based on cultural norms and historical experience.

With data collection and processing now a multibillion industry, this patchwork of rules has been a growing source of tension among EU member states. The biggest issue: data protection and privacy issues are not the responsibilty of the state in which data is generated by users but the place in which the company that collects the data has its European headquarters.

And so, whether you are in Belfast or Bucharest, any concerns about what Google or Facebook has on file about you have to be addressed to the Data Protection Commissioner (DPC) in Co Laois.

The DPC has seen a significant growth in European work in recent years, reflected in its annual report: last year the office dealt with 1,349 new complaints, a 350 per cent increase in just seven years.

This spike was not matched by an increase in resources, leading conspiracy theorists in some European countries to suspect that Ireland has light-touch data regulation to attract would-be investors.

Irish officials dispute this strenuously, though sources familiar with the DPC acknowledge there were capacity problems in the past. However, they say a recent staff increase from 20 to 30, far from a given in the current economic climate, is an indication that the Government recognises credible data protection as a reputational issue with its European partners and would-be investors.

But is it enough for policing the data of 500 million EU citizens? Irish MEP Seán Kelly says the DPC is “going to be stretched” if a new EU data-protection regime requires even greater oversight. “Ireland, because of so many big American companies there, will need more resources,” he says.

Despite the challenges, he says the DPC enjoys a good reputation around Europe. Peter Hustinx, the European Data Protection Supervisor (EDPS), says he has “great respect” for Irish commissioner Billy Hawkes. Throughout Europe, he says he regularly hears expressions of “respect, though some criticism” of the effectiveness of the Irish operation.

Ireland’s success in attracting foreign direct investment in the technology sector has, he said, brought with it a frontline role in the European big data debate. “Ireland’s DPC is discovering that it is also accountable to data-protection colleagues in other countries,” says Hustinx, “and that everyone is watching closely what it does.” – DEREK SCALLY