Per­haps one of the most con­tro­ver­sial corporate-sponsored acts of poplar elec­tronic activism in the his­tory of the Inter­net (and cer­tainly this year), AAP pub­lished an arti­cle which was picked up by the Syd­ney Morn­ing Her­ald at 10:44 this morn­ing (GMT +11, Syd­ney time) in which Lycos is cited as ter­mi­nat­ing the cam­paign, in face of crit­i­cism from (unspec­i­fied) “secu­rity experts”. The orig­i­nal arti­cle may be found on the Syd­ney Morn­ing Her­ald web­site (reg. required).

Lycos spokesper­son, Kay Ober­beck, is quoted as say­ing that “the [Make Love not Spam] cam­paign was only meant to be tem­po­rary”, it’s pri­mary goals being to spark dis­cus­sion and raise aware­ness — some­thing which it has unques­tion­ably achieved, per­haps in a realm far greater than that of just unso­licited spam mar­ket­ing (I refuse to use euphemisms here — spam is unso­licited, intru­sive, tres­pass­ing, unre­quested and unde­sire­able — not “direct mar­ket­ing”). The cam­paign has raised ques­tions regard­ing the state of reg­u­la­tion of the Inter­net, both in terms of anti-spam leg­is­la­tion, and the legal­ity of “elec­tronic sit-in” tac­tics, up to and includ­ing the use of dis­trib­uted (col­lab­o­ra­tive) attacks on a cen­tralised point.

Argu­ments over the seman­tics of what exactly con­sti­tutes a DDoS attack have also arisen as a result of this cam­paign: Whilst it’s gen­er­ally accepted that this is indeed a dis­trib­uted attack, the curi­ous nature of the appli­ca­tion, in that it attempts to raise the costs of spam­ming but not alto­gether “deny ser­vice”, cou­pled with the fact that par­tic­i­pa­tion in this cam­paign is user-driven (by way of active par­tic­i­pa­tory choice), mean that this can­not be likened to virus-driven DDoS attacks seen in recent times, such as those upon The SCO Group’s website.

Not only is the basic ques­tion of what con­sti­tutes a (D)DoS attack raised, but also the ques­tion of what, exactly, is required for this attack to be con­sid­ered “dis­trib­uted”. Legally speak­ing, the attack has not been launched from any one co-ordinating point. The soft­ware dis­tri­b­u­tion point and direc­tory list­ing points were cen­tralised, how­ever these were not respon­si­ble for the inde­pen­dent actions of over 100,000 users^[1], who down­loaded the soft­ware, and ran it.

Col­lab­o­ra­tive attacks such as this make lit­i­ga­tion remark­ably dif­fi­cult, con­sid­er­ing the very dis­trib­uted par­tic­i­pa­tion — how can Lycos be sued for some­thing they didn’t do? And, even if they could be sued for “some­thing” they didn’t do, is it even legit­i­mate to pros­e­cute over a “denial of ser­vice” attack such as this? Some have com­mented that by con­nect­ing a com­puter to the Inter­net, you accept the pos­si­bil­ity of such attacks implic­itly — admit­tedly, this was posted on Slash­dot, a (slightly more Left) IT news source, but the point bears consideration.

Was the cam­paign a “good” thing? In accor­dance with the stated goals pre­sented to the world in hind­sight, yes. Hav­ing said that, how­ever, Lycos appear to have been stand­ing on defen­sive foot­ing for much of this cam­paign, deny­ing events which the rest of the world seem to have wit­nessed, beyond most rea­son­able doubt (speak­ing specif­i­cally of the denial of the com­pro­mise of their web­site, either by a direct hack­ing, or DNS poi­son­ing). Star­ring, the agency respon­si­ble for devel­op­ing the Spray web­site (an arm of Lycos) and the Make LOVE not SPAM cam­paign, main­tains the inten­tion of the cam­paign is to increase the costs involved with SPAM adver­tis­ing (as well as aware­ness rais­ing and a pro­mo­tional util­ity for Spray mail), some­thing which every­one took as implicit, but (so far as I’ve seen) Lycos hasn’t explic­itly stated^[2].

So what’d they do wrong, from a con­struc­tive per­spec­tive? Well, it was of a closed nature, for one. Lycos copped a sur­pris­ing amount of crit­i­cism for this one from the main­stream media, specif­i­cally as “inde­pen­dent ver­i­fi­ca­tion” of the nature of sources was unable to be per­formed — fears that the lists of offend­ers were cor­rupted remained unre­solved, as pub­lic access to this infor­ma­tion was not read­ily avail­able ^[3]. If Lycos’s present stance on the project is legit­i­mate, then the project rather delib­er­ately remained closed in nature — if it were open, they would have an AOL-style Gnutella on their hands (admit­tedly, the sit­u­a­tion of recall is remark­ably sim­i­lar, but the project hasn’t been able to get out of con­trol due to a lack of pub­li­cally avail­able source code), arguably a worse cor­po­rate night­mare than the legal mess in which Lycos may find them­selves entangled.

An open project would have allowed the project a greater chance of suc­cess, in that crit­i­cism per­tain­ing to the valid­ity of tar­gets would be quelled, and even an offi­cial end to the project would likely per­mit a host of child-projects, all with the same goals in mind. The dis­ad­van­tage to this, of course, is that community-powered vig­i­lan­tism is far more sus­cep­ti­ble to dubi­ous attacks on inno­cent web­sites, due to it’s (com­par­a­tively) unreg­u­lated nature (if Lycos’s claims regard­ing the check­ing process are to be believed).

Will this spurn a host of sim­i­lar projects? Prob­a­bly. Such projects already exist, on a smaller scope — one project tar­get­ting Niger­ian scam­mers is already in place — how­ever none of them have enjoyed such wide­spread media atten­tion as MLNS has from con­ven­tional press. Lycos’s posi­tion as a dom­i­nant Euro­pean (and, to a lesser extent, Amer­i­can) por­tal has meant that their actions are far more closely scru­ti­nised than those of small com­mu­nity bod­ies. Hav­ing said that, the pop­u­lar­ity of peer-to-peer file-sharing appli­ca­tions didn’t come about as a result of mass media prop­a­ga­tion, but rather through grass­roots com­mu­ni­ca­tion between peers, rec­om­mend­ing the soft­ware to others.

Infor­ma­tion Tech­nol­ogy pub­li­ca­tions (both phys­i­cal and elec­tronic) played a part in mak­ing early adopters aware of these tech­nolo­gies, how­ever the bulk of the work may be attrib­uted to com­mu­ni­ties online who spread aware­ness of this soft­ware on a peer-based level. This tech­nol­ogy has sim­i­lar poten­tial, on a far greater scale — it’s media expo­sure at launch was mas­sive, and whilst it was rapidly removed (or cen­sored), the amount of inter­est it gen­er­ated offers projects which adopt a sim­i­lar vein in the future a greater chance of success.

From a media per­spec­tive, future projects such as this will attract a men­tion, if only because of their sim­i­lar­ity to this high-profile one. The ram­i­fi­ca­tions of MLNS are great in scope; arguably, greater than Lycos have fore­seen in the launch of this. Ulti­mately, this project demon­strates the power of the Inter­net as a tool for activism and col­lab­o­ra­tive empow­er­ment — the true impact of these is some­thing for which the world must wait and watch.

Notes

1. Actual down­loads may far exceed this fig­ure, given the rapid prop­a­ga­tion of mir­rors of this soft­ware, and the (highly ques­tion­able) actions of some back­bone providers in block­ing the offi­cial web­site, MakeLoveNotSpam.com — which raises a whole new set of ques­tions per­tain­ing to dig­i­tal activism, if the providers to this form of self-enforcing elec­tronic democ­racy are actively deny­ing access to “ques­tion­able” facilities!
2. I’m quite open to being proved wrong on this point: so far as I can see, they haven’t stated that — I’ve been sift­ing through a decent amount of news mate­r­ial on the sub­ject, but it’s more than pos­si­ble that I sim­ply missed it. If you feel oth­er­wise, feel free to leave a comment/send me an email.
3. Admit­tedly, it was pos­si­ble to access http://backend.makelovenotspam.com/xml/ for the data, but this wasn’t a highly pub­li­cised fact, and the meth­ods by which this data was attained and ver­i­fied remain shrouded in doubt.