Posted at 9:21 p.m. PST Saturday, January 30, 1999
Internet openness cuts both ways
BY DAN GILLMOR
Mercury News Technology Columnist
Last week, an Internet service provider in Dublin, Ireland, was forced to shut down temporarily after a cyber-attack on its computers. Topping the list of suspects is the government of Indonesia.
The Internet company was hosting a ``virtual nation'' on behalf of people who want to end the brutal Indonesian occupation of East Timor, the eastern half of a South Pacific island the size of Massachusetts. We take open political discourse for granted in the United States, but in this case political speech had a price.
If the Indonesian government was pulling the strings, it wouldn't be the first time a regime tried to control a medium that tends to find ways around censorship. All over the globe, governments are desperately trying to limit their own citizens' access to materials deemed inappropriate or dangerous.
Nor is this the first time a government may have been involved in trying to suppress a foreign-based Internet site it didn't like. The Spanish government, by some accounts, tacitly supported an electronic mail-bombing campaign against a San Francisco Web site that published material for Basque separatists.
But if the Indonesian regime did mastermind or otherwise play a role in the hacking of the East Timor site, this cross-border challenge is an escalation of sorts. For governments and their foes, foreign and domestic, it's another warning that the Information Age brings new complexities to some old notions. It raises fascinating, maybe fundamental questions -- about the nature of sovereignty, authority and more in the virtual world.
As with other cases of hacking of Web sites, moreover, the incident highlights how the Internet's basic openness is double-edged. Decentralization lets information be viewed by anyone, anywhere. It also creates vulnerability to outside attacks.
A little history: When Portugal decided to cede control of East Timor in 1975, Indonesia invaded and annexed the territory as an Indonesian province. Widely reported human-rights abuses followed. The protests of the international community, including the United Nations, have had little effect -- until last week, perhaps coincidentally, when the Indonesian government suddenly suggested it might grant independence.
The Internet had played a role in the continuing campaign against the occupation. There were the usual mailing lists, Usenet newsgroup discussions and Web sites where advocates and opponents of East Timor independence promoted their viewpoints.
But the most interesting Web development came about in late 1997, when an Irish Internet service provider, Connect-Ireland, joined forces with Nobel laureates José Ramos-Horta and Bishop Carlos Belo, who had been among the most active people in the East Timor freedom movement. The idea behind their ``East Timor Project'' was to create what amounted to a virtual nation. To do this they took advantage of the way Internet domains are created.
A ``top-level'' national domain -- granted by a centralized authority run under contract with the U.S. government, a system now being revamped -- consists of a two-letter abbreviation. For example, the United Kingdom uses .uk, where a Web site might be called website.co.uk (the ``co'' stands for commercial in this example). Only the United States, where the Internet began, does not have a top-level national abbreviation.
Creating a East Timor top-level domain name, .tp, was a clever political maneuver by the opponents to the Indonesian occupation. It effectively established a semi-official presence, though what that really means is open to interpretation.
In any event, Indonesia's government wasn't amused. A spokesman told the Irish Times newspaper, with the utter hypocrisy so prevalent in officialdom, that it had nothing against freedom on the Net. But the government was ``concerned that this freedom has been misused . . . to spread a campaign against Indonesia.''
In an explanation on its Web page, Connect-Ireland (www.connect.ie) says the site had been probed repeatedly in the year since the domain was established. But the company wasn't prepared for what happened last week: simultaneous cyber-attacks from locations around the globe.
The attacks, apparently designed to bog down the computers, were so effective that Connect-Ireland was forced to temporarily shut down its systems. The company says it's upgrading equipment and software to make the site less vulnerable in the future. Systems administrators around the world are working together to trace the people responsible, according to Connect-Ireland. But it's entirely possible the guilty parties will escape detection.
A Web site that challenges a corrupt or repressive regime may be perceived as a serious threat by that government. Given the power of information to be a catalyst for action, it may be an actual threat. That doesn't make the counter-strike any more legal or righteous, but at least you can understand the motive.
It's bad enough to shut down an opponent's printing press or radio station inside one's own nation. It's plain outrageous to cross borders to do this.
As an act of Web warfare, the East Timor Project had another effect that's all too common in war: what military people so quaintly call ``collateral damage,'' injury to innocent people and property. Connect - Ireland's regular customers found themselves without access to their e-mail and other Internet services. It's better than actually killing people, though.
Ultimately, regimes will learn the hard way that they can't stamp out information they don't like, not in the new world of the Information Age. They'll try, though, in an ongoing arms race. Security holes get plugged after attacks, and activists find other sites to ``mirror'' the offending content.
As of Friday, the East Timor Project's Web presence (www.freedom.tp/) was still out of commission. But the East Timor human rights movement isn't. That's the most important message.
---------------------------------------
Dan Gillmor's column appears each Sunday, Tuesday and Friday. Visit Dan's Web page (www.mercurycenter.com/columnists/gillmor). Or write him (and please include a daytime phone number -- for verification, not publication) at the Mercury News, 750 Ridder Park Drive, San Jose, Calif. 95190; e-mail: dgillmor@sjmercury.com; phone (408) 920-5016; fax (408) 920-5917. PGP fingerprint: FE68 46C9 80C9 BC6E 3DD0 BE57 AD49 1487 CEDC 5C14.