Hackers fight
totalitarian governments

By Sherrie Gossett

An international hacker organization has issued a software license that allows the group or its licensees to take governments to court if officials attempt to misuse the software to violate human rights or if they insert surveillance or “spyware” code into the programs.

Hacktivismo, an international group of hackers and human-rights activists, has issued HESSLA, or the Hacktivismo Enhanced-Source Software License Agreement. The license offers open-source transparency enhanced by legal remedies both for Hacktivismo, as licensor, and end-users. (“Hacktivism” is defined as the use of technology to advance human rights through electronic media.)

“The Hacktivismo Enhanced-Source Software License Agreement marks the first time technology transfer has been linked to protecting human rights,” said Oxblood Ruffin, founder of Hacktivismo. “Our clients and end-users aren’t building the firewalls to keep democracy out. They’re locked inside trying to break free.”

Hacktivismo is a special operations group sponsored by the infamous Cult of the Dead Cow hacking group. “We view access to information as a basic human right. We are also interested in keeping the Internet free of state-sponsored censorship and corporate chicanery so all opinions can be heard.” says the group.

To that end, they develop open-source hacking software tools and distribute them through grass-roots democracy chains to individuals who live under repressive and authoritative regimes. In the Hacktivismo Declaration, a document that condemns state-sponsored censorship of the Internet, there is a reference to “lawfully published” materials, making it clear that excludes things like “legitimate government secrets, kiddie porn, matters of personal privacy and other accepted restrictions.”

But even the term “lawfully published” is full of landmines, the hackers admit.

“Lawful to whom? What is lawful in the United States can get you a bullet in the head in China. At the end of the day, we recognize that some information needs to be controlled. But that control falls far short of censoring material that is critical of governments, intellectual and artistic opinion, and information relating to women’s issues or sexual preference, and religious opinions.” the hackers say.

“We are trying to intervene to reverse the tide of state-sponsored censorship of the Internet through the inventive use of code,” says the group. “We favor using disruptive technologies that comply with the spirit and original intent of the Internet. The Internet is a commons with its own field of operation. It’s all about freedom and bringing the world together. The number of politicians who just don’t get this astounds us. They should learn how to use e-mail and a few other basics before they come up with any more restrictive/vindictive legislation.”

Hacktivismo’s move is designed to protect their software (and other open-source software that chooses to adopt the license) from being used to spy on and victimize citizens. The basic idea behind open-source software is very simple: the source code is accessible so programmers can read, redistribute and modify it, resulting in software that evolves as it is passed on. As people improve it, adapt it and fix bugs, the transformation of the software often proceeds at an exponential rate compared to the relatively slow development of conventional software.

In contrast with more-traditional “free” or “open-source” software licenses, the HESSLA contains some novel terms unique to the history of information technology. These enhanced terms are designed to promote a broad range of human rights worldwide, as well as to empower end-users to seek new and additional remedies against human-rights violations by governments and governmental officials.

“Hacktivismo has sought to preserve, to the maximum degree, the primary advantages of ‘free’ and ‘open-source’ software,” said Eric Grimm, an attorney with CyberBrief PLC who assisted Hacktivismo with drafting the license. “These advantages include ease of customization, the ability of any end-user to redistribute the software to friends and colleagues without paying any license fees, transparency and enabling collaboration among volunteer and commercial developers worldwide.”

Regarding the uniqueness of the HESSLA license, Grimm told WorldNetDaily, “Language in the intro section explicitly links the use of the license with the human-rights conduct and effects of what licensees do with it – in particular, government licensees. I am not aware of any other licenses that provide end-users with rights.”

It also contains more robust language than has previously been used to maximize enforcement against governments around the world. The HESSLA explicitly prohibits anybody from introducing “spyware,” surveillance technology or other undesirable code into modified versions of HESSLA-licensed programs. Additionally, the license prohibits any use of the software by any government that has any policy or practice of violating human rights.

The license enables both Hacktivismo and its end-users to go to court if someone tries to use the software in a malicious manner or introduce harmful changes into the software. Malicious intent could be defined as a programmer inserting malicious code, such as a computer virus, a keystroke logger or “spyware” into a program that has previously been released under a “free software” license agreement. Such action now may violate criminal laws and result in civil tort liability.

It is also possible now to deter such malicious behavior by including in a software license agreement a specific contractual term that prohibits such behavior, meaning that any licensee who violates the prohibition against malicious code can be sued by the licensor (or by third-party beneficiaries whom the licensor has explicitly identified as alternate or additional enforcers of the agreement) for money damages and a court order forbidding any continued violation.

The most novel innovation in the license distributes enforcement power instead of concentrating it in Hacktivismo’s hands. For example, if a private citizen happens to violate the terms of the license, Hacktivismo is in charge of enforcement.

But the situation is different if the violation is by a government or a governmental official. When governments try to use Hactivismo-licensed software as part of any aspect of a project to subvert human rights, the license empowers end-users to act as enforcers, too.

“This provision is mostly intended to protect the human rights of users living in totalitarian regimes,” Oxblood told WND.

“It is not unusual for victims of torture and other human-rights abuses in other countries to seek a remedy for violations of international law in U.S. court,” the hacktivists explained. “But there’s a difference between suing Slobodan Milosevic and suing Republica Srpska for the official policies and abuses of the Milosevic regime. When victims have tried to name foreign governments as defendants, they have run into a brick wall called sovereign immunity.”

The HESSLA license makes it clear that the voluntary use of Hacktivismo software by a government as a part of any project that has the effect of violating human rights explicitly constitutes a waiver by that government of its sovereign immunity in the courts of other countries.

“In other words, if Myanmar or China want to keep violating human rights – then they have no choice but to steer clear from using Hacktivismo’s software in connection with any of their wrongful projects. If not, then this software license just may be the victims’ long-needed ticket into court – their pathway over the obstacle to justice previously presented by sovereign immunity,” the group explained.

“We made the language as strong as possible,” Grimm said. “Initially, I was personally skeptical that we could overcome the hurdle of sovereign immunity, but as I did research on the way law applies to sovereign immunity, it seems likely it will be enforceable, or a vast majority of it will be enforceable in court of law.”

Cindy Cohn, legal director for the Electronic Frontier Foundation, told WorldNetDaily, “It’s an interesting thing for them to do. They’re trying to ensure this tool doesn’t become a tool of oppression, but a tool of freedom – a laudable goal. It will be interesting to see whether countries will abide by the terms of this and what will happen if not. We’ve seen previous tools developed with good intentions in mind, only to later be misused. In this situation, people’s lives are at stake.”

Cindy Cohn

Cohn first became involved with the EFF over 7 years ago when the EFF asked her to serve as the lead attorney in Bernstein v. Dept. of Justice, the successful federal court challenge to the U.S. export restrictions on cryptography. That case was the first to hold that source code was protected expression subject to protection under the First Amendment. The Bernstein case was one of the major catalysts for a decision by the U.S. government in January 2000 to dramatically loosen its restrictions on the export of encryption software.

Cohn has been involved with Hactivismo from the start, she said, advising them periodically.

This move by Hacktivismo has relevance for anyone interested in hacking, human rights, information security, open-source software, Internet censorship, international law, international politics or technology transfer.

Said Grimm, “The use of software to promote human rights is an incredibly important issue and one of the most exciting ways human rights are being promoted. I was absolutely delighted to work with Hacktivismo on this project.”

“It is not a perfect license, but it is still world historic, in my opinion,” Ruffin concluded. “In the future, I believe it will come to be known as one of the cornerstones of human dignity on the Internet.”