Article body

Introduction

Self-help refers to a set of actions that the law permits people to take in the pursuit of their legal rights. The law has long permitted various forms of self-help, including self-defence, the defence of property, and the defence of third parties, although only within cautious bounds. One area of ongoing debate regarding self-help is whether counter-strikes should be permitted in cyberspace against, for example, hackers, phishers, spammers, and peer-to-peer networks. The difficulty and inefficacy of law enforcement online—particularly in dealing with the high volume of fraud and other financial harms—has resulted in self-protection becoming the normal recourse and has also encouraged more aggressive forms of self-defence (as an alternative to invoking state protection).

Self-defence is permissible when it is necessary and when the action is reasonably proportional to the threat. The issue of the inequality in strength between parties is not an explicit consideration in assessing whether a given action in self-defence is permissible or not, although it is considered implicitly. This article argues that the issue of equality of strength—understood more broadly than physical strength alone—should be an explicit criterion for determining the proper limits on the use of technologies in self-defence.

Where an attacker and a defender are of unequal strength, a legal approach that prohibits resort to technological tools in self-defence would ratify and preserve that inequality. In these cases, technologies could neutralize the inequality in strength; for example, the nineteenth-century nickname for the Colt handgun was “the Equalizer”. As is the case with the handgun, technologies may raise the risks associated with self-help and may impose other social harms while at the same time having this equalizing effect. Another problem with permitting the use of technologies in this way is that it may fuel a technological arms race, as parties seek to gain the technological advantage. Regulatory choices about such technologies and the willingness to condone their use in self-defence require a balancing of these competing considerations.

The relationship between technology and human equality is complex, and this article proposes an analytical structure for understanding it. The objective is to understand which technologies promote equality while imposing the least social costs in terms of escalating violence, accidental harm to bystanders, and wasteful arms racing. Such technologies should be permissible for use in self-defence, subject to the possible requirement that users compensate injured bystanders.

The article will proceed in the following way. First, I explain the terms “self-help”, “technology”, and “equality” as I define them in this analysis. Second, I propose a structure for understanding how technologies affect human equality. Third, I propose principles—including a consideration of their effects on equality—for setting limits on technological self-defence, and illustrate their use by applying them to several forms of counter-strikes under consideration in cyberspace.

I. Defining Self-Help, Technology, and Equality

A. Self-Help

1. A Definition of Self-Help

In law, self-help is a category of actions that individuals can legally undertake without state assistance in order to protect their own legally-recognized rights. Extra-judicial self-help remedies arise in numerous areas of the law, allowing people to use force in self-defence, in defence of property—including chattels—or in defence of third parties.[1] Categories of self-help also exist to permit people to trespass on property to abate nuisances, to retrieve property, and, in certain circumstances, to destroy the property of others.[2] It is necessary here to say a few words about the separate parts of the proposed definition.

First, we are concerned in this context only with those actions undertaken in self-help that would be illegal but for a specific exemption or privilege such as, for example, self-defence or abatement of nuisance.[3] There is a whole range of legal actions that individuals may undertake in order to promote their own interests, such as using locks or building fences on their own property. This range of clearly legal activity tends not to be at issue in cases dealing with the legal limits on what may be done by way of self-help. It is nevertheless useful to keep these additional forms of legal activity in mind, as some such actions that are currently legal may be made illegal or vice versa. This is important in cases where the self-help activity involves a new form of technology. Emerging forms of unregulated technologies routinely challenge our understanding of what actions are legal or illegal in pursuit of self-interest, and what actions are privileged despite being illegal.

Second, an implicit part of the definition is that the interest pursued by the individual must be a legitimate interest. The meaning of “legitimate interest” is not clear, as this may be understood narrowly to mean only legally-recognized rights, or it may extend more broadly to include genuine interests that are not recognized as legal rights. One may have a genuine interest in many objectives ranging from illegal interests (e.g., to steal property), through a range of less clearly illegal interests (e.g., to access information contrary to an arguably overreaching contractual term proscribing it), to legal interests (e.g., to retrieve property that is being wrongfully withheld).

An illustration of a situation in which a person may feel justified in breaking the law to promote an interest that is not legally recognized is the following: a company may impose particular terms of use on its website to essentially make certain uses of information on the site illegal, or it may create access restrictions on its website to avoid access by persons from particular geographical locations (e.g., to avoid the application of certain laws governing permissible content).[4] A person may wish to use that information contrary to the contractual agreement or may wish to access the information from the excluded location by hacking or misleading the control system. The person who does so has no legal right to use that information. However, some people may intuitively feel that it is justifiable to breach the contract and access the information because they regard these contractual terms as illegitimate. What I am seeking by way of this example is to shed light on whether self-help permits the pursuit of interests that are not legally-recognized rights. Despite the feeling that people ought to be allowed to pursue their interests by avoiding over-reaching contractual provisions, a court that is bound to apply contract law would likely regard this pursuit as an unjustified breach of contract rather than an instance of legitimate self-help. In sum, the interests that one can pursue under the privileged cover of self-help must be one’s own legally-recognized rights or those of another person.[5]

The definition is ambiguous with respect to whether a person who is helping himself must act alone, or may act in concert with others. Richard Epstein writes that although the word self-help usually evokes the image of an individual acting alone to defend his own legal interests, there is nothing in the idea of self-help that precludes an individual or a group from acting in support of any individual or group that is subject to a wrong.[6] Although the dangers associated with self-help grow when people act in groups, an individual alone may be too weak to defend himself. The category of the “defence of third parties” contemplates that a person may act on behalf of another, and so it seems that the law contemplates at least some collective self-help action.

2. The Reasons For and Against Allowing Self-Help

Legal systems constrain the free use of force for good reasons.[7] A society in which violence may be used freely is one in which potential victims must waste resources on defences. The free use of force also has a tendency to spiral out of control, escalating into feuds as the members of defensive alliances are drawn into disputes.[8] A by-product of a legal system that prevents violent self-help is the removal of some of the advantage from those with superior strength, weapons, or social networks, and a step toward a concept of uniform rights due to all individuals in a community. The importance of ensuring that “might” does not make “right” was included as a justification to suppress self-help in Blackstone’s Commentaries on the Laws of England.[9]

It seems unlikely that this egalitarian impulse was the prime motivation to suppress self-help in early legal systems. Still, on the one hand—and this point is important for the following discussion on equality—by suppressing self-help the law may, to some extent, neutralize the effects of an unequal distribution of strength between people with respect to the resolution of legal disputes. But on the other hand, whether or not the suppression of self-help has this egalitarian effect depends upon the unrealistic assumption that all parties have equal access to the state’s support in vindicating their rights.[10] If access to the law is so expensive that many cannot pursue their legal rights in that way, rules that restrict self-help might actually harm those who could more cheaply and effectively protect their own interests themselves.

The inclusion of technological means of engaging in self-help adds another reason to limit self-help. Technology often increases the potential destructiveness of the individual, which increases the risk that the methods employed in self-help will be excessive, or that they will harm third parties. The risks of severe damage to the target and bystanders are increased by using the gun rather than the fist, for example.

Arrayed against these reasons to suppress self-help are various reasons to permit it in some cases. Holdsworth observed that, as a historical matter, it was never possible to fully repress self-help, and he suggested it would be undesirable to do so.[11] It may be more efficient to allow someone to help himself to his rights than to require the state to intervene judicially in every dispute.[12] Another possible advantage of self-help in some cases is that the parties involved bear the costs of resolving their own disputes rather than having the public subsidize them.[13]

Apart from an efficiency argument, there is also an effectiveness argument. The judicial process may be inadequate because it is too slow or offers unsuitable remedies.[14] Self-defence must be permitted because the victim who is threatened with a violent attack cannot wait for the state to intervene.[15] Situations where the state could be effective but has inadequate resources and so does not offer adequate remedies are more difficult to assess. Should people be allowed to resort to self-help in these cases? Situations of this type are common in cyberspace.[16] One may argue that a system that suppresses self-help, but does not provide adequate state protection of legal rights, invites violations of those rights since there is no credible deterrent when victims cannot engage in self-help.[17]

Given these competing reasons for and against self-help, the law has taken a fairly loosely defined position toward self-help—centred on the concepts of necessity, reasonableness, and proportionality.[18] The following points can be extracted from a review of the various rules on self-help:[19]

  • Only certain legal interests can be defended using force. These include the protection of property and the person against physical interference, and the protection of the use and enjoyment of property against unreasonable interference.[20] The self-help categories of self-defence, the defence of third parties and the defence of property are available to defend against physical interference with the person and with property. Abatement of nuisance is available to deal with unreasonable interferences with the use and enjoyment of property.

  • There must be no acceptable alternative response to the threat other than the use of force.[21]

  • The degree of force used must be reasonable and may not be greater than is reasonably necessary to meet the threat.[22]

  • The degree of force used must be proportional to the threat. For example, it is unacceptable to use deadly force to protect property, and compensation may be due for personal injuries caused while protecting property interests.[23]

  • There are various rules applicable to these self-help remedies that are designed to avoid mistakes and unnecessary violence: In some cases, a warning or request to desist must be given before resort to the use of force. In other cases, it is necessary to pay compensation where a mistake is made.[24] Still other rules are designed to try to limit harm to bystanders, including the rule that compensation must be paid where harm is inflicted negligently by a party acting in self-defence.

B. A Definition of Technology and “Technological Self-Help”

The definition of “technology” is not settled. Some define the scope of the term broadly to include all tangible and intangible tools and techniques. A narrow definition would regard technology as limited to the physical artifacts created and used by humans as tools to achieve their objectives.[25] Jacques Ellul has chosen a broader definition that he labels “technique”, in which he includes any method adopted by humans to achieve a goal more efficiently in any field of human activity.[26] This latter definition would include not only physical artifacts, but also methods and organizational structures, among other things. Don Ihde adopts an intermediate ground, requiring that technology include a material component, but extends his definition to the methods or techniques that use the material artifact.[27]

For the purposes of my inquiry into technological self-help, I will adopt Ellul’s broader definition for two reasons. First, existing case law on self-help makes it clear that the adoption of non-material techniques such as martial arts is relevant to the court’s reasoning.[28] As a result, the use of techniques, and not only material objects like guns, has already been proven relevant to the analysis in this context. Second, there is some uncertainty in cyberspace—and in the law in general—on how to understand non-material forms of property, such as data or intellectual property. There is also some debate over how to characterize novel forms of interference and nuisance over the Internet.[29] The courts, at least in the United States, have chosen to regard electronic communications over the Internet as capable of falling within the scope of trespass to chattels; a category that was formerly understood to involve a physical—presumably non-electronic—form of interference.[30] Excluding non-material techniques from technological self-defence thus fails to reflect current legal practice as well as more novel and uncertain areas of self-defence and defence of property, such as cyberspace.

Apart from these reasons, it is my view that many important tools need not involve physical artifacts (e.g., languages, mental heuristics, recipes, etc.), and that sometimes where there is a physical artifact, the artifact is really secondary to the central tool. For example, the physical manifestation of a software program is essentially irrelevant. It does not matter, to an understanding of the technological aspect of the software, whether it resides on a USB key or a CD. It is true that while software is operating, it does so through various physical machines, and those machines become an important part of understanding the effects of the combined artifact and technique.

Under the broader definition the legal system itself, with its language, rules, institutions, and artifacts, is a type of social technology: It is a tool that different actors use for different purposes. It is a system that individuals—by invoking the state apparatus to defend and enforce rights—may use to try to pursue their legal rights. Technological self-help can thus be understood as the use of tools other than the legal system to pursue legal rights. Technological self-help nonetheless remains part of the legal system since self-help is simply a set of legal rules defining a category of actions that a person can legally undertake without state assistance in order to protect his own legally-recognized rights.

C. A Definition of Equality

Equality is a central component of the main normative theories of social arrangement, even if the concept of equality varies from theory to theory.[31] For instance, one theory’s demand for equality in one dimension may conflict with another’s demand for equality in another. Nevertheless, equality—in some dimension—remains a central requirement since a justifiable theory of social arrangements must be acceptable from the perspectives of all affected.[32]

Various forking points present themselves when one tries to choose a concept of equality. First, it is necessary to choose the dimensions in which equality will matter most. By definition, when people are equal they continue to differ in some dimensions, otherwise equality would collapse into identity.[33] The challenge lies in determining which dimensions ought to be the same in order that people can be said to be equal, and which dimensions may remain different. People may differ in various dimensions,[34] although they are likely to care only about valuable variables such as resources, well-being, or rights—like liberty.[35] The objective in this paper is to consider the effects of rules regarding technological self-help on equality. In order to make the inquiry more manageable, I will consider the way in which technologies equalize resources, since one’s resource endowment will have a direct effect on the ability to pursue one’s legal interests. I take resources to include both external and internal resources, since technologies are available to affect both. External resources include factors such as wealth, the characteristics of the surrounding natural environment, and the social and cultural resources provided by the surrounding community. Internal resources are internal or personal characteristics, such as age, sex, personality, and physical or mental abilities.

Another choice to be made is whether we are concerned with equality of outcome or equality of opportunity. I think that the proper way to understand the concern at the heart of the question of whether technological self-help of one kind or another should be permitted is that there should be equal opportunity to pursue one’s legal rights. On the one hand, a theory of equality that suggests that equality of opportunity is the central objective is open to criticism. It could, for example, justify highly unequal outcomes with respect to the actual protection of legal rights, as factors such as luck and effort lead to different results for different people. On the other hand, the pursuit of equality of outcome leaves no room for personal responsibility, such that society would have to continually channel more resources to those who squander their resources and opportunities.[36] By including the concept of internal resources, above (which include talent and personality, as well as all the contextual factors like social oppression or social support that may affect a person’s ability to actively pursue opportunities), I hope to address the critique that equality of opportunity ignores the problem of unequal starting points with regard to factors related to personal responsibility.[37]

II. The Relationship Between Technology and Equality

This article is focused on understanding when a technology should be legally permissible for use in self-help, and on proposing that a technology’s effects on equality be considered in making that decision. Therefore, it is necessary to explain further how we might understand the effects of technology on equality.

The most familiar story about the relationship between technology and equality is neatly summarized by the term “the Digital Divide”. The term, referring to the unequal global pattern of internet access, expresses the idea that technologies are usually beneficial to people, and so inequality may develop between those who have access to those benefits and those who do not. This story is accurate, since the issue of access to beneficial technologies is an omnipresent feature of the relationship between equality and technology. However, the relationship between equality and technology is more complex than this, as discussed later in this section.

A complete theory of equality needs to explain whether equality should be promoted only among human beings or among a larger set—including other living beings. Science and technology complicate this picture by, for example, revealing the genomic similarity between humans and other animals, as well as making it possible to combine human and animal genes.[38] A complete theory of equality must also deal with the problem of time: Are humans of all ages to be treated equally? Is the equality of present and future generations to be a concern? Technologies are highly relevant to equality among humans over time. Not only are we increasingly capable of manipulating the genetics of future generations of humans, but our technologies are also deeply implicated in the environmental modifications that present generations will leave for future generations. These themes are fascinating, and they may be relevant to self-help, particularly if inheritable genetic self-modification can be understood as a form of self-help. However, I will set aside the problems of time and the equality of present and future generations to consider the effects of technology on the equality between current human beings.

There is a difficulty in making pronouncements about the general effects of technology on equality—although one can fairly confidently say that it is generally true that inequality of access to technology (mostly beneficial in some way) undermines equality. However, it is still important to look at technologies individually, since they differ in their effects on human equality. Some technologies increase equality, some diminish equality, and some do both. Another useful dimension to consider in the study of the limits on permissible self-help is whether or not—apart from its relationship with equality—the technology provides a net benefit at the social level. In other words, there may be some technologies that are, in the aggregate, beneficial to society even if they decrease equality, or other technologies that are, in the aggregate, harmful even if they increase equality. In these cases, when deciding legal policy, it is necessary to face the difficult decision of which values should be given pre-eminence. Will we “purchase” more equality at the expense of some other value?

The following chart explains the relationship between technology and equality through specific examples. This chart is an over-simplification of the real relationship between technology and equality, although I do think it identifies some of the complexity and goes further than the story of the “Digital Divide” in explaining the relationship.

-> See the list of tables

There are four important caveats to this conceptual structure that I can see, doubtless there are more. First, the equality that matters to people is a multi-faceted entity (e.g., happiness, welfare, power, and wealth), and the achievement of equality in the one or two dimensions that an individual technology may enable may be relatively unimportant. Clearly, one cannot declare the weak and strong equal once the weak have handguns. This is not just because the handgun is only useful in some—but not all—circumstances where strength is called for, but because equality in strength is not the only or even the most important dimension in which people may wish to be equal.

Second, regardless of whether or not a technology is able to increase equality in a given dimension such as strength, the question of access to the technology will still remain. In other words, the mere existence of a technology that could equalize a disadvantage is not useful in itself; it accomplishes equalization only if it is reasonably affordable and accessible to those who are disadvantaged. Given the strong correlation between vulnerability, ill health, lower levels of education, and wealth, the equalizing effects of technologies may in many instances be theoretical.

Third, it is also possible that one given technology may increase equality in one dimension while simultaneously decreasing it in another dimension, as between two people. For example, to build on the SUV example above, larger vehicles are useful for people with physical disabilities, both in terms of embarking and disembarking as well as in terms of transporting wheelchairs or other equipment. However, motorists in larger vehicles impose higher accident risks on motorists in smaller vehicles. In this case the larger vehicle simultaneously increases equality in mobility while decreasing equality in terms of the risk of fatal accidents.[41]

Fourth, before celebrating the equalizing effects of a technology, it is necessary first to ask what is being equalized. If a disadvantaged group is offered a technological means to “fix” a purely socially-constructed disadvantage, it is unclear that such an opportunity would promote equality. Instead, it tends to reinforce the arbitrary view that a given characteristic is undesirable and ought to be “fixed”. Consider, for example, hymenoplasty, the so-called “virginity restoration surgery”.[42] On the one hand, it promotes female equality by freeing women from the effects of a sexual double standard that requires female but not male virginity.[43] On the other hand, it reinforces the double standard for other women who must also then comply with the standard or obtain the surgery.[44]

Numerous other technologies play the paradoxical role of strengthening a socially-constructed discriminatory standard at the same time as they enable those disadvantaged by that standard to elude its effects. Another example comes from the government-approved use of human growth hormone, not for those with a hormone deficiency, but for healthy children whose projected adult height would place them in the lowest percentile of height among adults.[45] In seeking to avoid the social stigma attached to shortness and to satisfy the social expectation of height, consumers of this hormone maintain the socially-constructed disadvantage and also increase pressure on the remaining short people to conform.

To conclude with the fourth point, if all a technology does is to permit a disadvantaged group to remedy a purely socially-constructed disadvantage then very careful thought should be given to whether this is a good or bad thing. It is difficult to shift these social constructions, and individuals may prefer to use the technology to “fix the defect” rather than hold out until society changes. Still, if a disadvantage is not purely socially constructed, and can legitimately be viewed as a disadvantage impeding the fullest possible human fulfillment, then I think we may look at the technology as potentially positive in promoting equality.

Turning to the question of how the relationship between technology and equality influences technological self-help, it is clear that if a person starts from a position of superior strength and still employs a technology that further increases the disparity, this will not be permissible. For example, a stronger person should not need to use a knife or a gun to defend against an attack by a weaker person. The court is likely to view the use of a weapon in such cases as an unreasonable or unnecessary use of force. Put another way, the adoption of a technology that increases inequality is unlikely to and ought not to be viewed favourably. But, the use of a technology that helps to level the playing field against a stronger attacker is more likely to be acceptable. Whether a technology that promotes equality in such circumstances will be acceptable for use in self-help will depend upon whether it imposes a negative net social effect, such as through the escalation of violence or harm to bystanders.

III. Principles for Technological Self-Help

A. Proposed Principles for Technological Self-Help

The law tends to permit self-help where the law is either ineffective or inefficient in protecting a set of legal interests that are viewed as sufficiently important for society to run the risks of allowing self-help. Over time, the law has devised a series of principles to limit the scope of permissible self-help. The general principles were discussed above in the section on self-help, and pertain to the types of legal interests that can be defended using force, the requirement that there be no acceptable alternative response, and the requirement that the degree of force used be both reasonably necessary and proportional to the threat. In addition, rules regarding warnings, requests to desist, and compensation also serve to avoid mistakes and to limit unnecessary violence. In reaching and applying these principles, courts have not made technology or equality the explicit focus of this analysis, although both are implicit considerations in some cases.

With respect to technology, many actions taken in self-help employ some type of technology. As defined in this article, a technology is a tool or method (ranging from the very simple, or nearly invisible, to the novel and startling) that is deliberately used to achieve a goal. Apart from cases involving fist fights, other attempts at self-help will often employ a technology of some sort. Therefore it has been necessary—even if only implicitly—to consider the appropriate limits on technological self-help. For example, courts have had to rule on whether to permit self-defence using various types of physical artifacts (e.g., a knife)[46] or methods (e.g., karate).[47]

As for human equality, the rules on self-help do not explicitly mention this as a factor in the analysis. However, inequality is relevant at several steps of the analysis. In particular, inequality in strength and power is relevant to determining whether it is reasonable to perceive a threat and whether the degree of force used in self-defence is reasonable. Courts already implicitly consider disparity in strength between the parties when they assess whether the use of a given weapon was disproportionately violent or not. For example, a stronger person is not justified in exerting his full strength against a weaker one.[48] However, a weaker person is justified in using a weapon against a stronger person where it is reasonably believed to be necessary.[49] The judicial attention to the psychological effects of battered woman syndrome, for example, in assessing the reasonableness of a woman’s actions also illustrates the relevance of power and strength imbalances in determining the boundaries of self-help.[50] These cases do not tend to declare the use of a particular weapon to be generally justified or not. Instead, they consider the inequality between the parties when determining whether the use of a weapon is reasonable in those circumstances, given that inequality in strength. This seems to be a reasonable approach because a judicial decision to outlaw resort to a given weapon in all cases would essentially preserve and ratify the existing unequal distribution of strength between the two people.

In this paper, I am suggesting that one factor that ought to be more explicitly considered when determining whether resort to a particular technology for self-help is acceptable is the level of inequality between the parties and the effect of the technology on that equality. I believe it is worthwhile to consider this more systematically and explicitly than has been the case where courts have dealt with individual instances of violent self-defence by a weaker party against a stronger attacker because there are other forms of inequality that may be relevant in different contexts. As discussed further below, inequalities in physical strength are not the operative inequalities in cyberspace, and it is worthwhile asking what problematic inequalities may exist in cyberspace that would benefit from technological amelioration.

At the same time, when choosing principles for technological self-help, it is important to pay attention to the ways in which technological evolution may upset the balance struck by the existing rules on self-help. Technological development may raise the risks associated with self-help. As more elaborate and destructive weapons are adopted, the risk of disproportional damage and harm to bystanders can increase, although this is not invariably true. To the extent that technological development permits more proportionate responses and more accurate targeting, so as to avoid innocent bystanders, it may lower the risks associated with self-help. As a result, whether or not a given technological tool should be permitted for use in self-help should be assessed according to the tool’s characteristics.

To the extent that technological self-help is permitted there is an incentive to engage in technological arms racing. It is unclear whether these arms races are wasteful or productive, given that they may spur useful innovation.[51] However, it may sometimes be thought good policy to declare a winner of the arms race by law in order to stop a wasteful race. Douglas Lichtman points to the Digital Millennium Copyright Act[52] as an attempt to stop the arms race between copyright owners seeking to use technological protections against copying and those seeking to break the protections.[53] The development of peer-to-peer (P2P) file-sharing networks was an arms race in which

copyright holders us[ed] mislabeled decoy files to pollute the new networks, while network designers worked to build reputation information into their architecture such that a user tricked by a decoy file could warn other users not to download that false file or even interact with the trickster who introduced it.[54]

It is possible that some of this technological competition has produced useful innovation with respect to reputation and trust systems. Whether or not a given arms race is wasteful or productive will likely vary according to the specific technology and context.

The development of technologies that permit individuals to avoid or prevent harm through self-help provides the state with a reason to withdraw from addressing the harms itself. Writing about the constitutionality of government regulation of online speech, Tom Bell makes the argument that “[t]he mere possibility that user-based Internet screening software would ‘soon be widely available’ was relevant to our rejection of an overbroad restriction of indecent cyberspeech.”[55] This was because the existence of technological solutions showed either that the state did not have a compelling need to restrict speech or that there were less restrictive means for the state to achieve its compelling objectives.[56] Bell writes that the existence of cost-effective technological solutions to a problem should militate against state intervention.[57] While this seems like good advice, given resource constraints and all of the other things the state could be doing, it is important to scrutinize the effects of such a tendency. If the technological solution is not easily available or usable by all, there will remain a group that cannot protect itself. In addition, Bell’s example involves the application of a technological solution that is lawful and low risk, whereas other technological solutions enabling individuals to prevent or avoid harms might be less benign. In those cases, state law enforcement may be a preferable way to deal with the harm.

In sum, the principles for technological self-help should build on the familiar rules of self-help, but they should also take into consideration the ways in which the concerns at the heart of those rules are affected by technologies. In addition, the concern with equality—already latent within the rules of self-help—should be understood in a broader way that permits it to help with setting appropriate rules for self-help activities in novel areas such as cyberspace. The proposed modifications and additions to the familiar rules are the following:

  • Only certain legal interests can be defended using force. The law clearly accepts the protection of property and of the person from physical interference, and the abatement of nuisances.

    As technological change alters society and the kinds of harm that affect people, we may need to understand these concepts differently. For example, the increasing collection of personal information renders individuals vulnerable to its misuse. The law should contemplate the possibility that defence of the person might extend to self-defence against invasions of privacy, and the collection and misuse of personal information. As another example, the importance of information suggests that data perhaps ought to be understood as property, so that interference with stored data (e.g., corruption of data through hacking or malware) could be met with self-help in the form of abatement of nuisance or defence of property. Similarly, interferences through electronic means may now be sufficiently harmful to justify a self-help response even if prior case law mostly dealt with physical trespasses.[58]

  • To the extent that the technology’s use is to be permitted, rules regarding bystander compensation should be strengthened. Though the increased destructiveness of a new technology militates against permitting its use in self-help due to the increased risk of harm to bystanders, the increased specificity of a technology (i.e., better targeting) militates in favour of permitting its use in self-help since it reduces the risk of harm to bystanders.

  • Concerns regarding fuelling an arms race by permitting the use of a technology in self-help must be balanced against the possibly beneficial effects of innovation that results from the arms race.

  • Technologies that decrease inequality should be permissible when used in self-help by disadvantaged persons, even if their use by others would be unacceptable because they would be considered disproportionate. An example here is the judicial acceptance of resort to a handgun by a physically weaker person in defence against a stronger person.

    However, as technological evolution continues to shift the nature of human interaction and competition, and the nature of the harms that people may cause to each other, it is necessary to consider inequality in other dimensions than physical strength. As discussed below, the forms of interaction and types of harms that may be caused over the Internet are different from the standard example of a physical fight: inequality may consist not in physical strength but in bandwidth. Should technological responses that amplify the offensive ability of a defender be permissible?

B. Some Forms of Self-Help in Cyberspace

There are many cyberspace examples of disagreement over the proper limits of self-help. Cyberspace provides a particularly rich context within which to consider self-help because law enforcement has tended to be ineffective in combating various kinds of Internet-borne harms. It is challenging for law enforcement authorities to respond to these harms as they often demand a high degree of technical expertise of the police, and may also involve multiple jurisdictions. In addition, with the exception of child pornography, these harms tend to involve financial loss rather than physical violence, and so may be viewed as less deserving of the investment of law enforcement resources.

The CSI Computer Crime & Security Survey (CSI report), now in its thirteenth year, reports that in 2008 only twenty-seven per cent of respondents reported cyber attacks to law enforcement.[59] About half of the respondents stated that they “[d]id not believe that law enforcement could help in the matter.”[60] The CSI report states that “this doesn’t say good things about general perceptions of the capability of law enforcement agencies to deal with cybercrime.”[61]

As a result, individuals and organizations are, to a considerable extent, left to look after their own interests rather than being able to depend upon state intervention. Indeed, a large security service sector has developed to offer privatized protection for a fee. These services largely center on defensive strategies, but the question of whether it is permissible to use offensive measures against these harms resurfaces repeatedly. In some cases, the aggressive measures are undertaken by the victim himself, by a third party who has been hired to protect the victim, or by so-called “cyber-vigilantes” who act on their own initiative.

The proper limits of self-help in cyberspace are currently unsettled. There is no consensus on whether it is acceptable to hack back against someone who is attacking your computer, or whether it is acceptable to disable a computer or network that is infringing your copyright, trafficking in stolen information, circulating malicious code, or trying to “phish” your customers.

In the following sections, I will briefly describe some of these debates, before going on to consider how the proposed self-help principles might apply to some of these cases.

1. Denial of Service Attacks

A denial of service (DoS) attack refers to the act of sending an overwhelming amount of Internet traffic to a target so that the target is disabled and prevented from undertaking normal communications. Sometimes the objective is not to completely disable a site, but instead to slow normal communications—a practice known as “bandwidth hogging”. These attacks are usually launched simultaneously from many computers in a distributed denial of service attack (DDoS). The deliberate launch of a DoS attack is a crime in numerous countries including Canada, the United Kingdom, and the United States.[62] Nonetheless, DoS or its more moderate version “bandwidth hogging” have, on occasion, been used as a form of self-help.

In early 2000, Conxion Inc., which hosted the server of the World Trade Organization (WTO), responded to an attack launched by the Electrohippies by redirecting the attack back to the E-hippies’ server.[63]

Several attempts to deal with spam using DoS or bandwidth hogging have also been made. In 2004, Lycos launched an anti-spam campaign that offered its users a screensaver program that would use idle computing power to repeatedly contact spammers’ websites.[64] The screensaver apparently had some success against spammers, taking several spam websites offline, although Lycos maintained that it was not engaged in DoS, but was just slowing bandwidth to increase the cost of spamming.[65] Nonetheless, spammers quickly responded, attacking the site offering the screensaver and circulating malware masquerading as the screensaver.[66] Various “vampire” programs, such as SpamVampire and LadVampire, were also programs that would repeatedly re-load a spammer’s website or the website of a company being advertised through spam.[67]

The bandwidth hogging technique has been used against sites engaged in online fraud.[68] Certain forms of online fraud, such as phishing or advance fee fraud (also known as 419 fraud), make use of false financial websites.[69] In the case of phishing, once a company or institution learns that its customers are being targeted, it is important to stop the attack as quickly as possible in order to minimize losses. Usually this involves an attempt to track down the computer that is hosting the phishing website and to have that website removed or traffic to the site blocked.[70] This can be a laborious and time-consuming process given that the appropriate internet service provider (ISP) must be found and convinced to act.[71] Markus Jakobsson and Steven Myers report rumours that where this approach has been found to be ineffective, some service providers have launched DoS attacks on the phishing sites in order to prevent potential victims (their clients) from accessing the phishing sites.[72]

As for advance fee fraud, the Artists Against 419 used to offer a variety of “bandwidth hogging” tools to be used in a “419 Flash Mob”.[73] These flash mobs were “organized bandwidth” attacks against fraudulent sites—many people repeatedly visited the sites until the sites reached their bandwidth limit or their internet hosts noticed the traffic and shut down the sites. As Artists Against 419 says, “[t]he whole time these run on your machine, you are stealing bandwidth from the scammers.”[74]

A key problem with responding either with DoS or bandwidth hogging is that most spammers and phishers are using a network of compromised computers. As a result, an attempt to strike back at them will likely affect the owners of compromised computers and their ISPs rather than the criminals who easily move on to other compromised computers.

DoS or bandwidth hogging are also used to combat P2P file sharing of copyrighted works. MediaDefender is a company that offers “peer-2-peer anti-piracy solutions” of various types, including planting false files on P2P networks to make finding a desired file more difficult and frustrating.[75] In addition, however, MediaDefender is also reported to use “interdiction” and “swarming”.[76] Interdiction is a form of DoS, in which MediaDefender makes constant connections to the infringing files in order to exhaust the provider’s bandwidth and to stop others from downloading the files.[77] Swarming is used to disrupt BitTorrent networks, which assemble files from small pieces gathered from different users. MediaDefender provides pieces containing the wrong data, so that the reassembled file is degraded.[78]

A recent controversy erupted when MediaDefender disabled the computer network of Revision3, a company that produces and distributes television shows via BitTorrent.[79] Revision3 had been running an open BitTorrent tracker (a server that coordinates communication between peers in the network who are trying to transfer files), which, unbeknownst to Revision3, was being used to list pointers to a large amount of unapproved copyrighted content.[80] MediaDefender had been accessing the tracker to post fake files, but when Revision3 noted the problem and closed the tracker over a holiday weekend in order to fix the problem, MediaDefender appears to have launched a DoS attack against the tracker. The attack shut down the company’s Internet site, RSS server and internal email.[81] MediaDefender maintained this had never happened before and was unintentional, although Revision3, relying on other reports of MediaDefender’s use of DoS, claimed that MediaDefender’s servers were automatically programmed to launch DoS attacks on formerly open BitTorrent trackers that shut MediaDefender out. The CEO wrote a blog posting warning others of the risks of such mistakes:

[W]hat if MediaDefender discovers a tracker inside a hospital, fire department or 911 center? If it happened to us, it could happen to them too. In my opinion, MediaDefender practices risky business, and needs to overhaul how it operates. Because in this country, as far as I know, we’re still innocent until proven guilty—not drawn, quartered and executed simply because someone thinks you’re an outlaw.[82]

These anecdotes illustrate that DoS or at least bandwidth hogging have been used as a form of self-help in several instances in order combat spam, online fraud, and copyright infringement. These examples also illustrate some of the problems associated with self-help, namely, the risk of erroneously hitting an innocent party, as well as the risk of escalating conflicts as a cycle of response and counter-response develops.

2. Counterstrikes, Malware, and Hacking

There have been multiple suggestions in recent years that various forms of Internet counterstrikes ought to be permissible. The following overview illustrates the continuing interest in allowing people to hack back against those who are harming them online, as well as the continuing concern about the potential consequences of doing so.

In 2002, Timothy Mullen set off a lively debate over the propriety of Internet counterstrikes in the context of trying to stop the propagation of Internet worms. He proposed that it ought to be permissible to hack into computers infected with the Nimda worm in order to disable the worm and prevent its further propagation.[83]

In 2001, lobbyists attempted to have a provision included in the USA Patriot Act[84] that would have immunized copyright owners from liability for data losses they caused to others while attempting to “impede or prevent” electronic piracy.[85] These efforts culminated in the Berman Bill in 2002, which would have provided legal immunity for disabling P2P file-sharing networks where there was a “reasonable basis” to believe piracy was occurring.[86] The bill was criticized on the ground that it would permit content owners to shut down networks with impunity, affecting all activity and not just piracy.[87] In 2003, Senator Orrin Hatch expressed support for the idea of aggressive counterstrikes against copyright infringers at a Senate Judiciary Committee hearing on copyright infringement. “If we can find some way to do this without destroying their machines, we'd be interested in hearing about that ... If that's the only way, then I'm all for destroying their machines.”[88] In 2004, Symbiot released a whitepaper arguing in favour of “active countermeasures” in defence of computer systems[89] and announced a new computer security service that involved a range of aggressive countermeasures, apparently including “disabling, destroying, or seizing control over the attacking assets.”[90] The whitepaper defended the use of offensive tactics, including DDoS, “special operations experts applying invasive techniques”, and “psychological operations”.[91] The possibility that these approaches would be used generated considerable concern in the security community.[92] The descriptions were somewhat vague and no longer seem to be available from Symbiot.

The exploration by two lawyers of the possibility of having courts approve the hacking of counterfeiters’ websites, after attempts to pursue the websites through ISPs had been exhausted, raised considerable criticism in 2005.[93] The concerns had to do chiefly with the risk of harm to innocent third parties, concern over the possible abuse of power, and the escalation of the technological battle between the counterfeiter and the court-sanctioned hacker.[94]

Some groups and individuals strike back against phishing sites by hacking into them and modifying them to reveal that they are fraudulent sites.[95] In the words of one of the groups doing this, “[l]aw enforcement cannot be bothered with them—but we can!”[96]

The Internet counterstrikes that may be launched vary from relatively passive to quite aggressive, and these attacks may differ widely in the degree of unintended damage they are able to cause.[97] One key concern is that many cybercrimes are perpetrated using compromised computers, the owners and administrators of which may be unaware that their computers are being used in this way. In addition, attackers may use false source addresses, meaning that a counterstrike may hit an innocent party, perhaps generating an escalating battle when the innocent parties themselves react to what—to them—is an unprovoked attack.[98] Several legal scholars have considered Internet counterstrikes, suggesting that they be permitted in limited circumstances, but only when accompanied with a responsibility to pay damages where the attack is mistakenly launched against a legitimate party or where innocent bystanders are harmed.[99]

In addition to the counterstrikes discussed above, there are other illegal methods that may be used to combat online fraud and crime. Malware (including viruses, worms, and Trojans) may be used in attempts to gather evidence of cybercrime. For example, one amateur detective loaded a Trojan horse program masquerading as a photograph onto child pornography sites in order to infect the computers of users of those sites. The information about child pornography found on those computers was subsequently passed to police.[100] Information obtained in this way has led to convictions on several occasions, although there is a risk that evidence of this type may be excluded as unconstitutional.[101]

Malware has also been used to try to combat the spread of Internet worms.[102] In the aftermath of the MSBlast worm epidemic, unknown parties wrote another worm, which scanned the Internet for computers with the same vulnerability as that exploited by MSBlast and then installed a patch to protect the vulnerable systems against it.[103] Although the intentions were good, the spread of the remedial worm, known as Welchia or Nachi, overwhelmed some networks. In fact, Air Canada’s computer systems were affected, resulting in flight delays and cancellations.[104]

3. Data Poisoning

One of the responses that appears to have developed to deal both with phishing and with copyright infringement is the technique known as “dilution”, “data poisoning”, or “decoy files”. In essence, this involves the delivery of a large quantity of false information or degraded files to a site or network in order to reduce the overall usefulness of the data available there. The boundary between dilution and DoS attacks becomes blurred where the amount of disinformation supplied to the targeted site overwhelms that site.[105] Dilution also can be legally questionable where it violates the contractual terms of use of a targeted site.

There are multiple examples of the dilution approach to self-help in the context of fighting spam, phishing, and file sharing. Dilution was tried very early on in the battle against spam. Spammers use bots to harvest email addresses by crawling through websites. One early approach to fighting spam was to try to poison the spammers’ email address lists by creating enticing pages full of false email addresses, with links to an endless loop of further pages of false email addresses.[106]

In the context of phishing, some banks are reported to have responded by submitting large amounts of false financial information in order to dilute the useful information being received by the phisher.[107] Some anti-phishing service providers offer dilution, which involves feeding false credentials to phishing websites.[108] MarkMonitor writes that “[w]hen appropriate, MarkMonitor injects active phish sites with properly-formatted—but fake—credentials, rendering them virtually harmless.”[109] Other volunteer organizations have adopted other forms of poisoning to combat phishing. Artists Against 419 offers a “Fake Bank Form Filler”, which automates the process of filling in false bank information on phishing pages.[110] Phishfighting.com invited people to send them the URLs included in phishing emails. It would then submit thousands of false entries to the phishing sites. Phishfighting.com avoided the DoS effect by submitting its entries once every twenty seconds, which would not be enough to consume the phisher’s bandwidth.[111] The dilution or poisoning approach may not provide a serious impediment to phishers who may simply automate the verification of the data they collect, or devise methods to detect submissions from suspicious sources (e.g., multiple submissions from one source, or submissions sent via anonymous remailers and cloakers).[112]

The dilution approach has also been adopted by copyright owners to combat P2P file sharing. The method involves injecting into the network large numbers of decoy files that look like the desired files but in fact are unreadable or different from what was expected.[113] This is meant to discourage file sharing by making it harder for people to find the files they wish to download. As a result, P2P systems have developed techniques to defeat poisoning, including various forms of reputation system.[114]

MediaDefender is a company that offers “peer-2-peer anti-piracy solutions,” which are described as “non-invasive technological countermeasures ... to frustrate users’ attempts to steal/trade copyrighted content.”[115] The company states that “decoying” and “spoofing” are their most commonly used techniques, which involve planting false files in P2P networks and sending searchers to the wrong locations in order to make the real file more difficult and frustrating to locate.[116]

One of the standard license terms included in the P2P software program KaZaA forbids users from intentionally uploading “spoofed files or files with information designed to misidentify the actual content of the file.”[117] Although some suggest that this provision might be void as contrary to public policy, the provision technically does make poisoning a breach of contract.[118]

4. Defamation Attacks

Defamation attacks are attempts to disrupt the underground marketplaces in which stolen financial information is traded.[119] These sophisticated online marketplaces feature volume discounts, and pricing variations, such as higher pricing for stolen credit cards with higher credit limits.[120] Also available on these markets are bank account data and “full identities [including] date of birth, address, and social security and telephone numbers.”[121] Administrators of the markets verify participants in an attempt to permit market participants to distinguish between the “honest” and “dishonest” criminals.[122] Various services are also advertised, including those of cashiers who specialize in converting financial data into money, and others who sell the email lists and compromised computers for use in phishing.[123]

Researchers of these underground marketplaces have suggested a couple of counter-measures to reduce the number of transactions.[124] The so-called “slander attack” involves eliminating the verified status of a buyer or seller through “false defamation.”[125] The purpose is to create a lemon market by falsely defaming verified participants, so that there is no price advantage to trustworthiness, causing the general quality of the market to decline.[126]

Although it seems unlikely that the victims would complain, it may be defamatory to spread false information that a vendor of stolen credit cards sells cards that will not work. It is generally defamatory to impute dishonesty to someone, although in this case it seems inappropriate for the law to protect a reputation for “honour among thieves”.

C. Application of the Principles to Self-Help in Cyberspace

The purpose of this section is to illustrate how the principles of technological self-help, discussed above, might play out in the context of some of these types of self-help in cyberspace. In particular, I will consider the effects on equality of the use of the Internet in these self-help activities, the issue of arms racing, and the problem of harm to bystanders.

Inequality in physical strength is not the relevant dimension of inequality in the context of online attacks. Instead, attackers and victims may differ in the degree of computing expertise or the amount of bandwidth that they can muster. In addition, cyberspace has several structural attributes that more subtly affect the balance of strength between parties online. I will call two of these attributes the “amplification effect” and the “coordination effect”.

One key attribute of the Internet is the amplification effect. In essence, the Internet enables one person to affect a huge number of people since it both shrinks distances and permits a high degree of automation. The collapse of distances allows an individual on one side of the globe to consider hacking targets throughout the world. Automation renders activities like spamming and phishing profitable because of the scale increase and cost reduction that it enables. It is fair to say that this attribute of the Internet amplifies the power and reach of the individual.

The coordination effect is another key attribute of the Internet. It flows from the “many-to-many” structure of the network. In essence, collaboration between large and physically scattered groups of people is made simple. Examples of this effect are numerous: wikis and P2P file sharing are two such examples. DDoS attacks also illustrate this effect. The flood of communications that disable a target is made possible by harnessing an army of individual computers into a coordinated attack. In these examples, individual people or computers are empowered by the network to accomplish things collectively that simply could not be done as effectively alone.

All of these factors suggest that the Internet has shifted power toward individuals, for better or worse, considerably beyond their previous limitations. In some cases, this power is misused against others online. An approach to self-help that is sensitive to inequality would permit victims to adopt measures that are arguably necessary to neutralize the level of strength that an attacker obtains through the amplification and coordination effects, as well as through a higher-than-usual level of technical know-how. This would mean (a) permitting victims to employ security services to defend themselves, in order to neutralize the disparity in technical know-how between victims and attackers; (b) permitting victims to make use of the coordination effect by engaging in certain forms of collective response (e.g., bandwidth-hogging tools up to and perhaps including DDoS attacks); (c) permitting victims to disrupt the harmful use of coordination by others (e.g., by permitting defamation attacks and by allowing data poisoning of file-sharing networks with degraded and mislabeled versions of copyrighted content); and (d) permitting victims to take advantage of the amplification effect (e.g., bandwidth hogging up to and perhaps including levels of DoS).

As is the case with self-help in general, where a victim fights back in a manner that is unreasonably dangerous, bystanders who are harmed may sue in negligence. This is most likely a necessary control on the use of self-help in cyberspace, where it is likely that bystanders may be harmed by certain kinds of attacks. As noted above, many forms of harmful activity online are launched from networks of compromised computers—“botnets”. On the one hand, an attack on one of these computers is unlikely to greatly disrupt the activities of the controller of the botnet, since the botnet offers thousands of compromised computers to take the place of the attacked computer. On the other hand, the hapless owner of that computer and his ISP will have to deal with the attack. Where a victim attacks a phishing website hosted on a compromised computer, the ISP who offers services for that computer and other users of the ISP’s services will have their service degraded as well. The existence of a claim in negligence for such cases would hopefully ensure that the risk being imposed by the party engaging in self-help was reasonable under the circumstances, and that the harm to innocent bystanders was not too severe.

In fact, an approach of this type might spur innovation in the area of how to target responses more carefully. For example, Meer, Temmingh, and Van der Walt propose an intermediate response that they call “passive strike-back”. They suggest that the danger of harming innocent parties is obviated with the passive strike back because

[t]he driving principle behind passive strike-back is that the strike-back is never ‘launched’ against anyone. Unlike signature-based defence systems passive strike-back doesn’t attempt to spot an attack and then respond, rather passive strike-back allows the attacker to ‘fetch’ the strike-back attack himself.[127]

As they say, “[i]f we can accurately distinguish an attacker who surfs our site from a legitimate user, we can easily send malicious code to be executed in the browser.”[128] They suggest mechanisms to distinguish attackers from legitimate users, such as responding to scanners with intriguing messages that suggest vulnerability at a particular location and delivering malicious code only to those who then go to the location to investigate.[129]

Clearly, innovation of this type is likely to draw forth counter-innovation in how to dodge these techniques. It is the kind of technological arms race that legal regulation is sometimes required to halt. The question is whether technological self-help is in fact a wasteful arms race that we wish to stop. Unlike the invention of bigger and more destructive weapons with which to out-class an opponent, the kind of invention in this arms race may involve techniques more akin to cloaking, detection, counter-cloaking, and so on. This type of arms race may generate innovations with other uses and so might not be a wasteful arms race.

In sum, a concern with inequality of strength in the context of cyberspace attacks would look not at physical strength but at the manner in which the Internet provides an attacker with the ability to launch automated and coordinated attacks across great distances. It would suggest that a defender should be able to make use of technological responses that help neutralize this disparity in strength. Yet, the problem of harm to bystanders is a real one, which should be controlled through negligence liability. This liability risk may help generate useful innovation in the form of techniques that offer a more precisely targeted and calibrated response that reduces harm to bystanders.

Conclusion

This article has sought to clarify the relationship between legal self-help, technology, and equality. Each of these three elements is in a complex relationship with the other two.

With respect to self-help and technology, the legal rules guiding self-help sometimes condone and sometimes prohibit resort to technological tools with which to pursue one’s legal interests. This has important ramifications for the efficacy of self-help. Technological evolution may challenge the balance at the heart of the rules on self-help. Technologies may increase or decrease destructiveness and risks to bystanders. In addition, if technologies can be freely used to pursue legal interests, a technological arms race may develop. It is necessary to consider whether that arms race is wasteful or productive when deciding whether or not resort to a given technology should be an acceptable action in self-help.

Self-help regimes and equality are also linked. Self-help regimes are said to undermine equality since they favour the strong over the weak, which suggests that a monopoly on state enforcement of legal rights is more conducive to social equality. This is not necessarily true, given that access to justice is not equally distributed.

As for the relationship between technology and equality, the usual story of the source of inequality, rooted in unequal access to technology, is an incomplete picture. Technologies may promote or decrease equality, and may do so to a net social benefit or detriment. Some technologies may require us to face a difficult choice between allowing the use of technologies that promote equality and imposing net social costs on other values.

In the end, the principles for determining the legal bounds of technological self-help should build on the recognized self-help principles related to necessity, reasonableness, and proportionality. When determining whether to accept the use of a given technology, the principles should also include explicit consideration of the effects on equality, the bystander risks, and the question of whether the innovative arms race would be wasteful or productive.

The forms of human interaction and the nature of the harms that matter, shift with technological evolution. Therefore, when considering the effects of a technology on equality when used in self-help, one should consider not only equality in physical strength—the usual dimension of equality at issue in self-defence, for example—but also other ways in which parties differ in their ability to protect their legal interests.