Many Volokh Conspiracy readers, I imagine, have probably heard of the national security law and policy website Lawfare, or perhaps have read it occasionally. It has emerged as the most important, go-to site for national security law and policy, widely followed by journalists, academics, and government officials, particularly in the Defense Department and intelligence community. It has helped inspire some of the other leading websites offering commentary on national security law – Just Security, for example. (Co-Conspirator Orin Kerr occasionally posts at Lawfare; for my own part, when not blogging here at Volokh Conspiracy, I am otherwise known as His Serenity, Book Reviews Editor of Lawfare.)
What Lawfare hasn’t done, however, is find deep pockets or lavish funding or, really, much funding at all. The Brookings Institution, where the Lawfare editor-in-chief, Benjamin Wittes, is a senior fellow, has been very helpful as have some foundations, but otherwise it is dependent on individual donations and small amounts of institutional funding to pay the web hosting and related costs. Its technical design, security, and graphic features are very much off the shelf, and although more money would help introduce new and more sophisticated features, at bottom it’s a wonk’s website, driven largely by written content that not very many internet surfers would find interesting.
As readership increases, however, and as a site like Lawfare tries to cover topics – the military commissions trials, for example – that require sustained commitment by expert professionals, etc., costs rapidly increase. And the off-the-shelf design can leave the site potentially highly exposed in an important matter – cybersecurity.
So it’s with some frustration and concern that I note Lawfare is the target of increasingly severe cyber attacks aimed at taking down the site. Though certainly aware through reading in the newspapers and on the web about the problems that cyber attackers can bring to a site whose content they don’t like, this is the first time I’ve seen it up-close, on a site where I regularly write. At least if you’re a small, very modestly funded blog site like Lawfare, it turns out that free speech – and not even especially controversial or outrageous speech, by ordinary measures – is a fragile thing on the web. It doesn’t take all that much, it turns out, to shut it down.
You can read Lawfare Editor-in-Chief Ben Wittes’ account of these cyber attacks at the site – assuming it hasn’t been brought down again. It turns out that unless one is a very well funded, deep-pocketed enterprise – which Lawfare is not – able to afford expensive cyber-defensive architecture and design of the site, free expression is surprisingly (at least to me, as a non-expert) vulnerable on the web. Ben Wittes declines to speculate on who might be behind the attacks, and I would have no idea – but it does appear that someone is pretty unhappy with some aspect of Lawfare’s postings.
I’m a non-expert on the technical aspects of this and cyber attacks have always, for me, been something that happened to someone else and their site. When I watch it happening to a site with which I’m directly affiliated, but one which, unlike the Washington Post, is not armed with cyber engineers and security specialists and the resources necessary to address threats and neutralize attacks – well, I find it disturbing. Lawfare is going to be struggling to find ways just to stay up, and its plans to widen its coverage and activities will necessarily be slowed. It takes very little time for readers of a public website to abandon it if they don’t see it or immediate new content, as we all know as web-readers; this is not good for public debate. Free speech is more than just three dozen exquisitely curated Tumblr sites devoted to … raccoon bondage sex dungeons – important, of course, as those are:
(Update: Well played, JustinVC in the comments, well played … also, the opening link to Lawfare, fixed.)