The great Catalonian cyberwar of 2017 (The Washington Post)
As the citizens of Catalonia prepared to vote on independence from Spain this month, software developers decided to offer an assist
They designed an easy-to-use Android app to help voters locate polling stations. The app’s creators reasoned that it might come in handy in case of a crackdown by the Spanish authorities, who had denounced the referendum as a breach of the country’s constitution.
The crackdown came — but even the most skeptical Catalans failed to anticipate how sweeping it would be. For weeks in advance of the Oct. 1 referendum, Spanish courts issued a flurry of orders shutting down websites that had something to do with the vote. Telecom companies received instructions to shut offuser access to information sources provided by the Catalan government. And at one point in September, the Spanish police even shut down the entire “.cat” domain by occupying the offices of its registry and arresting its head, whom they kept in custody for three days. He’s now facing sedition charges.
Not all the measures were official. Anonymous hackers shut down some pro-independence sites with DDoS (distributed denial of service) attacks. Others tried to use a spam bombardment to disable an email account used by Catalonian mayors to coordinate the vote.
And as for that referendum app? After Spanish officials learned about it, a court order was sent to Google Play, the Android-based app store, demanding its removal — and the Americans complied. “I’m a tech guy,” says Jordi Puigneró, chief technology officer of the Catalonian government. “So I’ve always been a great fan of Google and its principles of respect for digital rights. But now I’m really disappointed with the company.” (Puigneró’s office was also occupied by police during the referendum, he says.)
Spain’s heavy-handed police response to the referendum, which injured almost 900 people, ended up dominating the headlines. Yet the remarkably bitter cyber-conflict between Madrid and Barcelona has received far less attention — despite its potentially far-reaching implications.
Jeremy Malcolm of the Electronic Frontier Foundation, a group that monitors freedom of expression online, was surprised at the aggressiveness of the Spanish government’s online measures to suppress the vote: “It’s really quite unusual to see this kind of crackdown on political speech and democratic representation in a country that purports to uphold rights like Spain does.” Especially remarkable, he says, was the broad nature of the central government’s online offensive, which entailed shutting off entire swaths of the Internet. He says that Madrid’s cyber-campaign reminds him less of a liberal democracy than countries “that are under military rule or have an autocratic government.”
He hopes, he says, that Catalan activists will go forward with their vow to take the Spanish government to the European Union Court of Human Rights over its suppression of online freedoms.
A spokesperson for the Spanish Embassy in Washington had this comment: “No domain or website was closed in Spain in violation of the freedom of expression. The websites were closed because they were used to facilitate the illegal vote, providing detailed instructions and practical information. … In Spain, many websites and magazines openly advocate for independence and secession under the full protection of the law. Aside from the illegal referendum’s official websites, no other websites were closed.”
The Catalans received some unexpected (and unsolicited) help from Julian Assange, operating from his base in the Ecuadoran Embassy in London. His efforts were bolstered by an army of mysterious social media bots and Russian-sponsored media outlets. It is by now well-known that Moscow’s troll armies have a special weakness for separatist groups of all kinds, since they see them as drivers of fragmentation and instability. They may not be entirely wrong. The Catalonian leadership’s push for independence is currently shaking Spain like few other events in recent memory.