The success of the so-called “freedom convoy” caught Canada, and much of the world, by surprise. Yet, the tactic of simply parking vehicles to protest is not new: similar events have occurred in Europe and South America in recent years. Instead, what made this protest and occupation unique in the Canadian context is the impact generated by hundreds of thousands of online users who sought to participate, facilitate or disrupt the movement. Trucks may have been the tool, but low-level cyber actions (broadly understood) have been the lifeblood of the convoy movement.
In examining how cyber plays a role, it’s necessary to first address and dispel one of the key concerns expressed by many: Was the convoy the product of foreign interference?
At first glance, this protest has appeared very much like the kind of activity that Canada’s national security agencies have warned about for some time: one focused on a socially divisive issue (in this case, the COVID-19 vaccination mandates) that targets the legitimacy of the state and can be amplified by foreign adversaries. Could the massive online attention this movement received be due to a cyber operation by a foreign adversary such as Russia or China?
We do not yet have the full answer to this question. It’s likely that after forensic investigation, some coordinated inauthentic social media activity will be discovered. However, other than some hacked Facebook pages that tried to cash in on the interest in the convoy, there is little evidence to suggest that those who engaged about the protests online were anything but genuinely motivated individuals within and outside Canada, even if that content was shared by known amplifiers of misinformation, such as Russia’s RT (Russia Today) television channel.
In this sense, the online significance of the convoy does not likely have to do with Russian bots, but is more about the impact of individuals who found ways to engage in low-level cyber activity in both legal and illegal ways.
The most prominent examples are the crowdfunding sites GoFundMe and GiveSendGo, which allowed those who could not travel to Ottawa to directly facilitate the convoy and illegal occupation.
However, the crowdfunding sites are more than conduits for money. Instead, since the beginning they have been symbols of online resistance to authorities, which perpetuated the movement. It’s likely that if GoFundMe had taken down the campaign in its early days, the convoy would not have gotten dug in. The money raised (mostly from Canadian and US donors) became a phenomenon in and of itself, echoing the moral support and encouragement provided through Facebook, Twitter and YouTube livestreams.
There were other illegal disruptions believed to be linked to the convoy that were using low-level cyber means. In the early days of the occupation, the Ontario Provincial Police warned that thumb drives with malware that could be associated with an anti-mandate movement were being mailed across southern Ontario. Attempts to overwhelm Ottawa’s 911 emergency call system may have been at least partially automated. Social media users on the message-sharing app Telegram doxxed, or drew attention to the identities of, Royal Canadian Mounted Police officers involved in law enforcement operations in Ottawa. And, almost inevitably, some convoy supporters sought to use cryptocurrencies to circumvent court orders that froze bank accounts associated with the convoy. (Some convoy supporters also tried to float their own cryptocurrency coin, which seems to have failed.)
At the same time, cyber tools also enabled those opposed to the occupation to engage in disruptive activities. Convoy “resisters” disrupted online discussions between users of the Zello “walkie-talkie” app with music. Hackers have also stolen and leaked information from GiveSendGo twice (as of writing), providing insight into who is funding this movement. The website also suffered denial of service (DDoS attacks and a website hack).
Twitter Spaces provided a venue for Ottawa community members to express their frustration, and Facebook was used to organize during the second-last weekend of the occupation. The platform also enabled community members to organize to support those who were too frightened or unable to leave their homes.
In this way, the occupation of Ottawa provides more evidence of how cyber operations have been democratized in the service of populist movements for more than a decade. None of these efforts have been particularly sophisticated (even the GiveSendGo hack took advantage of a security lapse the platform seems to have ignored since 2018). But they have proven to be extremely effective when employed by enough people with determination or by smaller groups with a little bit of knowledge and a good sense of tactics.
We should expect to see more such activities that seek to decentralize power in future political movements.
Indeed, although a direct comparison is not possible, we are seeing similar tactics being used on a much more significant scale in the invasion of Ukraine. These include the use of open-source information, fundraising,cryptocurrencies, hacking operations and information sharing. What impact these dispersed operations will have is still an unknown. But their ability to break down borders, allowing vast numbers of people to participate in the conflict, albeit only virtually, will have states taking note.
