New Cybercrime Lingo, New Ways to De-Weaponize the Perps
Remember when everyone knew -- and used -- words like “switchboard” and “intercom?” You don’t have to admit this aloud. As words such as these become obsolete, they’re quickly replaced by others. Consider “doxing” and “swatting,” two words in the communications technology/data security world that first came to my attention just the other day. Neither word is brand-spanking new (and swatting, with respect to insects at least, has been around for eons), but with respect to harnessing technology for unsavory purposes, both represent relatively new phenomena.
First, some definitions:
- Doxing is a form of harassment in which victims’ personal information is published without permission, often with the intent to seek revenge and, sometimes, cause harm. This could be Social Security numbers, home addresses and other property information, names of family members, phone numbers, bank information, and, among many other things, campaign contributions.
- Swatting is another form of harassment. In these cases, perpetrators call in emergencies that direct first responders (as in SWAT teams) to places where there are no events requiring such response. They do this either to harass the intended victim or simply to distract law enforcement from other activities for which its timely response could be critical. Both are criminal.
All of this is relevant for a number of reasons.
As someone who teaches a graduate-level class in IT ethics, I spend a good deal of time discussing the legal and ethical issues associated with hate speech -- particularly that which is online and frequently anonymous. Computer and IT graduate students get amped-up on this for good reason -- perspectives on these topics are very personal and deep-seated. Anyone who has weighed both sides of the balance between privacy and data security understands this challenge.
Distasteful as it is, hate speech, in and of itself, often is Constitutionally permissible under the First Amendment’s guarantees of free speech. But the question here is whether the law treats doxing and swatting differently than it does hate speech, and the answer is probably yes.
A recent law review article in the Federal Communications Law Journal (Volume 70, Issue 3, September 2018) raises some interesting enforcement mechanisms for combatting doxing and swatting. While the First Amendment protects hate and other offensive speech, the author points out that government regulation of “content-based or viewpoint-based” language, even if the language amounts to offensive communication,” faces strict scrutiny, the highest -- and toughest -- standard of legal review, a very difficult standard to reach for a plaintiff or victim of doxing. While shouting “FIRE!” in a crowded building isn’t protected speech for obvious reasons, calling someone a cross-eyed, smelly, three-toed sloth is protected because it’s viewpoint-based and not a call to action. Who knows? It might even be true. But I digress.
The laws from which most doxing and swatting enforcement mechanisms are evolving originate primarily from those laws and policies designed to prevent and combat harassment and its powerful technology-driven component, cyberbullying. Regulations against cyberbullying fall mostly in the realm of the states, although some federal legislation exists on this topic.
From a legal perspective, it’s important to remember that there is a critical difference -- but a fine line -- between content- or viewpoint-based language, which falls under the protections of the First Amendment, and conduct-based actions, which can be considered actual harassment and trolling. Once you enter the domain of conduct, the First Amendment’s guaranteed protections no longer apply. In other words, while regulating speech and content generally are tough to litigate because of the guaranteed First Amendment protections, regulation and enforcement of actual conduct are much more cut-and-dried and likely to succeed without bumping into Constitutional rights (and likely losing a court battle).
One of the challenges with statutory language designed to combat harassment is that it tends to be overbroad. With clarity and precision, such laws are also difficult to enforce. Once a party crosses into the terrain of protected speech, the likelihood of success in litigation drops precipitously.
Strategically, the best argument to be made, long before any papers are filed, is that the parties not only had the intention to harm, but actually caused harm as a result of conduct. Insulting someone is likely protected speech. Revealing personal information intentionally not only isn’t protected, but criminal.