See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

Doxxing – An Online Phenomenon

The Era of Hacktivism, Doxxing, Cyberbullying...and more.

It came as no surprise that recently Twitter CEO, Dick Costolo, admitted that the company “sucks at dealing with abuse and trolls on the platform, and we’ve sucked at it for years” in a leaked internal memo. Admitting their failures in dealing with online harassment and abuse, it’s a slow reaction to the all too common occurrence of abusive tweeting, Trolling and cyberbullying people encounter via the platform. The ease with which people can be intimidated and humiliated online has lead to certain “trends” and mass attacks on individuals – such as the recent onslaught of doxxing in what’s been known as #Gamergate.

For those unfamiliar with the term, doxxing or doxing (“dropping box”) is traditionally the online practice of researching and broadcasting personally identifiable information about an individual. Related to cyber vigilantism, hacktivism and cyber bullying, it involves searching publically available databases and social media websites, hacking and using the information found for a variety of purposes.

Social media platforms provide high levels of self disclosure but low levels of security. It’s no surprise with the mass amount of information available on the internet and the instant communication resources of social media, that finding, harvesting, distributing and exploiting this personal information is becoming easier, faster and unfortunately more common.

But with these advances providing for negative antics, blurred lines are also beginning to appear within the concept. Typically cyber hacktivism, with examples of abusive and threatening acts, it has undergone a non-pejorative interpretation by journalists, with the New York Times stating “doxxing is the new name for reporting”. This is after the mixed reactions to Newsweek’s Leah McGrath’s investigative report revealing Satoshi Nakamoto as the supposed creator of Bitcoin– by utilising information found on the internet. As The Economist asks; “Was it tenacious reporting or needless exposure – good doxxing or bad?” Journalistic ethics aside, other examples of this “vigilante justice” has also occurred to aid law enforcement, business analysis, extortion, coercion and more.

The group Anonymous brought the term mainstream in the early 2000s. Activists and Hacktivists that describe themselves as an “internet gathering" with "a very loose and decentralized command structure that operates on ideas rather than directives" are infamous for their well-publicized publicity stunts DDoS attacks on government, religious, and corporate websites. Their choice of “attacks” vary from Government agencies (supporting WikiLeaks), child pornography sites, the Westboro Baptist Church and many more and encouraged other groups such as LulzSec and Operation AntiSec. Named as one “100 most influential people” by Time in 2012, their use of doxxing has named them both “digital Robin Hoods” and “cyber terrorists”.

Recently, acts of doxxing connected to the group met mixed reactions from the public, media and authorities alike, as in the wake of the fatal shooting of teenager Michael Brown, members of Anonymous tweeted what they claimed to be the identity of the police officer responsible. Authorities claimed they had the wrong person and Twitter subsequently suspended the Twitter account. Anonymous subsequently “declared cyber war” on the Ku Klux Klan (KKK) after the group made death threat in the wake of the “Ferguson riots”. The group hacked the KKK’s Twitter account, attacked servers hosting KKK and started to release personal information about the identity of members.

#Gamergate has brought the concept of doxxing, its negative connotations and potential for damage and harassment back into the media in the last 12 months, with the viral attacks and sexist harassment of female video gamers on social media platforms such as Twitter and Reddit. Social media and video game press are ignoring internet ethics and following a distinctive sexist attitude within the gaming industry and journalism and engaging in mass-attacks of humiliation. A strong backlash against this form of online behaviour has spurred projects such as Crash Override by victim Zoe Quinn and Alex Lifschitz.  to support and advise victims of doxxing, but a need to monitor and report these cyberbullies is most definitely needed.

In the case of Christopher Chaney, he took information available from the internet, hacked into a number of celebrities personal online accounts, distributing content - and was subsequently jailed for 10 years – pleading guilty to nine felony counts including identity theft, wiretapping and unauthorised access and damage to a protected computer. Whether out of activism, reporting, boredom or spite – doxxing is an internet downfall everyone should be aware with a strong stigma and uncertainty attached. Even as recently as November 2014, an Uber executive suggested employing doxxing techniques for the public smearing of critics, and plans to spend “a million dollars” to hire opposition researchers and journalists to investigate members of the press, to go after “[your] personal lives, your families.”


Security on the internet is a trade off between safety and functionality.


Doxxing is, technically, legal if you are only finding and sharing publically available information. The illegal element comes to light when you “stalk” someone via social media , threaten, harass, steal someone’s identity, infiltrate e-mails or attempt to publicly defame them. Hackers support this when done within “ethical standards”. But quite a subjective set of ethics seems to apply.

The defamation case of Internet Brands v. Jape explored the liability of a UGC website in this activity, as this is the forum where a lot of “typical” doxxing originates from. Taking note of a previous decision (bad Jones v. thedirty opinion), the court examined § 230 of the Communications Decency Act. § 230 of the CDA “precludes plaintiffs from holding interactive computer service providers liable for the publication of information created and developed by others.  And, in that case, it recognized (like all other courts before it) that § 230 protection is broad. Therefore no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider, making it extremely hard to create a liability for this behaviour, with Internet Brands v. Jape arguably erring in law. The test is not whether the objectionable content was “endorsed,” but instead whether the content was “independently created or developed by third-party users”, which is rarely disputed.

Whilst the act of doxxing is not technically illegal – harassment, defamation, identity theft, fraud and many more crimes exist by extension of this and so hackers, cyber-terrorists and cyber-bullies should be held accountable for. Yet as many of these attacks take place on websites and social media and courts are reluctant to accept mere printouts as this data is easily edited, deleted or falsely created, people engaging in litigation and eDiscovery of this content need a strong eDiscovery tool to capture, store and monitor this abuse and to present it as admissible evidence in court.


How can WebPreserver help?

WebPreserver can capture, store, share and create legal evidence from content placed on the internet and social media networks. This innovative eDiscovery tool is essential for legal professionals, digital forensic scientists and law enforcement authorities. WebPreserver creates strong, authenticated content to ensure to admissibility of evidence, your case and protection against continuation of Cybercrime.

The information and materials on this blog are provided for general and informative purposes only and are not intended to be construed as legal advice. Content on this blog is not intended to substitute the advice of a licensed attorney, as laws are subject to change and vary with time, from jurisdiction to jurisdiction. Content on this blog may be changed without notice and is not guaranteed to be complete, correct or up-to-date.

Related Posts

9 Rules for Government Social Media & Website Archiving Compliance

The need for clear communication at all levels of government has never been greater. Governmental bodies must ensure transparency, trust and professionalism with their colleagues and, more importantly, with the public. Getting this right isn’t just a case of better public relations—it is a matter of compliance.

6 Steps to Implementing a Legal Hold

Companies must ensure they are in total compliance with data preservation requirements—and with the growing amounts of ESI generated, it is increasingly common for litigation to require access to evidence stored digitally. So what can legal teams do to ensure that crucial data is placed on legal hold and not disposed of?

What Is WORM Storage? And Why Is It Important?

When it comes to compliance, those working within heavily regulated industries are well accustomed to the constant introduction and updating of new legal rulings. Thankfully, technology keeps evolving in support of businesses to help make meeting these requirements an achievable and even streamlined process.