BY MIKE MASNICK
There has been a debate over the past few years about the legality of “doxxing,” which would loosely be defined as identifying individuals and/or their personal information which they’d prefer to remain secret. This is coming up in a variety of contexts, including effort to unveil the whistleblower who first called attention to President Trump’s questionable call with Ukraine’s President. However, we also noted in passing, last week, that the new privacy bill from Reps. Zoe Lofgren and Anna Eshoo contained an anti-doxxing clause, which states:
Whoever uses a channel of interstate or foreign commerce to knowingly disclose an individual’s personal information— (1) with the intent to threaten, intimidate, or harass any person, incite or facilitate the commission of a crime of violence against any person, or place any person in reasonable fear of death or serious bodily injury; or (2) with the intent that the information will be used to threaten, intimidate, or harass any person, incite or facilitate the commission of a crime of violence against any person, or place any person in reasonable fear of death or serious bodily injury, shall be fined under this title or imprisoned not more than 5 years, or both.
At a first pass, you can certainly understand the thinking here. If you’re looking to disclose someone’s personal information in order to “threaten, intimidate, or harass” someone, that feels problematic. But, then again, what is meant by “intimidate or harass” in this situation could matter quite a bit. What got me thinking about this again was another news report, about people doxxing members of a defunct neo-nazi online forum:
The metadata of a now-defunct neo-Nazi message board that is considered the birthplace of several militant organizations—among them the U.S.-based terror group Atomwaffen Division—was dumped onto the internet by what appears to be anti-fascist activists. The site, IronMarch, is widely associated with the rise of the new wave of white supremacist accelerationst groups advocating for armed insurgency against society. The site ran from 2011 to 2017 and garnered more than 150,000 posts while active. The dump of its inner workings includes the login names of its former members and their associated emails and IP addresses.
For fairly obvious reasons, many would likely argue that we should want those people identified. And while the report notes that efforts are underway to try to track down the identities of people who were active on this forum, and it could be argued that the intent behind figuring out who was on this forum is to “intimidate or harass” those individuals (for being Nazis), I think many people who might otherwise support these kinds of privacy laws might take issue with the idea that revealing these individuals as Nazis and/or Nazi sympathizers should be illegal.
And that, again, gets at part of the issue with legislating privacy. Context matters quite a bit, and it’s pretty difficult to write context into the law. Yes, doxxing is often used in negative ways to harm, intimidate or silence people. But it can also be used to reveal people who are doing crazy stuff hidden behind a shield of anonymity.