Doxing and law enforcement – What to look for and how to prevent
In law enforcement you put your life on the line every single day. From routine traffic stops to undercover operations, every call could potentially be a life or death situation. This is a reality modern LEOs have to make, and you and your community do what you can to protect yourself and your privacy.
But what if someone found your private information and published it online for anyone to find? Imagine receiving a letter, email, or phone call from an unknown party threatening you or your family harm, or discovering that your social security number or private passwords were posted publicly for all to see. The fear and anxiety that comes from knowing someone who has sent you threats can all of a sudden ring your doorbell or mail you an unrequested package is real, and not everyone is trained in proper self-defense techniques.
That is happening to many people. It's called doxing (sometimes 'doxxing'). Doxing is when anyone finds someone's personal private information and publicly publishes it for everyone to see. Doxing has been going on since at least 2007, but started gaining widespread public recognition in 2013. Motives can range from boredom to malice; doxing victims can range from people known personally to public figures they’ve never met but detest. Above all, doxxers hide behind Internet anonymity, making it difficult for law enforcement to track down.
Doxing is a widespread problem that has affected many people in many industries. Numerous reports and incidents are available, including some high profile cases. In 2015, CIA director John Brennan had his AOL account allegedly hacked, and the hackers “released a list of alleged intelligence community employees, along with their alleged personal emails and Social Security numbers,” according to website Vice.com. It was eventually determined that no sensitive information was released, but even the threat of released private details should be taken seriously.
More than CIA Directors have been doxed: law enforcement officers are also a target. In 2011, hacker group LulzSec released the sensitive information (including personal emails, names, and phone numbers) of dozens of officers in Arizona; this was done in response to a controversial law. In 2015, at least two LAPD officers' information was published online. Hackers also threatened to release the personal information of a Missouri Police Chief’s daughter in 2014 amid unrest in Ferguson.
But doxing can be more than just releasing someone’s private information online: it can directly involve law enforcement punishing someone the doxer wants targeted. Doxing may lead to "swatting". That is, when callers prank 911 with reports of violence or bomb threats, sending police and SWAT officers to a location the caller indicated. The officers, doing their duty, break in and often arrest the person indicated in the call as being a threat; many are later released after being deemed innocent and victim of a prank. Not only is this incredibly costly to both departments and the public (the average SWAT operation takes three to four hours, and can end up costing the department more than $1000 an hour), but the victims are essentially subjected to domestic terrorism.
What penalties happen to those who dox others? Often, it’s very severe. Penalties for swatting and creating false public alarm can vary greatly and can be quite severe. Sentences can range from 18 months in prison and a $10,000 fine for a fourth-degree charge to ten years in prison and a $150,000 fine for a second-degree charge. One 15-year-old in Louisiana swatted a fellow gamer by calling 911 and claiming on the call that he had just “shot and killed four people,” according to National Report. He went on to say, “If any police enter my home I will kill them too.” The young suspect was sentenced to 25 years to life in federal prison.
Is doxing illegal? Not necessarily. Laws have been proposed to criminalize doxing, ensuring harsh penalties for those who do it. The challenge facing law enforcement is how to pursue those who dox, and especially what actions should be taken when a doxing incident may be taking place. When officers need to do their job, how is it determined if there is a legitimate threat or not? Nevertheless, the right to privacy even online and threats to it are serious concerns.
Threat risk assessment for online threats probably wasn’t covered in officer training, but there are several strategies you can use to familiarize yourself with doxing. This dangers of doxing will only continue to grow, but it is possible to minimize them, and education into the patterns and profiles of doxers is important.
Talk to younger officers. Departments continually hire rookies who have grown up in the online world (often called “digital natives”) who are familiar with doxing, Internet threats, and online privacy. Talking to them about their knowledge of doxing can be enlightening. Encourage younger officers to speak up in department meetings about their experiences online; many know people who have pranked others online, and our shared stories foster understanding and can provide valuable insight into the minds of those who would dox others.
Identify pranks from threats. Remember that nearly everyone goes through an adolescent phase of 'pranking' others, but with the complete anonymity afforded online many may not outgrow this phase. Your right to privacy is just as great as theirs. Take threats seriously but proceed with caution to anonymous threats; many anonymous phone calls are legitimate, but some are pranks.
Listen to female officers. Women in particular may have firsthand experience with doxing. Take special care to listen to testimonies from female officers of being made to feel uncomfortable in their online interactions off-duty; doxing is often a highly damaging form of sexual harassment that can lead to threats of rape, being forced out of a job and career, or worse. Protect your officers’ online privacy and encourage them to be vigilant and report any suspicious behavior.
Ask your community. Some of us have even had friends that have been doxed, with their most private and sensitive information being exposed online, and even that of their parents, family and spouses. A few have received unwanted packages in the mail, and been forced to abandon their homes for safer locations.
Protect yourself online. Use strong passwords and consider where and what you post. Do you dare voice an opinion? Or publicly reveal whom employs you? Do you network and communicate with people, knowing one word or phrase said to the wrong person could make you the next victim? How secure are your online accounts? Maybe you will win the lucky lottery and be randomly targeted, ending up facing thousands of dollars’ worth of property damage bills. Do not live in fear but protect yourself and guard your information; this is the reality we face in the 21st century on the Internet.
For public officials and online workers, doxing is a serious threat to be considered. Law enforcement will need to rise to the challenge of confronting and meeting these new threats to people's lives and wellbeing. Doxing can be defeated and swatting prevented if law enforcement knows who and what they are looking for.
Stuart Blessman is the eCommerce and Digital Marketing Manager of Streichers.com, a 60+ year old company proudly serving the law enforcement community. A digital native, Stuart’s been involved in online communities and privacy discussions for years. He can be reached at [email protected].