FROM THE DIRECTOR: JANUARY 2023

Doxxing, Swatting, and Paper Terrorism? Tips to Protect Your Personal Information

By Barbara Engstrom and Stephen Seely

We all know that apps and trackers collect information from our phones, doorbell cameras, digital speakers, and pretty much any “smart” appliance.  It safe to assume that much of our personal information is no longer private.  No sooner do I type some innocuous term in an email, than I start to see targeted ads for it across my devices.  While it may seem easiest to throw our hands up in surrender, in this very polarized world malicious posting of person information, or doxxing, can have tragic consequences. Rather than surrender, to be forewarned is to be forearmed.  In this column our intrepid Outreach Services Attorney, Stephen Seely and I will chat about what bad actors do with personal information, how to discover what of your personal information is floating around on the internet, and what you can do to protect it.

BE: Stephen, I know that doxxing really came to a head during the pandemic when many health care officials were threatened at their homes and via phone and email.  What are the consequences for doxxers? Do you know of any legislation that would address the harm that doxxing causes?

SS: There isn’t a state law that directly addresses doxxing. An attempt was made to pass a law in the last legislative session that would punish people who intentionally posted personally identifiable information if they knew it would be reasonably likely to cause serious harm for the person being doxxed.[1] As you can imagine, it’s a tricky issue to legislate. You’re balancing freedom of speech against personal safety and privacy; exactly the sort of constitutional law question that leaves law students frazzled and sends judges to put on a second pot of coffee.

The law that best addresses the issue right now is the cyber harassment statute;[2] but it isn’t well suited for that purpose. The trouble is it doesn’t punish and deter people from doxxing others, it merely punishes people who’ve taken the doxxed information and used it to cause serious problems for the victim. It doesn’t treat the disease; it only helps manage the symptoms. You end up in situations where Person A posts a home address to a web forum and Person B uses that information for a harmful purpose. It’s like Person A walking into an elementary school and leaving a bunch of matches behind.

BE: Could you explain some of the other things that bad actors do with personal information such as swatting or paper terrorism? Is your sense that judges, politicians, and attorneys are at greater risk? 

SS: “Swatting” is a trending fad in the world of harassment. It’s when someone will make a “prank” phone call to 9-1-1, claiming there’s a very serious emergency that needs a large police response (like a hostage situation), and tells the dispatcher that it’s happening at your address. This leaves you very confused and scared when the S.W.A.T. team is running around on your front lawn at 2:00 a.m.

“Paper terrorism” is essentially using the bureaucratic process as a means of harassment. It’s when someone uses government institutions or the legal system to cause you problems. This can be done in bad faith, simply to be malicious. It can also be done in good faith by a delusional person who thinks they’re acting righteously or righting some wrong. I don’t want to go into specifics and give anyone any ideas, but this type of harassment can use your personal information to negatively impact your claims of property ownership, ability to sell a property, and credit report. These things can be sorted out in court, but that process is tedious and expensive, especially if your harasser is judgment proof and you’re left holding the bag.

Regrettably, personal information can also be used for some truly horrific purposes. This point was recently driven home last month when a man found the home address of the Speaker of the House and attacked her husband with a hammer in the middle of the night.[3] In 2020, an attorney in a federal case in New Jersey became angry at the judge, found the judge’s home address, and shot the judge’s son as he answered the front door, killing him.[4] In 1985 a man became convinced that a local Seattle lawyer and political figure was part of a communist conspiracy. The man tracked down the lawyer’s home address. On Christmas Eve, the man posed as a delivery man and killed the lawyer and his family with an iron and a kitchen knife.[5]

Because of the public and often controversial nature of their work judges, lawyers, and politicians do tend to be more at risk. Sometimes this is because the judge or lawyer happens to be linked to a very emotional case. Other times it’s because someone believes the judge or lawyer is responsible for their current misfortune or is the person who can fix it.

BE: So I guess the first step in the “to be forewarned is to be forearmed” mantra is to figure out what of your personal information is out there.  I know that your Skip Tracing CLE goes into quite a bit of detail, but what are the most common types of personal information on the web?

SS: Common types of information people will be able to find about you easily and freely are:

  • Home address
  • Relations (spouse, children, parents, siblings, roommates)
  • Real property you may own
  • Phone number
  • Email
  • Social media accounts

And that information can be used as a good jumping off point to find more detailed information.

BE: When you find your personal information on the web, are there any self-help measures you can take to have it removed?  I recently read that Google has a form that allows one to request the removal of personal information from Google search results.  Do you have any experience using that?

SS: I haven’t used that resource specifically, but most websites that gather and provide personal information about people have a procedure you can follow to request that the information be removed. But be prepared, this procedure is often convoluted and tedious, which discourages people from successfully requesting a removal. It’s also worth noting that an information removal process won’t always be available, it depends on the nature of the website and the country it’s based in.

BE: I understand that there are commercial services that assist with removing personal information.  How do they work?  What do they cost?  How effective are they?

SS: There are several private companies who specialize in taking down personal information that is already available on the web. The big three are DeleteMe, Optery, and Incogni. The company will routinely review websites that provide searchable personal information, check to see if your information is listed, complete the removal request process for you, and send you a quarterly summary of what information was found and how far along they are in the removal process.  They usually charge a monthly fee per person in the $10-$25 range. They also offer corporate account options. I’ve found them to be very effective in reducing the amount of personal information that’s easily available online. However, there are some websites with your personal information that are beyond the reach of the removal services. These websites might be on the dark web, based in a jurisdiction that doesn’t require an information removal process, or public records.

BE: What are other measures that judges or attorneys can take to protect themselves?

SS: If a person has been the victim of actual or threatened domestic violence, sexual assault, trafficking, or stalking; or if they qualify as a “criminal justice participant”[6] who is a target for statutorily prohibited threats or harassment,[7] they can look into applying to Washington’s Address Confidentiality Program.[8] The program helps to provide additional protections to people who need to keep their home address private.

BE: Any last bits of sage wisdom for protecting personal information?

SS: I’d recommend that everyone do a routine “security check-up” every six months. Search for yourself online to see what information is available on the web generally. Then search for your property records on your county Recorder’s Office website and search for your name on the Department of Licensing’s UCC filings website. Make sure any information filed with those offices is correct and not fraudulent.

BE: Well, I think you have us all sufficiently scared to get proactive about protecting our personal information, Stephen.  Thanks for all  the great tips!

If you have questions on doxxing, swatting, or paper terrorism and the means to combat it or any other legal research issues be sure to contact the King County Law Library. You can email us at services@kcll.org.  To find out when the next Skip Tracing CLE is scheduled at  visit our website https://kcll.org/classes-at-the-law-library/classes/cles/ .

 

Stephen Seely is the Outreach Services Attorney at the King County Law Library. He is licensed to practice law in Washington and before the U.S. Supreme Court.

[1] See https://crosscut.com/politics/2022/01/how-punishing-people-doxxing-could-prove-tricky-wa-lawmakers

[2] RCW 9A.90.123.

[3] See https://www.nytimes.com/2022/10/28/us/politics/nancy-pelosi-husband-assaulted.html

[4] See https://www.npr.org/2020/11/20/936717194/a-judge-watched-her-son-die-now-she-wants-to-protect-other-judicial-families

[5] See https://crosscut.com/mossback/2022/11/disturbing-pelosi-attack-recalls-seattles-goldmark-murders

[6] Two definitions available, see RCW 9A.90.120 and RCW 9A.46.020.

[7] See RCW 40.24.030.

[8] https://www.sos.wa.gov/acp/.