TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | It's a Dangerous Place Online—Offline, Too Related reading: Making the Case for Online Obscurity and Less Anonymity…Wait, huh?

rss_feed

""

GDPR-Ready_300x250-Ad

Since delving into the idea of PII as a weapon in Ferguson, MO, a couple weeks back, I've been struck repeatedly by the way that personal information, and the ready access to it that the Internet provides, is being used to create some serious real-world damage. 

Let's just take a peek into the gaming world, where anonymity and online personas are as developed as anywhere on the Internet. These are people who live online, who have made their presence online so constant that the online channel Twitch, where people literally spend their days watching other people play video games, just sold to Amazon for a billion dollars. And their lives online are both incredibly public—often with live streams of their faces being broadcast for hours a day—and shrouded in anonymity and pseudonymity. 

They have screen names, Twitter accounts, Reddit accounts, alternates for those accounts, profiles on video-gaming message boards—all of them linked to create online identities that can be incredibly powerful. Who runs the all-time most-viewed channel on YouTube? A dude who goes by PewDiePie and just surpassed 30 million YouTube subscribers. His schtick? He comments on video games while he plays them. 

Thirty million subscribers means real money. The video-game industry is large and growing, with huge revenue. In fact, in many ways it mirrors the early days of rap music, when money started flowing in and people started paying attention. However, instead of feuds being played out in the streets of Las Vegas, they are played out generally online, through aggressive comments and some of the foulest language and imagery you can imagine (lots of stuff I could link to, but this is a family operation here at the IAPP). 

Jed has written plenty about the issues of trolling and how it adversely affects women, particularly (women also don't often fare well in rap music). 

Lately, however, these online feuds have begun spilling more and more often into the real world, affecting both women and rival gamers, and even causing privacy headaches for authorities. 

Take the case of Feminist Frequency's Anita Sarkeesian. She's doing important work in the video-gaming space, outlining the sexist underpinnings of the gaming industry and trying to make gaming a more friendly place for women (who, surprisingly, now reportedly make up more than half of all "gamers"). Of course, since she's a woman making a pro-woman argument on the Internet, she's often subjected to the vilest stuff you can imagine. 

As you'll see from her Twitter profile, she yesterday had to remove her family from her home as she received death threats. The scariest part? The man making the threats had uncovered the location of her home, and that of her parents, and posted them online. How's that for PII as a weapon? Unfortunately, that's fairly standard practice. 

But now rivals are taking things a step further. There is a new tactic called "swatting," where gamers call in reports of active shooters in the locations of their rivals, causing the cops (or SWAT team) to show up, often more than ready to bear, as the threats often say that the shooter is waiting in a specific room and is waiting to fire upon any officers who enter the room. 

You can see the results here, as gamer Kootra finds himself swatted (skip to about 6:30):

Now, this was a place of business, and it's perhaps not fair to call their address PII, but look at what happens: An innocent person is thrown to the ground, handcuffed with a knee in the back and then interrogated. Yes, it's crazy that he actually quickly realizes what has happened and kind of finds it funny, but some of these kids play these games with prop guns and wearing crazy headgear and walking on an octagonal treadmill. What would the cops have made of that? Might they have fired?

Further, the consequences of the incident aren't just the physical effects of the raid on this company's offices, but the man's privacy is violated as well, when the officer quickly snatches up his phone and begins paging through it. The Denver Post theorized that Colorado officers would have to change their methods following the Supreme Court ruling surrounding cell-phone searches. 

Does it look like the officer had a warrant before searching that phone?

And how about this clown calling himself @ScrewPain, who is claiming responsibility for the "prank" of "swatting" @Kootra? Should Twitter give up details about his identity to law enforcement? He's basically admitting to committing a crime, one that could have had serious consequences. But I'm sure there are those who would argue that Twitter shouldn't participate with law enforcement without more evidence than what could have been a joke or a false claim of responsibility for yucks.

Finally, it's hard not to wonder about the psychological effects of operating so much of your life online and in anonymous or pseudonymous fashion. Do you begin to see your actions as not "real" since you're constantly playing them out in virtual space? Do you get ideas of grandeur after killing off a million other gamers with your virtual automatic weapons, under a false name? Do you begin to feel there couldn't possibly be "real" consequences?

Maybe most of these questions don't matter to most privacy pros, but I'm betting a lot of you operate online forums and spaces where anonymous people threaten and harass people on a daily basis. What is our responsibility if we've created that space and monitor it?

2 Comments

If you want to comment on this post, you need to login.

  • comment Christin • Sep 1, 2014
    Hi Sam - I'm glad you are talking about this.  There is a similar practice known as "doxing."  One online source describes it as "the practice of investigating and revealing a target subject’s personally identifiable information, such as home address, workplace information and credit card numbers, without consent." (http://knowyourmeme.com/memes/doxing)  I have seen instances where individual get angry while playing online games, and "dox" their opponents by posting extremely sensitive personally identifiable information, such as name, address, SSN, credit card information, academic records and more.  I have seen this information posted on sites that are known to be used by hackers and even tweeted.  Unfortunately, it doesn't stop with the posting of the opponent's information.  The "doxers" investigate and publish the PII of parents, siblings, spouses, girlfriends and boyfriends - even best friends.  In an angry or spiteful minute, this information is posted to the Internet where it can live forever.  It can shatter the lives of people that are not involved and probably are not even aware of the online altercation. And I would bet that many of the victims don't even know that their most sensitive information has been posted online.  So what do we do about it?  As individuals, we can start small.  We can educate our children and communities about the risks of the online world and how to take precautions.  As members of the privacy community and counselors to businesses large and small, the approach can be similar.  Since much of this information is gained from online sites with inadequate security or through social engineering techniques, privacy and security training (and enforcement) within organizations can help protect this data before it is leaked.  When a company discovers that information has been used for these purposes, it can utilize any applicable notice and take-down provisions, as well as any other legal measures at its  disposal.  I recognize that there are limits to how successful these measures can be, but we have to try, right?
  • comment Sam • Sep 2, 2014
    Thanks for expanding on the idea, Christin. Even though recent reports that a 15 year old was arrested for the "swatting" turned out to be a hoax, I do think it's interesting to think that many of these doxers or swatters are basically just kids, with very powerful weapons at their disposal. 
    
    If we think of PII as a weapon, we have to really consider the access to which we give minors on the Internet. Would parents just allow their kids to unlock the gun cabinet at 15? (Well, scratch that, this is the U.S., of course they would.) Similarly, we have to remember that the dangers to kids online isn't just a danger to themselves, but the danger they could cause to others without truly understanding the consequences.