PII as a Weapon

As the eyes of the U.S., and perhaps of the world, collectively turn to Ferguson, MO, following the shooting death of unarmed teenager Michael Brown, there are any number of issues that have been the subject of heated conversation: the U.S.'s continuing racial inequality; the ever-widening income gap; the role of a free press in the U.S. (two journalists have been seemingly indiscriminately arrested); the militarization of local police forces; the efficacy of the “wars” on terror and drugs and poverty (remember that one?).

Here at the IAPP, however, we also have been struck by the role of personally identifying information (PII) in what are alternately being called riots and protests.

Most notably, the online “hacktivist” group Anonymous has waded prominently into the fray, releasing an ominous video threatening digital repercussions for physical abuse against Ferguson protestors.

Watch it here:

As police officers employ varying weapons—tear gas, rubber bullets, barking dogs—in their attempts at what might be called controlling the riots (or, alternately, intimidating the protestors), Anonymous has responded by threatening to retaliate with a different sort of weapon altogether: PII.

Per the video, “If you abuse, harass or harm in any the protestors … we will take every web-based asset of your departments and governments offline. That is not a threat. It is a promise. Attacking the protestors will result in the release of personal information on every single member of the Ferguson Police Department, as well as any other jurisdiction that participates in the abuse of this state’s own law. We will seize all your databases and email pools and dump them on the Internet.”

Regardless of your views of the situation in Ferguson, the threat of the use of PII in this way is striking for anyone in the profession of protecting and caring for it. Perhaps it shines new light on the value of personal information in the first place.

Three days following the release of the video, Anonymous has made good on its threats, at least in part.

Yesterday, the St. Louis Dispatch reported, “The Internet crashed at City Hall here on Tuesday morning. Ferguson’s website went dark. The phones died.”

Further, on Tuesday, “someone posted the home address and phone number of Jon Belmar, the relatively new chief of St. Louis County police.” They posted pictures of his family. They made intimidating remarks about a picture featuring his wife. They threatened to release information about his daughter if he didn’t release the name of the officer who shot Michael Brown.

And then they recanted. “We recognize that Jon Belmar has had enough damage done to him,” Anonymous posted on Twitter.

Instead, they reportedly changed tacks and hacked into the dispatch center of the police department and grabbed the recordings of the dispatch log for the day of Brown’s shooting, then released them for public consumption. There’s some question as to the tapes’ veracity, but, again, it’s clear that digital information is being used as a “weapon” in the “battle” between the protestors and the police and other authorities.

Even as we post this blog, Anonymous threatens to release the name (and other PII) of the officer who allegedly shot Brown.

What does this tell us about information’s value? Surely, there is no question about how digital information is valued after the high-profile leaks by the likes of Julian Assange, Chelsea (nee Bradley) Manning and Edward Snowden. And there can be no doubt that “cyber-attacks” will be amongst the salvos of any armed dispute in the future, just as they are becoming amongst the highest-profile risks considered in the boardroom.

For many of you, maybe those leaks didn’t really resonate, though. You’re not exactly holding state secrets there at Acme, Inc. Maybe, however, Ferguson will resonate more closely to home. All of you hold personal data of some sort—names, addresses, email addresses, social security numbers, histories of medical issues and more. What damage could be done via their loss? Via their inappropriate use?

In Ferguson, an address, phone number and family photos are being used as retaliatory measures for tear gas and rubber bullets. That should be at least cause for reflection.

EDIT: Emphasizing how seriously Twitter takes PII, the social media platform has suspended the account Anonymous account @TheAnonMessage in the minutes after this was posted. Per the company's terms of service, or "The Twitter Rules," "You may not publish or post other people's private and confidential information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission."

photo credit: mr.smashy via photopin cc

Written By

Sam Pfeifle


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum returns to Washington, DC April 21, delivering renowned keynote speakers and a distinguished panel of legal and privacy experts.

Asia Privacy Forum 2017

The Forum returns to Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region. Call for Speakers open!

Privacy. Security. Risk. 2017

This year, we're bringing P.S.R. to San Diego. The Call for Speakers is now open. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

European policy debate, multi-level strategic thinking and thought-provoking discussion. The Call for Speakers is open until March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»