Forefront by TSMP: Who Let the Doxx Out?

CLOSE

Directory

Thio Shen Yi, SC

Joint Managing Partner

Litigation

Stefanie Yuen Thio

Joint Managing Partner

Corporate

Derek Loh

Partner

Litigation

Jennifer Chia

Partner

Corporate

Melvin Chan

Partner

Litigation

Ian Lim

Partner

Litigation

June Ho

Partner

Corporate

Kelvin Koh

Partner

Litigation

Ong Pei Ching

Partner

Litigation

Mark Jacobsen

Partner

Corporate

Felicia Tan

Partner

Litigation

Leon Lim

Partner

Corporate

Nanthini Vijayakumar

Partner

Litigation

Jeffrey Chan, SC

Senior Director

Litigation

Prof Tang Hang Wu, PhD

Consultant

Litigation

Prof Hans Tjio

Consultant

Corporate

Tania Chin

Director

Litigation

Mijung Kim

Director

Litigation

Raeza Ibrahim

Director

Litigation

Nicholas Ngo

Associate Director

Litigation

Kevin Elbert

Associate Director

Litigation

Benjamin Bala

Associate Director

Litigation

Vu Lan Nguyen

Associate Director

Litigation

Stephanie Chew

Associate Director

Litigation

Ernest Low

Associate Director

Corporate

Brenda Chow

Associate Director

Corporate

Heather Chong

Associate Director

Corporate

Nicole Lee

Associate Director

Corporate

Tay Quan Li

Senior Associate

Litigation

Lyn Toh Leng

Senior Associate

Corporate

Angela Chai Rui Min

Senior Associate

Litigation

Arthur Chin Yen Bing

Senior Associate

Litigation

Joshua Phang Shih Ern

Senior Associate

Litigation

Chow Jian Hui

Senior Associate

Corporate

Claudia Hui Ru Jun

Senior Associate

Corporation

R. Arvindren

Senior Associate

Litigation

Chia Wan Lu

Senior Associate

Litigation

Lau Tin Yi

Senior Associate

Corporate

Phoon Wuei

Senior Associate

Litigation

Terence Yeo

Senior Associate

Litigation

Juliana Lake

Senior Associate

Litigation

Sabrina Lim Su Ping

Senior Associate

Corporate

Kashib Shareef bin Ahmad Hussain

Associate

Corporate

Sherlyn Lim Li Xuan

Associate

Litigation

Kimberly Ng

Associate

Litigation

Vanessa Cheong Shu Qi

Associate

Corporate

Ryan Yap Cheah Jin

Associate

Litigation

Ang Kai Le

Associate

Litigation

Glenn Ng Qiheng

Associate

Litigation

Isaac Tay Zhuo Yan

Associate

Litigation

Markus Low Yu Wen

Associate

Corporate

Stasia Ong Pei Qi

Associate

Litigation

Sarah Kim Mun Jeong

Associate

Litigation

Yang Hai Kun

Associate

Corporate

Nicole Sim

Associate

Litigation

Ryan Ang

Associate

Corporate

Juvy Pang

Associate

Corporate

John Thomas George

Associate

Litigation

Pearlie Peh

Associate

Litigation

Arvind Soundararajan

Associate

Corporate

Perl Choo

Associate

Litigation

Forefront by TSMP

2 March 2020

Who Let the Doxx Out?

New anti-harassment law in time for new virus panic.

By Adrian Tan

Cover photo credit: Jordan / Unsplash

The Covid-19 crisis that began in Wuhan, China, brings to mind earlier epidemics.

In 2003, we were in the grip of the severe acute respiratory syndrome (Sars). It was the first pandemic in the era of the Internet, blogging and social media. Amid the panic about infections, one individual was widely labelled a “super spreader”. Her name and personal details were published. She was blamed for infecting over a hundred people in different countries. Her own family died of Sars. She survived, but was widely, and unjustly, criticised.

In 2009, the first H1N1 patient’s name was published. She, too, was cursed on social media, merely for unwittingly importing the virus.

Fast forward to 2020: If you found out the name of the first person infected by the coronavirus in Singapore, would you share it? You shouldn’t, because of a new anti-doxxing law that came into force last month.

What is doxxing?

To “doxx” means to identify someone publicly on the Internet. It’s a cyber weapon used to harass and victimise. Last year alone provided two memorable examples.

Just before Chinese New Year’s Eve last year, social media was ablaze with a video showing a dispute between a Gojek driver and his passenger. The argument culminated in an allegation of hostage-taking. The mainstream media piled in. Netizens leaked personal details of a person, supposedly the passenger in the video. Her name, photograph and workplace were shared online. Memes and jokes were spread to criticise and humiliate her.

And just before Deepavali, another social media clip made the rounds. It showed a condominium resident berating a security guard. The press reported it. Readers took sides. People circulated details of a person (supposedly the condo resident). His name, photograph, workplace and income were shared. But those details belonged to a completely different person who just happened to share a similar name and workplace. Nevertheless, a campaign was started to lobby his employer to sack him, and another group tried to put pressure to have him deported.

Doxxing is a bad thing. It’s carried out with malicious intent, in order to embarrass or harass a fellow human being. Doxxers expose your birth date, address, telephone number, employment information, and photographs of friends and family. The idea is to humiliate and destroy.

The victim might suffer in other ways. Because confidential information is disclosed, identity theft becomes a risk. Crooks can piece together someone’s personal information and misuse it. To make things worse, the Internet never forgets. Years from now, if that person applies for a job, and a prospective employer googles him, the doxxed information might reappear.

Why do people doxx?

We know doxxing is bad. But why do people do it? It happens when people become upset with a wrongdoer and feel that the wrongdoer will get away with bad behaviour. Usually, it isn’t anything as serious as a crime. The wrongdoer will not be punished by the authorities. So people feel that something must be done. They have to take matters into their own hands, to name and shame.

Doxxing is “street justice”. It increases as people lose confidence in society’s mechanisms to punish misdeeds. And doxxing is easy. Anyone can publish a photograph of you and name you, without your permission. That’s why we do so much of it on social media. Users happily fill up their Instagram and Facebook with pictures of people, without their consent, and with names tagged to faces. Add to that the anonymity of the Internet, and we have the perfect conditions for mob violence through doxxing.

Anti-doxxing rules comes into force

The Personal Data Protection Act doesn’t help. It regulates how companies and businesses have to safeguard our personal data, but it doesn’t control private citizens.

Thankfully, it is now illegal to publish identity information about someone, with the intention to harm that person. This has come about because of an amendment to the Protection from Harassment Act (confusingly abbreviated by lawyers as Poha).

The upgraded Poha makes it a crime to publish your identity information if it is done with a bad intention. Broadly speaking, that would be the intention to cause you harassment, alarm or distress (and that it does make you feel that way), or an intention to cause fear of violence or facilitate violence.

“Identity information” means any information which can help identify you: It includes your name, residential address, e-mail address, phone number, date of birth, NRIC or passport number, password, photo or video, and even your signature.

The amended Poha gives examples of what is okay and what is not. Here are two examples.

X and Y were formerly in a relationship. On social media, X accuses Y of promiscuity and posts photos of Y, together with Y’s mobile number, saying “contact her for a good time”. Y did not see the posts, but is harassed by calls and messages from strangers propositioning her.

Verdict? This is not okay. X is guilty of an offence. This is because X intended to cause Y to be harassed, and Y was in fact harassed. X can be jailed or fined.

Here’s another example: Q records a video of R driving recklessly. Q posts it in a chat group, where members share clips of dangerous driving, commenting: “Let’s avoid this.”

Verdict: This seems okay. Q didn’t intend to harm R. Q was trying to educate others.

So, intent is the key.

Good, but it could be better

Our Poha is a new and improved version of laws elsewhere. The United Kingdom and Australia have laws that may be used to prevent doxxing, but those laws were passed more than a dozen years ago, before social media became popular. The United States doesn’t appear to have a federal law criminalising doxxing, but it does have an anti-stalking law that can be used for certain situations. Most other countries don’t have any anti-doxxing laws. The Singapore law, coming into force this year, is the most recent and most specific.

There are still gaps. Our law says that you can’t post personal information if you intend to harass. I would like a rule which says you can’t publish certain types of information, no matter what the intention. For example, you shouldn’t be allowed to publish someone’s income, contact details, or health information, regardless of your intention. Once the information is on the Internet, it remains there forever. It will facilitate and enable future harassment.

Antidotes to doxxing

We lawyers know the laws aren’t a cure-all. Parliament can make doxxing illegal, but that doesn’t mean it will disappear. To stamp it out, we need to do more, as individuals and as a society.

As individuals, let’s fight the urge to share everything – with social media, it’s too easy to spread videos and messages quickly and unthinkingly. There will always be incidents where people will behave badly. We will be outraged or alarmed. But each of us has to pause to consider if we ought to be an agent for anger. Sometimes, it’s better to let matters cool than to act in the heat of the moment.

As a society, we have to give the system time to work. The authorities, on their part, must be quick to watch for incidents that spark unrest and give offence. If action is needed, then that must be said, as soon as possible.

This is where some of our politicians are more effective than others. Leaders who speak up quickly and clearly, on issues that capture the public’s attention, are doing their duty to dissuade doxxing. When people know the authorities are on top of things, and are taking a strong stand, people will feel less inclined to take matters into their own hands.

Doxxing happens as part of a wider social narrative. In the Gojek incident, it was about race. In the condominium resident case, it was elitism. For overseas epidemics, we might be dealing with xenophobia. It’s important for us, as a society, to challenge such narratives. So community leaders and thought leaders must speak up when harmful narratives are propagated. If too many of us take a back seat, then others will seize the microphone and influence the message.

Will I be a victim?

We’re all human. We get upset, and we say or do things that we regret. In this age of camera phones, it’s all too easy for us to be caught at our worst moments and for those moments to define us forever. How can we reduce the risk of being doxxed?

First, avoid being inflammatory on social media. The more you hurt people, the more likely people will want to get even. That’s just life.

Second, if you are ever in an argument, or in an altercation, try your best to see if anyone is recording it. If so, take steps to ask that person not to distribute the recording. Ask politely; don’t threaten. Threats seldom work, and often backfire.

Third, if you are portrayed online as a wrongdoer, take immediate steps to control the narrative. Make a public statement. Tell your side of the story. Apologise, if you should. Be the first to let your HR department know.

Finally, if you are doxxed, report it to the police. Doxxing is against the law. Protect your rights.

2019 was a bad year for doxxing. As we enter the Year of the Rat, let’s say goodbye to the year of mindless mouse-clicking. Let’s say goodbye to “The Year of the Doxx”.

There will be a lot of unverified information out there. Don’t be a super spreader.


A version of this article was published by the Straits Times on 13 February 2020 under the headline “Taking a strong stand against doxxing”.