Skip to content

Doxxing: The Sequel

March 22, 2015

On March 19, 2015, I published a post about doxxing, generally known as one party’s publishing on the internet documents containing personal information about another party. In my first post, I noted that the term “doxxing” appears to cover a variety of circumstances, from the vengefully-motivated compiling and publishing of previously unpublished (likely hacked and possibly falsified) personal information, to the documenting of identities as a means of confronting and ending the abuse of those using aliases to victimize others on social media, to the linking of publicly-available documents containing personal information as a means of providing evidence regarding conflicts of interest in the dealings of public officials.

According to Curiousmatic.com writer Jennifer Markert, the term “doxxing” emerged on Google Trends in 2012, and it has its origins in the publishing of previously unpublished, personal information for destructive purposes. Markert’s description does not include a person’s choosing to include personal information on documents known by the person to be publicly available.

Regarding avoiding the publishing of personally identifiable information that an individual does not choose to reveal on sources known to be publicly available, Markert wryly offers the following advice:

A number of services, both free and paid, collect data profiles of Internet users and aggregate data from social media and public records. … 

Most services have opt out forms that can be filled out and processed fairly quickly. …

Unfortunately, many of these services continually update their data profiles and will continue to collect user information even after they’ve opted out.

Other tips to avoid being doxxed include being homeless, ditching your cell phone, not being part of the KKK, not being a woman, and not upsetting large groups of vindictive Internet users.

The March 10, 2014, Economist captures both the evolving nature of the term, including the usage of the term (and the practice) as being “non-pejorative”:

The term “dox” (also spelt “doxx”, and short for “[dropping] documents”) first came into vogue as a verb around a decade ago, referring to malicious hackers’ habit of collecting personal and private information, including home addresses and national identity numbers. The data are often released publicly against a person’s wishes. It is a practice frowned upon by users of Reddit, a popular online forum, and many others. 

More recently journalists have co-opted the phrase. It is now used by some, in a non-pejorative sense, to mean deep investigative reporting. This has blurred the distinction between nefarious digital intrusion and noble journalism.

What is implied in the Economist discourse on doxxing is that information “doxxed” has not been previously released in a public forum by the “doxxed” individual.  This assumption aligns with the Urban Dictionary, which defines doxxing as “publicly exposing someone’s real name or address on the Internet who has taken pains to keep them secret.”

Based upon the current usage of the word “doxxing” (as I have observed in researching the word and experiencing its usage), the term is now being applied to investigative research/reporting that involves linking to personally identifiable information that an individual has included as a matter of public record and that an individual knows is a matter of public record.

Thus, the term “doxxing” is now being liberally applied and has moved quite the distance from its negatively-connoted understanding as involving malicious hacking. However, what complicates the issue is that current usage of the term “doxxing” still most certainly includes malicious hacking.

As a result of my first post on doxxing, a few issues emerged that I would like to examine in the remainder of this post. The first concerns distinguishing between negatively-connoted doxxing (e.g., the “dropping” of “docs” that is generally perceived as self-serving and harmful to another) and reasonably-documented research. The second concerns testing companies’ monitoring social media. And the third involves the unique position of those in the public eye and the connection between their “newsworthiness” and reasonable-research doxxing. For this last section, I focus on my experience as one in the public eye for my public education advocacy.

Documenting Research

I am a researcher of issues related to the privatization of public education. Certain individuals and organizations are benefiting financially from converting American public education into “American test-score-driven, privatized education running on both privatized money and public funds.” Many of these individuals and organizations are involved in conflicts of interest such that they are in positions of power that allow them to direct public funding in a questionable, self-serving or otherwise biased manner. They might also be accepting private funding that reasonably compromises the likelihood of unbiased decision making toward some less-influential third party.

I investigate these questionable alliances and the financial incentives behind them.

I often support my research with information from public documents. In my case, the most utilized tends to be nonprofit tax forms. I also sometimes reference resumes and election funding reports. Each of these types of public documents could include personal addresses. Resumes might also include home or personal cellular phone numbers.

My work qualifies as “deep investigative reporting.” However, to distinguish my investigations from those discussed in the Economist article referenced above, let me clearly state that I do not ferret out previously undisclosed personal addresses and phone numbers for the sake of publishing such information (and especially for the sake of publishing such information without the consent of the individual, should an unusual circumstance present itself).

Social Media Monitoring

I have been challenged to explain how it is that I can engage in using public documents to investigate others even as I take issue with testing companies and school administrators’ monitoring students on social media. First of all, the individuals I investigate are adults, not children. Second, I take issue with the testing companies and school administrators for not clearly communicating to students the intent to monitor social media before doing so. If the testing company goal is really one of test security, it seems much more efficient to tell students ahead of time that social media will be monitored. Being direct with students about upcoming monitoring would better prevent test security breaches from happening at all– as opposed to the course that testing companies and school administrators chose of either saying nothing or (as was documented for the Smarter Balanced consortium) encouraging students to sign on school social media accounts with the known intent to monitor student activity.

I do not approve of entities with power improving their power edge via such sneaking. It bespeaks some unstated, ulterior motive.

Third, the position that anyone should be allowed to monitor another on social media without any declared intent does not carry into other public venues. The street in front of my house is a public street, but that does not mean that a person can decide to stand in that street and watch for hours in order to monitor my activity even in that public street without risking being investigated for suspicious activity. Authorities would seek information on intent, as well they should.

Even personal restraining orders commonly apply to public places.

Once forced by discontent expressed on the very social media they were monitoring, the PARCC testing consortium came forth with a statement on behalf of Pearson about monitoring for “test security.” Given that standardized test sales increased more than 3,000 percent from 1955 to 1997– even prior to Bush’s test-centered No Child Left Behind (NCLB) in 2002– it seems that “test security” doubles as a euphemism for “protecting the profits.”

Pearson’s 2015 contract for PARCC is estimated as at least $138 million.  In 1955, US standardized test sales equaled roughly $10 million (adjusted for 2015 dollars). Sixty years later, the US dependence upon standardized testing has grown so much that a single testing company is making almost 14 times as much in test sales on a test that covers only two subjects– and in only roughly a dozen states.

In monitoring social media, testing companies are arguably chiefly motivated to protect their multi-million-dollar profits.

If the amount of testing is cut, then the testing company profits are cut, and the impetus to monitor social media will also be reduced.

In the Public Eye

When I decided in March 2012 to become actively involved in the fight against the privatization of public education, I realized that my activism would move me into the public eye. I remember reckoning with the idea. In connection with rather strong commentary criticizing rushed 2012 legislation promoting the use of student test scores to grade teachers– legislation designed to blindside classroom teachers not only via its content but also in its speedy passage– I was about to publish my email address in a public forum.

I realized that in doing so, I was placing myself (my job, my personal privacy) in a precarious position. But I also knew such was the cost of becoming a public advocate.

Since that time, I have started this blog, written two books, and engaged in public speaking. For these reasons, I consider myself a public figure.

Established advocates are public figures. So are elected officials and other titled public servants.

And as a public figure, I expect to be investigated. Sure enough, I have learned of specific instances of individuals combing the internet in search of my history. They will likely locate public documents that include personally identifiable information about me. I own property, and I have published resumes.

And note that I have zero expectation that those researching me should refrain linking to publicly available information on me because I am a woman.

I do not expect to escape investigation because I am female, and I refuse to engage in accusations of sexist activity simply because someone links to my publicly-available documentation as part of legitimate investigation.

Such investigation comes with my being in the public eye.

Bringing It Home

I contend that as a researcher, I have a right to document my work via information that is part of legitimate public record. What makes the public record legitimate is that any personally identifiable information has been legitimately obtained, either voluntarily from an individual or as a matter of public mandate, in which case the inclusion of the personally identifiable information, such as home address and phone number, is known to the individual.

I expect the same when others research me.

search

_____________________________________________

Schneider is a southern Louisiana native, career teacher, trained researcher, and author of the ed reform whistle blower, A Chronicle of Echoes: Who’s Who In the Implosion of American Public Education.

25 Comments
  1. 2old2tch permalink

    In the “olden days” when we took standardized tests, we were all told that sharing information about test content was against the rules and why. There was no attempt to play “gotcha.” It made perfect sense and most of us complied with procedures. Since the tests were paper and pencil and there were no cell phones, it was much harder to cheat the system, and no one had much reason to cheat since they were generally not high stakes.

    Even though cheating is potentially much easier now as well as more damaging, I still object to the less than ethical methods used to try to catch students behaving badly. There is no reason not to be completely honest and upfront about procedures to be used to protect test protocols. To hide what is being done implies they already know what they are doing is underhanded. Any explanations from them after the fact then loses any right to be considered honest.

  2. Laura H. Chapman permalink

    Excellent. Your commentaries on the issues and options in doing your work are very helpful to those of us not up to speed on the resources available for investigating “fraud, waste, and abuse” while avoiding many of the pitfalls.

    I have been poking around on the issues of testing and test administration. Ohio has so-called Ethical standards for testing under an administrative code, written in poor legalese on behalf of the state board of education. The document morphs into a long list of unethical “practices and activities” filled with gotcha traps for teachers and others. Special education seems to be the only set of circumstances where some of the testing is based in informed consent of parents/guardians.

    Beyond education, there are plenty of meaningless “consent forms,” “I accept the terms” out there, all for risk management. None of the ethics of testing guidelines that I have examined so far do much more than protect the test publishers and their contracts with others, and the enterprise of testing. That also extends to guidelines for medical research and practice. Historical account of abusive testing in the name of “research” are abundant and grizzly.

  3. Reblogged this on The Academe Blog and commented:
    This post raises issues of research and public information, as well as the role of a “public intellectual,” that are certainly worthy of consideration here.

  4. What is the journalistic value of publishing somebody’s home address or phone number, even in this context? How does that advance the cause? Yes, it is “public” in the sense that it is published somewhere, but what is your reason for publicizing it in this context? The most likely outcome is that people will use the information to harass the public official at home. Is that your intention? If not, then what is?

    • The info is part of a greater document that is referenced. I will not spend time editing out info from public docs.

      • Hello, Mercedes,

        I noticed in reading through this most recent post that you omitted this pretty thorough debunking of both the doxxing angle, and the actual conflict of interest that has been used to justify the doxxing:

        (Link removed)

        You also left out https://storify.com/adriarichards/telling-my-troll-story-because-kathy-sierra-left-t

        You also omitted https://www.schneier.com/blog/archives/2015/01/doxing_as_an_at.html – which documents doxxing going back to 2001. One of the comments on that piece is from a person who was doxxed in 1997.

        Which is to say: reality often differs from the story you get told on Google trends.

        But more than anything, I am left nearly speechless by this statement: “I will not spend time editing out info from public docs.”

        Why not? In all the cases you cite, the home address of the subject is completely irrelevant to the story you are trying to tell. Yet, you are willing to expose these people to the potential risk for harm because editing out an address will slow you down?

        I’ve done this work. I’ve edited docs before – it takes around 30 seconds. Cleaning up docs so you are not exposing personal information is *sound research*. Please, add this into your workflow. It will improve your credibility.

        Let’s say a student hands in work filled with spelling errors. If their justification for it was, “well, I would have corrected these things, but I didn’t have time,” – what would your reaction be.

        Finally, you also justify doxxing by saying that you only research adults, not children. This is a dangerous shield to use. Many of these adults *have children* – when you dox the parent, you put the child at risk.

        Additionally, the original issue here (the social media monitoring) is rooted in expectations of privacy, and the expectation to be free from excessive, unnecessary surveillance. We *all* have those rights. You, me, and the people we disagree with. Adult or child.

        Please – reconsider what you are saying in this piece. It is a dangerous escalation. At best, it will result in some Pyrric victories. At worst, someone will get hurt. Badly.

      • Bill, the bottom line is that I have and will continue to reference publicly available documents in my research.

        We could extend this issue ad infinitum: Perhaps I should not research potentially explosive issues because I have a family and others close to me who could be brought under fire.

        Enough.

      • Bill, I edited out the link to Watters.

        She wrote a post in which she insinuates that my goal is to maliciously pursue others.

        I will not be linking to her site.

  5. Yes – please, do that.

    But take the time to edit out personally identifiable information from these docs. It’s not relevant to the story you are telling, and it puts people – many of whom have zero connection to the story – at risk.

    • And to add – if the issues around cleaning up the docs are technical ones – ie, not knowing how – I will *gladly* show you. There are a range of free tools (that don’t compromise privacy) that work on this. It’s really easy to do.

      Let me know – I’d be more than happy to put together a screencast or even hop on a phone call.

    • Bill. I will not be editing tax forms and resumes for personally identifiable info.

    • Final note here – it looks like you edited your comment after I responded.

      The added text is:

      “We could extend this issue ad infinitum: Perhaps I should not research potentially explosive issues because I have a family and others close to me who could be brought under fire.”

      You should research what you want to research. I hope you never get doxxed, at any time, for any reason. If that should happen, I would oppose it then, just as I’m opposing it now. It’s wrong, and has no place in our work.

    • If a linked document is publicly available, why should a blogger be required to edit what is already public?

      • There is a difference between information being publicly available, and information being collected and shared within the context of a story condemning that person.

        When the subject of a story is about how a person has done something wrong, and then that same story shares the home or work address of that person, a barrier has been removed between people being mad about a story, and them having a target and an address where they can vent that anger.

        For many people, the time required to look up the publicly available information is also time to reflect and reconsider destructive choices. Doxxing people removes that barrier.

        This is a key element of privacy and surveillance. It’s one thing to have information be publicly available. It’s another thing to have that information collected, organized, and placed within a specific context. There are different levels of having something be “known” – and responsible reporting should err on the side of protecting the safety of the subjects.

      • You imply malicious intent by Ms. Schneider. There is no justification for this in the postings in question or in Ms. Schneider’s body of work. Her focus is exposing the attack on public education, not harassing individuals. I cannot say the same for you.

      • Ken Watanabe permalink

        You’re clearly missing the point. Making a storyline based on publicly available information is one thing. Editing or altering the available information in already published document is quite another.

        It’s all up to the owner if s/he wants to put home or work address–at one’s risk. Many people choose work/business address for contact in the document that is intended to be published.

        Your attempt to deliberate conflate these two and accuse an author of hypocrisy is unbecoming, and certainly not the kind of behavior that is welcome. That looks like typical among people hanging out at an oily pot named “Unapologetic Apologism.” Begone.

  6. If I understand correctly, this argument was set off because somebody linked to the publicly available information about somebody else’s house, in order to show that the person in question is financially well off. If that understanding is correct, I don’t really see how revealing the person’s home address advances the story. MongoDB is a large, well-financed company. It stands to reason that a Vice President at that company makes a lot of money. Further, there are lots of ways that one could make that point without revealing the person’s home address. For example, one could quote the amount of investment dollars that the company has taken, which would make the point without advertising a person’s home address in the context of arguing that the person in question is doing harm to children.

    The argument that you make here is frankly not different from the argument made by anti-abortion activists who advertised Dr. George Tiller’s (also publicly available) home address and personal information before he was murdered by other anti-abortion activists. They claim that they are in no way responsible for what happened to him. I am not arguing moral equivalence of the underlying situations, but the ethical question is the same for reporters and activists alike, regardless of what the person in question is accused of doing or what you think the likelihood of harassment (or much worse) is. When is it OK to advertise somebody’s personal information in the context of a negative story about that person when you know that there are crazy people in the world who may do something with that information? Yes, it is true that they can get that information without your help, but what is *your responsibility*? When is it OK to report that information? I would argue that not wanting to spend time redacting information out of public documents is an insufficient reason for knowingly increasing the likelihood that the person in question will be exposed to personal harm. Given recent strong and widespread evidence that women are particularly likely to be targeted for personal, vitriolic, and potentially even life-threatening attacks, the reporter of the information has a particularly strong obligation not to contribute to potential harm, whatever the intention. If the point being made can be conveyed without creating an invitation for extreme or unstable people to violate the privacy and safety of the person in question, then there is a strong burden of proof on the reporter to show that there is a strong compelling reason to do so. I haven’t heard such an argument from you. Rather, you seem to be denying that you have any ethical responsibility.

    But we are always responsible for what we say and write. The fact that information is available elsewhere doesn’t relieve you of any moral consequence for advertising it in a particular context to a particular audience. Particularly when the kinds of emotional and physical harm that can result from such actions are both well known and horrifyingly widespread.

    • Michael, let’s shut the whole internet down.

      • Mercedes – you (or some other site admin, if there is one) just deleted a very cogent, clear comment from Michael Feldstein.

        I am appalled that, in a conversation where you defend sharing personal information, you delete conflicting viewpoints.

        Was this an accident? Or was it intentional?

      • I did not appreciate his talking down to me.

        So, the comment is gone.

        And after his last comment, he is gone, too.

    • And yes, I deleted your last comment.

      You do not get to badger me on my blog.

  7. Perhaps I should publish your home address so that people can badger you at home. I would never do that, of course, because I do take moral responsibility for my actions. But it’s an interesting moral thought experiment for you to ponder.

    I know you are going to delete this, so I’ll just write it for you. Your level of hypocrisy is stunning. You take no responsibility for effectively targeting people you don’t agree with in their own homes, but you do not even allow civil public debate on your own public blog if the commenters persist in asking uncomfortable questions.

    It’s impossible to take you seriously as an advocate for children. The first lesson one teaches any child is to take moral responsibility for her own actions. If you don’t believe in that, if you can’t teach by example, then you have no business being anywhere near children.

    • No, I will let this comment ride so that readers might use it to weigh the rest of your words.

      But you are done on my blog.

      Your commenting days here are over.

  8. Michael Feldstein – Your own comment policy:
    Commenting

    Comments are invited but should be topical and civil. If your comment is judged inappropriate or offensive, it will be deleted. Commenters who are suspected of using fake names to preserve anonymity will be held to a significantly higher standard than those who use their real names. Comments made using fake email addresses will be deleted regardless of content, without exception.

  9. After engaging in a series of twitters with Feldstein, Fitzgerald and a former activist/friend Sabrina Stevens, it is obvious to me that they are determined to project their position that ALL instances of revealing “personal” information about a public person are nefarious with the intent of causing physical harm. Their purported ethical journalistic mission seems highly perverted to me. After my
    comment above, I was accused via Twitter – by name and handle – of being “scary,” of poor character and “horrifying,” glib in MY responses, profoundly misinformed, nauseating, dangerous, so wrong, defending an abhorrent tactic, callous, appalling, immoral, reckless disregard…… followed by another of their friends @mdwriter, herself revealing:

    @mdawriter: @funnymonkey @TeacherSabrina And she’s running for state Brd of Ed?! Thereby undercutting every argument for electing educators re policy. 😕

    Hmmmmn – a bit of doxxing and for what purpose? What’s the point? To discredit me?

    Followed by Sabrina’s: @TeacherSabrina: @mdawriter @funnymonkey ugh, is she really?!? Oh, Lord help us all!

    Other than Sabrina – a former acquaintance and shared supporter of Save Our Schools – none of these characters know anything at all about me. Phew,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: