Doxing Rules and Regulations

We’ve already described the definition of doxing in the prior article. We will turn to the various doxing methods and relevant laws. Doxing works by tracking someone’s information by accessing the internet or other databases. Big data has allowed individuals to extract personal information which was impossible to find in the past. Nowadays, the doxing party can track usernames, run a WHOIS search on a domain or website, engage in phishing activities, look into social media profiles, go through state/federal government records, tracking an Internet Protocol (“IP”) address, or conduct a reverse phone number lookup. The doxing party can also engage into what is referred to as “packet sniffing” which can be prevented by using a virtual private network.

The doxing party (i.e., culprit) can release the victim’s sensitive or personal information on the internet and instruct others to harass or intimidate the victim. There have been instances of such transgressions in recent years. For example, a popular adult dating website was hacked and the users’ private information was released into the web. Obviously, this incident was embarrassing for the adult dating website and its members. There have been other incidents where the victim had engaged in questionable conduct and was targeted on the internet.

Is doxing illegal?

Doxing is illegal especially if the published information could not be found in the public domain and was illegally obtained by the culprit. It can constitute a violation of state or federal laws if it was intended to threaten, annoy, harass, or intimidate the victim. For example, doxing a federal government employee (e.g., senator) can be in violation of federal laws. Doxing can be illegal in some jurisdictions when the victim’s residential address and mobile number are posted on the internet to invite others to blackmail the victim. For example, there are state and federal laws that can be applied to the case such as California Code of Civil Procedure section 527.6 and Penal Code sections 422 and 646.9 prohibit the same or similar activities. The federal laws that can be applicable are 18 U.S.C. § 119 and 18 U.S.C. § 2261A.

How should I protect myself against doxing?

Technology experts recommend protecting your identity through various methods such as masking your identity by using a virtual private network. This way, you can hide your IP address and prevent the culprit from finding your name or location. Also, you can protect yourself by installing a reliable intrusion detection software on your computer network. It’s important to use different usernames for each and every website, blog, or forum. In other words, it’s good practice to not use the same username across the board because it will allow the doxing party to connect the dots. The same principle applies to email accounts. It’s also recommended to apply the highest level of privacy settings on your social media profiles. Two-factor authentication is another line of defense when it comes to best practices. It’s a method that requires a user to log into a website (e.g., Bank of America) by entering a username and password and then receiving a one-time PIN. Then, once the one-time PIN is entered on the website’s platform, the user is allowed access. You can contact a website or search engine (e.g., Google) and ask them to remove your personal/private information. In most cases, there is an easy process that can be followed on their websites. In addition, you can contact major data brokers – e.g., Acxiom, Epsilon, Oracle, CoreLogic, Datalogix, Intelius, PeekYou, Exactis, Recorded Future – and remove your personal information from their databases. These data brokers are looking for the individual’s name, date-of-birth, gender, social security number, and financial information. So, we recommend opting out of any kind of information collection or publication at all times.

Our internet and technology lawyers have been prosecuting and defending legal actions in state and federal courts and are available to speak with their clients. Our law firm assists clients in matters related to privacy and cybersecurity and the applicable state, federal, and international laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.