DOJ Stalking Report Estimates Hundreds of Thousands of Electronic Privacy Invasions

The Department of Justice, Bureau of Justice Statistics last week reported on its survey: “Stalking Victimization in the United States.” The survey was composed of 65,000 responses, and led to a total estimate of 5.8 million victims: 3.4 million stalking, and 2.4 million for harassment. The study covers victimization occurring mostly in 2005: the responses were collected during the first half of 2006, and inquired about events in the previous 12 months. Of these 5.4 million victims, two hundred thousand were victimized by identity theft.

Significantly, the survey also showed that 23% of victims suffered some form of cyberstalking, and 6% suffered electronic monitoring such as spyware, bugging or video surveillance.

The estimated 138 thousand victims of spyware were probably victimized by the type of stalker spyware that EPIC complained to the FTC about.  I doubt that stalkers are writing their own software or using vulnerability scripts. I also suspect that the numbers have gone up in the 3 — now entering 4 — years since 2005.  The FTC has only now begun to look at stalker spyware, and the only previous action on it was DOJ’s prosecution of Loverspy.

I’m not surprised by the numbers showing cyberstalking using email, IM, or blogs. But I do find it interesting that 8.8% of  victims had Internet sites created about them. I suspect the cyberstalking numbers have also only increased — blog usage and providers are proliferating, and so are the ways that one can make a website about another. I’ve worked with two individuals who had false online dating profiles created, one repeatedly. In these and in other cases of cyberstalking, it’s important that lawyers representing them be aware of the victimization, can present it to the court in a manner that aids their case, and can craft remedies that address the victimization.

Posted: January 23, 2009 in:

Social Identity Theft

In the web 2.0 world of repurposing content, this seems to take things way too far:The Cut-and-Paste Personality

The Cut-and-Paste Personality
Lacking inspiration and a moral compass, some online daters
are borrowing other people’s witty Web profiles.

These identity thieves don’t want your money. They want your quirky sense of humor and your cool taste in music.

Among the 125 million people in the U.S. who visit online dating and social-networking sites are a growing number of dullards who steal personal profiles, life philosophies, even signature poems. “Dude u like copied my whole myspace,” posts one aggrieved victim.

Now, it would be interesting if someone claimed a copyright on their online profile — there does seem to be a modicum of creativity there. And then sent a takedown request like Comedy Central does when people post Daily Show videos to Youtube.

Would there be a fair use to copying online dating and social networking profiles?

Posted: February 17, 2008 in:

Domestic Violence Court Records and Privacy

I previously blogged about a proposal to place District of Columbia domestic violence and domestic relations (divorces, child neglect, child custody) court records online. These dockets contain case name, case type, scheduling, address where service occured, and even some dispositions.

I worked with the domestic violence community here in DC to create a set of comments(pdf) to the court. They touched on the topics I had previously mentioned: data brokers, identity theft, and stigma. Plus some more.

VAWA Prohibition

Importantly, a lot of this proposal is prohibited by federal law. The Violence Against Women Act (VAWA) Prohibits the internet publication of protection order information. For more, I created a web page on VAWA and Privacy at EPIC. VAWA Section 106(c) prohibition language states:

Limits on Internet Publication of Protection Order Information.–Section 2265(d) of title 18, United States Code, is amended by adding at the end the following:
“(3) Limits on internet publication of registration information.–A State, Indian tribe, or territory shall not make available publicly on the Internet any information regarding the registration or filing of a protection order, restraining order, or injunction in either the issuing or enforcing State, tribal or territorial jurisdiction, if such publication would be likely to publicly reveal the identity or location of the party protected under such order. A State, Indian tribe, or territory may share court-generated and law enforcement-generated information contained in secure, governmental registries for protection order enforcement purposes.

I italicized some important language in there. The goal of this prohibition is to protect the privacy of the protected person. Lots of things besides the name and address of the protected person are likely to reveal their identity and location. The name of the restrained party can reveal the identity of the protected person. Here in DC, you can only get a protection order if you have an “intrafamily relationship.” This means that the universe of possible protected people for a given restrained party is small. These orders usually include stay away provisions which reveal the locations that the protected person frequents, not just their home address. DC itself is a small jurisdiction, so if you are from out of state and register your protection order here, then you will basically be providing notice that you moved to or have a connection to DC.

This prohibition reaches more than just than the domestic violence docket. As you can read in the comments, the definition of “protection order” may include criminal orders as well as orders in the domestic relations docket. So this rule impacts those dockets as well.

Other Records Affect Domestic Violence Survivors

The comments also directly discuss the threat of data brokers. We presented examples of data broker products, such as marketing lists of people who are “Single Again” or who have “recently filed divorces.” The source of this marketing information is family court records. Making it easier for data brokers to collect data makes it cheaper for them to spread it, which leads to more information flows.

We recommended that technical and legal measures guard against data broker access to online court records. Technically, CAPTCHA‘s should be implemented:

A CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. For example, humans can read distorted text . . . but current computer programs can’t

Legally, the court should simply refuse to allow commercial resellers to access online court records.


We recommended a password protected database as a the best way to balance convenience, privacy and transparency. This way proper security — such as the data broker restrictions — could be implemented. We also recommended a basic set of Fair Information Practices, including that individuals have the ability to control whether their information is placed online. The details are at the comments.

Posted: November 1, 2007 in:

Online Access to Court Records

Some courts put parts of their court records online. The noble reason for this sort of availability is transparency and oversight. Another reason is simple convenience, for both users of records as well as their custodians. When a lawyer or party needs to find some document, or learn some information from the docket (when is the next hearing? have motions been filed?) they can just look it up online.

But there are of course privacy issues. It creates a whole host of problems. Court records are going to have detailed information on something that went wrong in our lives. A dispute that could not be settled some other way. In the domestic violence and family law cases, these could be quite embarrassing. For a long time these records were public, but also obscure and that is what protected them.

Here in DC, the courts are considering putting domestic violence and domestic relations cases online. I’m part of the team — along with the domestic violence community –that is putting together a response to this proposal. Off the top of my head, I started to think of a few direct issues:

  • Identity theft. The personal information in court records includes lots that an identity thief would like: names, dates of birth, social security numbers, maiden names, addresses. Maricopa County, AZ put lots of its records online. And now it has one of the highest rates of identity theft in the nation.
  • Stigma. Even if one is the aggrieved, or innocent party, there will still be a stigma associated with the case by those who don’t understand all the details. One that isn’t really fixed by adding details.
  • Data Brokers. Our data is mined. It is used to compile dossiers and sold for the purposes of profiling, background checks, credit reports, telemarketing, and other purposes. Many of them do this with public records and therefore claim that you can’t opt-out of their collection. Brokers go to courts and get these records now. But putting records on websites facilitates this, it facilitates the distribution because then the cost of distribution is lower.

The domestic violence advocates I work with have come up with several scenarios where online public access can create safety risks. Often someone with a valid protection order in one state will register it at a new location. This isn’t necessary, but it does make it easier to get the police to enforce it. With an easily found online record, the abuser now knows the location of the protected person. Also, adding to the stigma above: people have misconceptions about domestic violence — blaming the victim, looking at it as a personal failure, even as unable to pay rent or keep a job.

I’m going to keep blogging these issues as the comments develop.

Posted: October 1, 2007 in: