Module 4: Privacy and Security Online
Harassment, threats, and online violence severely restrict the enjoyment that persons have of their rights online, particularly vulnerable, and marginalised groups, including women and members of sexual minorities.
Social media platforms are especially fertile ground for online harassment, but these behaviours occur in a wide range of online venues.(1) For those who experience online harassment directly, these encounters can have profound real-world consequences, ranging from mental or emotional stress to reputational damage or even fear for one’s personal safety. Furthermore, whether one is affected directly or indirectly by it, it can lead to significant self-censorship to avoid incurring such harassment.
While the internet provides a forum for people to seek information about their identities and sexual orientation, and to express themselves on these topics, many people suffer a wide range of attacks in doing so, including attacks on sexuality, exposing personal information, and the manipulation of images that are then used for blackmail and destroying credibility. Furthermore, a common trend amongst children using the internet involves so-called ‘cyberbullying’. Research has shown that online harassment is often focused on personal or physical characteristics, with political views, gender, physical appearance, and race being among the most common.(2) Furthermore, women encounter sexualised forms of online harassment at much higher rates than men.(3)
A particular form of online harassment, typically towards women, is that of the non-consensual publication of a person’s intimate or sexually explicit photographs or videos. This constitutes a gross violation of a person’s privacy, often for the purposes of extortion, blackmail, and/or humiliation. Several recently enacted cybercrime laws in Southern Africa criminalise the non-consensual distribution of private sexual photographs and films – most notably in Botswana and South Africa.(4)
Ongoing harassment and attacks on members of the media have become a particularly worrying trend. As stated in the preamble to the 2011 African Commission Resolution on the Safety of Journalists and Media Practitioners in Africa.(5) freedom of expression, press freedom and access to information can only be enjoyed when journalists and media practitioners are free from intimidation, pressure, and coercion.
Types of online harassment
Source: PEN America, ‘Defining online harassment: A glossary of terms’, accessible at https://onlineharassmentfieldmanual.pen.org/defining-online-harassment-a-glossary-of-terms/
- Cyberbullying: An umbrella term (like “online harassment”) meant to encompass a number of harassing online behaviours. Like physical bullying, “cyberbullying” is generally aimed at young people and may involve threats, embarrassment, or humiliation in an online setting.
- Cyber mob attacks: Cyber-mob attack occurs when a large group gathers online to try to collectively shame, harass, threaten, or discredit a target. Targets overwhelmingly belong to traditionally marginalized groups. “Outrage mobs” or “shaming mobs” are a distinct kind of cyber mob made up of internet users who collectively troll individuals in the hopes of silencing or publicly punishing them. Targets of outrage mobs are often attacked for expressing opinions on politically charged topics or ideas the outrage mob disagrees with and/or has taken out of context in order to promote a particular agenda. Outrage mobbing can sometimes have severe consequences offline and has even resulted in targets losing their jobs.
- Cyberstalking: In a legal context, “cyberstalking” is the prolonged use (a “course of conduct”) of online harassment intended to kill, injure, harass, intimidate, or place under surveillance a target. Cyberstalking can comprise a number of harassing behaviours committed repeatedly or with regularity that usually cause a target to suffer fear, anxiety, humiliation, and extreme emotional distress.
- Denial of service (DoS) or Distributed Denial-of-Service (DDoS) attacks: A DoS attack is a cyberattack that temporarily or indefinitely disrupts internet service by overwhelming a system with data, resulting in the web server crashing or becoming inoperable. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (such as banking), or other services that rely on the affected computer. In a DDoS attack, an attacker takes control of one user’s computer in order to attack a different user’s computer. This can force the hijacked computer to send large amounts of data to a particular website or send spam to targeted email addresses.
- Doxing (or doxxing): Doxing involves publishing someone’s sensitive personal information online in an attempt to harass, intimidate, extort, stalk, or steal the identity of a target. “Sensitive information” can include social security numbers, phone numbers, home addresses, personal photos, employment information, email addresses, and family members’ personal information.
- Hateful speech and online threats: By far the most common form of online harassment, hateful speech or threats, both explicit and implicit, can be issued by an ill-intentioned internet user pretty much anywhere on the web. Hateful speech is a form of expression attacking a specific aspect of a person’s identity, such as one’s race, ethnicity, gender identity, religion, sexual orientation, or disability. Hateful speech online often takes the form of ad hominem attacks, which invoke prejudicial feelings over intellectual arguments in order to avoid discussion of the topic at hand by attacking a person’s character or attributes. Threats issued online can be just as frightening as they are offline and are frequently meant to be physically or sexually intimidating.
- Message bombing: “Message bombing” is the intentional flooding of a person’s or institution’s phone or email accounts with messages meant to limit or block a user’s access to a device’s operating system or platform. Because large numbers of messages sent in a short period of time can typically render a person’s account unusable, this is an effective way for a harasser to prevent you from using your devices or accessing your online accounts. Message bombing typically occurs over texting apps, chat apps, or email accounts.
- Non-consensual, intimate images and videos (such as “revenge porn”): The dissemination of non-consensual intimate images (NCII) – often called “revenge porn” – is the distribution of private, sexual or intimate images or videos of a person without their consent. This can also fall under the category of “sextortion,” i.e. the threat of distributing a nude or sexually explicit image or video in an effort to blackmail an individual.
- Online impersonation: “Online impersonation” is a strategy whereby harassers create hoax social media accounts, usually in order to post offensive or inflammatory statements in your name. In most cases, the harasser’s intention is to defame or discredit you, often by convincing others to believe the fake quotes attributed to you, which might then incite others to commit additional acts of harassment. Impersonation trolling can also happen when a harasser impersonates someone you know in order to offend or hurt you.
- Online sexual harassment: Online sexual harassment – which is targeted at women at a far higher rate than men – encompasses a wide range of sexual misconduct on digital platforms and includes some of the more specific forms of online harassment, such as “revenge porn”. It often manifests as hateful speech or online threats. There are four distinct types of online sexual harassment: non-consensual sharing of intimate images and videos; exploitation, coercion and threats; sexualised bullying; and unwanted sexualisation.
- Trolling: “Trolling” is one of those terms that’s evolved so much over time as to have no single agreed-upon meaning. The term “trolling” is defined here as the repetitive posting of inflammatory or hateful comments online by an individual whose intent is to seek attention, intentionally harm a target, cause trouble and/or controversy, and/or join up with a group of trolls who have already commenced a trolling campaign. There are three subcategories of trolling to be aware of: concern trolling, where harassers pose as fans or supporters of your work with the intention of making harmful or demeaning comments masked as constructive feedback; dogpiling, where a group of trolls works together to overwhelm a target through a barrage of disingenuous questions, threats, slurs, insults, and other tactics meant to shame, silence, discredit, or drive a target offline; and botnet or sock-puppet trolling, which are used for a variety of reasons, from promoting propaganda to amplifying hate or defamation against targeted individuals.
Arguably, one of the key challenges is in getting lawmakers and law enforcement officials to recognise the severity of such harassment and threats, and to treat it with the appropriate levels of concern, recognising that the real and persistent harm suffered applies whether the harassment and threats take place online or offline. Two further challenges that arise that are exacerbated in the online sphere relate to the volume of threats that can be received, given the relative ease with which this can be done via social media platforms, for instance; and the concurrent difficulties in identifying perpetrators who are sometimes able to mask their online identities.
This ties in with the issue of anonymity online. This is because one of the particular challenges with online harassment is that perpetrators may mask their identities, making it difficult for law enforcement officials to apprehend them. This, however, should not be seen as a sufficient basis to allow for a blanket ban on anonymity or encryption online. The UNSR on Freedom of Expression has responded to this concern and has stated that:(6)
“The “dark” side of encryption and anonymity is a reflection of the fact that wrongdoing offline takes place online as well. Law enforcement and counter-terrorism officials express concern that terrorists and ordinary criminals use encryption and anonymity to hide their activities, making it difficult for Governments to prevent and conduct investigations into terrorism, the illegal drug trade, organized crime and child pornography, among other government objectives. Harassment and cyberbullying may rely on anonymity as a cowardly mask for discrimination, particularly against members of vulnerable groups. At the same time, however, law enforcement often uses the same tools to ensure their own operational security in undercover operations, while members of vulnerable groups may use the tools to ensure their privacy in the face of harassment. Moreover, Governments have at their disposal a broad set of alternative tools, such as wiretapping, geo-location and tracking, data-mining, traditional physical surveillance and many others, which strengthen contemporary law enforcement and counter-terrorism.”
Where journalists allege imminent threats to their safety, courts are empowered to grant interdictory relief in appropriate circumstances and subject to the relevant legal requirements. For instance, in the matter of South African National Editors Forum and Others v Black Land First and Others,(7) the South African high court granted an interdict in favour of the media broadly, in terms of which the respondents were interdicted from “engaging in any of the following acts directed towards the applicants: Intimidation; Harassment; Assaults; Threats; Coming to their homes; or acting in any manner that would constitute an infringement of their personal liberty”, and from “making any threatening or intimidating gestures on social media … that references any violence, harm and threat”.(8)
Source: South African National Editors’ Forum, ‘South Africa 2019 elections: Handbook for journalists’, 2019, accessible at https://sanef.org.za/elections-2019/
Section 4 of the South African Protection from Harassment Act provides that if a court is satisfied that a protection order must be issued as a result of harassment that has taken place over electronic communications or e-mail, and the identity of the respondent is not known, the court may issue a direction to an electronic communications service provider directing that it furnish the court with the following information on the affidavit:
- The electronic communications identity number from where the harassing electronic communications or electronic mail originated.
- The name, surname, identity number and address of the respondent to whom the electronic communications identity number has been assigned.
- Any information which indicates that electronic communications or electronic mail were or were not sent from the electronic communications identity number of the respondent to the electronic communications identity number of the complainant.
Any other information that is available to an electronic communications service provider that may be of assistance to the court to identify the respondent or the electronic communications service provider which provides a service to the respondent.
As stated in the 2016 UN Resolution on the Safety of Journalists, impunity for attacks against journalists constitutes one of the greatest challenges to the safety of journalists and ensuring accountability for crimes committed against journalists is a key element in preventing future attacks.
Principle 20 of the Declaration of Principles on Freedom of Expression in Africa provides that states must guarantee the safety of journalists and take measures to prevent attacks on them, as well as take effective legal steps to investigate and prosecute attacks against journalists. It further calls on states to take specific measures to ensure the safety of female journalists by addressing gender-specific safety concerns, including sexual and gender-based violence, intimidation, and harassment.(9)
General Comment No. 34 provides that an attack on any person because of the exercise of his or her right to freedom of expression, including forms of attack such as arbitrary arrest, torture, threats to life and killing, cannot be justified under article 19 of the ICCPR.(10) It states further that journalists, as well as other persons involved in gathering and analysing information about human rights situations such as lawyers and judges, are frequently subjected to threats, intimidation and attacks because of their activities.(11)
Although it is clear that what is required in the face of online attacks is swift and firm justice, the reality is that many perpetrators commit such with impunity.(12) Impunity perpetuates a cycle of violence: it raises serious concern that such attacks going unpunished sends a public signal that the state and public authorities do not take such attacks seriously.(13)
There is therefore clear guidance under international law that states must take measures to protect persons, including members of the media, against such harassment and attacks. This is so whether the harassment takes place offline or online.
Tips for digital safety to protect against online harassment and trolling
Source: Committee for the Protection of Journalists, ‘South Africa elections 2019: Journalist safety toolkit, 27 February 2019, accessible at https://cpj.org/2019/02/south-africa-election-journalist-safety-kit.php#harassment
- Create long and strong passwords for your accounts. (Password managers are useful tools to be able to remember the different passwords used for different accounts.)
- Turn on two-factor authentication.
- Review your privacy settings for each account and make sure any personal data, such as phone numbers and date of birth, is removed.
- Look through your accounts and remove any photos or images that could be manipulated and used as a way to discredit you.
- Consider getting your account verified by the social media company.
- Monitor your accounts for signs of increased trolling activity or for indications that a digital threat could become a physical threat.
- Speak with family and friends about online harassment