01:44 PM

British Judge Forces Facebook To Identify Trolls

Harassment case billed as the first instance in Britain in which a private suit is used to unmask people who allegedly made offensive, anonymous taunts.

Facebook's History: From Dorm To IPO Darling
Facebook's History: From Dorm To IPO Darling
(click image for larger view and for slideshow)
A British judge has ruled that Facebook must help identify multiple people who allegedly created a fake Facebook page and used it to harass a British woman.

According to court documents, the online abuse began minutes after Nicola Brookes, 45, left a message in support of U.K. X Factor participant Frankie Cocozza. "The abuse was vile and unwarranted to the extent that anonymous Internet trolls set up a fake Facebook profile account in Nicola's name and image to post indecent comments and lure young girls," read a statement released by British law firm Bains Cohen, which argued the case before an English high court.

On May 30, the high court agreed with Brookes' request that Facebook should be forced to reveal the identities of the alleged harassers, including their names, email addresses, and IP addresses, allowing her to trace their real identities via requests to their service providers. As a result, Brookes would be able to file a private suit against at least four people who allegedly wrote the harassing online posts.

According to legal experts, her case is the first-ever private prosecution in Britain involving online harassment, although Facebook reportedly has yet to receive the official legal papers, which must be served in the United States, since that's the primary place Facebook stores its data.

[ Does Facebook care what its users think? Read How Facebook Ignores Its Users. ]

Reached for comment about the case, a Facebook official stressed that the social network encourages people to use their real names when creating accounts. "Nothing is more important to us than the safety of the people [who] use our service. Unlike many other websites and forums, Facebook has a real-name culture, which provides greater accountability and a safer and more trusted environment," said Facebook spokesman Iain Mackenzie via email.

What happens when harassment or other types of inappropriate posts get made online? "We are clear that there is no place for bullying or harassment on Facebook and we respond aggressively to reports of potential abuse," Mackenzie said. "We provide our users with the tools to report abuse on every page and the option to block people from having any further contact with them. Reports involving harassment are prioritized, reviewed by a trained team of reviewers, and [the harasser is] removed if they violate our terms."

But Brookes contended that Facebook's complaint-reporting system was unequal to the task of dealing with serious cases of harassment, especially since she had trouble keeping up with--and reporting all of--the abusive content, and she couldn't block the abuse because she needed to make screen grabs to illustrate to Facebook what was happening.

"A few days after the fake profile started, I realized I needed proper legal help about this because the reporting system on Facebook doesn't work. There's nowhere else for you to contact," Brookes told The Telegraph newspaper in Britain. She also told the newspaper that her attackers were well-organized and appeared to operate with impunity. "These people are not random people who are bored. These are a group of people that share information and pick people out and target them on purpose," she said.

Brookes' law firm said the case highlighted the need--at least in Britain--for some type of mechanism that would help police Internet abuse and unmask taunters. In particular, it noted that after Brookes went to local police in Sussex, England, with hundreds of pages of printouts of the abusive comments, they'd told her that there was nothing they could do. "After getting involved, we contacted Facebook on several occasions and the fake profile page that was set up in Ms. Brookes' name was successfully taken down," read some of the details of the case released by Bains Cohen.

But after that takedown, someone posted new comments--not on Facebook--using Brookes' name, image, and real address, along with lewd comments about her daughter. When Brookes again alerted local police, they offered to install panic alarms in her home, but according to her lawyers, otherwise they "had no idea what to do."

"There is a clear anomaly in the law and the way in which Internet abuse is treated and investigated by the police--depending on whether the victim is in the public eye, or an ordinary member of the public," said Bains Cohen.

According to the law firm, "The only long-term solution is for the government to establish a body with some judicial powers to make it easier and cheaper for individuals or the police to have the identity of their abusers revealed to them, for the police to have specialist divisions trained to deal with this issue, and having the tools and powers to obtain identities from the likes of Facebook and Twitter."

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.