01:44 PM

British Judge Forces Facebook To Identify Trolls

Harassment case billed as the first instance in Britain in which a private suit is used to unmask people who allegedly made offensive, anonymous taunts.

Facebook's History: From Dorm To IPO Darling
Facebook's History: From Dorm To IPO Darling
(click image for larger view and for slideshow)
A British judge has ruled that Facebook must help identify multiple people who allegedly created a fake Facebook page and used it to harass a British woman.

According to court documents, the online abuse began minutes after Nicola Brookes, 45, left a message in support of U.K. X Factor participant Frankie Cocozza. "The abuse was vile and unwarranted to the extent that anonymous Internet trolls set up a fake Facebook profile account in Nicola's name and image to post indecent comments and lure young girls," read a statement released by British law firm Bains Cohen, which argued the case before an English high court.

On May 30, the high court agreed with Brookes' request that Facebook should be forced to reveal the identities of the alleged harassers, including their names, email addresses, and IP addresses, allowing her to trace their real identities via requests to their service providers. As a result, Brookes would be able to file a private suit against at least four people who allegedly wrote the harassing online posts.

According to legal experts, her case is the first-ever private prosecution in Britain involving online harassment, although Facebook reportedly has yet to receive the official legal papers, which must be served in the United States, since that's the primary place Facebook stores its data.

[ Does Facebook care what its users think? Read How Facebook Ignores Its Users. ]

Reached for comment about the case, a Facebook official stressed that the social network encourages people to use their real names when creating accounts. "Nothing is more important to us than the safety of the people [who] use our service. Unlike many other websites and forums, Facebook has a real-name culture, which provides greater accountability and a safer and more trusted environment," said Facebook spokesman Iain Mackenzie via email.

What happens when harassment or other types of inappropriate posts get made online? "We are clear that there is no place for bullying or harassment on Facebook and we respond aggressively to reports of potential abuse," Mackenzie said. "We provide our users with the tools to report abuse on every page and the option to block people from having any further contact with them. Reports involving harassment are prioritized, reviewed by a trained team of reviewers, and [the harasser is] removed if they violate our terms."

But Brookes contended that Facebook's complaint-reporting system was unequal to the task of dealing with serious cases of harassment, especially since she had trouble keeping up with--and reporting all of--the abusive content, and she couldn't block the abuse because she needed to make screen grabs to illustrate to Facebook what was happening.

"A few days after the fake profile started, I realized I needed proper legal help about this because the reporting system on Facebook doesn't work. There's nowhere else for you to contact," Brookes told The Telegraph newspaper in Britain. She also told the newspaper that her attackers were well-organized and appeared to operate with impunity. "These people are not random people who are bored. These are a group of people that share information and pick people out and target them on purpose," she said.

Brookes' law firm said the case highlighted the need--at least in Britain--for some type of mechanism that would help police Internet abuse and unmask taunters. In particular, it noted that after Brookes went to local police in Sussex, England, with hundreds of pages of printouts of the abusive comments, they'd told her that there was nothing they could do. "After getting involved, we contacted Facebook on several occasions and the fake profile page that was set up in Ms. Brookes' name was successfully taken down," read some of the details of the case released by Bains Cohen.

But after that takedown, someone posted new comments--not on Facebook--using Brookes' name, image, and real address, along with lewd comments about her daughter. When Brookes again alerted local police, they offered to install panic alarms in her home, but according to her lawyers, otherwise they "had no idea what to do."

"There is a clear anomaly in the law and the way in which Internet abuse is treated and investigated by the police--depending on whether the victim is in the public eye, or an ordinary member of the public," said Bains Cohen.

According to the law firm, "The only long-term solution is for the government to establish a body with some judicial powers to make it easier and cheaper for individuals or the police to have the identity of their abusers revealed to them, for the police to have specialist divisions trained to deal with this issue, and having the tools and powers to obtain identities from the likes of Facebook and Twitter."

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.