Doxxing insurrectionists: Capitol riot divides online extremism researchers

The uprising has sparked a tense debate about the right way to stitch together the digital scraps of someone's life to publicly accuse them of committing a crime.

Doxxing insurrectionists: Capitol riot divides online extremism researchers

Rioters scale the U.S. Capitol walls during the insurrection.

Photo: Blink O'faneye/Flickr

Joan Donovan has a panic button in her office, just in case one of the online extremists she spends her days fighting tries to fight back.

"This is not baby shit," Donovan, who is research director of Harvard's Shorenstein Center on Media, Politics and Public Policy, said. "You do not fuck around with these people in public."

Which is why Donovan has been so worried about what she's seen happening online in the days since a violent mob overtook the U.S. Capitol. Scores of amateur sleuths are combing through terabytes of footage and openly trading tips on Twitter in hopes of piecing together the rioters' identities and bringing them to justice. To Donovan, these Twitter detectives aren't just running the risk of misidentifying innocent people; they may also unknowingly be putting themselves at risk by publicly pursuing potentially dangerous people.

Even more worrisome to Donovan: the role some prominent researchers are playing in organizing the hunt. So this week, she went on Twitter and shared some blunt words of warning. "This is one of the most dangerous uses of social media by a researcher," Donovan wrote. "Research ethics now. We must hold each other to account."

Her remarks were directed at another academic, John Scott-Railton of the University of Toronto's Citizen Lab, who has gained a following for his crowdsourced investigations of the riot, which most notably led to the successful identification of an Air Force veteran who was photographed in full tactical gear on the floor of the Senate. Two days after The New Yorker's Ronan Farrow used Scott-Railton's tip to confirm the veteran's identity and published a story with his findings, the suspect was arrested in Texas.

Scott-Railton shares Donovan's concerns — and admires her work — but says those concerns have led him to a different conclusion. He argues that in the wake of any public event caught on camera, be it a confrontation on a bike trail or the Boston Marathon bombing, there are bound to be crowds of extremely online people using digital techniques to assign blame. His goal is to harness that energy in productive ways and model appropriate behavior.

"I think the conversation has to be one that involves being very intentional in thinking about harm reduction and in trying to do one's best to always model the behavior you want to see from others," he said, noting that he has repeatedly urged his followers not to name potential suspects on Twitter and, instead, to funnel any specific names to the Federal Bureau of Investigation.

Besides, with the inauguration around the corner and the vast majority of the Capitol rioters still on the loose, Scott-Railton argues it's critically important to use the power of crowdsourcing to stop those people from committing any more violence. "There may be people who intend to do violent things around the inauguration," he said. "We urgently need to understand who they are."

The Capitol riot was a boundary-busting event in almost every way, and its impact on the digital privacy debate was no different. The insurrectionists' acts were so galling, so frightening, that suddenly, even those who might oppose digital surveillance and forensics techniques in other contexts, like, say, identifying peaceful protesters at a Black Lives Matter rally, feel justified in deploying those tools against the rioters. The shifting goalposts have sparked a tense debate among researchers of online extremism about the right way to stitch together the digital scraps of someone's life to publicly accuse them of committing a crime — or whether there is a right way at all.

Shortly after the riot, Vivian Schiller, executive director of the Aspen Institute's digital department, asked her followers a question on Twitter and stressed that it was not rhetorical: "Is there such a thing as 'ethical doxxing'?"

"Not really," replied Kate Klonick, an assistant professor of law at St. John's University, who studies online content moderation.

Others disagreed vehemently. "Yes, absolutely," wrote Sasha Costanza-Chock, an associate professor of civic media at MIT. "I would argue that in fact we have an ethical responsibility to expose people who are literal nazis and ensure there are consequences for their actions. Of course, this requires extreme care to verify so that innocents are not wrongfully accused."

Scott-Railton tends to see things that way, as does Aric Toler, a researcher with the group Bellingcat, which has been archiving vast troves of footage of the riot to help with identification. "The crowdsourcing element is obviously powerful and can go both ways, but I think it's overall more positive than not," Toler said.

The Capitol riot was virtually unprecedented in terms of the amount of digital exhaust it gave off. That's partly to do with the fact that the uprising was largely organized on social media, partly to do with the fact that some of the rioters were there explicitly to broadcast their actions on social media and partly to do with the fact that Parler, the go-to social platform of the far-right, had a bug that enabled a hacker to scrape and archive every public post and GPS coordinate before deletion.

Now, before anyone can get named and blamed, there's a virtual ton of information to sift through first. Toler sees much of the crowdsourcing work going on as a responsible way to divvy up the labor. "A lot of the work is just around sifting through ungodly amounts of photos and videos," Toler said.

Of course, a lot of it isn't. Already, a retired Chicago firefighter was wrongly accused of being involved in the riot, after Twitter detectives digitally enhanced a blurry photo of a man throwing a fire extinguisher at a cop and accused him of being "Extinguisher Man." In fact, he was back in Chicago, he said, celebrating his wife's birthday. "This story has fucked my life up," the man told a local news outlet.

Both Scott-Railton and Bellingcat had been seeking footage of that suspect on Twitter before he was misidentified. Though neither of them encouraged their followers to name names, and in some cases even actively discouraged it, the effort went sideways anyway.

That's to be expected, Donovan argues. Once you animate a crowd around a particular purpose, it's impossible to control what they'll do next, which she says is all the more reason for researchers to avoid such public investigations in the first place. "I have this overarching thesis that the internet turns us all into cops," Donovan said. "These are technologies of surveillance, and so use of them by the public to turn crowds into cops seems to me to be a very dangerous impulse."

That's to say nothing of the danger amateur investigators put themselves in, Donovan said. For all of the digital records the rioters have left behind, she stresses that the people looking into them often have their own digital trail that leaves them vulnerable to retaliation. "Say you identify some neo-Nazi militia member and think you're doing a good job, but you have your kid's birthday photos up on a Flickr account, which has the geotag of the apartment complex that you live in," Donovan said. "People don't understand how much is being revealed about them as they participate in these public campaigns."

It's not that only trained researchers or law enforcement should be able to do this work. Donovan argues there's a way to carry out crowdsourced investigations in private channels, where participants are educated about the risks they're taking and how to protect themselves. Anything less, she argues, is malpractice. "If you don't educate people before you call them into action," Donovan said, "you put them at risk."

Scott-Railton has tailored his approach somewhat in response to feedback from Donovan and others. For one thing, he's begun deleting old threads investigating people who have already been arrested to avoid leaving any misleading leads out in the open. He's also since deleted the tweet that Donovan first called him out on, in which he was seeking footage of people wearing earpieces at the riot. Donovan pointed out that such a directive could risk outing members of the media, who also regularly wear earpieces.

Perhaps, most importantly, on Thursday night, he tweeted an official notice to his now more than 100,000 followers. He told them that he was now moving to a "form-based intake model" for tips, in collaboration with Bellingcat, writing, "I feel this approach better balances the *many* reasonable concerns about a participatory & crowdsourced model done on Twitter."

Facebook wants to be a metaverse company. What about Facebook.com?

Will the metaverse kill Facebook's legacy apps and services?

Will the metaverse replace Facebook's existing apps and services?

Photo: Kirill Kudryavtsev/AFP via Getty Images

At this week's Facebook Connect conference, Mark Zuckerberg is expected to unveil additional details about his company's quest to build the metaverse. That includes a new generation of social media services that brings real-time communication to AR, VR and other platforms, complete with varying degrees of embodied presence (in the future, we'll all be avatars).

Facebook has been spending heavily on this endeavor, including more than $10 billion in 2021 alone. During Thursday's Connect keynote, Zuckerberg is expected to share a few more details on what all this money is being spent on, including an update on the company's social VR world, called Horizon.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

If you've ever tried to pick up a new fitness routine like running, chances are you may have fallen into the "motivation vs. habit" trap once or twice. You go for a run when the sun is shining, only to quickly fall off the wagon when the weather turns sour.

Similarly, for many businesses, 2020 acted as the storm cloud that disrupted their plans for innovation. With leaders busy grappling with the pandemic, innovation frequently got pushed to the backburner. In fact, according to McKinsey, the majority of organizations shifted their focus mainly to maintaining business continuity throughout the pandemic.

Keep Reading Show less
Gaurav Kataria
Group Product Manager, Trello at Atlassian

There’s a platform war brewing in the NFT gaming space

Valve's NFT ban has created the makings of a platform war in the burgeoning blockchain gaming space.

Play-to-earn is a whole new paradigm, based on creating real-world value out of in-game items and other forms of digital goods using non-fungible tokens, cryptocurrency and other blockchain technologies.

Image: Axie Infinity

The worlds of crypto and video games are fast colliding. The combination, dubbed "play-to-earn" and more broadly part of the decentralization movement known as "web3," could result in a whole new generation of gaming experiences with real-world economies and new player incentives. This, in turn, could radically upend traditional business models in the game industry.

That is, of course, if the traditional platform gatekeepers in gaming decide to open their doors. Right now, many of them are shut, leaving these games in their corners of the internet, and it's not clear what it might take to get the most powerful companies in the industry to open their arms to these new technologies. Meanwhile, the blockchain gaming market has become one of the fastest-growing segments in the game industry, and it's showing no signs of stopping.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.
Protocol | Policy

5 things to know about FCC nominee Gigi Sohn

The veteran of some of the earliest tech policy fights is a longtime consumer champion and net-neutrality advocate.

Gigi Sohn, who President Joe Biden nominated to serve on the FCC, is a longtime net-neutrality advocate.

Photo: Alex Wong/Getty Images

President Joe Biden on Tuesday nominated Gigi Sohn to serve as a Federal Communications Commissioner, teeing up a Democratic majority at the agency that oversees broadband issues after months of delay.

Like Lina Khan, who Biden picked in June to head up the Federal Trade Commission, Sohn is a progressive favorite. And if confirmed, she'll take up a position in an agency trying to pull policy levers on net neutrality, privacy and broadband access even as Congress is stalled.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Protocol | Workplace

Adobe wants a more authentic NFT world

Adobe's Content Credentials feature will allow Creative Cloud subscribers to attach edit-tracking information to Photoshop files. The goal is to create a more trustworthy NFT market and digital landscape.

Adobe's Content Credentials will allow users to attach their identities to an image

Image: Adobe

Remember the viral, fake photo of Kurt Cobain and Biggie Smalls that duped and delighted the internet in 2017? Doctored images manipulate people and erode trust and we're not great at spotting them. The entire point of the emerging NFT art market is to create valuable and scarce digital files and when there isn't an easy way to check for an image's origin and edits, there's a problem. What if someone steals an NFT creator's image and pawns it off as their own? As a hub for all kinds of multimedia, Adobe feels a responsibility to combat misinformation and provide a safe space for NFT creators. That's why it's rolling out Content Credentials, a record that can be attached to a Photoshop file of a creator's identity and includes any edits they made.

Users can connect their social media addresses and crypto wallet addresses to images in Photoshop. This further proves the image creator's identity, but it's also helpful in determining the creators of NFTs. Adobe has partnered with NFT marketplaces KnownOrigin, OpenSea, Rarible and SuperRare in this effort. "Today there's not a way to know that the NFT you're buying was actually created by a true creator," said Adobe General Counsel Dana Rao. "We're allowing the creator to show their identity and attach it to the image."

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at llawrence@protocol.com.

Latest Stories