Doxxing insurrectionists: Capitol riot divides online extremism researchers

The uprising has sparked a tense debate about the right way to stitch together the digital scraps of someone's life to publicly accuse them of committing a crime.

Doxxing insurrectionists: Capitol riot divides online extremism researchers

Rioters scale the U.S. Capitol walls during the insurrection.

Photo: Blink O'faneye/Flickr

Joan Donovan has a panic button in her office, just in case one of the online extremists she spends her days fighting tries to fight back.

"This is not baby shit," Donovan, who is research director of Harvard's Shorenstein Center on Media, Politics and Public Policy, said. "You do not fuck around with these people in public."

Which is why Donovan has been so worried about what she's seen happening online in the days since a violent mob overtook the U.S. Capitol. Scores of amateur sleuths are combing through terabytes of footage and openly trading tips on Twitter in hopes of piecing together the rioters' identities and bringing them to justice. To Donovan, these Twitter detectives aren't just running the risk of misidentifying innocent people; they may also unknowingly be putting themselves at risk by publicly pursuing potentially dangerous people.

Even more worrisome to Donovan: the role some prominent researchers are playing in organizing the hunt. So this week, she went on Twitter and shared some blunt words of warning. "This is one of the most dangerous uses of social media by a researcher," Donovan wrote. "Research ethics now. We must hold each other to account."

Her remarks were directed at another academic, John Scott-Railton of the University of Toronto's Citizen Lab, who has gained a following for his crowdsourced investigations of the riot, which most notably led to the successful identification of an Air Force veteran who was photographed in full tactical gear on the floor of the Senate. Two days after The New Yorker's Ronan Farrow used Scott-Railton's tip to confirm the veteran's identity and published a story with his findings, the suspect was arrested in Texas.

Scott-Railton shares Donovan's concerns — and admires her work — but says those concerns have led him to a different conclusion. He argues that in the wake of any public event caught on camera, be it a confrontation on a bike trail or the Boston Marathon bombing, there are bound to be crowds of extremely online people using digital techniques to assign blame. His goal is to harness that energy in productive ways and model appropriate behavior.

"I think the conversation has to be one that involves being very intentional in thinking about harm reduction and in trying to do one's best to always model the behavior you want to see from others," he said, noting that he has repeatedly urged his followers not to name potential suspects on Twitter and, instead, to funnel any specific names to the Federal Bureau of Investigation.

Besides, with the inauguration around the corner and the vast majority of the Capitol rioters still on the loose, Scott-Railton argues it's critically important to use the power of crowdsourcing to stop those people from committing any more violence. "There may be people who intend to do violent things around the inauguration," he said. "We urgently need to understand who they are."

The Capitol riot was a boundary-busting event in almost every way, and its impact on the digital privacy debate was no different. The insurrectionists' acts were so galling, so frightening, that suddenly, even those who might oppose digital surveillance and forensics techniques in other contexts, like, say, identifying peaceful protesters at a Black Lives Matter rally, feel justified in deploying those tools against the rioters. The shifting goalposts have sparked a tense debate among researchers of online extremism about the right way to stitch together the digital scraps of someone's life to publicly accuse them of committing a crime — or whether there is a right way at all.

Shortly after the riot, Vivian Schiller, executive director of the Aspen Institute's digital department, asked her followers a question on Twitter and stressed that it was not rhetorical: "Is there such a thing as 'ethical doxxing'?"

"Not really," replied Kate Klonick, an assistant professor of law at St. John's University, who studies online content moderation.

Others disagreed vehemently. "Yes, absolutely," wrote Sasha Costanza-Chock, an associate professor of civic media at MIT. "I would argue that in fact we have an ethical responsibility to expose people who are literal nazis and ensure there are consequences for their actions. Of course, this requires extreme care to verify so that innocents are not wrongfully accused."

Scott-Railton tends to see things that way, as does Aric Toler, a researcher with the group Bellingcat, which has been archiving vast troves of footage of the riot to help with identification. "The crowdsourcing element is obviously powerful and can go both ways, but I think it's overall more positive than not," Toler said.

The Capitol riot was virtually unprecedented in terms of the amount of digital exhaust it gave off. That's partly to do with the fact that the uprising was largely organized on social media, partly to do with the fact that some of the rioters were there explicitly to broadcast their actions on social media and partly to do with the fact that Parler, the go-to social platform of the far-right, had a bug that enabled a hacker to scrape and archive every public post and GPS coordinate before deletion.

Now, before anyone can get named and blamed, there's a virtual ton of information to sift through first. Toler sees much of the crowdsourcing work going on as a responsible way to divvy up the labor. "A lot of the work is just around sifting through ungodly amounts of photos and videos," Toler said.

Of course, a lot of it isn't. Already, a retired Chicago firefighter was wrongly accused of being involved in the riot, after Twitter detectives digitally enhanced a blurry photo of a man throwing a fire extinguisher at a cop and accused him of being "Extinguisher Man." In fact, he was back in Chicago, he said, celebrating his wife's birthday. "This story has fucked my life up," the man told a local news outlet.

Both Scott-Railton and Bellingcat had been seeking footage of that suspect on Twitter before he was misidentified. Though neither of them encouraged their followers to name names, and in some cases even actively discouraged it, the effort went sideways anyway.

That's to be expected, Donovan argues. Once you animate a crowd around a particular purpose, it's impossible to control what they'll do next, which she says is all the more reason for researchers to avoid such public investigations in the first place. "I have this overarching thesis that the internet turns us all into cops," Donovan said. "These are technologies of surveillance, and so use of them by the public to turn crowds into cops seems to me to be a very dangerous impulse."

That's to say nothing of the danger amateur investigators put themselves in, Donovan said. For all of the digital records the rioters have left behind, she stresses that the people looking into them often have their own digital trail that leaves them vulnerable to retaliation. "Say you identify some neo-Nazi militia member and think you're doing a good job, but you have your kid's birthday photos up on a Flickr account, which has the geotag of the apartment complex that you live in," Donovan said. "People don't understand how much is being revealed about them as they participate in these public campaigns."

It's not that only trained researchers or law enforcement should be able to do this work. Donovan argues there's a way to carry out crowdsourced investigations in private channels, where participants are educated about the risks they're taking and how to protect themselves. Anything less, she argues, is malpractice. "If you don't educate people before you call them into action," Donovan said, "you put them at risk."

Scott-Railton has tailored his approach somewhat in response to feedback from Donovan and others. For one thing, he's begun deleting old threads investigating people who have already been arrested to avoid leaving any misleading leads out in the open. He's also since deleted the tweet that Donovan first called him out on, in which he was seeking footage of people wearing earpieces at the riot. Donovan pointed out that such a directive could risk outing members of the media, who also regularly wear earpieces.

Perhaps, most importantly, on Thursday night, he tweeted an official notice to his now more than 100,000 followers. He told them that he was now moving to a "form-based intake model" for tips, in collaboration with Bellingcat, writing, "I feel this approach better balances the *many* reasonable concerns about a participatory & crowdsourced model done on Twitter."

A 'Soho house for techies': VCs place a bet on community

Contrary is the latest venture firm to experiment with building community spaces instead of offices.

Contrary NYC is meant to re-create being part of a members-only club where engineers and entrepreneurs can hang out together, have a space to work, and host events for people in tech.

Photo: Courtesy of Contrary

In the pre-pandemic times, Contrary’s network of venture scouts, founders, and top technologists reflected the magnetic pull Silicon Valley had on the tech industry. About 80% were based in the Bay Area, with a smattering living elsewhere. Today, when Contrary asked where people in its network were living, the split had changed with 40% in the Bay Area and another 40% living in or planning to move to New York.

It’s totally bifurcated now, said Contrary’s founder Eric Tarczynski.

Keep Reading Show less
Biz Carson

Biz Carson ( @bizcarson) is a San Francisco-based reporter at Protocol, covering Silicon Valley with a focus on startups and venture capital. Previously, she reported for Forbes and was co-editor of Forbes Next Billion-Dollar Startups list. Before that, she worked for Business Insider, Gigaom, and Wired and started her career as a newspaper designer for Gannett.

Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Fintech

Binance CEO wrestles with the 'Chinese company' label

Changpeng "CZ" Zhao, who leads crypto’s largest marketplace, is pushing back on attempts to link Binance to Beijing.

Despite Binance having to abandon its country of origin shortly after its founding, critics have portrayed the exchange as a tool of the Chinese government.

Photo: Akio Kon/Bloomberg via Getty Images

In crypto, he is known simply as CZ, head of one of the industry’s most dominant players.

It took only five years for Binance CEO and co-founder Changpeng Zhao to build his company, which launched in 2017, into the world’s biggest crypto exchange, with 90 million customers and roughly $76 billion in daily trading volume, outpacing the U.S. crypto powerhouse Coinbase.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Enterprise

How I decided to leave the US and pursue a tech career in Europe

Melissa Di Donato moved to Europe to broaden her technology experience with a different market perspective. She planned to stay two years. Seventeen years later, she remains in London as CEO of Suse.

“It was a hard go for me in the beginning. I was entering inside of a company that had been very traditional in a sense.”

Photo: Suse

Click banner image for more How I decided seriesA native New Yorker, Melissa Di Donato made a life-changing decision back in 2005 when she packed up for Europe to further her career in technology. Then with IBM, she made London her new home base.

Today, Di Donato is CEO of Germany’s Suse, now a 30-year-old, open-source enterprise software company that specializes in Linux operating systems, container management, storage, and edge computing. As the company’s first female leader, she has led Suse through the coronavirus pandemic, a 2021 IPO on the Frankfurt Stock Exchange, and the acquisitions of Kubernetes management startup Rancher Labs and container security company NeuVector.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Enterprise

UiPath had a rocky few years. Rob Enslin wants to turn it around.

Protocol caught up with Enslin, named earlier this year as UiPath’s co-CEO, to discuss why he left Google Cloud, the untapped potential of robotic-process automation, and how he plans to lead alongside founder Daniel Dines.

Rob Enslin, UiPath's co-CEO, chats with Protocol about the company's future.

Photo: UiPath

UiPath has had a shaky history.

The company, which helps companies automate business processes, went public in 2021 at a valuation of more than $30 billion, but now the company’s market capitalization is only around $7 billion. To add insult to injury, UiPath laid off 5% of its staff in June and then lowered its full-year guidance for fiscal year 2023 just months later, tanking its stock by 15%.

Keep Reading Show less
Aisha Counts

Aisha Counts (@aishacounts) is a reporter at Protocol covering enterprise software. Formerly, she was a management consultant for EY. She's based in Los Angeles and can be reached at acounts@protocol.com.

Latest Stories
Bulletins