Utah Politician Looking To Tackle Doxing, DoS Attacks And Swatting With New Slate Of Cybercrime Amendments

from the as-usual,-bill-has-arrived-in-completely-unfinished-state dept

Wed, Feb 3rd 2016 8:29am — Tim Cushing

Three of the Four Horsemen of the Internet Apocalypse (*Revenge Porn not included) are being targeted by Utah legislator David Lifferth with a package of amendments to the state's cybercrime statutes.

Utah Representative David E. Lifferth (R) has filed House Bill 225 which modifies the existing criminal code to include cyber crimes such as doxing, swatting and DoS (denial of service) attacks. According to the amendments, these crimes can now range anywhere from misdemeanors to second-degree felonies.

As is often the case when (relatively) new unpleasantness is greeted with new legislation, the initial move is an awkward attempt to bend the transgressions around existing laws, or vice versa. Lifferth's is no exception. As GamePolitics points out, only one of the new crimes is specifically referred to by its given name: DoS attacks. The other two can only be inferred by the wording, which is unfortunately broad.

Swatting becomes:

[making] a false report to an emergency response service, including a law enforcement dispatcher or a 911 emergency response service, or intentionally aids, abets, or causes a third party to make the false report, and the false report describes an ongoing emergency situation that as reported is causing or poses an imminent threat of causing serious bodily injury, serious physical injury, or death; and states that the emergency situation is occurring at a specified location.

It's the stab at doxing that fares the worst. In its present form, the wording would implicate a great deal of protected speech. This is the wording Lifferth would like to add to the "Electronic communication harassment" section.

electronically publishes, posts, or otherwise makes available personal identifying information in a public online site or forum.

Considering it's tied to "intent to annoy, alarm, intimidate, offend, abuse, threaten, harass, frighten, or disrupt the electronic communications of another," the amended statute could be read as making the publication of personal information by news outlets a criminal activity -- if the person whose information is exposed feels "offended" or "annoyed." Having your criminal activities detailed alongside personally identifiable information would certainly fall under these definitions, which could lead to the censorship (self- or otherwise) of police blotter postings, mugshot publication or identifying parties engaged in civil or criminal court proceedings.

It also would to make "outing" an anonymous commenter/forum member/etc. a criminal act, even if the amount of information exposed never reaches the level of what one would commonly consider to be "doxing." Would simply exposing the name behind the avatar be enough to trigger possible criminal charges?

While it's inevitable that lawmakers will have to tangle with these issues eventually, it's disheartening to see initial efforts being routinely delivered in terrible -- and usually unconstitutional -- shape. We expect our legislators to be better than this. After all, it's their job to craft laws and to do so with some semblance of skill and common sense. If nothing else, we expect them to learn something from previous failures to pass bad laws, whether theirs or someone else's.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybercrime, david lifferth, dos attacks, doxing, doxxing, swatting, utah

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That Anonymous Coward (profile), 3 Feb 2016 @ 8:49am

I await the fallout
Someone ends up posted on a mugshots site and sues the site, the cops & the state for doxing them.
[ link to this | view in chronology ]
- Anonymous Coward, 3 Feb 2016 @ 12:42pm
  
  Re:
  and maybe they should be
  [ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2016 @ 8:51am

More laws - that will certainly fix the problem.
[ link to this | view in chronology ]
- Anonymous Coward, 5 Feb 2016 @ 3:01am
  
  Re:
  Isn't that the one about doubling every 18 months :)
  [ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2016 @ 8:54am

Imagine what this would do to Wikipedia's sockpuppet-finders. They'd have to rely on a defense of "we didn't intend to annoy him" which is not a defense I'd ever want to have to take into court. And the prosecution could still argue that it was intended to "disrupt his electronic communications" since a violation if Wikipedia policy would result in a ban.
[ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2016 @ 9:09am

Solving the wrong problem
Instead of criminalizing SWATting (or increasing penalties in cases where it's already illegal), they'd be better off amending the rules & regulations so that false reports that today result in a SWATting will not be so destructive. This comes in two parts: first, require that the 911 dispatcher receive enough information that they can recognize grossly false reports (a VoIP call from a provider that doesn't even do business in your state probably isn't actually reporting personally-observed gunfire); second, discourage the cops from taking a shoot-first, ask-questions-never policy.
[ link to this | view in chronology ]
- Deatives, 16 Nov 2016 @ 8:22pm
  
  Re: Solving the wrong problem
  I agree that might be a better solution. Obviously VoIP calls or IP Relays (people register fraudulent accounts pretending to be deaf, use them to swat) should require a lot more information than lets say a call from a cell phone that's sending GPS info. Also better police training on dealing with hoaxes is necessary, maybe put a "possible hoax" marker on their computer screen or whatever. There are a many possible solutions to deal with the issue.
  [ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2016 @ 9:23am

Can Utah negotiate the International treaties, and make and receive the extradition requests needed to enforce such laws?
[ link to this | view in chronology ]
- staatstrojaner, 5 Feb 2016 @ 1:53am
  
  Re: "evidence"
  the cool part is that you can plant evidence on any device around those "crimes"
  
  it would be funny to have EVIDENCE
  in David E. Lifferth android/cellphone/phablet/laptop/car
  that at the same time he was in a hotel with his mistress
  he was also
  -steering a swarm of botnets to DOS attacks some US business websites,
  -voip calling 911 to deliver some swatting
  -and buying and watching CP videos in thailand
  
  Some governments LIKE GERMANY have been proven (CCC) to use taxpayers money to buy trojan software that allows to plant/manipulate evidence in any digital device...
  [ link to this | view in chronology ]
  - Anonymous Coward, 5 Feb 2016 @ 1:58am
    
    Re: Re: "evidence"
    https://ccc.de/en/updates/2011/staatstrojaner
    [ link to this | view in chronology ]
sparrow, 3 Feb 2016 @ 12:40pm

Anonymity
I for on, am behind making it a crime to match a name with an avatar.
[ link to this | view in chronology ]
- sparrow, 3 Feb 2016 @ 12:41pm
  
  Re: Anonymity
  The rest is pure crap though.
  [ link to this | view in chronology ]
- tqk (profile), 4 Feb 2016 @ 9:20am
  
  Re: Anonymity
  I for [one], am behind making it a crime to match a name with an avatar.
  
  I'd rather we used some common sense here. If outing them leads to ridicule, tough. Don't be an asshole. However, if outing them leads to knuckle-draggers (or the FBI) finding out who squealed on them (like John Kiriakou), that's a problem.
  [ link to this | view in chronology ]
Jim the Bear (profile), 3 Feb 2016 @ 2:24pm

A person is guilty of electronic communication harassment and subject to prosecution in the jurisdiction where the communication originated or was received if with intent to annoy, alarm, intimidate, offend, abuse, threaten, harass, frighten, or disrupt the electronic communications of another, the person:
...
electronically publishes, posts, or otherwise makes available personal identifying information in a public online site or forum.

This reads to me that it has the potential to make interacting with anyone who is using their real name a crime, regardless of whether that person was willingly using their real information or not. Also, it doesn't seem to have any caveats for someone who publishes their own information willingly (by Facebook for example), meaning FB could functionally be illegal to use in Utah if this passes.
[ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2016 @ 5:52pm

Swatting: Knowingly and intentionally making false calls to emergency services.
Doxxing: Knowingly and intentionally revealing private details about someone's life in a public manner without their consent.
(D)DOS attacking: Knowingly and intentionally flooding a service with requests that are misrepresented or are not intended to be followed through with.
Revenge porn: Knowingly and intentionally revealing private and explicit details of a person in a public manner without their consent.

Why do lawmakers always have to make these things so complicated? These are probably covered by existing laws, probably long before the Internet was widely available.

Like in Australia, everytime a cyber-bullying case happens, people call for new anti-cyber-bullying laws. They conveniently ignore the fact there is ALREADY anti-cyber-bullying laws in the Telecommunications Act. Just like with patents, adding "on a computer" or "on the Internet" seems to warrant a whole new law.
[ link to this | view in chronology ]
Wendy Cockcroft, 4 Feb 2016 @ 5:59am

When well-meaning lawmakers get to work on legislation to improve online life, shouldn't they be asking people who actually know what they're on about for help so that the end result has a reasonable chance of being effective?
[ link to this | view in chronology ]
- tqk (profile), 4 Feb 2016 @ 9:32am
  
  Re:
  ... so that the end result has a reasonable chance of being effective?
  
  I'd settle for not needlessly or callously endangering anyone, and worry about effective later. The law can be a very blunt instrument as shown by trying to shoehorn "SWATting" and "doxxing" into existing law.
  [ link to this | view in chronology ]
Drew Curley, 8 Feb 2016 @ 1:53pm

Eagle Mountain Resident - He is not properly representing us
This guy is the elected rep for our part of Utah, and we are actively trying to get rid of him. Nothing but problems, and he's trying to go for a Senate seat. Not on my watch.
[ link to this | view in chronology ]