Unmasking Internet Trolls. Harassment and blackmail on the internet
- Hits: 8287
Cohen Davis has won in the case of Phipps v Britton an apology and substantial damages from a web developer and his company Origin Design Ltd after they defamed, harassed and cyberbullied our client in a series of websites they created about him. This was a case where the victim felt he had been blackmailed on the internet to settle a debt. The apology took the form of a statement in open court read before His Honour Judge Moloney QC on Wednesday 20 May 2015.
Discovering the identity of internet commentators who post abusive and defamatory content online and who use an anonymous identity to defame you or your business, is often a hugely challenging, if at times impossible task and one that continues to be a global problem for victims of such internet abuse. The police in any jurisdiction will typically be very limited in being able to assist in circumstances of anonymous internet abuse and from our experience we have seen that such complaints usually go unanswered.
The police are in most cases unable to investigate complaints of online harassment, defamation, or breach of privacy as they simply lack the technical expertise and human and financial resources to track down the true identity of those internet users (or ‘trolls’) who are responsible for such abusive content. Campaigns of online abuse, harassment and defamation will typically include one or more foreign jurisdictions and involve an author or publisher of abusive content who will more often than not take deliberate measures to avoid his or her detection.
To stand any chance at all of identifying such internet abusers yourself, you would need to have superior technical knowledge of the internet and a practical and balanced understanding of the multi-jurisdictional laws that might apply.
A recent case between a professional web developer and his customer (our client), demonstrates some of the challenges you might face: Following a dispute over £150 or so, the web developer, who owns the marketing and web design company Orgin Design, took it upon himself to seek retribution by creating an online campaign of defamation, abuse and harassment against his former trusting customer. This was effectively a case where the victim felt he had been blackmailed by the web developer on the internet so that he settles a debt after the web developer filed a claim in the County court at around the same time he had created the intimidating websites against his own client.
Using his in-depth knowledge and understanding of computing, SEO and of the internet, the web developer who founded Origin Design Limited in 2000, created a permanent record of the extremely defamatory and abusive content about his former customer, believing he will never get caught. The content manifested itself in many ways including libellous comments on review websites and forums and a whole website dedicated specifically to his victim, which carried the full name of the customer as its URL address. This website contained supposed admissions from the customer of offences no less severe than the customer being a paedophile and sex offender and displayed on the front page, in full view a large image of the customer with a warning to readers.
As if that wasn’t already enough, the web developer then made sure to include the customer’s home address so as to expose him to misguided personal physical attacks. To then achieve the highest possible level of damage to his customer’s reputation, the web developer put into practice his professional knowledge and expertise in Search Engine Optimisation (“SEO”) to direct as many readers to the page as possible. To avoid detection, the web developer purchased the website’s domain name using false credentials. He also submitted false information to the Arizona, USA based hosting company, GoDaddy. The web developer paid for GoDaddy’s services using a Paypal account rather his credit card in a deliberate attempt to try to avoid leaving any ‘digital footprints’ of his involvement. Very early on in our investigations into this matter, we realised that we were dealing with someone who had a deep and thorough understanding of the internet.
Initially, finding watertight evidence against the web developer seemed like it would be impossible. Obtaining IP addresses is helpful in directing an investigation, but such addresses can only point as far as a property address and/or household, and not to a specific individual. We did manage to trace the offending IP address to, yes, Origin Design premises. We asked the police to arrest the web developer, but in his police interview he denied personal involvement and claimed the offender could be any one of his employees. So, even after we obtained and shared with the Metropolitan Police, Domain Name Server (“DNS”) evidence linking the defamatory website to the web developer’s company, Origin Design Limited, the web developer was still able to deny any responsibility for it by claiming that the defamatory website had been created by one of the company’s employees. The police had no choice but to release the web developer on bail forcing our team to search for further evidence to link the web designer directly to the defamatory websites.
Faced with this challenge we quickly issued subpoenas in the United States to order GoDaddy and PayPal to hand over every piece of information they had on their user. The web developer worked hard to avoid leaving any digital footprints that could be traced back to him, but what ultimately enabled us to expose him as the author and publisher of the defamatory website, was a digital recording of a short telephone conversation between him and GoDaddy. With GoDaddy’s cooperation, we obtained the complete audio recording of the conversation in which the web developer is heard confirming his account password. The password happened to also be the first 4 digits of his date of birth and this clue, together with the DNS records and other evidence, was eventually enough to warrant the web developer’s re-arrest. He was subsequently charged with and convicted in the Crown Court of harassment of his former customer.
He was handed a prison sentence, suspended for 12 months and ordered to pay his victim more than £10,000 in compensation. Following his conviction in the criminal court, we issued civil proceedings against the web developer for defamation where again we secured for his victim substantial amount of compositions and damages as well as a public apology and payment of his legal costs. In short, the case highlights just how challenging it can be to obtain the true identity of the person responsible for abuse on the internet. Were it not for his altogether minimal oversights in covering his tracks, our team’s experience in analysing forensic evidence and his victim’s perseverance, his identity could to this day still have been a mystery and his victim could have continued to suffer sadistic abuse and harassment online.
The case serves also as an important reminder of dealing with online defamation and abuse quickly. Although each case is different, time will always of the essence in investigating the identities of unknown and anonymous internet users, particularly because of the limited amount of time internet companies such as GoDaddy might keep their users’ voice recordings before destroying them.