Cyberstalking involves the use of information and communications technology (ICT) to perpetrate more than one incident intended to repeatedly harass, annoy, attack, threaten, frighten, and/or verbally abuse individuals (UNODC, 2015; Maras, 2016). Perpetrators can engage in cyberstalking directly by emailing, instant messaging, calling, texting, or utilizing other forms of electronic communications to communicate obscene, vulgar, and/or defamatory comments and/or threats to the victim and/or the victim's family, partner, and friends, and use technologies to monitor, survey and follow the victim's movements (e.g. covertly inserting GPS tracking devices into cars, handbags and even children's toys; see Southworth and Tucker, 2007). Perpetrators can also engage in cyberstalking indirectly by causing damage to the victim's digital device (by, for example, infecting the victim's computer with malware and using this malware to surreptitiously monitor the victim and/or steal information about the victim) or by posting false, malicious, and offensive information about the victim online or setting up a fake account in the victim's name to post material online (social media, chat rooms, discussion forums, websites, etc.).
Cyberstalking involves a series of behaviours and actions over a period of time that are intended to intimidate, alarm, frighten, or harass the victim and/or the victim's family, partner, and friends. These behaviours and actions include (but are not limited to): flooding the user's inbox with emails; frequently posting on the user's online sites, pages, and social media accounts; repeatedly calling and/or texting the victim, leaving voicemails, and sending follower and friend requests; joining all online groups and communities the victim is a part of or following the victim's posts through acquaintances, colleagues, classmates, family members' or friends' social media accounts; and continuously viewing the victim's page (some websites log this information and inform the user when their page is viewed). Victims can be continuously watched, observed, and monitored by perpetrators with or without their knowledge on online spaces and/or offline spaces. The cyberstalkers' behaviours and actions cause victims to fear for their safety and well-being, and depending on the cyberstalker's actions, this fear could extend to the safety and well-being of the victims' families, partners, and friends.
Stalkerware, a form of spyware, can run on a victim's computer, smartphone or other Internet-enabled digital device and collect and relay all of the user's actions on these devices, from emails and text messages sent and received, to photographs taken and keystrokes (see Cybercrime Module 2 for applicable laws relating to spyware). Some commercial software enables perpetrators who use this malware on smartphones to remotely switch on cameras and microphones, track the location of users and app usage, and intercept calls.
Cyberharassment involves the use of ICT to intentionally humiliate, annoy, attack, threaten, alarm, offend and/or verbally abuse individuals (Maras, 2016). Only one incident is needed for cyberharassment to occur; however, it can involve more than one incident. Cyberharassment may also involve targeted harassment, where one or more persons work together to repeatedly harass their target online over a finite period of time (often a brief period of time) to cause distress, humiliation, and/or to silence the target.
Internet trolls "post…highly offensive and inflammatory remarks online in order to provoke an emotional reaction and response from other users" (Maras, 2016, p. 255). Internet trolls whose identities have been revealed have experienced real-world repercussions (i.e., they have lost their jobs). A now infamous Internet troll in the United States, Michael Brutsch (a.k.a., violentacrez), known for his creation and moderation of forums on reddit ("subreddits") titled "r/jailbait," "r/rapebait," "r/misogyny" and "r/chokeabitch," was fired from his job after his identity was revealed (Holpuch, 2012; Adams, 2012).
A CNN interview with Internet troll Michael Brutsch is available online.
The perpetrators of cyberharassment can hack into the victim's account and steal the victim's personal information, images, and videos. An infamous case of cyberharassment involved Martin Shkreli, a former Turing pharmaceutical executive convicted of securities fraud in the United States, who is widely known for price-gouging a life-saving drug. Shkreli cyberharassed a magazine ( Teen Vogue) contributor, Lauren Duca, on Twitter (Hunt, 2017). At one point, Shkreli changed his Twitter profile picture to a modified image of Duca and her husband (Shkreli superimposed his face on her husband's body), and added a collage of pictures of Duca he had obtained online and through social media platforms, with the words "for better or worse, till death do us part, I love you with every single beat of my heart" on his Twitter page (ABC News Australia, 2017). She criticized Shkreli for his acts on her Twitter page and received threats from strangers that they would hack into her account and post nude images of her online. After Duca sent a tweet about this harassment to the CEO of Twitter, Shkreli's account was suspended.
Cyberharassment can also involve the posting or other distribution of false information or rumours about an individual to damage the victim's social standing, interpersonal relationships, and/or reputation (i.e., a form of cybersmearing). This false information is posted on websites, chat rooms, discussion forums, social media, and other online sites to damage the reputations of people and businesses. Offenders can also impersonate victims by creating accounts with similar names and, by making use of existing images of the victims, use these accounts to send friend and/or follower requests to victims' friends and family members to deceive them into accepting these requests (a form of online impersonation). The acceptance of these requests grants the perpetrators access to the accounts of victims' friends and families, and by extension, access to the victims' real accounts.
Internet users have also practiced what is known as human flesh search engine, a Chinese term used to describe online users working together to identify a target and perpetrate coordinated online abuse against the target. These individuals can select their targets based on real or perceived immoral, uncivilized, illegal or otherwise unjustified acts (at least according to the group). A case in point is a Chinese teenager who was subjected to online abuse following accusations that he carved his name and stated he "was here/ paid a visit here" on ancient ruins while on vacation in Egypt (Lyons et. al, 2016; Coonan, 2013). His personal information and school address were posted online (a form of doxing) and he was subjected to pervasive online shaming and abuse. He experienced what is known online as dogpiling (or a "pile on"), where users within an online space bombard victims with offensive, insulting, and threatening messages to silence the target, force them to take back what they said and/or apologize, or to force them to leave the platform. This tactic has been practiced by Internet users all over the world.
Article 8 of the European Convention on Human Rights protects personal information that individuals justifiably expect not to be published without their consent ( Flinkkilä and Others v. Finland, 2010; Saaristo and Others v. Finland, 2010). This type of information, for example, is a person's full name ( Kurier Zeitungsverlag und Druckerei GmbH v. Austria, 2012) and home address ( Alkaya v. Turkey, 2012). Therefore, doxing, the publication of personal and identifying data about a user online, would be considered a violation of Article 8 of the European Convention on Human Rights.
No multilateral and regional treaties exist that cover cyberstalking and cyberharassment. Some countries do have national laws that directly cover one or more of these cybercrimes: for example, Pakistan's Prevention of Electronic Crimes Ordinance of 2007, and Nigeria's Cybercrime Act of 2015, criminalize cyberstalking; and Singapore's Protection from Harassment Act of 2014, proscribes cyberharassment.
In Uganda, a human rights activist, Stella Nyanzi, was charged pursuant to the Computer Misuse Act of 2011, and subsequently detained for allegedly cyberharassing President Museveni because she called him a "a pair of buttocks" in a Facebook post, and criticized the First Lady and Minister of Education, Janet Museveni, on social media for failing to follow through on a promise to provide sanitary pads to girls in schools due to budgetary restraints. Stella Nyanzi stated "What sort of mother allows her daughters to keep away from school because they are too poor to afford padding materials that would adequately protect them from the shame and ridicule that comes by staining their uniforms with menstrual blood? What malice plays in the heart of a woman who sleeps with a man who finds money for millions of bullets, billions of bribes, and uncountable ballots to stuff into boxes but she cannot ask him to prioritise sanitary pads for poor schoolgirls? She is no Mama! She is just Janet!" (Akumu, 2017).
Instead of laws specifically covering cyberstalking and cyberharassment, most countries use stalking and/or harassment laws to prosecute the perpetrators of these cybercrimes. In the United Kingdom, cyberharassment can be prosecuted under the Protection from Harassment Act of 1997 or the Malicious Communications Act of 1988. Furthermore, in the absence of specific laws to address cyberstalking and cyberharassment, many countries have national laws that can be used to address some aspects of these cybercrimes, such as blackmail; extortion; insults; threats; incitement to crime, violence and/or hatred; malicious communications; indecent exposure; invasion of privacy; defamation; online impersonation; fraud; identity theft; hacking; and other related crimes and cybercrimes (European Parliament Policy Department for Citizens' Rights and Constitutional Affairs, 2016; Cassim, 2013). In Australia, cyberstalking can be captured under individual state and territory stalking laws (see, for example, Crimes Act 1958 (Vic) s 21A(2); Crimes (Domestic and Personal Violence) Act 2007 (NSW) s 13; Criminal Law Consolidation Act 1935 (SA) s 19AA, among others) and under the federal Criminal Code 1995 (Cth) s 474.17, where it is a criminal offence to use a carriage service to menace, harass or cause offence.
Some countries, such as Singapore (the Protection from Harassment Act of 2014) and the United Kingdom (Malicious Communications Actof 1988), have laws that could be used to prosecute Internet trolls. For example, a resident of the United Kingdom, Sean Duffy, posted offensive videos, images, and comments, about dead teenage victims on their Facebook tribute pages (Morris, 2011). He was successfully prosecuted under the Malicious Communications Actof 1988. By contrast, in the United States, Internet trolls cannot be prosecuted unless they engage in unprotected speech (speech not protected under the First Amendment of the United States Constitution, such as communicating a true threat to the victim, inciting violence, false statement of facts, and obscene speech (Maras, 2015; Maras, 2016)
International cooperation is not a widespread practice for these cybercrimes. The cyberstalking campaign of a Singaporean national Colin Mak Yew Loong against women and men in the United States, Ukraine, Singapore and Germany exemplifies this (Quarmby, 2014). For one of his victims in the United States, it took approximately eight years for Loong to be prosecuted for his relentless cyberstalking campaign against her which derailed her career, caused her reputational harm, and drained her finances. He was sentenced to three years imprisonment for his cybercrimes.