Catfishing as a Form of Cyberbullying

Posted by Justin W. Patchin on February 7, 2013

“Catfishing,” at least in the online world, refers to the practice of setting up a fictitious online profile, most often for the purpose of luring another into a fraudulent romantic relationship.  The Urban Dictionary defines a “catfish” as: “someone who pretends to be someone they’re not using Facebook or other social media to create false identities, particularly to pursue deceptive online romances.”  So, to “catfish someone” is to set up a fake social media profile with the goal of duping that person into falling for the false persona.  And if this has happened to you, you my friend have been “catfished.”

Of course people have been falsifying information online for decades and users have been putting fake information on social media profiles at least since MySpace launched in 2003, probably before.  This became more widely known as catfishing after a 2010 documentary film highlighted the real-world ramifications of online relationships.  In late 2012, MTV launched a reality TV show to capitalize on the interest in this activity.

A few weeks ago Notre Dame football star Manti Te’o became the poster child for catfishing when he was the apparent subject of one’s online angling.  As a public figure, with a prominent social media footprint he was a prime target.  Te’o developed an online relationship with someone he knew as Lennay Kekua.  It is difficult to know how deep the relationship was, but he did refer to her as his “girlfriend” and mentioned repeatedly that he loved her.

Te’o amassed a wide following when it was learned that his grandmother and girlfriend (Kekua) died on the same day early in the 2012 football season.  As a Michigan State football fan, I became interested in the Te’o story because his inspired performance during his first game after the deaths led to a crushing defeat of my beloved Green and White. Soon, it seemed, much of America was watching Te’o and the Fighting Irish.

While it has been confirmed that his grandmother did in fact die, his girlfriend did not. Media investigations revealed that she had never existed in the first place.  In mid-January the sportsblog Deadspin broke the story that Kekua was a fictitious online persona created by a friend of Te’o's.  From the information we currently know, it appears most likely that Te’o was an unsuspecting victim, though some question his innocence and suggest this was all just an elaborate publicity stunt. In a statement released to the media, Te’o has maintained that he was a target: “To realize that I was the victim of what was apparently someone’s sick joke and constant lies was, and is, painful and humiliating.”  Whether a victim or a co-conspirator, the Te’o tribulations have led to renewed interest in a form of cyberbullying that has been perpetrated against others for many years.

Catfishing as Cyberbullying

Misleading another on social media with the intent to cause harm is not new.  In 2006, 13-year-old Megan Meier began an online relationship with a boy she knew as Josh Evans. For almost a month, Megan corresponded with this boy exclusively online because he said he didn’t have a phone and was homeschooled.  One day in October of that year, Megan received a message from Josh on her MySpace profile saying “I don’t know if I want to be friends with you any longer because I hear you’re not nice to your friends.”  This was followed by bulletins being posted through MySpace calling Megan “fat” and a “slut.”  After seeing the messages, Megan became distraught and ran up into her room.  A few minutes later, Megan’s mother Tina found her daughter hanging in her bedroom closet.  Though she rushed her daughter to the hospital, Megan died the next day.

Six weeks after their daughter’s death, the Meier family learned that the boy with whom Megan had been corresponding never existed.  Josh Evans (and his online profile) was created by Lori Drew, a neighbor and the mother of one of Megan’s friends.  She created the profile as a way to spy on what Megan was saying about her daughter. Drew was eventually acquitted in federal court for her role in Megan’s death.

Another, more extreme example, is the case of Anthony Stancl, a New Berlin, Wisconsin, 18-year-old who in 2009 impersonated two girls (“Kayla” and “Emily”) on Facebook.  He befriended and formed online romantic relationships with a number of boys in his high school (again, while posing and interacting as these two girls).  He then convinced at least 31 of those boys to send him nude pictures or videos of themselves.  As if that weren’t bad enough, Stancl – still posing as a girl and still communicating through Facebook – tried to convince more than half to meet with a male friend and let him perform sexual acts on them.  If they refused, “she” told them that the pictures and videos would be released for all to see.  Seven boys actually submitted to this horrific request, and allowed Stancl to perform sex acts on them, or they performed sex acts on him.  He took numerous pictures of these encounters with his cell phone, and the police eventually found over 300 nude images of male teens on his computer.  He was charged with five counts of child enticement, two counts of second-degree sexual assault of a child, two counts of third-degree sexual assault, possession of child pornography, and repeated sexual assault of the same child and received a 15-year sentence in prison in early 2010.

Misrepresenting Yourself

Anytime someone uses technology in a way that causes repeated harm to another, it can be classified as cyberbullying.  Setting up a fake online profile and communicating with someone for the purpose of tricking them into developing a romantic relationship – only to break up with or otherwise harm them – is wrong.  It also violates Facebook’s terms of service: “You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission” and “You will not bully, intimidate, or harass any user.”

That said, some people use pseudonyms or alter-egos online to safeguard their identity.  There are a lot of legitimate reasons for doing this and as long as your behaviors do not hurt others, or mislead them in a way that causes harm to them, this is probably just fine. It really comes down to intent: Are you masking your identity to protect yourself or to cause harm to others? It is one thing to be protective of your real identity for personal privacy reasons, but it is another thing entirely to create an alternative identity for the purpose of humiliating, harassing, or hurting someone else.

Some might argue that catfishing is harmless Internet fun and that people should know better than to enter into any significant relationship with another person they only know digitally. It is true that people need to take care not to put themselves into situations where they could fall for someone who doesn’t really exist.  However, that does not make it OK to use technology to mislead someone, and leads to a “victim-blaming” mentality that gets us nowhere.  To be sure, everyone needs to be skeptical and cautious when entering into online relationships.  Those who do should consider using Skype, Facetime, or some other video-chatting service that will allow you to see and interact in real-time with the person you are communicating with. You should be suspicious if the other person continues to be hesitant about wanting you to see them in real life or online.  Also, don’t give out too much personal information, especially early on, and never go by yourself to meet someone in person who you only know from online. Go with a friend – or better yet a group of friends. They can protect you if something turns out to be not what it seems.

It is easy to be blinded by feelings of affection, especially when someone is giving you more positive attention than you have ever gotten from anyone else before.  Just remember to stop and think about the possibility that someone might be taking advantage of you and proceed with the utmost caution. As they say, if something (or in this case someone) seems too good to be true, it probably is.

Help With Fake Facebook Profile Pages

Posted by Justin W. Patchin on July 25, 2012

facebookImagine you receive an email from a friend that includes a link to a Facebook profile.  You click on the link and see your name and picture on the profile.  But you didn’t create it.  And some of the information included isn’t exactly flattering. In fact, it’s embarrassing, and malicious, and ruining your reputation.  Now what do you do? We regularly receive requests from people who find themselves, their kids, or their friends in this situation. The key in responding is to move quickly to gather information and to inform the proper authorities.

If you know who created the profile, ask them to remove it. Facebook has a social reporting tool that allows you to convey your disapproval, and ask that the content be removed, in a respectful way.  (You can read Larry Magid’s recent interview with Facebook’s Arturo Bejar where they discuss these options.)

If you don’t feel comfortable with that, or do not know who created it, you can report it to Facebook and it will be disabled while they investigate. If you do not have a Facebook account, you can report imposter profiles here. If the creator of the fake profile attempts to log into the account after it has been reported, Facebook will require the user to prove their identity and display a map that shows where they are at (thereby removing the veil of complete anonymity).  I think that is pretty cool! Facebook also educates the user about the consequences of identity theft. The company has developed numerous other tools to help you protect your information and reputation, including a form that allows you to request the records of an account that was impersonating you. Learn about and take advantage of all of these resources.

It is important that you collect as much information about the profile as you can before reporting it to Facebook.  Take screenshots (see our fact sheet here) or simply print out the profile and any related information.  Note the URL (web address) of the page because it includes the user ID (http://www.facebook.com/profile.php?id=1000000XXXXXXXX) or username (http://www.facebook.com/username).  Try to identify all of the people who are connected to the profile (friends or followers).  Collect as much information about them as you can.  It might help in determining who was behind the creation of the profile.

Overall, the more information you can gather, the more easily it will be to identify who is responsible, and hold them accountable, if necessary. Once the account has been disabled by Facebook, it will be more difficult for you to get the evidence you need.  And if the account creator deletes the account before you have a chance to report it to Facebook or collect the evidence, it can be impossible to obtain information about who created it. So move quickly to capture what you can.

If you believe that what was said or posted about you on the fake profile is of a criminal nature (e.g., a threat or a hate crime) or violates your civil rights (e.g., defamation of character or libel), contact local law enforcement so that they can investigate.  This is particularly important if you feel that your safety (or the safety of someone else) is in jeopardy.  The police are trained to determine whether information contained on the site could be viewed as a “true threat,” or if it violates the law in any other ways.  The first thing the investigating officer should do is complete a formal request to Facebook to preserve the page details and accompanying account information before they are deleted by the user who created the page.  Officers can do this even before a formal investigation has begun.  The sooner this is done, the better. There are more guidelines for law enforcement officers here.

Law enforcement can also assist you in obtaining a subpoena, which is a legal order that requires a person or entity named to show up at court or to produce documents or other information specified (that could be used as evidence in a trial).  While the specific procedures can vary by state, law enforcement officers can obtain a subpoena from a judge, county or state prosecutor, or other qualified attorney, once an investigation has begun.  Facebook regularly assists law enforcement in responding to subpoenas by providing information about the creator of the account, including their name, email address, date of birth, and some other account identifiers provided by the user when they signed up. Lawyers can also obtain a subpoena for the purposes of obtaining evidence to be used in a civil case.

With a court order (which can only be issued by a judge), law enforcement officers can get additional information from Facebook, including transactional logs such as intra-session IP addresses.  The IP address is the unique identifier that every online device is given.  With the IP address, law enforcement will be able to determine the Internet Service Provider (ISP).  Again using a court order, the officer will be able to obtain from the ISP the billing address and other subscriber information of the person involved.

If during the course of the investigation the officer determines that criminal charges are appropriate, they may obtain a warrant from a judge for the purpose of collecting even more information from Facebook, including the content of the pages (e.g., photos and comments). A warrant is another court order issued by a judge, but it must be accompanied by probable cause that the information requested is necessary for the purposes of investigating a crime. According to the Stored Communications Act: “A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication…only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure…” So without a warrant, Facebook has no obligation to provide the content of the pages. This is a good thing for those of us who use Facebook and other online environments appropriately and legally: Only when we are implicated in a crime should the content of our profiles be turned over to the government.

The differences described above between what information can be obtained through a request, a subpoena, a court order, or a warrant is determined somewhat by the company (Facebook in this case) but mostly by federal and state law. It largely depends on whether the information requested is the property of the company, the Internet Service Provider, or the customer. Technically, everything you post on Facebook is your property, though you give Facebook permission to use that information for certain purposes as a condition of using the site.

Some states include electronic communications in their impersonation or identity theft laws.  For example, it is a class A misdemeanor in New York if someone “Impersonates  another  by communication  by  Internet  website  or electronic  means  with  intent to obtain a benefit or injure or defraud another, or by such communication pretends to be  a  public  servant  in order to  induce another to submit to such authority or act in reliance on such pretense.” Consult with law enforcement or a local attorney to learn more about the specific laws in your state.

In many cases, however, fake profiles are created for a laugh and the persons responsible perhaps do not fully understand the consequences of their behavior.  This is especially true in incidents involving adolescents.  So if there is no clear threat or other evidence of criminal behavior, resist contacting the police and try to work through the problem informally, involving parents, schools, and other adults as appropriate.

That said, there have been many incidents where students have created profiles about educators or their classmates that have ended up in court.  Try to avoid this by proactively educating your children and students about these issues, and by creating a positive climate at school.  In that way, hopefully they will not participate in these behaviors and if someone else does create a fake profile about them, they will know what to do and will feel comfortable turning to an adult for help.

How young is too young for Facebook?

Posted by Justin W. Patchin on June 7, 2011

This is a common question I receive from many parents: “At what age should I give my child a cell phone or allow them to be on Facebook?” Of course this is not an easy question to answer since every child is different and parents themselves are probably in the best position to determine the most appropriate age. That said, I usually advise parents to think about allowing access to certain devices or web environments a little bit earlier than they might think is the right time. The issue really is that parents need to be the ones who introduce the technology to the child, not the youth’s peers. If parents wait too long or try to convince themselves that their child has no interest in Facebook, then odds are good that the child will learn about the site from a friend and set up a profile without the parent’s knowledge.

 

I recently spoke to a teacher who is a parent of a 5th grader who asked my opinion about whether her son should be on Facebook. I told her that it probably wasn’t a good idea. It is a violation of Facebook’s terms of use, and agree with them or not, parents shouldn’t encourage their children to break the rules. Thankfully there are many other emerging sites that are designed exclusively for tweens, such as togetherville, which interfaces with Facebook. Admittedly, it is difficult to get younger social networkers excited about these alternatives since “all of their friends are already on Facebook.”

 

And some data suggests that they are right: Consumer Reports recently reported that as many as 13% of Facebook’s American users are under the age of 13 (about 7.5 million kids). And half or more of the students I speak to Facebook hasn’t completely ignored their rules, however, as they reportedly remove tens of thousands of under-aged youth every day. Of course if a user lies about his or her age when setting up the profile, it is very difficult for Facebook to know whether someone is underage so they rely on reports of violators.

 

This leads to another question I get: “If I see a person on Facebook who I know to be under 13, should I report the user?” This too is a complicated question. My response used to automatically be “yes.” If they are violating the rules, they should not be on the site. I have tempered my response a bit in recent months, informed by insights from colleagues, educators, and Internet safety experts. In general, whether or not to report an under-aged user depends on whether you have a concern about them being on the site—based on what you know about the user and/or what you see on his or her profile. If you are worried that their activities on Facebook could lead to significant social, educational, physical, or other problems, then you have an obligation to report (to the site or the youth’s parents, or both). If you see a 12-year-old whom you know well who is on the site and they have their privacy settings adjusted so that all of their information is protected to the maximum extent possible, perhaps it isn’t necessary to report the user. You still might want to take the person aside and talk about some of the concerns you have (posting too much personal or identifiable information, meeting someone in real life who they only know online, including gossiping or harassing content, etc.) to encourage him or her to continue making good decisions about their online activities. As Larry Magid, tech journalist and internet safety advocate points out, changing the rules to allow younger users on Facebook would create opportunities for the site to incorporate protections that just aren’t in place when kids lie about their age. This is certainly a perspective that should be considered.

 

Overall, parents should provide gradual and guided access to technology. Maybe, for example, you give your son a cell phone at age 10, but to start the only persons he can call are mom and dad. After a couple of months if he demonstrates appropriate behaviors you can add selected others. Then add texting. Show him the cell phone bill every month so he knows his contribution to the family expenses. Stress that the phone is a privilege that can be taken away with misuse. If he makes a mistake, take a step back. If he is texting at the dinner table, explain to him why this is unacceptable. If he is talking to friends all hours of the night, confiscate the phone for a while. I suspect that if more parents were actively involved in encouraging the responsible use of technology, even at a relatively young age, there would be fewer and less serious problems later in their adolescent lives.

Felony harassment charges stemming from Craiglist posting

Posted by Sameer Hinduja on October 6, 2009

Recently, a case came up before the Missouri court involving a 40-year-old woman and a 17-year-old girl, with the former having been charged with felony harassment as she posted the girl’s personal contact information and photo on Craigslist in their subsection for individuals seeking “Casual Encounters” (you can imagine what that means).  To note, this is the first application of Missouri’s new cyberharassment and cyberbullying law, which went into effect in June of 2008 following the media coverage of Megan Meier’s suicide.

The defendant and her attorney claim this was simply a practical joke.  Her attorney also claims that had this same information been written on a bathroom wall, she would not have been charged.

I disagree with both of these assertions. First, there must be a line drawn as to what constitutes a practical joke, and that boundary was crossed when the defendant put the plaintiff at risk for actual, tangible harm.  Secondly, to compare the writing on a bathroom wall to posting on the Internet is preposterous when considering the differential size of populations that would view each. Third, I believe it is completely appropriate for a judge and jury to consider the reality of recent Craiglist-related victimizations when interpreting the content and context of this case.  Much like we don’t shrug off facetious statements about bombs in airports, we can’t shrug off the reality that the disclosure of personal information online can lead to serious harm offline.  Finally, minors are (and should be) afforded even greater protection from these types of actions.

Age- and identity-misrepresentation on the Internet

Posted by Sameer Hinduja on December 4, 2008

The New York Times last week asked me my thoughts on the Megan Meier case and online misrepresentation, and I thought I’d expand on my perspective here.  First off, we have to understand why this case drew so much attention.  It was because we have a vulnerable and depressed young girl basically driven to suicide by the malicious actions of an adult and her accomplices. The plot was thickened by the fact that the adult was the young girl’s neighbor, and that the actions were carried out through interaction on the most popular online social networking site at the time.  While other youth (sadly) have taken their life in part because of cyberbullying, this case inflames our emotions and sensitivities because of its nature, the relationship between the perpetrator and the victim, and because it is in-line with much of the sensationalism surrounding the dangers of youth Internet use.

When it comes to online misrepresentation, my thoughts differ from many others out there.  I personally don’t think this case has chilling effects for the way individuals participate in Internet-based interactions (for example, by creating fake online identities).  So many do it just for convenience and because they are not comfortable giving out their personal information because of spam or increasing their chance of victimization.  This is just how it is, and I agree with that general motivation.  Eventually we may see technology that allows for age- or identity-verification without the obvious negatives of providing that information, but some of the inherent benefits of Internet-based communication will then be diminished.

Finally, I should make clear that it is still quite easy to pose as a teenager or youth online.  We have no fully useful age- or identity-verification systems in place, although entities in the corporate sector  are furiously competing with each other to develop the best one and achieve widespread adoption.  We are definitely not there yet.  That said, social networking sites like Facebook and MySpace will deal with age- or identity-misrepresentation when it is brought to their attention, but traditionally very few would report it if they stumbled upon it.  Accompanying the notoriety of this case, perhaps the grave consequences stemming from Lori Drew’s misrepresentation will lead many more Internet users to step up and inform the authorities.