The federal government has wasted no time in crab-walking away from its panic-driven promise to criminalise doxxing.
In the uproar over the public identification of 600-plus members of the “J.E.W.I.S.H. Australian creatives and academics” WhatsApp group, Prime Minister Anthony Albanese announced that anti-doxxing laws would be fast-tracked.
Attorney-General Mark Dreyfus confirmed that the government would be creating new criminal offences that would “potentially carry a jail sentence”. It would be designed “to capture any publication for malicious purposes of someone’s private or personal information without their consent”.
That was clear and terrifying, causing me and other commentators to point to it as an example of the principle that panic makes for bad law.
The government has now issued its call for public consultation, and it appears panic has been replaced by embarrassment.
Dreyfus’ department has provided a proposed definition of doxxing. Most interesting, however, is what is missing: any mention of crime. The promised new criminal offence has fallen down the back of the legislative couch.
Instead, the “proposed reforms” the government wants us to consider have been restricted to “privacy protections”. These specifically include further privacy law reforms to protect personal information from online exposure — as well as “a new statutory tort for serious invasions of privacy [which] would allow individuals to seek redress through the courts if they have fallen victim to doxxing” (a whole new idea, which must have been left by accident on the brain-storming whiteboard).
Why no crime? Because, as I’ve said, it simply isn’t needed. It is good that the government has realised this, but it gets no credit for killing something it should have never initiated.
A tort is a legal cause of action for a wrong. The notion of someone being able to sue for damages if they’ve been maliciously doxed isn’t a bad one; the government’s suggestion is, however, weird, because a tort of invasion of privacy already exists.
It’s a creature of the common law, not statute. It’s been around since 2001, at least in theory. That year, the High Court gave judgment in the case of ABC v Lenah Game Meats, which regarded whether the ABC could broadcast footage illegally filmed inside a possum abattoir.
While giving the ABC a green light, the court said that it was a good time to confirm that the law should recognise a cause of action for invasion of privacy, in circumstances where an individual has a reasonable expectation of privacy and that is infringed (the abattoir, being a company, had no such right).
That seemed like a really good idea, even with the internet in its infancy and camera phones not yet a thing. A classic case would be what happened to Princess Diana: being photographed by a paparazzo through the windows of her gym.
However, it’s never really taken off. There have been only a few decided privacy invasion cases in Australian courts, none in superior courts. Nevertheless, the High Court said the right exists, so it does. Doxxing — when it involves a genuine and intentional invasion of personal privacy — is an example of what it should protect against. If it has caused the victim harm (which could be financial, reputational or personal), then they have a cause of action.
An argument could be made for creating a statutory tort, on the basis that the common law position isn’t sufficiently clear, but I see no indication that that’s been contemplated. It looks a lot more like a random thought bubble.
As for the proposed definition of doxxing, it has already scared the horses by its extreme width. They’ve identified three types: de-anonymising doxxing (revealing the identity of someone who was previously anonymous); targeting doxxing (revealing information about a person that enables them to be contacted or located, or their online security breached); and de-legitimising doxxing (revealing sensitive or intimate information about someone that can damage their credibility or reputation, such as private medical records or private messages).
As journalists have commented, if all of that was made illegal, they might as well criminalise journalism itself. It would be an outrageous act of mass censorship, completely unworkable in practice and probably unconstitutional anyway.
However, the panic is misplaced, rather like the panic that triggered all this activity in the first place. The proposed definition of doxxing has no significance in itself; what matters is the legal framework into which it is going to be inserted. Since it seems there’s no longer a doxxing crime on the table, there’s nothing to worry about from that perspective.
If the mooted new civil cause of action was crafted to allow people to sue any time they were the victims of doxxing under this draft definition, then, yes, that’d be insane too. However, I have no idea what if any connection the government plans to make between these two concepts, and its discussion paper doesn’t say.
In fact, as far as I can see, the definition is intended to go nowhere at all. It may be just a bait and switch: while we all exercise ourselves in an abstract argument about what does or doesn’t constitute “doxxing”, the government can get on with its slow drift towards some mild privacy reforms that won’t add much to the considerably beefed up eSafety regime it’s already implemented, then declare the job done.
It’s all a rather frustrating demonstration of the difference between this government and its predecessor. The latter treated law as a branch of politics and consequently made stupid laws; this former gravitates more to good law-making but by a frequently disingenuous route.