Tackling online impersonations

OVER the course of this month, two cases of Facebook impersonation have been reported. The first impersonation was reported by Dyana Sofya Mohd Daud who is political secretary to DAP parliamentary leader Lim Kit Siang. Dyana found a Facebook page that had used her name and image and purported to represent her. After only three weeks, the page already had 250 friends.

The second case involved Umno deputy president Tan Sri Muhyiddin Yassin. At the height of the recent party elections, Muhyiddin, who is also deputy prime minister, had to announce that it wasn’t he who had posted a statement on a Facebook account about vice-presidential candidate Datuk Mukhriz Mahathir. That statement, which was untrue, claimed that the Umno disciplinary committee had taken action against Mukhriz.

Both Dyana and Muhyiddin have since lodged reports with the Malaysian Communications and Multimedia Commission (MCMC). Dyana also lodged a police report. Do these two cases constitute identity theft or are they just impersonations that cannot be regarded as a crime? Who else has been subject to such online impersonations and what is being done about it?

Why fake it?

Fake accounts on Facebook and Twitter are nothing new. Fake celebrity or impersonator accounts are also not uncommon. If you search for “David Beckham” on Facebook for example, there are several different accounts. And only one is the footballer himself, as verified by Facebook. A search for “Rosmah Mansor” reveals numerous Facebook and Twitter accounts, none verified as the account of the prime minister’s wife.

The motivation for setting up a fake celebrity social media account varies greatly. Some fake accounts are set up by fans who genuinely want to ensure the world knows exactly what their idol is up to at every given minute of the day. Some are set up as fan bait to enable spammers to collect social media profiles. And sometimes it’s meant to scrape for personal data such as e-mail addresses which become exposed the moment you “friend” someone. Others exist to simply facilitate trolling.

Quite a number are set up as parody or satirical accounts, making fun of everyone from Steve Jobs to Satan. On Twitter, there are accounts that parody personalities like Lord Voldemort (@Lord_Voldemort7), Bill Clinton (@PimpBillClinton) and Queen Elizabeth II (@Queen_UK).

But some online impersonations are not about humour or satire. In 2012, Huffington Post journalist Bianca Bosker wrote about how her Facebook impersonator creepily tried to “friend” her. In the case of Dyana and Muhyiddin’s fake Facebook identities, it could be cybertroopers at work, but there is no clear evidence of that at the moment.

Verification

So, what is being done about online impersonations? The good news is social media companies are starting to clamp down on fake accounts. Twitter already has a verification process where certain accounts are tagged as “Verified Account” and carry a badge of authenticity. The only problem with Twitter’s verification process is that a Twitter account holder currently can’t apply for verification. Twitter will contact you if it decides to and no amount of writing to them will result in a response about verifying your account.

In May 2013, Facebook also introduced a verification process for certain accounts of “celebrities, journalists, government officials, popular brands and businesses” with large audiences. Facebook says this feature will soon roll out to profile pages as well.

Bosker’s Facebook account, like Beckham’s official account, is now a verified account. Facebook is clearly well aware that impersonation on Facebook is a fairly common occurrence — reporting a fake account is one of Facebook’s FAQs.

However, the motivation for this move appears less to do with privacy and more with profits. Fake accounts create problems when it comes to accurately serving up ads on Facebook. It also makes it difficult for fans of a celebrity or a business to connect with their intended target and vice versa, hence reducing Facebook’s relevance to celebrities and businesses for brand building.

This move appears to be part of Facebook’s overall attempt to purge “fakes” from its site, including fake “Likes” and accounts. It may also have something to do with the race amongst social media companies to become the platform for online identity verification. This online identity verification lets social media identities be used to sign into everything from e-mails to e-commerce sites.

Is impersonation identity theft?

At this stage, impersonating someone on social media alone would not be grounds for identity theft. In most jurisdictions, the impersonation must be linked to a fraudulent commercial activity and is usually linked to the theft or forgery of unique or government-issued identification such as a driver’s license, social security number or credit card. India’s Information Technology Act expands identity theft to include electronic signatures and passwords and also mentions a “unique identification feature” which suggests identification documents.

Posing as someone on Facebook is not considered identity theft yet, although it may constitute a crime under the very broad scope of improper use of network facilities or network service, as per Article 233 of Malaysia’s Communications and Multimedia Act 1998. Article 233 states that it is an offence to knowingly make, create or solicit and transmit “any comment, request, suggestion or other communication which is obscene, indecent, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass another person.” So, apart from finding a culprit to charge, the authorities must also prove the above intent if any action is to be taken in the Dyana and Muhyiddin cases.

What then?

Apart from reporting the matter to the police and the MCMC, Dyana also reported the existence of the impersonator account to Facebook. She could ostensibly now seek to have her legitimate Facebook account verified although Facebook may not necessarily entertain the request. The political secretary of a Member of Parliament (MP) would certainly not fall under Facebook’s verification criteria for “celebrities, journalists, government officials, popular brands and businesses”. If the MP was a minister, then only would his or her political secretary be regarded as a government official.

And it appears that Facebook regards opposition politicians with less importance. Prime Minister Datuk Seri Najib Razak’s Facebook and Twitter accounts have both been verified. However, neither opposition leader Datuk Seri Anwar Ibrahim nor Lim have their Facebook accounts verified. Anwar’s Twitter account is verified though.

That cannot be reassuring for someone like Dyana. Malaysians live in circumstances where their social media interactions such as tweets and status updates could give rise to criminal liability, specifically sedition. So Dyana’s concerns about being impersonated are legitimate given the political climate.

Equally, social media users in Malaysia need to be more aware of online impersonations and fake accounts. This is because responding to an online impersonator who is simply out to troll could get them into real legal trouble. Learning how to spot a fake Facebook or Twitter account would be wise, especially if you’re someone who can’t help but respond to a provocative remark online.

For the time being, it would seem that public personalities in Malaysia have only two courses of action when confronted with an impersonator social media account. If they want to protect their identity from being used by others, alerting the public or their constituency about the false Facebook or Twitter account is one move they could take. And in order to protect themselves from potential criminal charges, lodging a police report seems to be the only course of action they can take.

---

Bernice Low used to blog for CNET Asia. When not skewering someone in her blog, she’s busy dreaming up Hollywood blockbuster movies in her other life as a screenwriter.