Skip to content

When Is Online Nastiness Illegal?

This article is part of the On Tech newsletter. You can sign up here to receive it weekdays.

Digital life has complicated an already tricky question: How can the authorities tell the difference between hateful or menacing rants that contain empty threats, and those that might lead to violence?

My colleague Nicole Hong, who writes about law enforcement and criminal justice, said it’s never been easy to draw this line, but social media has cranked up the volume of both political rhetoric and dangerous threats. That has challenged the police and the legal system in the United States to sort out what are simply words and what are red flags for a credible threat.

Nicole spoke with me about how law enforcement assesses online threats and what may have changed after the riot at the U.S. Capitol in January.

Shira: Where is the line between constitutionally protected speech and illegal threats?

Nicole: One question is whether the words are inciting others to violence. Another is: If you threaten someone with violence, would a “reasonable person” view that as a serious threat?

I imagine that most people who post hateful or threatening messages online don’t act on them. But sometimes posts are a precursor to violence, as we’ve seen with several mass killers and believers in the QAnon conspiracy theory. How do law enforcement and the criminal justice system tell the difference?

Law enforcement has really struggled with that for a long time, and it has only gotten more difficult with social media.

When there is threatening rhetoric online, law enforcement officials may wait to see if someone takes concrete action, like ordering bomb-making material, or commits an unrelated crime that gives them an opportunity to intervene. Or law enforcement might talk to the person about an online threat.

When online threats cross the line from protected speech to crimes is a largely unsettled area of the law, and there are so many people on the internet saying things that are violent or threatening.

Is part of the challenge that some people are more likely to post a menacing message online than threaten a member of Congress or the school principal on the phone or in person?

That’s right. Sources in law enforcement have told me that there has been an exponential increase in menacing rhetoric online. Look at any social media site and you can see how overwhelming it is for law enforcement to figure out who might be a risk for violence in real life and who is just ranting.

Should law enforcement have done more about the online threats of violence ahead of the Capitol assault in January?

There were so many posts that foreshadowed what would happen, but it’s still not clear whether there were individuals who should have been arrested solely for violent rhetoric.

Americans have constitutional protections for political speech. And many people in law enforcement told me that posting broad threats — let’s storm the Capitol or let’s overturn the election, for example — were most likely not specific enough to justify an arrest.

It’s all tricky. Now some people in Congress, law enforcement and the public are asking whether more should have been done to monitor or stop people in advance. Law enforcement officials have told me that the Capitol attack made them less willing to wait to see if someone who makes a violent threat online follows through with it.

You wrote this week about a man in New York who made threats against members of Congress after the Capitol riot but didn’t follow through and is being criminally prosecuted. Is that an example of lowering the bar for threats?

It’s unusual for someone to face criminal charges hinged solely on speech, and that’s why I wanted to write about it. A similar case in 2016 ended without a conviction for a man in Orange County, California, who had blogged about beheading members of the F.B.I. He said it was satire and constitutionally protected speech.

In this new case, the man’s lawyers say that he never bought any weapons or did Google searches for weapons, he had no plans to carry out violence and no one did so on his behalf. We’ll see how the jury assesses all of that.

Even if someone might not intend physical harm, verbal attacks can still feel threatening to the person on the receiving end.

Absolutely. That shows how the limits of the law diverge from the lived reality of people who are targeted.

The government has a very high bar to prosecute people and deprive them of their freedom for saying threatening things on the internet. Law enforcement tries to target the most specific violent threats. That leaves untouched a huge universe of rhetoric that victimizes people. That likely shifts the burden to internet companies to better police themselves.

  • The people were authentic, but their messages weren’t: Facebook has rules to prevent people from faking their identities online to coordinate and spread messages. BuzzFeed News reported on a company assessment after the Capitol attack that found that focusing on fake identities held Facebook back from taking action against real people who worked together to spread falsehoods about the election.

  • Fooled by a chain on the steering wheel: Using a weighted chain and a roll of tape, engineers with Consumer Reports easily circumvented a Tesla feature that is supposed to prevent people from using a driver assistance technology without anyone in the driver’s seat. The car drove itself on a closed test track. This would be illegal and dangerous on a public road.

  • Turning the tables on the criminals. A college student who is a computer security researcher found a glitch in a payment system used by hackers who locked up people’s computer systems for ransom. Some people were able to take back their computers without needing to pay the criminals, CyberScoop reported. (A reminder: “Ransomware” is bad.)

Hunter, a chocolate Lab puppy, flopped on the floor to take a snooze. It’s Friday. Let’s all be Hunter.

We want to hear from you. Tell us what you think of this newsletter and what else you’d like us to explore. You can reach us at

If you don’t already get this newsletter in your inbox, please sign up here.