Nina Jankowicz is a researcher specializing in state-sponsored disinformation and gendered online abuse. In April 2021, the Biden Administration tapped Jankowicz to lead a new group in the Department of Homeland Security (DHS) called the Disinformation Governance Board. The board would coordinate DHS efforts to highlight trustworthy information about high-stakes issues like COVID response measures and cybersecurity events. Within 24 hours of the board’s announcement, prominent far-right media outlets and influencers attacked Jankowicz as a threat to democracy whose work would inevitably distort the truth and censor free speech.

Jankowicz faced online assaults more ferocious, more threatening, and more damaging than any abuse she had faced in the past. First was the cyber-mob’s grotesque distortion of her work. Posters accused her of spreading disinformation rather than combating it. Videos were doctored to make it seem that she thought certain people should be able to edit others’ tweets, which she had never said. Next came the publication of her contact information, followed by threats. Attackers sent frightening emails, texts, voicemails, and letters—the message was that she would be raped and killed. At the time, Jankowicz was nine months pregnant with her first child.

Rather than defending the board, the Biden Administration shut it down, and Jankowicz resigned. Security consultants advised Jankowicz and her husband to relocate, an impossibility given that Jankowicz was due to give birth imminently. Fox News television guests remarked with glee that their “side” had taken her scalp and “got her bounced.”

Jankowicz’s experience epitomizes the cyber-harassment phenomenon. Victims—disproportionately women and minorities—are targeted with a storm of lies, threats, and privacy violations. The abuse is sexually threatening and demeaning. When victims appear to be nonwhite or LGBTQ, the abuse is also suffused with racist and homophobic invective. Lies frequently accuse victims of being prostitutes or having sexually transmitted infections; threats include sexual violence and rape; privacy invasions involve doxxing and the nonconsensual posting of nude images.

To the extent that the cyber-abuse playbook has changed in the 15 years that I have been writing about the topic, it has taken a turn for the worse. Technological advances have made it cheaper and easier for perpetrators to wreak havoc. With machine-learning algorithms, perpetrators can now create frighteningly realistic fake sex videos. Of the more than 50,000 deepfake videos online, over 90 percent feature women’s faces being morphed into porn.

Victims’ very ability to speak freely is in jeopardy. When under assault online, women are more likely to self-censor their speech. Younger women are the most likely to self-censor to avoid further abuse. They shut down their social media accounts because they worry that keeping them will invite more abuse and provide another vector for perpetrators to reach them.

Cyber harassment has chilled the activities of female politicians as well. Women in politics around the globe avoid expressing views that might provoke online attacks. Finland’s first Black female member of Parliament, Bella Forsgrén, has explained that she thinks twice not only about how she talks about issues, but also about the decisions that she makes, lest she face online backlash. The threat of online abuse has also deterred women and minorities from considering political careers. Eighty percent of Australian women surveyed said that the mistreatment of female politicians online made it less likely they would go into politics.

Cyber harassment impacts every aspect of victims’ lives. They lose their jobs and have difficulty finding new employment. They change their names because their online search results include abuse that makes it impossible for them to work or date. They suffer severe anxiety, depression, and PTSD. They spend hours asking sites to take down destructive posts. They check their search results and inboxes with dread. Victims describe the experience as a never-ending nightmare.

Despite these clear costs, law enforcement often tells victims to “ignore the abuse.” That response indulges in magical thinking. Victims cannot ignore cyber assaults that distort their identities, expose their intimate information, decimate their reputations, and destroy their safety. They cannot “turn off their computers” and pretend that everything is fine. The abuse is a click away for anyone searching their names—future employers, colleagues, and dates.

Telling victims to simply shrug off devastating cyber abuse amounts to a moral failing. Sometimes, it is the result of cowardice; sometimes, ignorance is at work. But whatever the reason, victims cannot and should not be told to deal with abuse themselves. Everyone has a responsibility to combat online abuse. We all must make it clear that cyber harassment is on us. We all need to ensure that everyone can participate in the digital age on equal terms, free from online assaults.

I first began writing about cyber harassment in 2007. Since then, we have made some modest progress. The Cyber Civil Rights Initiative, of which I am the vice president, has been working with companies, lawmakers, and law enforcers on tackling online abuse. Most major social media companies now prohibit online harassment, threats, doxxing, and nonconsensual sharing of intimate imagery. (Twitter’s speech policies are up for grabs after Elon Musk fired most of the company’s trust and safety team and its Trust and Safety Council, on which I served.) Since 2015, Google has agreed to de-index nonconsensual intimate images from searches of victims’ names, though the imagery remains on sites. The Cyber Civil Rights Legal Project, run by the Pittsburgh-based law firm K&L Gates, has been providing pro bono representation to victims of intimate privacy violations. Most states have criminalized cyberstalking, cyber harassment, and certain intimate privacy violations, such as the nonconsensual posting of intimate images.

Despite this progress, Jankowicz’s experience is still too commonplace. Over the years, the problem has grown, and for women and minorities, the abuse is particularly severe. According to the Pew Research Center, whereas in 2014, 15 percent of Americans said that they faced severe cyber harassment (threats, stalking, and sexual harassment), in 2020, 25 percent of Americans experienced such abuse. In 2020, 33 percent of women under 35 had experienced sexual harassment on social media, while that was true for just 11 percent of men under 35. Further, 51 percent of LGBTQ people reported facing severe online abuse as compared to 23 percent of straight adults. Multiple studies have shown that Black and Hispanic individuals are more likely to face severe online abuse due to their race.

According to a majority of the Americans surveyed by Pew, social media companies are doing just a fair or poor job (as opposed to a good or excellent one) of dealing with online abuse. The law has not helped matters. Social media companies have no legal incentive to tackle online abuse. Section 230 of the federal Communications Decency Act of 1996 shields online service providers from liability for online assaults by their users. Perpetrators themselves have little reason to pause before targeting victims. They rarely face criminal charges or civil claims. Law enforcement has too little training about how to handle cases involving online abuse, and most victims cannot afford to hire lawyers to help them bring claims against their attackers. Support for victims remains elusive.

We need a whole-of-society approach to combat online abuse. Laws and norms are necessary to protect democratic discourse and equal opportunity from online assaults. Policymakers, the legal profession, and the educators in all of us must play a role in defeating cyber harassment that endangers democracy, equality, and free expression.

Law is our teacher. It mirrors our values and ideals. It reveals the society and democracy that we want and deserve. Law must make clear that industry and individuals have a duty to protect against cyber harassment rather than monetizing it.

In the United States, law does too little to restrain the enablement of cyber harassment. Under our laissez-faire approach, companies can host and profit from online abuse. Exploiting personal data for online advertising is social media companies’ business. Because people are drawn to and share provocative content, platforms amplify it. Their shareholders expect them to engage in whatever legal activities generate profits.

Those same companies bear no legal responsibility for cyber-mob abuse. Section 230 is why the assaults on Jankowicz spread and festered. Until advertisers threaten to pull their revenue from sites that tolerate online abuse, hosting it is an all-upside proposition.

Congress must change the ground rules for online platforms. Companies should be required to act as data guardians. They should owe us duties of care, loyalty, and nondiscrimination. They should prioritize our well-being in handling our data. In cases involving online abuse, Section 230’s legal shield should be conditional. Only platforms that take reasonable steps to address cyber harassment or intimate privacy violations should be immunized from liability. Such reform would incentivize companies to act responsibly lest they face potential lawsuits from victims like Jankowicz. Content platforms should have to internalize the costs of online assaults now borne by victims and society.

Meanwhile, the legal system must hold perpetrators accountable to show that cyber harassment is wrong. We need more lawyers assisting victims—they need to know that someone will help them seek justice. Right now, victims lack access to representation because attorneys are reluctant to take cases if they are unlikely to get paid. Lawyers won’t take cases on contingency because most perpetrators don’t have deep pockets; victims often cannot afford high legal fees. Yet most attorneys do some form of pro bono work. Although no state requires pro bono work as a condition of a law license, some states require attorneys to report their number of pro bono hours to the state bar with their membership dues. The American Bar Association encourages at least 50 hours of pro bono work a year.

While traditional pro bono cases involve representing people of limited means or nonprofits serving the poor, bar associations should urge attorneys to take cases involving cyber harassment and intimate privacy violations. If more attorneys take on these cases on a pro bono basis, as K&L Gates does, they can mentor others to do the same. We need the civil justice system to work for victims.

We also need to deploy the criminal law against perpetrators. The 2022 reauthorization of the Violence Against Women Act (VAWA) increased resources for law enforcement to investigate and prosecute people who commit gender-based violence and cyberstalking. It directed the attorney general to develop a national strategy to address the increasing rates of cyberstalking. We have a well-designed federal cyberstalking law. When Congress reauthorized VAWA in 2006, it expanded the reach of the interstate stalking provision to include stalking via electronic computer systems. Although federal prosecutors have limited resources, they can and should invest those resources in enforcing that law. After all, Congress has now given them more money to do just that.

Of course, law and law enforcement won’t change overnight. In the meantime, moral suasion can help fill the void. We need to press social media companies to prioritize combating online abuse. We need to urge them to build products and services with cyber harassment in mind; preventing online abuse should be part of the design process. Just because law right now lets them off the hook, we should not do the same. We need to hold their feet to the fire.

Creating a world in which cyber harassment is unacceptable requires the work of all of us. We need to start standing up for victims. We need to tell abusers to knock it off. We need to talk to family, friends, and colleagues about the damage that cyber harassment inflicts on victims and democracy. Parents, teachers, and students should discuss the fight against cyber harassment as their fight.

Adults too must get that message. Social media companies can help us in this effort—their subscribers are a captive audience. They leverage that audience for ads; they should be leveraging it for education. Social media companies should create teaching modules for users to view before they can access their accounts. We ask people, young and old, to study the rules of the road before they can get driver’s licenses. Companies should insist upon the same. They should follow up with regular reminders and refresher courses about the perils of online abuse. Those efforts would be a worthwhile long-term investment in growing the type of society we aspire to be, one where people are free from silencing online abuse and where democratic discourse flourishes.

The White House proclaimed January 2023 as National Stalking Awareness Month. President Biden urged “all Americans to speak out against stalking and to support the efforts of advocates, courts, service providers, and law enforcement to help those who are targeted and send the message to perpetrators that these crimes will not go unpunished.” (That message should have been sent when the cyber mob attacked Nina Jankowicz.)

I am cautiously optimistic. I have been working with the White House’s Task Force to Address Online Harassment and Abuse, which is co-chaired by the Gender Policy Council and the National Security Council. The task force is working on drafting recommendations for state governments, technology platforms, schools, and other public and private entities on how to combat cyberstalking and other online abuses. So not just this month but every month hereafter, we need everyone to join the effort to combat cyber harassment and other online abuse that jeopardizes lives and democratic discourse.