An interesting story today from Nieman Journalism Lab, pointing to the dangers of URL spoofing.
The danger, according to Neiman’s Andrew Phelps, stems from the fact that many news organizations include the text of headlines in their URLs in order to improve SEO. In many cases, the headline text is superfluous, and the URL works just fine without it. The result? A story from the UK’s Independent newspaper that started out with this URL…
…went viral, after a prankster tweeted it out as…
(Both URLs work just fine.)
Embarrassingly, and amusingly, several news organizations including Slate and Nieman itself, fell foul of the prank, assuming that it reflected an error at the Independent. Finally realizing his mistake, Phelps wrote his follow-up story, describing “How URL spoofing can put libelous words into news orgs’ mouths”
Well, yes. And no.
For a start, the problem isn’t a new one. I remember, almost ten years ago, laughing my ass off when my friend Tim Ireland noticed that the website of British Member of Parliament, Ann Widdecombe could be sabotaged using a really fun URL hack. By changing the text in the URLs of Widdecombe’s photo gallery, the on-site photo captions themselves also changed; with potentially obscene consequences.
Secondly, Phelps talks about the “recipe for confusion — and maybe legal issues, if someone can insert a libelous URL into one of your stories and spread it around” but he doesn’t clarify who is at risk from those legal issues. In fact, it’s highly unlikely that a news organization could be found liable for a URL that is hacked by a third party. Generally speaking, you can’t be held responsible for a libel you neither wrote or published. (News organizations can, of course, be liable for URLs they create themselves, as I explained last year).
Really, the biggest risk from URL spoofing lies not for the news organizations but for the pranksters themselves, and anyone unfortunate enough to fall for the prank and retweet a libelous link. This I know from bitter experience.
Back in 2003 – still a young, smart-ass columnist for Media Guardian, and editor of a satirical ezine called The Friday Thing – I stumbled across what I thought was a great piece of gossip. A very famous British sportsman – who should definitely not be named here – had apparently been conducting a sordid affair, and had secured a legal injunction to prevent UK newspaper from writing about it. Being a smart-ass, I wrote a column for the Guardian pointing out the ludicrousness of the injunction system, given that foreign newspapers were free to write about the story with impunity. Thinking myself far cleverer than I was, I then wrote a follow up story in The Friday Thing, linking to the foreign coverage of the story.
It was at this point I made an idiotic mistake: I decided to include the sportsman’s name in the short URL linking to the foreign coverage. Less than 24 hours later, I received a letter from a very large London law firm informing me that I was being sued for libeling their client, and that they would be pressing the English High Court to charge me with contempt of court (maximum sentence: about ten years in jail) for breaching the injunction. It took a year, and thousands of pounds in legal fees, to convince them to drop the case, on the grounds that I had no money for their client to win in damages.
Lesson one: URLs can be libelous too.
And it gets worse: in most jurisdictions repeating a libel is considered almost as serious (if not actually as serious) as the initial publication. In theory, anyone who retweets or quotes or simply links to a libelous URL could also find themselves on the receiving end of a libel suit.
Lesson two: if a URL seems too funny to be true, it’s probably a good idea not to forward it around.