Cambridge Analytica and Why Privacy Matters to Survivors

/

Recent news that the personal information of tens of millions of people was used by Cambridge Analytica “to create algorithms aimed at ‘breaking’ American democracy” as the New Yorker phrases it, has led to a call to #DeleteFacebook. For those unfamiliar with the story, our friends at AccessNow wrote a great summary.

This kind of invasion of privacy is not new, nor is it limited to this case. The old expression, “No free lunch,” applies to any service that we don’t pay for, whether it is social media or a discount card at the grocery store or entering a raffle to win a new car. The true cost is allowing those companies to access our personal information for their own profit.

Safety is the primary concern. For survivors who face threats of harm, who live daily in fear from the abusers, the security of personal information can be a life and death issue. For survivors fleeing an abuser, information about location, work, kids’ schools, and social connections can lead an abuser to the doorstep. For survivors living with abuse, information about friends, thoughts, feelings, opinions, and interests can be misused by an abuser to control, isolate, or humiliate.

For survivors, privacy is not an abstract issue, or a theoretical right to be debated on CSPAN. Privacy is essential to safety, to dignity, to independence. Yet, we live in a time when personal information = profit.

The Cambridge Analytica story surfaces the underlying reality that our personal information is not under our control. It feels like we are seldom asked for consent to share our personal data. When we are, it is in legalese, in tiny letters that we might have to scroll through to be able to check that box, and get on with using whatever website we’re trying to use. Even if we do take the time to read through those privacy terms, we know that data is routinely stolen, or accidentally published on the Internet, or used against us to affect access to loans, insurance, employment, and services.

We are social animals. We crave connection. Research shows that we suffer without it. Isolation is a classic tactic of abuse. But the price we too often pay for connection online is our privacy.

At times like these, we may think about deleting Facebook, going offline, or throwing away our phones. We may think that survivors should give up their tech at the door of our shelters, or that they have to go off the grid in order to be safe.

Digital exile is not the answer. Technology, and the Internet, is a public space where everyone, including survivors, should have the right, to share their voices, to make connections, and to access information without fear of their personal information being collected and used without their consent. April Glaser writes in Slate that, “[d]eleting Facebook is a privilege,” pointing to the huge number of people that rely on it to connect with friends, to learn about events, to promote a business, or, in parts of the world with limited Internet access, just to be online at all.

Survivors, just like every other consumer, should be given the opportunity to give truly informed consent. That consent must be based on clear, simple, meaningful, understandable privacy policies and practices – not just a check box that no one pays attention to.

A guide to the process of changing your Facebook settings to control apps’ access to your data is available from the Electronic Frontier Foundation. Also check out our own guides to Online Privacy and Facebook Privacy and Safety.

Addressing Technology Misuse in the Context of Sexual Assault

/

Two new resources from Safety Net discuss Technology Misuse in Sexual Assault, and offer advocates and others working with survivors a tool for Assessing Technology Misuse and Privacy Concerns.

As technology becomes woven into every aspect of society, offenders misuse the technology in sexual assault. Just as the dynamics of sexual assault differ from domestic violence, the misuse of technology looks different when sexual assault occurs outside of an intimate partner relationship.

  • A youth group leader might misuse online communities to groom victims.
  • A supervisor might threaten to change an employee’s file in a company database.
  • A caretaker might limit access to help-seeking through technology.
  • A medical provider might threaten to share embarrassing information or images gathered in the course of treatment.
  • Surveillance cameras and security could be misused by a landlord to gain footage of or access to a victim.
  • A law enforcement officer could misuse a database to target potential victims.

More understood examples include the explosion in the production and sharing of child pornography, or nonconsensual sharing of intimate images or footage of sexual assault of adults over the Internet.

Privacy Concerns

In addition, sexual assault cases in the public eye can generate distressing comments on news stories and social media, and some survivors may become the target of online harassment, doxing or other retaliation.

Technology and Root Causes

Online spaces amplify existing attitudes and beliefs, and so can support rape culture through memes, viral posts, revenge porn sites, etc. At the same time, online advocacy and activism efforts have used online spaces to counter rape culture through awareness, events, bystander intervention and more.

Smartphone Encryption: Protecting Victim Privacy While Holding Offenders Accountable

/

The last few months have seen heated debates between law enforcement and technology companies over the issue of smartphone encryption. The government has argued that encrypted devices and new technologies make it more difficult for law enforcement to investigate crimes while technology companies claimed that weakening encryption weakens security for everyone. Currently, Congress is drafting a bill that would require technology companies to make encrypted data readable, and several state legislatures have introduced legislation to block the sale of encrypted smartphones

At the core of the encryption debate is the concept of privacy and technology security. Technology nowadays – in particular the smartphone – collect and store an unprecedented amount of private information, including personal health data, access to online accounts (such as social media and email), videos and pictures, and so much more. Some of this information can be especially private and something a user may not want others – a friend or family member, an abusive partner, or an employer – to know about. For those individuals, the security on their smartphone can enhance or strip away that privacy.

Through the Safety Net Project at the National Network to End Domestic Violence, we have been addressing the intersection of technology and violence against women for over 15 years, and have trained more than 80,000 victim advocates, police officers, technologists, and other practitioners. In looking at how technology can be misused to facilitate stalking and harassment and how survivors can use their technology to attain safety, privacy is a recurring and fundamental component.

For victims of domestic violence, sexual assault, and stalking, privacy and data security are integrally connected to their safety. A survivor’s smartphone is their lifeline; yet their smartphone can also be incredibly vulnerable to misuse by an abuser. A survivor’s smartphone is often one of the first things an abuser will target simply because of the amount of information on there. If they can compromise the victim’s smartphone, they have access to all phone calls, messages, social media, email, location information, and much more. For these reasons, smartphone security and encryption is essential to safeguarding the privacy of victims’ personal information.

The other side of the encryption debate is the ability for law enforcement to hold offenders accountable, which is something we also strongly support. When abusers misuse technology to threaten and terrorize, investigators can trace the digital trail to discover and prove who committed the crime. An encrypted smartphone makes it more difficult for law enforcement to access information on that phone if the owner is unwilling or unable to unlock it.

While law enforcement should not be impeded in their ability to investigate a crime, it’s important to recognize that smartphone encryption does not prevent law enforcement from doing an investigation of technology-facilitated domestic violence, sexual assault, and stalking. In these types of crimes, the goal of the perpetrator is to wield power and control over the victim by controlling the victim’s technology, harassing the victim through messages or phone calls, monitoring their activity, or disseminating harmful and devastating rumors about the victim. It is often an interaction between the victim and perpetrator through a third party, and digital evidence or proof of this harassment and abuse could exist elsewhere: on the victim’s own devices or an online platform (Facebook, email, etc.).

There may be circumstances in which evidence only exists on the perpetrator’s device. This could be the case in a sexual assault, for example, in which the perpetrator recorded or took videos of the assault on his/her device and has not yet shared them or posted them publicly. In situations such as this, unless the videos or photographs were uploaded online or backed up, the evidence may not be anywhere but on the perpetrator’s smartphone.

In most cases, however, it is possible for law enforcement to successfully investigate and build a domestic violence and sexual assault case without needing the perpetrator’s smartphone. For example, evidence of harassment via emails, texts, or social media will also exist on other technology platforms. If the abuser purchased monitoring software or is tracking the victim through a paid service, there might be financial records. In some cases, the survivor may have access to some of the evidence that might be needed. While survivors should never be in the position of having to investigate their own crimes, they are often in the best position to know what’s happening, and they should be involved and part of the process.

Balancing Victim Privacy and Offender Accountability

Ultimately, for survivors of domestic violence, sexual assault, and stalking, the smartphone encryption issue comes down to balancing victim privacy and offender accountability. Both are equally important but neither should be compromised for the other. Victim privacy is fundamental to victim safety, and the technologies survivors use should have the most security and encryption possible.

It’s also important to recognize that weakening smartphone encryption to allow law enforcement access means weakened encryption—period. If an abuser is technologically savvy or is in law enforcement, their victim may have less privacy and security on their smartphones. There is no professional immunity to those who commit violence against women, and perpetrators of domestic and sexual violence work in all fields, including technology companies and law enforcement agencies.

We believe it is possible for law enforcement to investigate technology-facilitated domestic violence, sexual assault, and stalking crimes, without compromising victim privacy through weakened smartphone encryption. Law enforcement, federal funders, technology companies, and the victim advocate community need to come together to figure out how to support survivors and help them be safe while also holding offenders accountable.

Instead of finding ways to get around smartphone encryption, law enforcement agencies deserve and need far more resources to investigate crimes facilitated through technology. Law enforcement should be given more information and tools so they not only know how technology is misused to facilitate crime, but all the different places where the evidence could exist, and the proper process and method on gathering this evidence. A good, thorough investigation of technology-facilitated domestic violence, sexual assault, and stalking goes beyond examining a perpetrator’s encrypted smartphone.

At our annual Technology Summit, we ensure that there are sessions geared specifically for law enforcement professionals, so they can take this knowledge back to their communities. We’ve worked with other national organizations, such as the International Association of Chiefs of Police, to develop articles to share this knowledge with law enforcement. Despite 15 years of addressing this issue, however, we still hear from survivors and their advocates that thorough investigation of technology-facilitated crimes is not happening consistently across the country. Rather than proposing legislation requiring access to encrypted data on a smartphone or banning encrypted smartphones, we encourage legislators and advocacy groups to look at what is actually needed to fully investigate these crimes and to truly address what law enforcement can do to hold offenders accountable.