I’m looking for an app I don’t remember downloading and a platform that allows me to access my phone’s camera and microphone. Other people can see my calendar, notes, and emails.
It also checks basic things like whether the device is actually registered to your name and email address and whether two-factor authentication is turned on.
Rose MacDonald, co-founder of Nansen Digital Forensic Services, walks us through the digital safety audits they provide to victims and survivors of domestic violence. I’m speaking to a former police detective and digital forensics expert to better understand the experiences of people exposed to this type of abuse and how to minimize the risk.
Find out who has access to my Google or iCloud account. What third-party platforms are connected to your account and whether my email is being forwarded to another address.
When McDonald’s conducts these audits, it often finds high-tech surveillance tools, such as spyware, embedded deep within the phone’s software. But this kind of technology is expensive, and perpetrators have to rely on everyday features: the surveillance opportunities provided by shared accounts and location-sharing tools that reveal more than we realize. She says that they are very often used.
“What we most commonly find are common misconfigurations and compromises to cloud environments. Anything that has a username and password doesn’t require much technical knowledge. No,” she says.
The use of technology to “control, abuse, track and intimidate” is a common feature of domestic violence in Australia. A report published in 2020 found that nearly all of the 442 front-line domestic violence practitioners surveyed had clients who had “experienced technology-facilitated stalking or abuse” and that Certain women and Aboriginal and Torres Strait Islander and non-Torres Strait Islander people were found to be particularly at risk. – Must have an English speaking background.
Advocates told Guardian Australia they had been sent threatening messages not only by car trackers and hidden cameras, but also through bank transfers and online purchases.
“That could be really insidious. [and] It’s very difficult when you think about how many accounts there are on different sites and how many passwords there are,” says Rosa Graham, lead lawyer in the family law practice at Women’s Legal Center ACT.
“I thought he was a nice person.”
In my audit, McDonald and I talk about my home Wi-Fi network and who set it up. Whether the password has been changed. Do you know what it is? Check if my calls are being forwarded to another number.
Find out which devices are connected to Bluetooth. For example, if I have a smartwatch, I might have a discussion here about who bought it. Is it me or someone else? “We start thinking about [whether] Perpetrator of violence accessed account [and] It’s health data that could indicate your location,” McDonald says.
McDonald, who runs forensic software that looks for signs of external devices and suspicious activity, said the audit also has implications for education. She wants people to stop understanding the relationship between their devices and the cloud.
“I explain to them…if a perpetrator gets into this environment…they can access your Gmail, they can access your maps, they can access your documents,” she says.
These scenarios are familiar to Lauren*, whose partner has subjected her to what she now considers coercive control for many years. “When he bought me a new cell phone and set it up as my business account, I thought he was a good guy,” she said. “But it was actually so he could access all my text messages and who I was calling.”
He also was able to set up her email and access her Facebook account, she said. He then became at odds with her over an innocuous message. “This is a campaign to dominate and control someone,” Lauren says.
During the audit, we scroll through the Family Sharing settings on our phones. For example, if you log into a shared account on a streaming platform from a new location, a prompt will be sent to your original account and you may lose your account, according to McDonald’s.
Ultimately, in a domestic violence situation, my child’s account could reveal my movements and location, and even an app that sends updates from daycare. One trend that Graham of the Women’s Legal Center has observed is that perpetrators give children items that enable GPS monitoring, such as smartwatches. In another case, a man attached a tracker to his daughter’s toy frog.
Griffith University criminologist Molly Dragiewicz has studied how children can engage in technological abuse through everything from mobile phones and GPS tracking to gaming consoles and social media. . Tracking apps, like some kind of surveillance, are becoming commonplace among parents and children, she said.
“Depending on the context of the relationship, the very same technology can be used for good or harm,” she says. “This is not about specific technologies; what matters is the context in which they are used.”
Audits need to be trauma-informed
Digital safety audits like the one I conducted with McDonald’s are not easily accessible, and funding may vary by state. In Victoria, programs such as the Personal Safety Initiative help facilitate access to safety audits, among other security measures. However, when victims/survivors use private services, costs can reach hundreds of dollars.
Another concern raised by several advocates was the lack of scrutiny of those in private security spaces, and whether they are properly trauma-informed and aware of the specific risks associated with family violence. It depends on whether you recognize it or not.
Diarmaid Harkin, a senior lecturer in criminology at Deakin University, researched some of the solutions offered to technology-facilitated abuse. He says claims about technology that can “detect” spyware need to be thoroughly scrutinized, as the field is rapidly evolving and there will always be limitations.
“Those [tech safety] The audit itself needs to be audited,” Harkin said. “Is that advice appropriate from a technical point of view? Also, is it appropriate from a domestic violence point of view?”
MacDonald also believes the security industry needs better standardization around domestic violence safety assessments to ensure risks are not overlooked. She says she’s seen some providers “factory reset” phones, erasing important evidence that might be needed in court, for example.
It may also simply not be safe for victims and survivors to disconnect their abusers from their devices without first consulting family violence services or police, she says. “Once a compromise is found, we discuss how best to manage it. If we cut off access without further safety planning, the behavior could escalate.”
Even if governments promote safety-first design of digital platforms, they cannot guarantee absolute safety to victims and survivors, Dr. Dragevich said. Spyware is constantly evolving, but the technology we need to function every day – to work, communicate, and pay our bills – also creates risks. She says it’s not practical to simply ask people to disconnect.
“A lot of the responsibility for managing the safety of technology is placed on the victim. We’re not actually addressing or interfering with the abuser’s actions,” she says.
Lauren is currently working with a group called DV Safe Phone, which provides free cell phones to victims and survivors of domestic violence.
“Certainly when someone is chasing power and control, they know how dependent everyone is on our phones right now,” she says.
“Being able to access a phone that they don’t know about can be really life-changing.”
*For privacy reasons, only the first name will be used.
