Threat Modeling Intimate Partner Violence: Tech Abuse as a Cybersecurity Challenge in the Internet of Things

Technology-Facilitated abuse, so-called “tech abuse,” through phones, trackers, and other emerging innovations, has a substantial impact on the nature of intimate partner violence (IPV). The current chapter examines the risks and harms posed to IPV victims/survivors from the burgeoning Internet of Things (IoT) environment. IoT systems are understood as “smart” devices such as conventional household appliances that are connected to the internet. Interdependencies between different products together with the devices' enhanced functionalities offer opportunities for coercion and control. Across the chapter, we use the example of IoT to showcase how and why tech abuse is a socio-technological issue and requires not only human-centered (i.e., societal) but also cybersecurity (i.e., technical) responses. We apply the method of “threat modeling,” which is a process used to investigate potential cybersecurity attacks, to shift the conventional technical focus from the risks to systems toward risks to people. Through the analysis of a smart lock, we highlight insufficiently designed IoT privacy and security features and uncover how seemingly neutral design decisions can constrain, shape, and facilitate coercive and controlling behaviors

‘I feel like we’re really behind the game’: perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse

Technology-facilitated abuse or ‘tech abuse’ in intimate partner violence (IPV) contexts describes the breadth of harms that can be enacted using digital systems and online tools. While the misappropriation of technologies in the context of IPV has been subject to prior research, a dedicated study on the United Kingdom’s IPV support sector has so far been missing. The present analysis summarises insights derived from semi-structured interviews with 34 UK voluntary and statutory sector representatives that were conducted over the course of two years (2018–2020). The analysis identifies four overarching themes that point out support services’ practices, concerns and challenges in relation to tech abuse, and specifically the Internet of Things (IoT). These themes include (a) technology-facilitated abuse, where interviewees outline their experiences and understanding of the concept of tech abuse; (b) IoT-enabled tech abuse, focusing on the changing dynamics of tech abuse due to the continuing rise of smart consumer products; (c) data, documentation and assessment, that directs our attention to the shortcomings of existing risk assessment and recording practices; and (d) training, support and assistance, in which participants point to the need for specialist support capabilities to be developed within and beyond existing services.&lt;br /&gt;&lt;br /&gt;Key messages&lt;br /&gt;&lt;ul&gt;&lt;li&gt;UK statutory and voluntary support services do not feel well equipped to respond to tech abuse.&lt;/li&gt;&lt;br /&gt;&lt;li&gt;Shortcomings in documentation and assessment practices make it difficult to estimate the full scale and nature of tech abuse.&lt;/li&gt;&lt;br /&gt;&lt;li&gt;Tech abuse training and other support mechanisms are needed to amplify the UK sector’s ability to assist IPV victims/survivors.&lt;/li&gt;&lt;/ul&gt; </jats:p

Technology-Facilitated Domestic Abuse in Political Economy: A new theoretical framework

This paper presents a new theoretical framework around technology-facilitated domestic abuse (TFDA) in identifying four distinct types of omnipresent behaviour. Perpetrators are increasingly drawing upon networked technologies likes smartphones, social media and GPS trackers in monitoring, controlling and abusing survivors. There is considerable academic literature developing in response to this. Whilst this scholarship is valuable, this paper argues that TFDA must be understood as a neoliberal manifestation of patriarchal legacies of misogyny and sexism. A failure to recognise this will serve to prioritise abusers’ freedom to do harm over rights of survivors to be protected from harm

Trust and Abusability Toolkit: Centering Safety in Human-Data Interactions

If you care about security, you care about safety. So you need to care about abusability and trust. This toolkit will provide information about why centering peoples’ safety in our digital technologies is important. We present the concepts of abusability and trust as two important tenets of building such safer technologies, followed by resources that can help us build safer technologies

Networks of Care: Tech Abuse Advocates’ Digital Security Practices

As technology becomes an enabler of relationship abuse and coercive control, advocates who support survivors develop digital security practices to counter this. Existing research on technology-related abuse has primarily focused on describing the dynamics of abuse and developing solutions for this problem; we extend this literature by focusing on the security practices of advocates working "on the ground", i.e. in domestic violence shelters and other support services. We present findings from 26 semi-structured interviews and a data walkthrough workshop in which advocates described how they support survivors. We identified a variety of intertwined emotional and technical support practices, including establishing trust, safety planning, empowerment, demystification, supporting evidence collection and making referrals. By building relationships with other services and stakeholders, advocates also develop networks of care throughout society to create more supportive environments for survivors. Using critical and feminist theories, we see advocates as sources of crucial technical expertise to reduce this kind of violence in the future. Security and privacy researchers can build on and develop these networks of care by employing participatory methods and expanding threat modelling to account for interpersonal harms like coercive control and structural forms of discrimination such as misogyny and racism

Can prosuming become perilous? Exploring systems of control and domestic abuse in the smart homes of the future

In what ways can new, emerging digital technologies and energy business models such as “prosuming” become intertwined with troubling patterns of domestic abuse and violence? Domestic violence entails controlling, coercive or threatening behaviours, to gain or maintain power and control between intimate partners or family members regardless of gender or sexuality. The rapid development of digital communication services, smart homes, and digitalization processes such as prosuming create surprising threats related to technology-facilitated abuse. In this empirical study, based on a nationally representative survey of householders (n = 1,032 respondents) and three focus groups with the general public in different locations around the UK (n = 18 respondents), we explore the extent that prosuming technologies, smart grids and smart systems could act as potential enablers of domestic violence or systems of control. We also explore the use of smart systems as possible deterrents and mechanisms to reduce and address domestic violence and provide victim protection and recovery. In doing so, we explore user perceptions and preferences of smart systems, in relation to trust, monitoring, tracking, and surveillance. We finally discuss our results through the themes of duality and policy and provide conclusions with recommendations for further research

The digital harms of smart home devices:a systematic literature review

The connection of home electronic devices to the internet allows remote control of physical devices and involves the collection of large volumes of data. With the increase in the uptake of Internet-of-Things home devices, it becomes critical to understand the digital harms of smart homes. We present a systematic literature review on the security and privacy harms of smart homes. PRISMA methodology is used to systematically review 63 studies published between January 2011 and October 2021; and a review of known cases is undertaken to illustrate the literature review findings with real-world scenarios. Published literature identifies that smart homes may pose threats to confidentiality (unwanted release of information), authentication (sensing information being falsified) and unauthorised access to system controls. Most existing studies focus on privacy intrusions as a prevalent form of harm against smart homes. Other types of harms that are less common in the literature include hacking, malware and DoS attacks. Digital harms, and data associated with these harms, may vary extensively across smart devices. Most studies propose technical measures to mitigate digital harms, while fewer consider social prevention mechanisms. We also identify salient gaps in research, and argue that these should be addressed in future crossdisciplinary research initiatives

Technology-facilitated abuse in intimate relationships : a scoping review

Technology-facilitated abuse (TFA) is a significant, harmful phenomenon and emerging trend in intimate partner violence. TFA encompasses a range of behaviours and is facilitated in online spaces (on social media and networking platforms) and through the misuse of everyday technology (e.g. mobile phone misuse, surveillance apps, spyware, surveillance via video cameras and so on). The body of work on TFA in intimate relationships is emerging, and so this scoping review set out to establish what types of abuse, impacts and forms of resistance are reported in current studies. The scoping review examined studies between 2000 and 2020 that focused on TFA within intimate partnerships (adults aged 18+) within the setting of any of these countries: the UK and Ireland, USA, Canada, New Zealand and Australia. The databases MEDLINE, CINAHL and Scopus were searched in December 2020. A total of 22 studies were included in the review. The main findings were that TFA is diverse in its presentation and tactics, but can be typed according to the eight domains of the Duluth Power & Control Wheel. Impacts are not routinely reported across studies but broadly fall into the categories of social, mental health and financial impacts and omnipresence. Similarly, modes of resistance are infrequently reported in studies. In the few studies that described victim/survivor resistance, this was in the context of direct action, access to legal or professional support or in the identification of barriers to resistance

Useful shortcuts: Using design heuristics for consent and permission in smart home devices

Prior research in smart home privacy highlights significant issues with how users understand, permit, and consent to data use. Some of the underlying issues point to unclear data protection regulations, lack of design principles, and dark patterns. In this paper, we explore heuristics (also called “mental shortcuts” or “rules of thumb”) as a means to address security and privacy design challenges in smart homes. First, we systematically analyze an existing body of data on smart homes to derive a set of heuristics for the design of consent and permission. Second, we apply these heuristics in four participatory co-design workshops (n = 14) and report on their use. Third, we analyze the use of the heuristics through thematic analysis highlighting heuristic application, purpose, and effectiveness in successful and unsuccessful design outcomes. We conclude with a discussion of the wider challenges, opportunities, and future work for improving design practices for consent in smart homes