Jason Callina, a StopBadware senior developer, shares his notes on the ASC lunchtime discussion about the use of spyware in domestic abuse:
Cindy Southworth of the National Network to End Domestic Violence introduces a victim of domestic violence including abuse via spying and monitoring through software installed on her computer without her knowledge.
Cindy has been doing work to end domestic violence for 14-15 years. She grew up in a family of geeks which gave her a strong technical background that infoms her current line of work. Cindy chose to go down the path of social change and found a perfect combination of her skills in this topic.
She states that less than 10% of shelters have firewalls and similar security measures. This represents a serious security risks for victims of domestic abuse and others staying at shelters. This represents a very vulnerable segment of society.
The presenter (who is anonymous for obvious reasons) is educated, young individual currently volunteering with domestic violence issues doing service work. Consultant on several boards. She noted that she has young children who she is also concerned for. The conversation is structured as questions from Cindy with answers from the presenter.
Q: How did you end up getting in a relationship to the abuser?
A: After college, she was facing several options and was unsure what road to take in her life and career. She met a charming, handsome individual, who appeared to have an excellent personality and background profile. The start of the relationship was calm and without incident. Control issues started to pop up later in an incremental fashion. Abuser slowly integrated controlling behaviors into their relationship using tactics like defining the relationship parameters with family members and friends and insisting on the structure of her communication.
He attempted to define who she was through influential suggestions on changing her appearance and gradual control of other aspects of her life. Six months into the relationship he slowly integrated verbal attacks. Physical abuse started after a year. At first they seemed accidental and out of character for the person, but they continued and became a constant aspect of the relationship.
The abuser had them move frequently, to keep her isolated from friends and family. Due to the nature of the physical abuse she was concerned about her life and the life of her unborn child. She felt that he was directly trying to kill her unborn child through physical attacks on herself.
There were threats that if she was to seek help she would be killed. Her parents became concerned due to lack of contact and sent police to check on her. Abuser silently threatened to kill child while the police officer was present, but not in the officer's view, so she lied to protect her child and herself. Threats were also made to her family and others.
Surveillance and Monitoring
He would have friends check on her and befriend them to make sure she was in line with what he expected of her behavior. He gained the trust of her co-workers and their impression was that he was very likable.
He began monitoring her cell phone to find out who she called and who had called her. He monitored her email and set up passwords so he would have access to all of her online accounts. The abuser also sent emails out in her name to her friends.
The abuser used keyloggers and other tracking mechanisms to monitor and control her behavior. Once he misinterpreted the results of the key logs, accused her of behavior she was not guilty of and almost beat her to the point of death. Computers were her last contact to the outside world and she had to stop using them to protect herself and her family. Court hearings eventually revealed that he was using spyware to track her movements.
Cindy states that most homicides occur at the point the victim tries to escape.
She used her computer at work to plan her escape. Thankfully he was not able to track the data on this machine. His technical level was low, yet it was easy for him to learn and use these technologies to his advantage.
She only does research online, and commits no personal financial information on her computer. She rotates passwords and names every six months. Her children are allowed no web access to protect her familiy's identity. She keeps multiple identities and uses them based on whatever task she is undertaking. No personal information about location is ever posted online, and she has changed her social security number and other trackable information.
Q & A from the audience:
Q: Are there resources available for abusers on how to implement these techniques and technologies?
A: Unfortunately, there are groups that target and share information on how to spy on your spouse and control their behavior. It has been suggested that some of these connections are made when individuals meet at mandatory classes for the prevention of domestic violence.
Q: Do restraining orders cover spyware?
A: Possibly, sometimes the restraining order will dictate that the abuser cannot contact the victim via a third party. Some law enforcement officials consider spyware to be a third party contact.
Q: What do people do when they suspect they are being tracked via spyware?
A: Use a safer computer, such as one at work or at a library or other public resource. It is to be noted that not using the home computer can be an indicator of knowledge of surveillance, so you need to be careful about drastic changes in behavior. If you think the computer is compromised, treat it like it is.
There are very little technical forensics resources available to low enforcement agencies but if you are going to the police you need to keep the computer intact to preserve evidence. This entails not running anti-spyware or malware applications which could potentially destroy evidence.
If you are not going to the police and need to quickly remove all possible tracking capability wiping the computer is the best solution to keep you safe.
Leaving your computer unsupervised or having an open wireless connection could also leave you open to monitoring.
Keyloggers can come in the form of hardware and software. If you have a hardware logging mechanism in place the only way to protect yourself against it is to physically remove it.
Q: Does facial recognition on photos or tagging pose security risks?
A: Allowing friends to post information about you or tag your photos on social networks or other boards opens up a huge tracking potential. As facial recognition technology becomes more technically feasible it will also introduce a great degree of risk.
Q: What does she tell her children?
A: She limits the public exposure they have. They also use multiple identities and addresses on public record.
Q: Why isn't he in jail?
A: Because the laws don't adequately cover or punish domestic violence.
Q: Can you volunteer?
A: Yes - See the NNEDV website for information.
Q: When does abuse end?
A: Grimly, via the death of the abuser or when an abuser focuses on a new relationship.