Cybersecurity Awareness Month and Domestic Violence Awareness Month

 National cybersecurity MOnth Logo

National cybersecurity MOnth Logo

The month of October is often honored as Domestic Violence Awareness Month, but we also acknowledge Cybersecurity Awareness Month. Read more to learn about why cybersecurity is important for survivors of intimate partner violence and how we can create a safe online space, free from violence for all.

Smartphone Encryption: Protecting Victim Privacy While Holding Offenders Accountable

The last few months have seen heated debates between law enforcement and technology companies over the issue of smartphone encryption. The government has argued that encrypted devices and new technologies make it more difficult for law enforcement to investigate crimes while technology companies claimed that weakening encryption weakens security for everyone. Currently, Congress is drafting a bill that would require technology companies to make encrypted data readable, and several state legislatures have introduced legislation to block the sale of encrypted smartphones

At the core of the encryption debate is the concept of privacy and technology security. Technology nowadays – in particular the smartphone – collect and store an unprecedented amount of private information, including personal health data, access to online accounts (such as social media and email), videos and pictures, and so much more. Some of this information can be especially private and something a user may not want others – a friend or family member, an abusive partner, or an employer – to know about. For those individuals, the security on their smartphone can enhance or strip away that privacy.

Through the Safety Net Project at the National Network to End Domestic Violence, we have been addressing the intersection of technology and violence against women for over 15 years, and have trained more than 80,000 victim advocates, police officers, technologists, and other practitioners. In looking at how technology can be misused to facilitate stalking and harassment and how survivors can use their technology to attain safety, privacy is a recurring and fundamental component.

For victims of domestic violence, sexual assault, and stalking, privacy and data security are integrally connected to their safety. A survivor’s smartphone is their lifeline; yet their smartphone can also be incredibly vulnerable to misuse by an abuser. A survivor’s smartphone is often one of the first things an abuser will target simply because of the amount of information on there. If they can compromise the victim’s smartphone, they have access to all phone calls, messages, social media, email, location information, and much more. For these reasons, smartphone security and encryption is essential to safeguarding the privacy of victims’ personal information.

The other side of the encryption debate is the ability for law enforcement to hold offenders accountable, which is something we also strongly support. When abusers misuse technology to threaten and terrorize, investigators can trace the digital trail to discover and prove who committed the crime. An encrypted smartphone makes it more difficult for law enforcement to access information on that phone if the owner is unwilling or unable to unlock it.

While law enforcement should not be impeded in their ability to investigate a crime, it’s important to recognize that smartphone encryption does not prevent law enforcement from doing an investigation of technology-facilitated domestic violence, sexual assault, and stalking. In these types of crimes, the goal of the perpetrator is to wield power and control over the victim by controlling the victim’s technology, harassing the victim through messages or phone calls, monitoring their activity, or disseminating harmful and devastating rumors about the victim. It is often an interaction between the victim and perpetrator through a third party, and digital evidence or proof of this harassment and abuse could exist elsewhere: on the victim’s own devices or an online platform (Facebook, email, etc.).

There may be circumstances in which evidence only exists on the perpetrator’s device. This could be the case in a sexual assault, for example, in which the perpetrator recorded or took videos of the assault on his/her device and has not yet shared them or posted them publicly. In situations such as this, unless the videos or photographs were uploaded online or backed up, the evidence may not be anywhere but on the perpetrator’s smartphone.

In most cases, however, it is possible for law enforcement to successfully investigate and build a domestic violence and sexual assault case without needing the perpetrator’s smartphone. For example, evidence of harassment via emails, texts, or social media will also exist on other technology platforms. If the abuser purchased monitoring software or is tracking the victim through a paid service, there might be financial records. In some cases, the survivor may have access to some of the evidence that might be needed. While survivors should never be in the position of having to investigate their own crimes, they are often in the best position to know what’s happening, and they should be involved and part of the process.

Balancing Victim Privacy and Offender Accountability

Ultimately, for survivors of domestic violence, sexual assault, and stalking, the smartphone encryption issue comes down to balancing victim privacy and offender accountability. Both are equally important but neither should be compromised for the other. Victim privacy is fundamental to victim safety, and the technologies survivors use should have the most security and encryption possible.

It’s also important to recognize that weakening smartphone encryption to allow law enforcement access means weakened encryption—period. If an abuser is technologically savvy or is in law enforcement, their victim may have less privacy and security on their smartphones. There is no professional immunity to those who commit violence against women, and perpetrators of domestic and sexual violence work in all fields, including technology companies and law enforcement agencies.

We believe it is possible for law enforcement to investigate technology-facilitated domestic violence, sexual assault, and stalking crimes, without compromising victim privacy through weakened smartphone encryption. Law enforcement, federal funders, technology companies, and the victim advocate community need to come together to figure out how to support survivors and help them be safe while also holding offenders accountable.

Instead of finding ways to get around smartphone encryption, law enforcement agencies deserve and need far more resources to investigate crimes facilitated through technology. Law enforcement should be given more information and tools so they not only know how technology is misused to facilitate crime, but all the different places where the evidence could exist, and the proper process and method on gathering this evidence. A good, thorough investigation of technology-facilitated domestic violence, sexual assault, and stalking goes beyond examining a perpetrator’s encrypted smartphone.

At our annual Technology Summit, we ensure that there are sessions geared specifically for law enforcement professionals, so they can take this knowledge back to their communities. We’ve worked with other national organizations, such as the International Association of Chiefs of Police, to develop articles to share this knowledge with law enforcement. Despite 15 years of addressing this issue, however, we still hear from survivors and their advocates that thorough investigation of technology-facilitated crimes is not happening consistently across the country. Rather than proposing legislation requiring access to encrypted data on a smartphone or banning encrypted smartphones, we encourage legislators and advocacy groups to look at what is actually needed to fully investigate these crimes and to truly address what law enforcement can do to hold offenders accountable.

Threats on Facebook: LOL, I Didn’t Really Mean It

The Issue

Before the U.S. Supreme Court is a case to decide how courts should determine someone’s online communications: whether it is threatening or is protected First Amendment speech. The specific case is Anthony Douglas Elonis vs. United States. Elonis was convicted of making threats against a variety of people, including his estranged wife on Facebook.

Elonis’ threats of harm against his wife included a rap lyric that said, “Fold up your PFA [protection from abuse order]…is it thick enough to stop a bullet,” as well as a detailed post about how it technically wasn’t illegal for him to say: “the best place to fire a mortar launcher at her house would be from the cornfield behind it because of easy access to a getaway road and you’d have a clear line of sight through the sun room,” accompanied by a diagram. His other threats included wanting to blow up the state police and sheriff departments; threats against an FBI agent; and claims to make a name for himself by “[initiating] the most heinous school shooting ever imagined.”

The issue at hand: should Elonis’ intention of carrying out those threats have to be proven for those threats to be credible? Elonis and his supporters argue that “subjective intent” is the standard to prove threats are real. NNEDV and others argue that “objective intent,” taking into account the content and the context of the statements, is the correct standard to determine the credibility of threats.

Are Online Threats Real?

The perceived anonymity of the internet has allowed many to harass, intimidate, and threaten others, particularly women, in more ways than ever before. In recent years, we have seen a rise in young people committing suicide after online bullying, female bloggers and gamers viciously attacked online, and women being threatened by “anonymous” mobs for daring to speak out on women’s issues.

The reality is that after any kind of threat, victims fear for their safety. They will leave their homes, change their names, change their phone numbers, abandon careers, leave school, and withdraw from online spaces, including major platforms such as Twitter or Facebook. Survivors have gone to great lengths to feel safer. So are online threats real? The consequences to the victims are very real.

Furthermore, in most cases of domestic violence and stalking, online threats aren’t made in isolation. They are often made as part of other abusive behavior, including physical, emotional, or sexual abuse; intimation; harassment; and attempts to control the other person. Nor are victims' fears unfounded. Each day, an average of three women are killed by a former or current intimate partner in the United States. Context is important. If a victim is so terrified of her abuser, and a judge agrees and gives her a protection order that forbids the abuser from even going near the victim—that context matters. So when he goes home and writes a “lyric” about how a protection order will not stop a bullet and posts it online so everyone can see—that is terrifying. This isn’t a Taylor Swift breakup song. This is a threat.

Freedom of Speech

Those in defense of Elonis argue that the intent matters for a variety of reason. The central argument is that if threats are assessed by the victim’s perception of the threat rather than the person’s intent when making the threat, it could chill freedom of speech. In ACLU’s brief, not taking into account the speaker’s intent could result in “self-censorship [so as] to avoid the potentially serious consequences of misjudging how his words will be received.” Moreover, the arguments claim that it is difficult to assess how speech is perceived when made over the internet because the audience’s reaction to online threats could be interpreted in so many different ways.

The Marion B. Brechner First Amendment Project claims that requiring proof of intent is necessary because Elonis’ statements were artistic rap lyrics. The inflammatory and violent statements, while distasteful, were artistic self expression. Those who are unfamiliar with the rap genre, the argument in the brief asserts, could hold negative stereotypes and “falsely and incorrectly interpret them as a threat of violence of unlawful conduct.”

Online Threats and Domestic Violence, Stalking, and Violence Against Women

Their arguments only work if you lived in a world where outlandish speech is only made in the name of art or political speech. In the real world, online threats, particularly against women or intimate partners, are not artistic or political speech. It is violent speech that terrorizes victims. Regardless of whether the abuser or stalker intends to blow up the victim’s home with a mortar or cut her up until she’s soaked in blood and dying (another of Elonis’ online posts), he is accomplishing one of his goals, which is to terrify the victim.

Threats against women cannot be minimized because they happen online. Or because the abuser hasn’t yet carried out the crime. Or because we’re worried that enforcing consequences for these threats will cause people to feel less free to speak their minds and hinder freedom of speech. In the context of domestic violence and stalking, threatening language is threatening. Needing to show subjective intent would make it more difficult to hold abusers and stalkers accountable for terrifying victims and would imply that it’s okay to make such threats, as long as, you know, you didn’t really mean it.

Read our brief for the Elonis v. United States case here

Read our official press release statement here.