Making Strides to Stop Stalkerware

/

Exciting news… In the past couple of months, there has been some significant movement in the work against stalkerware. The term stalkerware, AKA spyware, refers to apps, software, or devices that allow someone to monitor or record the activity of another person’s phone or computer without their consent or knowledge. For many years, the term spyware has been used to describe the type of monitoring and surveillance these types of apps and software have prided themselves on. However, as advocates and technologists have come to better understand just how these programs and apps work, we have identified that the characteristics of these types of apps and programs are stalking behaviors. In recent years, there has been a shift in the work to identify and call these types of problematic programs and apps what they really are, which is stalkerware. This technology is incredibly sneaky and is used by abusers and stalkers as a tool to monitor, surveil, intimidate, harass, and control someone. While stalkerware still remains a significant issue for survivors of abuse, tedious but necessary work has been happening to curb both the existence of these products and their misuse.

Buh bye…

Last week the Federal Trade Commission (FTC) announced their first case against a developer of stalking apps. Their investigation of and settlement with Retina-X Studios, LLC has ended with the company’s three stalking apps - MobileSpy, PhoneSheriff, and TeenShield – taken off the market and the company prohibited from selling apps that monitor devices unless they take steps to ensure they will only be used for legitimate purposes. These include not requiring jailbreaking or rooting of the device to function, acquiring written verification from the purchaser that the app will only be used for legal purposes, ensuring a visible icon remains on the device that can provide the user with information, and deleting all personal information previously collected by the apps. Prior to the settlement, all three of Retina-X’s apps required the purchaser to circumvent the phone’s security features by either jailbreaking or rooting the phone and then allowed the person to monitor the phone remotely without any notice to the owner of the device.

When the apps were taken off the market, they had more than 15,000 subscriptions. Anyone doing this work knows that a large number of those subscriptions were likely used for abusive purposes and likely brought much harm in the time they were used. We are grateful to the FTC for their leadership on this and for bringing us in during the process prior to the announcement. We worked closely with the FTC to create graphics to accompany their announcement and provided feedback on the notification language they were crafting.

Clues that stalkerware may be on device

Clues that stalkerware may be on device

Building Partnerships

Today, the announcement was made about the creation of the Coalition Against Stalkerware and the new resource, StopStalkerware.org. We are a member of this Coalition, which is made up of technology companies and advocacy organizations. Leading up to this, we have been working with several anti-spyware companies to learn more about stalkerware, the options to prevent and detect it, and ensure that the experiences of survivors are understood. The Coalition will work together to create industry-wide standards for defining and detecting stalkerware, strategies to increase education and awareness about the issue for survivors, and potential solutions to eliminate spyware completely. Many of the companies involved have been conducting research and increasing education for prevention for many years, and we are enthusiastic to be able to share and collaborate on this effort.

 We also recently participated in Virus Bulletin’s Annual Conference alongside Kaspersky. This event is focused on international threat intelligence and it was a meaningful opportunity to bring the voices of advocates and survivors into that space. We learned a great deal about this work and provided training around the misuse of stalkerware apps and their implications for survivors of abuse.

New Resources

Because of the swift momentum of these growing partnerships and the urge to ensure helpful information is available to survivors, we have worked diligently to update our own materials around spyware/stalkerware within the Survivor Technology and Privacy Toolkit. 

We are excited to be a part of the changing landscape in both government and technology spaces in terms of holding spyware/stalkerware companies and abusers accountable. This work will require many partners and approaches to ensure that the products being created do not intentionally harm survivors and will be a critical piece to the broader goal of addressing abuse.

Keeping Survivors in the Driver’s Seat: Our Focus on Confidentiality 

/

As professionals and experts in the field, advocates go to work every day helping survivors reclaim their lives. But it can be easy to get caught up in the day-to-day rush of the work, and sometimes we forget that we aren’t the driver of this journey - we’re just passengers along for the ride. When we get off track, we start to think a survivor should automatically give us the information we ask for, that they should trust us to collect and share their information as we see fit because we’re experts and we know what’s best. But we have to put the brakes on that thinking, and remember that survivors are the experts of their own experience. It’s our job to help educate them about their options, and the potential impacts and outcomes of their choices, so that they can make an informed decision. When we do this, we’re giving them the keys, ensuring they’re the ones who are in control and driving the bus,* and that we’re doing our job by helping them navigate!

Safety Net kept very busy over the summer and early fall of 2019, working to help organizations across the field improve their understanding and practice of confidentiality. To help agencies ensure they’re providing survivor-driven services and developing policies that support a survivor’s right to privacy, we hosted four national webinars, facilitated a listening session for state and territorial coalitions on mandated reporting, launched new materials, and held an outstanding two-day conference– Strictly Confidential: Protecting Survivor Privacy in Federally Funded Programs.  

Summer 2019 Highlights

Webinars:
For anyone who missed the webinars, and for those who’d like to revisit them, you can check them out using the links below:  

 

Resources:
Newly-created materials, which were all added to our Confidentiality Toolkit, include:

National Conference:
The 2019 Strictly Confidentiality conference was in such high demand that we had to make a wait list and get creative with seat set-up! We loved seeing everyone so interested and engaged in wanting to learn more about survivor-centered best practices. Advocates, attorneys, court officials, and others came from across the country to learn more about how they can ensure they’re providing survivor-driven services. The conference content was designed to help advocates navigate complex federal confidentiality obligations, through in-depth analysis, peer sharing, and scenario problem solving. Participants explored the many layers of privacy, confidentiality obligations, and their intersections with technology in a tangible way. Topics included:

  • Understanding and applying legal confidentiality obligations

  • Navigating the mandated reporting and confidentiality overlap

  • Building community collaborations while maintaining confidentiality

  • Upholding confidentiality in emergency situations

  • Navigating language access and confidentiality

  • Handling official third party demands for survivor information

  • Selecting and using databases

  • Implementing best practices for agency use of technology

  • Minimizing risk via intakes and data retention policies

  • Understanding data breach notification laws

  • Ensuring valid releases of information.

We hope all this new content is helpful to service providers and we look forward to hearing your feedback so we can continue to improve this work. We’re also grateful to our grant partners at Danu Center’s Confidentiality Institute, to our funders at the Office on Violence Against Women, and to the advocates who are out there doing this work every day. When we provide services based on confidentiality best practices, we’re helping survivors understand they have a right to privacy, that they remain in control of that privacy, and they can make the decisions that work best for them.

*The “survivor drives the bus” phrase was coined by our grant partner, Alicia Aiken, Director of Danu Center’s Confidentiality Institute :)

Confidentiality Conference Registration is Open!

/

Advocates are saying:

“Some survivors don’t reach out because they’re worried about mandated reporting requirements. This gets in the way of us being able to help.”

“What if no one on staff speaks the survivor’s language? How do we find a translator they feel safe with? And what agreements should be in place to protect victims’ privacy?”

“We get pressure from our community partners to share victim information. When we don’t, they get frustrated and that makes collaboration difficult.”

“We don’t have a policy for how to handle confidentiality obligations if there’s an emergency at our shelter.”

Is your agency facing similar difficulties?

Mark your calendar and join us September 9th & 10th in Atlanta, GA for the 2019 National Confidentiality Conference – Strictly Confidential: Protecting Survivor Privacy in Federally Funded Programs!

This training, provided by the National Network to End Domestic Violence and The Confidentiality Institute will help you, as victim service providers, navigate complex federal confidentiality obligations, through in-depth analysis, peer sharing, and scenario problem solving. Participants will explore the many layers of privacy, confidentiality obligations, and technology in a tangible way. Learn how to implement best practices related to privacy and confidentiality while providing survivor-centered services, and how to build strategic relationships with community partners, while respecting your information sharing limitations.

The conference will cover a variety of topics including:

  • Mandated reporting

  • Community collaborations

  • Upholding confidentiality in emergency situations

  • Navigating language access and confidentiality

  • Handling official third party demands for survivor information

  • Selecting and using databases

  • Agency use of technology

  • Implementing survivor-centered best practices

Attendees will gain a deeper understanding of these issues and will be given resources and tools to better serve survivors. Click this link for a copy of the full agenda.

Can’t wait to see you there!

This conference is OVW approved.

Please contact us with any questions.