NNEDV Resource Highlight: Technology Safety and Your Website

/
Safer Internet Day

February 6 is recognized as Safer Internet Day. We believe that survivors have the right to be safe at home, at work, on the streets, and online. Most domestic violence and sexual assault service providers have some type of online presence, whether it’s a website, social media page, or something else. 

The following steps can be taken to increase the safety and privacy of people who search for resources and reach out to agencies online:  

1.      Add a Safety Alert to Your Website: This can remind survivors that their online activity could be monitored or viewed by someone without the survivor’s knowledge.

2.      Create a Quick Escape Button: This allows survivors to be redirected to an innocuous webpage. Be mindful, this only prevents immediate over-the-shoulder monitoring (not spyware), and does not block browser history.

3.      Include Information about Internet Safety: Be upfront about safety risks of communicating online with survivors via email, website, or other platforms, and transparent about what information might be retained.

4.      Use a Web Form Instead of Email Addresses: Unlike direct email addresses, a web form does not leave a record of the email in the sender’s email sent folder.

5.      Posting Pictures & Videos: Be sure to get consent before you post any pictures or videos online. This includes permission from staff, board members, or speakers – don’t assume that because someone works for your agency or was invited to speak, that they are willing to have their images posted online. 

6.      Include Accurate Information: Make sure any information that pertains specifically to your area – county, state, or region – such as laws, processes, or services are made clear. Survivors who visit your site may be from a different area and should know if the information provided is applicable to them.

7.      Accessibility: Make sure your website is accessible for all viewers – including those living with disabilities or who are Deaf. You can increase accessibility by ensuring that the font you use is large enough, has strong contrast, and that the images on your website have alternative text descriptions (alt text).

Find more tips and technology safety resources in our Agency’s Use of Technology Best Practices & Policies Toolkit.
If you have additional questions about technology safety, please visit TechSafety.org or reach out to our Safety Net team: SafetyNet@NNEDV.org.

Privacy Risks and Strategies with Online Dating & Gaming

/

Both online dating and online gaming are fast-growing industries that are increasingly becoming a regular part of life. Online dating has rapidly gained in popularity as a common way to connect to potential dates or find a partner. And, contrary to popular perception, online gaming is not just a pastime for teenage boys. Many people have concerns about the safety of online dating, often due to widely publicized stories of assault and abuse, and unfortunately, online harassment is an all-too-common experience while playing games online, that can also cross into real life.

Everyone should be able to be online safely, free from harassment and abuse, and that includes dating and gaming. For survivors of domestic violence, sexual assault, and stalking, privacy and safety concerns may be even greater when trying to engage in online spaces. Fortunately, it is possible to increase privacy and safety when dating and gaming online.

Two new resources from Safety Net discuss both risks and strategies, for survivors who want to be active in online dating or gaming communities.

Harassment, threats, and abuse that happen “only” online should be taken seriously. Such experiences can be traumatizing, and may include financial crime or identity theft. Victims report efforts to ruin their reputations and drive them from the online community. If enough identifying information is known, the abuse can also quickly become an offline threat.

If you are concerned about online harassment or abuse, see our Survivor Toolkit for more information about Online Privacy & Safety Tips, guides to Facebook and Twitter, and for resources to assist in documenting abuse.

Online harassment and abuse may fall under a number of crimes, depending on what is happening. To learn more about laws in your state on online harassment, visit WomensLaw.org

Data Privacy Day: The Gold Standard for Protecting Survivor Privacy

/
data privacy

When thinking about domestic violence victims, data privacy isn’t the first thing that comes to mind for most people. But here at Safety Net, it’s always a top priority for us, and we spend a lot of time helping local domestic violence programs and other victim service providers understand the impact that their use of technology can have on the privacy of the survivors they work with.

Understanding what real data privacy looks like can be complicated. As we move ever more rapidly into a technology-driven world, local domestic violence programs are under increasing pressure to join in and adopt new technologies. There are many benefits to this – it means that survivors have new ways to find help that are often easier (and in some ways safer) than making a phone call or showing up at the front door, and it means the administrative work programs have to do can become more streamlined, giving them more time to spend helping those they are there to assist. But as with everything related to domestic violence, there are major risks involved in the use of technology that must be considered and minimized before moving forward.

Let’s start with why data privacy is so important. When survivors seek help, they take huge personal risks. If their abusive partner finds out they’ve asked for help, the abuse often escalates. They also face the possibility of harmful social and economic repercussions, like housing discrimination, job loss, and exclusion from their family or community. The information victims share with the domestic violence programs is often incredibly sensitive, and if others gain access to it, it can be used to cause further harm to them. This is why the Violence Against Women Act (VAWA) requires such stringent confidentiality practices – well beyond what the more widely known HIPAA practices require. (Learn more about this in our HIPAA/VAWA/VOCA FVPSA Privacy Comparison resource.)

Domestic violence programs often ask us to help them learn and understand best practices related to data privacy and online services. A practice we are constantly encouraging programs to look at is the use of zero-knowledge encryption services. When we suggest that as the best option for confidentiality, many want to know “But what does that even mean?!” Well, zero-knowledge encryption is the best way to ensure that the information being sent between the survivor and the program, or the information that is being stored in the cloud by the program, is protected against all third-party access (a third-party is anyone who is not the victim or the program that is helping them out).

When a domestic violence program uses cloud-based services, they are essentially storing the information they are collecting at an outside location. And it is standard practice for most cloud-based companies to have access to the data that is being stored. This means that if they choose, they can go in and read all of the information the domestic violence program has stored about the victims they are working with. But when a software company uses zero-knowledge encryption, even THEY can’t see the data.

Here’s a helpful analogy for understanding how zero-knowledge encryption works: Imagine a physical storage company where you can rent a vault to store your organization's paper files. When you go there to rent a vault, they let you know that you will be the only one who has a key to your vault, and that there is no way to get into the vault without that key. The vault can't be broken into. And the storage company does not have an extra copy of the key. No one but you, or someone you give the key to, can get into the vault. This is what zero-knowledge encryption does for survivors' data. It ensures that only the domestic violence program has the key to unlock and access the data they have entered about survivors. This is why we consider this the gold standard of data protection, and the one that most clearly aligns with VAWA confidentiality obligations. Software companies are third parties. And they get approached by other third parties - like law enforcement and abusers' attorneys - to share the data stored on their servers. If the software company can't see the data, and they can't hand it over to others who might use it to harm the survivor, the privacy and safety of the survivor is much more secure. 

If you have questions about this, feel free to reach out to us. To learn more about privacy and confidentiality, check out our Technology & Confidentiality Toolkit.