New Internet of Things (IoT) Resources

The Internet of Things (IoT) refers to internet-connected devices that are able to connect with other devices and to be controlled remotely through a device or app. IoT devices have become commonplace in many homes and can serve as important tools for increased efficiency and for users to connect with friends and family. Unfortunately, IoT devices can also be misused to stalk, harass, and surveil. For more information about the misuse of IoT devices, check out Thermostats, Locks and Lights: Digital Tools of Domestic Abusea recent New York Times article in which NNEDV was interviewed regarding the misuse of “smart home” devices in domestic violence cases.

While misuse of IoT devices appears to be rising, it can be hard to identify all of the risks and safety options associated with common IoT devices. To assist in better understanding IoT in domestic violence cases, NNEDV has created a new set of resources, including: 

Technology is constantly changing, so stay connected to for upcoming new content!

After HopeLine, What Are Survivors’ Options for Free Phones?

As word spreads that Verizon’s HopeLine program, which provided free cell phones to survivors, is ending, many local programs are wondering what options are available.

Probably the best option right now, at least for survivors who are low-income, will be the Lifeline program. Lifeline is managed by the Federal Communications Commission (FCC) and run by individual phone providers. The program offers reduced fee or free phones with data and minutes for eligible low-income individuals. Program materials state that, “To participate in the program, subscribers must either have an income that is at or below 135% of the federal Poverty Guidelines or participate in certain assistance programs.”

As for other programs that collect, refurbish and give out free phones to survivors, be cautious when considering partnering with them. Older phones, often donated directly to shelters or through donation drives, often have old batteries. This means that a phone kept hidden in case a survivor needs to call 911 might not work when it’s needed. Ask how they wipe previous owner’s data from the devices, if they install a new battery, and whether the phone can only be used for 911 calls.

In addition, we know that access to a phone can make a difference for survivor beyond the ability to contact emergency services. A smartphone with data, minutes and messaging, can help survivors to locate housing, services, employment, medical appointments, court dates, and can reduce isolation.

The HopeLine program differed from other programs by giving survivors a new phone. The Illinois Coalition Against Domestic Violence summarized the success of the program in announcing it was discontinued, “Over the course of HopeLine’s phone donation program, millions of phones were provided to survivors of domestic violence and tens of millions of dollars were committed to support the important work of domestic violence prevention and awareness.” Survivors currently using HopeLine phones will be able to continue using them through December 31, 2018.

Cambridge Analytica and Why Privacy Matters to Survivors

Recent news that the personal information of tens of millions of people was used by Cambridge Analytica “to create algorithms aimed at ‘breaking’ American democracy” as the New Yorker phrases it, has led to a call to #DeleteFacebook. For those unfamiliar with the story, our friends at AccessNow wrote a great summary.

This kind of invasion of privacy is not new, nor is it limited to this case. The old expression, “No free lunch,” applies to any service that we don’t pay for, whether it is social media or a discount card at the grocery store or entering a raffle to win a new car. The true cost is allowing those companies to access our personal information for their own profit.

Safety is the primary concern. For survivors who face threats of harm, who live daily in fear from the abusers, the security of personal information can be a life and death issue. For survivors fleeing an abuser, information about location, work, kids’ schools, and social connections can lead an abuser to the doorstep. For survivors living with abuse, information about friends, thoughts, feelings, opinions, and interests can be misused by an abuser to control, isolate, or humiliate.

For survivors, privacy is not an abstract issue, or a theoretical right to be debated on CSPAN. Privacy is essential to safety, to dignity, to independence. Yet, we live in a time when personal information = profit.

The Cambridge Analytica story surfaces the underlying reality that our personal information is not under our control. It feels like we are seldom asked for consent to share our personal data. When we are, it is in legalese, in tiny letters that we might have to scroll through to be able to check that box, and get on with using whatever website we’re trying to use. Even if we do take the time to read through those privacy terms, we know that data is routinely stolen, or accidentally published on the Internet, or used against us to affect access to loans, insurance, employment, and services.

We are social animals. We crave connection. Research shows that we suffer without it. Isolation is a classic tactic of abuse. But the price we too often pay for connection online is our privacy.

At times like these, we may think about deleting Facebook, going offline, or throwing away our phones. We may think that survivors should give up their tech at the door of our shelters, or that they have to go off the grid in order to be safe.

Digital exile is not the answer. Technology, and the Internet, is a public space where everyone, including survivors, should have the right, to share their voices, to make connections, and to access information without fear of their personal information being collected and used without their consent. April Glaser writes in Slate that, “[d]eleting Facebook is a privilege,” pointing to the huge number of people that rely on it to connect with friends, to learn about events, to promote a business, or, in parts of the world with limited Internet access, just to be online at all.

Survivors, just like every other consumer, should be given the opportunity to give truly informed consent. That consent must be based on clear, simple, meaningful, understandable privacy policies and practices – not just a check box that no one pays attention to.

A guide to the process of changing your Facebook settings to control apps’ access to your data is available from the Electronic Frontier Foundation. Also check out our own guides to Online Privacy and Facebook Privacy and Safety.

Biometric Information Privacy

In early March, NNEDV was notified by the World Privacy Forum about an effort that is underway in Illinois to strip essential biometric privacy protections. NNEDV and the Illinois Coalition have since been coordinating efforts to oppose this move. The privacy protections being threatened are a model for other states and should be replicated, not undermined. You can learn more about biometric data and about what's happening in Illinois below. 


In 2008, Illinois passed a landmark bill titled the Illinois Biometric Information Privacy Act. BIPA, as it is known, was specifically aimed at protecting critical biometric data such as “retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” Several states have followed Illinois’ leadership and passed similar laws, however Illinois still stands alone in not only protecting against the misuse of biometric information, but also providing a private right of action, which allows individuals to personally sue entities such as corporations for failure to inform and obtain consent before collecting, capturing, purchasing, or receiving biometric data.

BIPA is an important law for anyone who is interested in privacy and security, but it is especially important for vulnerable individuals like survivors of domestic violence. Many survivors of domestic violence are forced to flee abusive relationships and to change their identities in order to protect themselves and their children. While a name or social security number can be changed, there is no way for most individuals to change biometric information. It is unique and once compromised cannot be fully protected. For survivors of domestic violence who regularly experience identify theft and who may need to protect their information in order to stay safe, BIPA is an essential tool in helping survivors to make smart decisions about what information to share. BIPA requires entities to inform people about their collection practices, to obtain written consent before collecting, and to have processes to destroy biometric information that has been collected in a reasonable time. These safeguards are essential and can actually save lives.

BIPA is currently under attack. A new bill has been introduced in an attempt to peel back the protections afforded under BIPA in large part to protect companies from lawsuits for failure to comply with BIPA’s important privacy protections. The use of biometric data is increasingly common and we know that it will continue to be an important part of many aspects of commerce, including how companies oversee human resources. While there may be a way to balance the changing needs and practices of companies with essential privacy rights, the current bill to modify BIPA is far from reaching an appropriate balance. While the bill would still protect against the sale of the biometric information, it would otherwise completely gut BIPA exempting nearly every single business in Illinois.


The National Network to End Domestic Violence (NNEDV) believes that BIPA is an essential law to protect biometric data and is especially important for survivors of domestic violence. If you agree, please contact Senators Bill Cunningham, Chris Nybo, and Napoleon Harris, III and file a witness slip in opposition to the bill. A link to the witness slip can be found here. When filling out the slip, make sure to check Record of Appearance Only, under the section entitled “IV. Testimony.”



NNEDV Resource Highlight: Technology Safety and Your Website

Safer Internet Day

February 6 is recognized as Safer Internet Day. We believe that survivors have the right to be safe at home, at work, on the streets, and online. Most domestic violence and sexual assault service providers have some type of online presence, whether it’s a website, social media page, or something else. 

The following steps can be taken to increase the safety and privacy of people who search for resources and reach out to agencies online:  

1.      Add a Safety Alert to Your Website: This can remind survivors that their online activity could be monitored or viewed by someone without the survivor’s knowledge.

2.      Create a Quick Escape Button: This allows survivors to be redirected to an innocuous webpage. Be mindful, this only prevents immediate over-the-shoulder monitoring (not spyware), and does not block browser history.

3.      Include Information about Internet Safety: Be upfront about safety risks of communicating online with survivors via email, website, or other platforms, and transparent about what information might be retained.

4.      Use a Web Form Instead of Email Addresses: Unlike direct email addresses, a web form does not leave a record of the email in the sender’s email sent folder.

5.      Posting Pictures & Videos: Be sure to get consent before you post any pictures or videos online. This includes permission from staff, board members, or speakers – don’t assume that because someone works for your agency or was invited to speak, that they are willing to have their images posted online. 

6.      Include Accurate Information: Make sure any information that pertains specifically to your area – county, state, or region – such as laws, processes, or services are made clear. Survivors who visit your site may be from a different area and should know if the information provided is applicable to them.

7.      Accessibility: Make sure your website is accessible for all viewers – including those living with disabilities or who are Deaf. You can increase accessibility by ensuring that the font you use is large enough, has strong contrast, and that the images on your website have alternative text descriptions (alt text).

Find more tips and technology safety resources in our Agency’s Use of Technology Best Practices & Policies Toolkit.
If you have additional questions about technology safety, please visit or reach out to our Safety Net team:

Privacy Risks and Strategies with Online Dating & Gaming

Both online dating and online gaming are fast-growing industries that are increasingly becoming a regular part of life. Online dating has rapidly gained in popularity as a common way to connect to potential dates or find a partner. And, contrary to popular perception, online gaming is not just a pastime for teenage boys. Many people have concerns about the safety of online dating, often due to widely publicized stories of assault and abuse, and unfortunately, online harassment is an all-too-common experience while playing games online, that can also cross into real life.

Everyone should be able to be online safely, free from harassment and abuse, and that includes dating and gaming. For survivors of domestic violence, sexual assault, and stalking, privacy and safety concerns may be even greater when trying to engage in online spaces. Fortunately, it is possible to increase privacy and safety when dating and gaming online.

Two new resources from Safety Net discuss both risks and strategies, for survivors who want to be active in online dating or gaming communities.

Harassment, threats, and abuse that happen “only” online should be taken seriously. Such experiences can be traumatizing, and may include financial crime or identity theft. Victims report efforts to ruin their reputations and drive them from the online community. If enough identifying information is known, the abuse can also quickly become an offline threat.

If you are concerned about online harassment or abuse, see our Survivor Toolkit for more information about Online Privacy & Safety Tips, guides to Facebook and Twitter, and for resources to assist in documenting abuse.

Online harassment and abuse may fall under a number of crimes, depending on what is happening. To learn more about laws in your state on online harassment, visit

Data Privacy Day: The Gold Standard for Protecting Survivor Privacy

data privacy

When thinking about domestic violence victims, data privacy isn’t the first thing that comes to mind for most people. But here at Safety Net, it’s always a top priority for us, and we spend a lot of time helping local domestic violence programs and other victim service providers understand the impact that their use of technology can have on the privacy of the survivors they work with.

Understanding what real data privacy looks like can be complicated. As we move ever more rapidly into a technology-driven world, local domestic violence programs are under increasing pressure to join in and adopt new technologies. There are many benefits to this – it means that survivors have new ways to find help that are often easier (and in some ways safer) than making a phone call or showing up at the front door, and it means the administrative work programs have to do can become more streamlined, giving them more time to spend helping those they are there to assist. But as with everything related to domestic violence, there are major risks involved in the use of technology that must be considered and minimized before moving forward.

Let’s start with why data privacy is so important. When survivors seek help, they take huge personal risks. If their abusive partner finds out they’ve asked for help, the abuse often escalates. They also face the possibility of harmful social and economic repercussions, like housing discrimination, job loss, and exclusion from their family or community. The information victims share with the domestic violence programs is often incredibly sensitive, and if others gain access to it, it can be used to cause further harm to them. This is why the Violence Against Women Act (VAWA) requires such stringent confidentiality practices – well beyond what the more widely known HIPAA practices require. (Learn more about this in our HIPAA/VAWA/VOCA FVPSA Privacy Comparison resource.)

Domestic violence programs often ask us to help them learn and understand best practices related to data privacy and online services. A practice we are constantly encouraging programs to look at is the use of zero-knowledge encryption services. When we suggest that as the best option for confidentiality, many want to know “But what does that even mean?!” Well, zero-knowledge encryption is the best way to ensure that the information being sent between the survivor and the program, or the information that is being stored in the cloud by the program, is protected against all third-party access (a third-party is anyone who is not the victim or the program that is helping them out).

When a domestic violence program uses cloud-based services, they are essentially storing the information they are collecting at an outside location. And it is standard practice for most cloud-based companies to have access to the data that is being stored. This means that if they choose, they can go in and read all of the information the domestic violence program has stored about the victims they are working with. But when a software company uses zero-knowledge encryption, even THEY can’t see the data.

Here’s a helpful analogy for understanding how zero-knowledge encryption works: Imagine a physical storage company where you can rent a vault to store your organization's paper files. When you go there to rent a vault, they let you know that you will be the only one who has a key to your vault, and that there is no way to get into the vault without that key. The vault can't be broken into. And the storage company does not have an extra copy of the key. No one but you, or someone you give the key to, can get into the vault. This is what zero-knowledge encryption does for survivors' data. It ensures that only the domestic violence program has the key to unlock and access the data they have entered about survivors. This is why we consider this the gold standard of data protection, and the one that most clearly aligns with VAWA confidentiality obligations. Software companies are third parties. And they get approached by other third parties - like law enforcement and abusers' attorneys - to share the data stored on their servers. If the software company can't see the data, and they can't hand it over to others who might use it to harm the survivor, the privacy and safety of the survivor is much more secure. 

If you have questions about this, feel free to reach out to us. To learn more about privacy and confidentiality, check out our Technology & Confidentiality Toolkit.


FTC Revenge Porn

January 2017

FTC’s Complaint Against is a Win Against Nonconsensual Disclosures of Intimate Images

NNEDV applauds the Federal Trade Commission (FTC) and the state of Nevada for filing a complaint against a notorious website to help protect survivors of nonconsensual disclosures of intimate images, what is commonly referred to as “Revenge Porn.”[1], like many similar websites, is dedicated to the deeply damaging practice of soliciting intimate images and providing a space and impunity for individuals to post intimate images without consent. Many of these sites fully recognize the impact of the distribution of these images and therefore have monetized the suffering of those depicted in the images by charging hundreds or thousands of dollars to remove the images from their website. Websites that employ these tactics enhance the ability of abusive individuals to terrorize their victims by soliciting and widely disseminating nonconsensual images and then blackmailing individuals that are desperately seeking to get the images removed from the website. While there are still many more sites that engage in these deplorable practices, the FTC and Nevada have taken a step to combat an egregious example and in so doing have also provided notice to others about the consequences of running these enterprises. In the current case, one executive of the company that runs has already agreed to a fine and to comply with a ban on posting intimate images. The website itself is still online, but the complaint is still pending and could result in large fines for the company and other members of the executive team. We often hear about the many ways in which individuals are terrorized on the web, but NNEDV is encouraged by the steps taken by the FTC and Nevada and hope that other states will follow their lead in working to combat the nonconsensual disclosure of intimate images.

For more information about responding to nonconsensual disclosure of intimate images, check out our survivor toolkit and/or advocate toolkit.


[1] NNEDV and many advocates are against the term “revenge porn” because we believe it inaccurately describes the practice of nonconsensual disclosure of intimate images. While some individuals make nonconsensual disclosures for revenge, many perpetrators have a mix of motivations that may or may not include revenge. Furthermore, by calling these images “porn” it inappropriately suggests that those depicted are a part of a pornography industry, when in fact the disclosure of these images is a crime in most states. Nonconsensual disclosure of intimate images more accurately describes the panoply of motivations and provides a better description of these images.

Addressing Technology Misuse in the Context of Sexual Assault

Two new resources from Safety Net discuss Technology Misuse in Sexual Assault, and offer advocates and others working with survivors a tool for Assessing Technology Misuse and Privacy Concerns.

As technology becomes woven into every aspect of society, offenders misuse the technology in sexual assault. Just as the dynamics of sexual assault differ from domestic violence, the misuse of technology looks different when sexual assault occurs outside of an intimate partner relationship.

  • A youth group leader might misuse online communities to groom victims.
  • A supervisor might threaten to change an employee’s file in a company database.
  • A caretaker might limit access to help-seeking through technology.
  • A medical provider might threaten to share embarrassing information or images gathered in the course of treatment.
  • Surveillance cameras and security could be misused by a landlord to gain footage of or access to a victim.
  • A law enforcement officer could misuse a database to target potential victims.

More understood examples include the explosion in the production and sharing of child pornography, or nonconsensual sharing of intimate images or footage of sexual assault of adults over the Internet.

Privacy Concerns

In addition, sexual assault cases in the public eye can generate distressing comments on news stories and social media, and some survivors may become the target of online harassment, doxing or other retaliation.

Technology and Root Causes

Online spaces amplify existing attitudes and beliefs, and so can support rape culture through memes, viral posts, revenge porn sites, etc. At the same time, online advocacy and activism efforts have used online spaces to counter rape culture through awareness, events, bystander intervention and more.

Emergency SOS on Apple iOS 11: Safety Features and Security Concerns

Apple recently unveiled its newly updated operating system - iOS 11 - for iPhone, iPad, and iPod Touch. The operating system offers a variety of new tools that will impact the lives of survivors of domestic violence. This two-part blog series features two of the new tools. Recently we released a blog about the screen recording feature. Today, we are featuring the Emergency SOS calling feature.

The new Emergency SOS feature in iOS 11 allows iPhone users to call emergency services, with the added options to alert trusted contacts via text message that the emergency call was placed, and to send those contacts updates on the user’s current location. You can do all of these things without unlocking the phone. As with all technology, it’s important to look closely at both the benefits and how the new feature  may impact a safety planning process. If you’re at risk of abuse from somebody known to you, it’s very important to know that the Emergency SOS button may be a part of a safety plan, but it is not a substitute for a safety plan. In this blog, we’ll take you step-by-step through the process of setting up this feature and offer key safety considerations for survivors who are interested in using it.

The Emergency SOS feature is not a new feature for smartphones, but this is the first time a tool like this has been available as a part of the iPhone's operating system. The Samsung Galaxy S6 and S7, and other Android-based devices have had this feature built into the operating system for several years. Similar tools that allow a user to quickly contact trusted contacts and emergency services have also been available as third-party apps in the Apple App and Google Play Stores. For a review of personal safety apps, please take a look at Safety Apps: Getting Help During an Emergency page of our App Safety Center.


If you want to activate or test the Emergency SOS feature, you can do so by going into the Settings app of your device. Once there, scroll down until you see the Emergency SOS tab, which currently looks like the image below. Clicking on the Emergency SOS tab will take you to the set-up page. Information will appear that will assist you in setting up the feature.

Activating emergency sos mode in ios 11

Triggering Emergency SOS

The buttons you press to trigger emergency SOS depends on which phone you have.

  • For iPhones 7, 7+, and older, press the button on the right side of the device rapidly 5 times to activate Emergency SOS.
  • For iPhone 8, 8+, and X, press and hold the button on the right side while at the same time pressing and holding one of the two volume buttons.

Set Up Options

There are two modes for Emergency SOS. For the sake of this blog, we will call them the default mode and the auto-call mode.

Default Mode: If you activate Emergency SOS without making any changes, the feature will be in default mode.  After the Emergency SOS feature has been triggered in default mode, a screen will appear with several different buttons that the user can slide to call Emergency SOS, access Medical ID, power off the device, or cancel the triggered feature (in case it was accidentally triggered). This is what you will see on the device:


Key consideration: The default mode is helpful for avoiding accidental calls to emergency services, but it also means you will have to look at the phone to actually place the call, which may raise the suspicions of the abusive person.  

Auto Call Mode: Alternatively, auto-call mode can be turned on so that once the Emergency SOS feature has been triggered, a call will automatically be placed. The call will not be placed for 3 seconds, which gives the user an opportunity to cancel the call.

Key consideration: It's important to note that by default, auto-call mode will sound a loud, siren-like alarm when Emergency SOS is triggered - however the sound feature can be turned off. Once the auto-call mode is triggered, the alarm sounds and a short, 3-second countdown appears on the screen period where the 911 call can be canceled. After the 3 seconds have passed, the call will be placed. This countdown was designed to give the user a chance to cancel the call if it was triggered accidentally, and to draw the attention of anyone in the area. While sounding an alert can be helpful for avoiding accidental 911 calls or for drawing public attention during incidents of violence, it will also alert an abusive person that it’s been triggered, giving them time to grab the phone from the victim and possibly cancel the call. Particularly in cases of domestic violence, alerting the abusive person may escalate violence. Thankfully, Apple offers a way to disable the warning sound. This can be done by scrolling down to the bottom of the Emergency SOS settings page and toggling off the Countdown Sound button (see images below).


 Emergency Contact Notification & Location Sharing

Within the Emergency SOS settings, you also have the option of selecting multiple emergency contacts to receive notice of the emergency. These contacts will be taken from contacts that you set up in the Medical ID feature on iOS. Once emergency contacts are selected, if you activate the Emergency SOS feature and a call to 911 is placed, each of these contacts will receive a text message notifying them that you have contacted emergency services and providing them with your current location. There is approximately a ten second time period where you can cancel the text message notification before it is sent. Additionally, if your location services are turned off, the iPhone will temporarily turn them on. If your location changes after the initial text message is sent, your contacts will receive ongoing SOS location updates as you move around. Your phone will have a blue alert at the top of the screen that alerts you to the fact that your location is being shared. You will also receive a reminder on your phone after 10 minutes have passed that lets you know that your emergency contacts are still receiving emergency location updates. You can stop sharing the updates at any time, and will be reminded every 4 hours that they are still sending updates. You will no longer be reminded after 24 hours have passed.

Your contacts will receive a text message similar to the image below.


Key Considerations: If the abusive partner gets your phone as the call is in process and hangs it up, they may be able to cancel the emergency contact notification system before it engages. Additionally, you can only assign emergency contacts that are a part of your contact list. This can be a problem if you want to use a number that you need to keep discreet and separate from your contact list. One possible work around would be to assign the number under a fake name that you aren’t worried about your partner seeing – then you would just need to make sure to remember who the number actually calls. There may be a way to hide contacts through iCloud and the default contacts app, however hiding is not likely to be of much assistance because you will still have to have the individual emergency contacts visible within the Medical ID feature in order to use them for Emergency SOS. If your contact does not have good service at the time of the message they may not receive the exact location or location data at the same time that it is sent. This means it's important to consider someone's availability and phone reception when deciding if you want to include them as an emergency contact. 

 Overall, as with any technology, there are benefits and risks for safety and privacy. If this feature is something you think may increase your safety, give you options for communicating emergency needs quickly, or simply give you peace of mind, learn as much as you can and test it out so you’re comfortable with relying on it in the case of an emergency.

 Have questions about this or how other technologies impact victims of domestic violence? Reach out to us!

This project was supported by Grant No. 2016-TA-AX-K069 awarded by the Office on Violence Against Women, U.S. Department of Justice. The opinions, findings, conclusions, and recommendations expressed in this program are those of the author(s) and do not necessarily reflect the views of the Department of Justice, Office on Violence Against Women.