Cambridge Analytica and Why Privacy Matters to Survivors

Recent news that the personal information of tens of millions of people was used by Cambridge Analytica “to create algorithms aimed at ‘breaking’ American democracy” as the New Yorker phrases it, has led to a call to #DeleteFacebook. For those unfamiliar with the story, our friends at AccessNow wrote a great summary.

This kind of invasion of privacy is not new, nor is it limited to this case. The old expression, “No free lunch,” applies to any service that we don’t pay for, whether it is social media or a discount card at the grocery store or entering a raffle to win a new car. The true cost is allowing those companies to access our personal information for their own profit.

Safety is the primary concern. For survivors who face threats of harm, who live daily in fear from the abusers, the security of personal information can be a life and death issue. For survivors fleeing an abuser, information about location, work, kids’ schools, and social connections can lead an abuser to the doorstep. For survivors living with abuse, information about friends, thoughts, feelings, opinions, and interests can be misused by an abuser to control, isolate, or humiliate.

For survivors, privacy is not an abstract issue, or a theoretical right to be debated on CSPAN. Privacy is essential to safety, to dignity, to independence. Yet, we live in a time when personal information = profit.

The Cambridge Analytica story surfaces the underlying reality that our personal information is not under our control. It feels like we are seldom asked for consent to share our personal data. When we are, it is in legalese, in tiny letters that we might have to scroll through to be able to check that box, and get on with using whatever website we’re trying to use. Even if we do take the time to read through those privacy terms, we know that data is routinely stolen, or accidentally published on the Internet, or used against us to affect access to loans, insurance, employment, and services.

We are social animals. We crave connection. Research shows that we suffer without it. Isolation is a classic tactic of abuse. But the price we too often pay for connection online is our privacy.

At times like these, we may think about deleting Facebook, going offline, or throwing away our phones. We may think that survivors should give up their tech at the door of our shelters, or that they have to go off the grid in order to be safe.

Digital exile is not the answer. Technology, and the Internet, is a public space where everyone, including survivors, should have the right, to share their voices, to make connections, and to access information without fear of their personal information being collected and used without their consent. April Glaser writes in Slate that, “[d]eleting Facebook is a privilege,” pointing to the huge number of people that rely on it to connect with friends, to learn about events, to promote a business, or, in parts of the world with limited Internet access, just to be online at all.

Survivors, just like every other consumer, should be given the opportunity to give truly informed consent. That consent must be based on clear, simple, meaningful, understandable privacy policies and practices – not just a check box that no one pays attention to.

A guide to the process of changing your Facebook settings to control apps’ access to your data is available from the Electronic Frontier Foundation. Also check out our own guides to Online Privacy and Facebook Privacy and Safety.

Addressing Technology Misuse in the Context of Sexual Assault

Two new resources from Safety Net discuss Technology Misuse in Sexual Assault, and offer advocates and others working with survivors a tool for Assessing Technology Misuse and Privacy Concerns.

As technology becomes woven into every aspect of society, offenders misuse the technology in sexual assault. Just as the dynamics of sexual assault differ from domestic violence, the misuse of technology looks different when sexual assault occurs outside of an intimate partner relationship.

  • A youth group leader might misuse online communities to groom victims.
  • A supervisor might threaten to change an employee’s file in a company database.
  • A caretaker might limit access to help-seeking through technology.
  • A medical provider might threaten to share embarrassing information or images gathered in the course of treatment.
  • Surveillance cameras and security could be misused by a landlord to gain footage of or access to a victim.
  • A law enforcement officer could misuse a database to target potential victims.

More understood examples include the explosion in the production and sharing of child pornography, or nonconsensual sharing of intimate images or footage of sexual assault of adults over the Internet.

Privacy Concerns

In addition, sexual assault cases in the public eye can generate distressing comments on news stories and social media, and some survivors may become the target of online harassment, doxing or other retaliation.

Technology and Root Causes

Online spaces amplify existing attitudes and beliefs, and so can support rape culture through memes, viral posts, revenge porn sites, etc. At the same time, online advocacy and activism efforts have used online spaces to counter rape culture through awareness, events, bystander intervention and more.

Smartphone Encryption: Protecting Victim Privacy While Holding Offenders Accountable

The last few months have seen heated debates between law enforcement and technology companies over the issue of smartphone encryption. The government has argued that encrypted devices and new technologies make it more difficult for law enforcement to investigate crimes while technology companies claimed that weakening encryption weakens security for everyone. Currently, Congress is drafting a bill that would require technology companies to make encrypted data readable, and several state legislatures have introduced legislation to block the sale of encrypted smartphones

At the core of the encryption debate is the concept of privacy and technology security. Technology nowadays – in particular the smartphone – collect and store an unprecedented amount of private information, including personal health data, access to online accounts (such as social media and email), videos and pictures, and so much more. Some of this information can be especially private and something a user may not want others – a friend or family member, an abusive partner, or an employer – to know about. For those individuals, the security on their smartphone can enhance or strip away that privacy.

Through the Safety Net Project at the National Network to End Domestic Violence, we have been addressing the intersection of technology and violence against women for over 15 years, and have trained more than 80,000 victim advocates, police officers, technologists, and other practitioners. In looking at how technology can be misused to facilitate stalking and harassment and how survivors can use their technology to attain safety, privacy is a recurring and fundamental component.

For victims of domestic violence, sexual assault, and stalking, privacy and data security are integrally connected to their safety. A survivor’s smartphone is their lifeline; yet their smartphone can also be incredibly vulnerable to misuse by an abuser. A survivor’s smartphone is often one of the first things an abuser will target simply because of the amount of information on there. If they can compromise the victim’s smartphone, they have access to all phone calls, messages, social media, email, location information, and much more. For these reasons, smartphone security and encryption is essential to safeguarding the privacy of victims’ personal information.

The other side of the encryption debate is the ability for law enforcement to hold offenders accountable, which is something we also strongly support. When abusers misuse technology to threaten and terrorize, investigators can trace the digital trail to discover and prove who committed the crime. An encrypted smartphone makes it more difficult for law enforcement to access information on that phone if the owner is unwilling or unable to unlock it.

While law enforcement should not be impeded in their ability to investigate a crime, it’s important to recognize that smartphone encryption does not prevent law enforcement from doing an investigation of technology-facilitated domestic violence, sexual assault, and stalking. In these types of crimes, the goal of the perpetrator is to wield power and control over the victim by controlling the victim’s technology, harassing the victim through messages or phone calls, monitoring their activity, or disseminating harmful and devastating rumors about the victim. It is often an interaction between the victim and perpetrator through a third party, and digital evidence or proof of this harassment and abuse could exist elsewhere: on the victim’s own devices or an online platform (Facebook, email, etc.).

There may be circumstances in which evidence only exists on the perpetrator’s device. This could be the case in a sexual assault, for example, in which the perpetrator recorded or took videos of the assault on his/her device and has not yet shared them or posted them publicly. In situations such as this, unless the videos or photographs were uploaded online or backed up, the evidence may not be anywhere but on the perpetrator’s smartphone.

In most cases, however, it is possible for law enforcement to successfully investigate and build a domestic violence and sexual assault case without needing the perpetrator’s smartphone. For example, evidence of harassment via emails, texts, or social media will also exist on other technology platforms. If the abuser purchased monitoring software or is tracking the victim through a paid service, there might be financial records. In some cases, the survivor may have access to some of the evidence that might be needed. While survivors should never be in the position of having to investigate their own crimes, they are often in the best position to know what’s happening, and they should be involved and part of the process.

Balancing Victim Privacy and Offender Accountability

Ultimately, for survivors of domestic violence, sexual assault, and stalking, the smartphone encryption issue comes down to balancing victim privacy and offender accountability. Both are equally important but neither should be compromised for the other. Victim privacy is fundamental to victim safety, and the technologies survivors use should have the most security and encryption possible.

It’s also important to recognize that weakening smartphone encryption to allow law enforcement access means weakened encryption—period. If an abuser is technologically savvy or is in law enforcement, their victim may have less privacy and security on their smartphones. There is no professional immunity to those who commit violence against women, and perpetrators of domestic and sexual violence work in all fields, including technology companies and law enforcement agencies.

We believe it is possible for law enforcement to investigate technology-facilitated domestic violence, sexual assault, and stalking crimes, without compromising victim privacy through weakened smartphone encryption. Law enforcement, federal funders, technology companies, and the victim advocate community need to come together to figure out how to support survivors and help them be safe while also holding offenders accountable.

Instead of finding ways to get around smartphone encryption, law enforcement agencies deserve and need far more resources to investigate crimes facilitated through technology. Law enforcement should be given more information and tools so they not only know how technology is misused to facilitate crime, but all the different places where the evidence could exist, and the proper process and method on gathering this evidence. A good, thorough investigation of technology-facilitated domestic violence, sexual assault, and stalking goes beyond examining a perpetrator’s encrypted smartphone.

At our annual Technology Summit, we ensure that there are sessions geared specifically for law enforcement professionals, so they can take this knowledge back to their communities. We’ve worked with other national organizations, such as the International Association of Chiefs of Police, to develop articles to share this knowledge with law enforcement. Despite 15 years of addressing this issue, however, we still hear from survivors and their advocates that thorough investigation of technology-facilitated crimes is not happening consistently across the country. Rather than proposing legislation requiring access to encrypted data on a smartphone or banning encrypted smartphones, we encourage legislators and advocacy groups to look at what is actually needed to fully investigate these crimes and to truly address what law enforcement can do to hold offenders accountable.

New & Updated Resources on Facebook Privacy & Safety

We recently had the exciting opportunity to collaborate with Facebook on their international roundtables on Women’s Online Safety and were able to participate in three of these events in Washington, DC, Hyderabad, India, and New York City. The roundtables featured leading voices from many of the nation’s gender based violence (GBV) organizations as well as government representatives from various countries.

The roundtables were devised to create space for GBV organizations to contribute to the broader conversation on how Facebook in particular can engage the voices of women and create a safer environment for women to use the platform without fear of harassment and threats.  The goals of the roundtables were:

  1. To share existing Facebook tools women can use to help with privacy and safety.
  2. To share innovations Facebook is currently working on to improve the user experience. 
  3. To hear concerns from the field on what users are experiencing. 
  4. To create a network for GBV organizations to foster continuous conversations and provide a support structure for women users. 

The roundtables included conversations around Facebook’s Real Name Policy. Facebook has strongly backed their long-standing policy for users to be authentically identified by their real names. This policy also minimizes the ability for abusers and perpetrators to hide behind fake accounts and increases the likelihood that abusers misusing the platform to harass, threaten, or stalk a person can be held accountable. The policy has received some push-back, however, and Facebook addressed the various steps they have taken to allow some flexibility for individuals who are going by a different name in their everyday lives than their legal name.

All of the meetings discussed counter speech, which is used to combat negative comments posted on an account. By using counter speech, users can ask their audiences to post positive comments and help manage some of the negative, threatening, and harassing comments they are receiving.

During the roundtables, Facebook and Safety Net introduced the new Guide to Staying Safe on Facebook. This guide is a condensed version of the Privacy & Safety on Facebook: A Guide for Survivors of Abuse, providing short and concise tips on privacy and safety settings. Both resources can be found in our Privacy & Safety on Facebook page of the blog.

The roundtables were an incredible success. We appreciate the opportunity Facebook provided for global GBV organizations to convene and share their concerns. We will continue to foster collaborations between technology companies, government organizations, and non-profits to help eradicate violence against women in all forms, including in online spaces. To learn more about the roundtables and all of the great topics discussed, visit #HerVoice. Also, check out our video series on Facebook Privacy, Security and Safety!

3 Simple Questions To Determine Which Safety App is Right for You

Many apps on the market have been specifically designed to help users communicate their safety needs in an emergency. These are referred to as safety apps and they use the cell phone’s location, text messages, alarms, video/camera features, and other alert options.

As more of these safety apps become available, one of the questions we get a lot is: "Which safety app should I use?" And we wish we can say: "Use this one!" However, we can’t because which app you choose depends on a lot of things. In fact, we wrote a handout on things to consider when selecting a safety app. Still, many people ask us: "But can’t you just tell me which one to use?" To narrow it down, we’ve created 3 simple questions to get you started.

What do you want the safety app to do?

Do you want an easy way to notify your friends or family if you’re in danger? Would you prefer to connect with authorities in an emergency? Or are you looking for basic information about domestic violence or resources local to you that can help? Most apps have a different purposes and determining what you want is the first step.

Does the app meet your needs?

Is the app easy to use or make it easier for you to do something? Remember, the purpose of an app is to make life easier. If it actually makes it harder for you to do something, then just stick with what’s easiest. It might be faster to call your friend than to find the app among all the other apps on your phone, find the right screen, tap it three times, darn—tapped the wrong area, tap again, only for it to send a cryptic message that might confuse your friend.

Does the app truly do what it says it will?

This is where you should test the app to see if it works the way it says it will. For example, some apps will send your location to your safety contacts if you’re in danger. Test it. Did it do that? Was the location accurate? This step is critical if you’re using a safety app for communicating in a potential emergency. Test this app with friends and family before you’re in danger and with friends and family who uses different types of devices. Some apps work more accurately on one platform versus another.

These three questions will get you started in determining if it’s the right app for you. Of course, if you’re a survivor or someone who is concerned about your privacy and want to be thorough, check out our handout on Choosing & Using Apps: Considerations for Survivors. But if that’s tl;dr, start with these 3 questions.

You can also read our reviews on select apps too. We’ve downloaded them and tested them, and we offer a pretty thorough assessment on each of them. Ultimately, however, whether an app is right for you is up to you. (Just make sure it works and that it’s what you want!)

Protect Yourself In a Data-Driven World

geralt/pixabay.com

geralt/pixabay.com

We live in a world of share, share, share. What’s your phone number? What’s your social security number and birth date? Can I get your pic? Can I follow you on Insta, FB, Twitter? Then there’s an entire level of sharing that we don’t even know about. What does the FBI, NSA, or my county government have on me? Is my doctor, pharmacist, or WebMD sharing my health data with anyone? What is Google, Facebook, or Apple collecting about me?

Today is Data Privacy Day, a day aimed at helping consumers understand how to protect their online information and encourage businesses to be more transparent in how they collect and use data. For victims of stalking, domestic violence, and sexual assault, knowing how their personal information is collected and shared is imperative since disclosing their private information can be the difference between safety and danger.

Survivors take great strides in protecting their privacy from abusers who seek to harm them. They disengage from social media; they get new cell phones and laptops; they put additional security on their accounts. Yet, when information about them is shared: such as medical information between health insurance companies; state databases that are connected to allow additional access; or just the postal office sharing changes of addresses with data brokers – survivors’ privacy can be comprised.

Some of this sharing is beyond our control, which is why Data Privacy Day is so important. We need to protect our information by being careful over what and to whom we share our information and advocate for more control over our own personal information when others are sharing it.

What can you do? Here are some practical steps you can take: 

Other tips? Share them in the comments!

10 Easy Steps to Maximize Privacy

Photo source: Ruth Suehle for opensourceway.com via flickr.com/ photo cropped from original

Photo source: Ruth Suehle for opensourceway.com via flickr.com/ photo cropped from original

We live in a world of constant technology use and lots of sharing. Technology has made it easier for families, friends, co-workers, and long-lost classmates to connect, and our online lives are just as important to us as our offline ones. But what you share doesn’t always stay within those circles and can be shared much more broadly than expected. Sometimes our technology gets out of our control.

So what can you do? Here are some quick ways to ensure that your tech use and sharing is done a little bit more safely. Although these may sound simple, these are some of the easiest things to forget to do and some of the easiest ways to lose control and privacy. 

1.    Log out of accounts and apps
Yeah, this is kind of duh advice, but you’d be surprised at how many people forget to log out of their accounts. They only realize they forgot when someone else posts something outrageous on their Timeline or feed. Logging out of your account is even more important if you’re using someone else’s device. Uncheck the “keep me logged in” feature and don’t allow the web browser to remember your password to automatically log you in. Doing so will make it easy for anyone to pick up your computer, tablet or smartphone, and post away, pretending to be you. 

2.    Use strong passwords
Use passwords to prevent strangers, parents (if you have nosy parents), and children (if you have nosy children) from accessing your accounts. Don't use the same password for more than one account, a password that someone who knows you can easily guess, or a one-word password that can be easily cracked. Create a password system so that you use unique passwords only you will know. 

3.    Review privacy settings
Review the privacy settings on all your online accounts, particularly your social media ones. Most sites allow users to limit what others see, whether it’s status updates or profile information. Don’t forget that it’s more than just social networks like Facebook or Twitter that have privacy settings. Most online accounts, such as Amazon, allow you to limit who can see your profile information. 

4.    Minimize location sharing
Smart phones have GPS location capability and you could be sharing your location without even knowing it. You can control which app has access to your location by turning off that option through your smart phone. (Most phones have location privacy options in the settings.) Some social network sites also allow you to manage your location privacy through the site’s privacy settings. 

5.    Don’t include location coordinates in your pictures
Did you know that when you take a picture on your smart phone, you could inadvertently share your location as well? That means that the selfie you just posted and uploaded online could contain your exact GPS coordinates. You can turn off that capability through the privacy setting on your camera app. Don’t forget that even if you turned off the location option for your camera app, the photo sharing app that you’re using may share your location—so turn off the location option for the app as well. 

6.    Be thoughtful about connecting social media accounts
Yeah, you can connect your Instagram to your Facebook or your Foursquare account to other social networks—and yeah, that may make it easier to update them all with just one click. But that also means that a lot more people will have access to lots of info about you. It also makes it more difficult to lock down your privacy. So be thoughtful about which social media accounts you connect. 

7.    Be careful when using free wireless networks
Free internet is always awesome. But you pay for it by being more vulnerable to risks. Using open wireless networks at your local coffee shop or sandwich shop can leave you susceptible to hackers accessing your private information. If you’re going to check bank accounts, buy something where you have to give your credit card information, or do anything sensitive, wait until you are back on a secure network. And if your personal wireless network doesn’t have a password on it, for the love of any deity, put a password on it!

8.    Use HTTPS everywhere
Not all websites are created equal. Some sites are more vulnerable to viruses, which makes your computer/tablet more vulnerable. However, some sites have a secure version – you can tell by looking at the link in the URL address bar. If it starts with https, it’s a secure page vs. http, which is just a normal page. (The next time you’re checking your bank account or buying something online, check out the address bar; it'll probably be green.) The easiest way to ensure that you’re using the secure page whenever you can is to download the HTTPS-everywhere browser add-in. Each time you go to a site, it’ll try to open the secure (https) site rather than the normal one. If the site doesn’t have a secure page, it’ll default to the normal page. 

9.    Use Incognito, Private Browsing, or InPrivate Browsing
Currently, Google Chrome, Mozilla Firefox, and Microsoft Explorer allow you to browse privately. Basically, privately browsing means that someone can’t open your web browser after you’ve used it and go through the history to see what you’ve been up to. Browsing privately is safer if you’re using a friend’s computer or tablet or are on a public computer. Keep in mind though that you have to close the browser to erase your history. If you leave it open, users after you can still see your browsing history.

10.    Use more than one email address
Email addresses are free, so have as many as you want! You can use one specific email address with a super strong password for your banking and shopping. Use another email for all the junk mail and accounts you have to create in order to use a particular web service. You could even consider using different email addresses for different social media accounts. Using different emails for different accounts is safer because if someone guesses one of your email + password combo, they don’t have access to all your accounts. You can even go one step further and download a service that “masks” your account address, so that you’re never using your actual email address. 

Facebook Removes Search By Name Option

 

Last week, Facebook announced that they were removing the “Who Can Look Up My Timeline By Name” option for their users. Since then we have been contacted by many concerned advocates about what removing this feature means for survivors, many of whom use Facebook to stay connected with friends and family but whose privacy from their abusers and stalkers is equally important.

When Facebook first told us they were planning to make this change, we expressed that this feature is one method some survivors use to control their privacy. Opting out of being searchable by name was one way in which survivors could use to keep an abuser or stalker from finding their timeline/account. 

However, Facebook explained, and we agree (because we’ve known this for a while too), that this feature gave a false sense of privacy, since even if this feature was activated, people can still be found in other ways. Some of those ways include:

  • Mutual friends. If you have mutual friends, unless you choose to not allow mutual friends to see your activity, many people can be found that way. Moreover, even if they have chosen to not allow friends of friends to see their activity, we have heard of many survivors whose mutual friends simply shared the information with their abuser or other people. 
  • Username/User ID. If someone knew your exact username or userID, they can find you that way. 
  • Graph Search. Graph search is a new searching option that Facebook has been slowly rolling out, and this type of search will make anyone searchable, even if they have selected that they don’t want to be found by name. Unlike personal demographics information, graph search reveals users based on things they like or things their friends like and other demographics information about the user that public. So, for example, if you like a particular restaurant, live in Albuquerque, NM, someone can do a search for “People who like [restaurant] in [city]” and find all the people who have liked it. 

Although we are disappointed that the option to be searched by name has been removed, the safest course for survivors and advocates is to educate themselves about how they can be found on Facebook regardless of privacy settings. Users should know what kinds of information will always be public, understand how widely information can be shared online, and determine what they will share based on their own privacy risks. The reality is that social media always has, and always will, move toward a model of sharing and openness; even if something is private now, it may not always be so. 

In light if that, it is important to know that these activities/information will always be public on Facebook:

  • Your name, profile picture, your cover photo, your username and user ID, and any networks you belong to.
  • Any public pictures or posts you like or comment on. For example, if you like or commented on a picture or a post where the original author set that picture or post to public, the fact that you liked it or your comment will be public. 

There are a few things that survivors can do to maximize their privacy.

  • Check out the “view as” option, to see what someone can see when they look at your page, whether it’s as a friend, a friend of a friend, or the public. 
  • Review your timeline by going back to previous posts on your timeline and change who can see those posts. You can even delete old posts. 
  • Going forward, limit what you share by choosing only friends. You can even go further and create lists that will limit exactly who see the specific information you are sharing. 
  • Take a look at Safety Net’s handout on Facebook Privacy for more privacy tips. 

As Facebook continues to change their privacy settings and introduce new features to their users, it is critical that survivors and advocates understand those changes and how it affects the personal information they share on Facebook. Facebook allows users to delete old posts or pictures, so it might be time to do your own Facebook audit and clean up your timeline.