Erica Olsen Of NNEDV On IOT Devices | Avast
What happens when the Internet of Things becomes a threat to the people in a connected home? University College London researchers found in a report last year that “IoT systems currently lack well-established security and privacy settings and are inherently designed based on the assumptions that all of their users trust each other. As such, they represent a new risk vector.”
While domestic violence incidents involving IoT technology have increased, there continues to be a lack of awareness or understanding of how smart homes can be used to spy on or harass their residents.
One person who has explored and explained that new risk vector is Erica Olsen, is director of the Safety Net program at the National Network to End Domestic Violence, where she advocates on behalf of survivors of gender-based violence on issues of technology abuse, privacy, and victim safety. She regularly consults leading tech companies on the potential impact of technology design on survivors of abuse. The Avast Blog spoke with her about the impact of the Internet of Things on domestic violence.
Avast Blog: What are survivors telling you? What sort of things are happening?
Erica Olsen: It really runs the gamut. The most common concern we hear is about the potential misuse or the actual misuse of security systems. If there is a smart security system that is set up in a way that the abuser could have access to the home by a simple push of a button on a smartphone, that raises significant safety concerns for the person who might still be in the home – even if the abuser is no longer in the home or has an order of protection saying that they can’t come near the home. If that access remains, there’s a significant safety concern and so that raises red flags immediately. We also often hear about people misusing devices to harass, to terrorize people and give them a constant reminder that the abuser is the person who’s in control, that they are always there. That might be something as simple as turning on devices remotely, accessing devices, disabling technology in the home. We also have seen it, unfortunately, misused as a form of financial abuse. If somebody is cranking the AC all day, or turning on all the electronics during the day, when the survivor is not home and then turning it off later on, that can change the bills dramatically. They can be trying to make it no longer affordable to live there. We’ve also seen these devices abused to harass people in pretty horrible ways to keep people up at night. We worked with a survivor whose abuser would turn on the stereo speakers and blast music in the middle of the night or turn on all the lights. This was a residence where the music and lights were all integrated into a smart home. And turning on those things in the middle of the night makes it hard for the survivor to sleep. Then they would get a text message in the morning saying, “Have fun at work today. I hope you slept well.”
Avast Blog: What do you advise survivors to do?
Erica Olsen: We try to talk to people about understanding the technology that’s in the home. Sometimes it’s not really obvious. An abuser might be using a security system to surveill them. People are coming to us, or local programs, or law enforcement, with the baseline concern that the abuser just knows too much about what’s happening. And at that point they’re just trying to narrow it down and figure out what the person might be abusing. Sometimes the first strategy is just taking an inventory of the technology that’s in the home, and understanding how it’s set up, who has access. A lot of times those steps can be overwhelming, and it’s hard for people to understand. Even the safety standpoint of looking at what things are connected to your router is not something that a lot of people easily know how to do. So really taking it step by step and helping people understand and learn about the technology in their home and how to increase their security is a really important step. We are inundated today in the world with technology that we ought to understand but aren’t really, fully understanding. And people can easily misuse it.
“Taking it step by step and helping people understand and learn about the technology in their home and how to increase their security is a really important step.”
Avast Blog: Is just shutting down devices a good idea?
Erica Olsen: We try to avoid the knee-jerk reaction of just telling survivors to shut everything down and get offline. There may be situations where that’s what the survivor wants to do. That may be the strategy that will make them feel the safest. But we want to avoid that being the thing that people are told to do, as if that is going to stop the abuse, as if it’s going to be an easy strategy. We don’t live in a world where people can just get offline.
Avast Blog: Could going offline lead to further isolation of the survivor?
Erica Olsen: Yes. We don’t want to add to someone’s isolation or add to the abusers’ tactics. There’s also the reality that very often abusers are misusing these technologies because they can give them the access and the control that they want. It can help them to really terrorize the person. There’s a level of control this gives them. If you take away that access and that control, you are unlikely to see an abuser just stop being abusive. They will likely find another route to get access to the victim. If you cut off their access, it’s possible that the abuser will escalate their behavior. If they cannot access and reach the person remotely, they might do it in person. They could end up showing up. It’s always really important that the survivor thinks through what the abuser might do, and trust their gut. They know the person better than anyone else will. If they think the person might become more abusive and more dangerous, that’s something they have to safety-plan around.
Avast Blog: This kind of intimate attack via technology is very invasive. What does it say to you about people’s personal right to privacy and safety online?
Erica Olsen: It’s hard to articulate how intrusive and intimate it can be when this is happening inside your own home. This is supposed to be the place where you are safe. Especially when the abuser is not supposed to be in the home anymore, and the survivor is trying to rebuild their life. The fact that somebody can have access to the home – either physical access like by unlocking the doors with a security system they have access to or remote access to the home by surveilling a survivor with cameras – there’s a serious loss of control over your surroundings. People can end up feeling quite powerless and terrified of what that means – if you don’t have control over your own privacy. But that’s often what the abuser is going for – they want the person to understand that they are in control that they can’t do anything without them knowing. It’s quite a helpless and terrifying feeling.
Avast Blog: Have there been legal cases that have explored this? Is this kind of abuse against the law? Would it violate a restraining order?
Erica Olsen: Yes, in most instances, this would be considered a violation of an order of protection. It does depend on what the order says and how it’s interpreted. Most orders of protection are up-to-date today and factor in that contact is not just physical contact but also not abusing any electronic communications or devices to harass or communicate at all with the person. There’s always a chance though that somebody might get an order that is not written as broadly as it needs to be or that the interpretation of it might not be what we need to see. Unfortunately there is not a universal interpretation of what this means. Some officials may still believe that if the abuser is not on your property in person you can probably just turn the internet off and ignore them. And that’s just an unfair assumption we are working against. It’s not realistic or feasible for the survivor. It ignores the reality that this is not going to end abuse by the person. It’s not going to stop their behavior. It’s just going to stop their one tactic.
Avast Blog: Are there statistics showing how much IoT or tech-related harassment is part of domestic violence cases today?
Erica Olsen: It’s hard to get definitive numbers, in part because the survivor doesn’t always know. Sometimes the primary clue is that the abuser knows about patterns of behavior, like when the survivor is home or gone. But the investigations options are so limited. Some survivors just want to get rid of the technology to get away from the abuser. Even the survivors who do want to go the law enforcement route might not see a lot happen because investigations are limited. Some police departments don’t have a lot of resources. We see a lot of police departments that don’t have forensic software to scan for all this. When we do trainings, police officers sometimes tell us they don’t know how to work with companies to scan or get data from devices. If there’s a delay, survivors will sometimes just get rid of their phones, or whatever technology they are concerned about, or try to replace things so they can continue with their lives. That limits our ability to cite numbers that show many cases involve spyware or involve IoT devices.
Avast Blog: The New York Times interviewed you a year ago on what the paper described as the new trend of IoT devices misused in domestic violence. What’s new in the IoT-domestic violence issue?
Erica Olsen: We’re seeing a lot more attention to this issue. Survivors are talking to law enforcement and advocates about this type of abuse, who are in turn recognizing it a little bit more. And we are seeing more attention by some of these companies. Some of the home security companies – Ring and some of the others – are absolutely trying to look at this intersection, and how their products might be misused by an abuser, but also strategically used by a survivor to increase their privacy and their safety.
“Technologies are often being developed with the idea that the people you share your home with are safe people.”
Avast Blog: Is that cooperation from companies unusual?
Erica Olsen: We’ve been working with a number of tech companies for several years now. We sit on advisory boards for several tech companies. I think many companies were in a place where they were kind of being reactionary when the news picked up on something where their platform was obviously a tool that somebody misused to facilitate abuse. I think after so much of that, companies are really trying to take a proactive approach and think about safety and privacy a little bit more from a design perspective. I think the interesting thing about the Internet of Things and specifically the smart home technology is that even if you have companies that are looking at the angle of privacy from a design standpoint, those are technologies that are often being developed with the idea that the people you share your home with are safe people. That those are not the people that you need to protect your privacy from, that those are not the people that you have safety concerns about. So even if the technology is designed with privacy in mind, it can still not be a level of privacy or control that prevents someone from abusing it. They may actually create something that makes it very easy for someone to misuse it as a tool for abuse.
Avast Blog: How does your Safety Net program fit into this?
Erica Olsen: It’s been around since 2000, and since that time we’ve been looking at how all kinds of technology intersect with domestic abuse, sexual assault, stalking, and trafficking. That can be how abusers are misusing technology, but it also can be about how survivors are strategically using technology to safeguard their privacy and safety. We work closely with a lot of technology companies, and we have a lot of resources for people on our techsafety.org website. We try to help people understand how some people abuse technology, how to understand technology, and how they can use it to protect themselves. Womenslaw.org is also a great resource for people to see what laws apply to this area. People mistakenly believe there are no laws to address these crimes, and that’s not the case. Most laws that address abuse, harassment, and stalking are looking at behavior, not addressing specific technology. There is something that can be done. That’s the good news. Things are changing. We have more resources, guidance, and solutions for survivors.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/erica-olsen-of-nnedv-on-iot