National Network to End Domestic Violence (NNEDV) and M3AAWG Address Intimate Partner Violence in a Digital Age
At last month’s Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) 56th general meeting, Erica Olsen, director of the Safety Net Project at the National Network to End Domestic Violence, addressed the group on the role of technology in abuse.
Her remarks focused on how technology can be used as a tactic of abuse and the importance of improving awareness and understanding of how technology can be misused.
Olsen noted the issue parallels traditional threat models (more info on threat modeling here, (https://owasp.org/www-community/Threat_Modeling) used in cybersecurity efforts.
She added that in designing technology systems, threat modeling often misses intimate partners as a possible threat actor because it’s not one of the threats we commonly think about.
When thinking about attacks, she said that the industry is more often designing with other types of attacks that don’t apply to domestic violence, sexual assault, or stalking scenarios. These can include stranger attacks that are in high volume, such as botnets taking the passwords from a data breach and trying them on many different services to see how many of the end users of one service reused their password on another service. There can also be targeted threats from malicious actors who can spend time and resources doing research to learn about the victim or insider threats represented by disgruntled employees or suppliers who might have ulterior motives.
Olsen emphasized that threat scenarios often fail to consider a threat actor who is very well known to the victim such as a spouse or domestic partner. In this case, the threat actor could be inside a victim’s house, intimately know the person’s history, they may have access to the victim’s passwords and the answers to commonly asked security questions, they may have physical access to the victim’s devices or login account access to the settings for the victim’s devices or their children’s devices.
NNEDV partners with Coalition for Stalkerware (https://stopstalkerware.org) to work on Industry wide standards and with the Center for Democracy and Technology (https://cdt.org) to suggest best practices around location trackers. M3AAWG has supported the coalition and in 2022 awarded them with its J.D. Falk Award (https://www.m3aawg.org/for-the-industry/jd-falk-award-recipients).
NNEDV is working to drive and support industry standards taking into account the different threat models occuring in intimate partner abuse, and getting abuse teams and software teams to include those threat models when they’re designing features and processes.
NNEDV also educates the public about technology abuse and raises awareness about the ways abusers can misuse technology, akin to the work done to teach people how to spot phishing emails and safe passwords. How can we as an industry teach people the kinds of precautions they should take if the malicious actor isn’t a phishing organization, but rather someone who knows them and possibly has physical access to their systems?
For more information about NNEDVs Safety Net Project, go to www.TechSafety.org. Industry best practices on preventing online abuse, phishing, malware and more are available on the M3AAWG site at https://www.m3aawg.org/published-documents.