We’re looking for apps I don’t remember downloading and which platforms can access my smartphone’s camera or microphone; Who else can see my calendar, my notes, my emails?
We also check the basics: whether my device is actually registered with my name and email address, and whether I have two-factor authentication turned on.
Rose MacDonald, co-founder of Nansen Digital Forensic Services, explains to me the digital safety audit she offers to victim-survivors of family violence. I’m speaking to former police detective and digital forensics specialist so we can better understand the experience of people experiencing this type of abuse and how they can minimize the risks.
We look at who could access my Google or iCloud accounts. What third-party platforms are connected to the account and whether my emails are forwarded to another address.
Sometimes when MacDonald does these audits, he finds high-tech surveillance tools: spyware, for example, that hides deep in your phone’s software. But this kind of technology costs money, and much more often, he says, perpetrators take advantage of the surveillance opportunities offered by everyday functions: shared accounts or location-sharing tools that reveal more than we realize.
“What we find most typically is misconfiguration of normal settings… and violations of the cloud environment. “If they have a username and password for something, it doesn’t really take a lot of technical knowledge,” he says.
The use of technology to “control, abuse, track and intimidate” is a common feature of family violence in Australia. A published report in 2020 found that almost all of the 442 frontline domestic violence professionals surveyed had had clients “who had experienced technology-facilitated harassment and abuse”, with particular risks for women with disabilities or those who are Aboriginal, Strait Islander Torres or who do not speak English. background.
Advocates have told Guardian Australia about car trackers and secret cameras, but also about bullying messages sent via bank transfers and even online purchases.
“It can be really insidious (and) really difficult, if you think about how many accounts you have on different sites, how many passwords,” says Rosa Grahame, senior solicitor in the family law practice at Women’s Legal Center ACT.
“I thought he was being a good guy.”
In my audit, MacDonald and I talked about my home Wi-Fi network and who set it up; if the password has been changed. Do I know what it is? We check if my calls are forwarded to another number.
We look at my Bluetooth connected devices. If I had a smartwatch, for example, this is where we could discuss who bought it: was it me or someone else? “We started thinking about (whether) the perpetrator of the violence had access to the account (and) health data, which could show their location,” MacDonald says.
While running forensic software that looks for traces of foreign devices and suspicious activity, MacDonald says the audits are also about education. You want people to understand the relationship between their device and the cloud.
“I explain… if a perpetrator comes into this environment… they can access your Gmail, they can access maps, they can access your documents,” he says.
These scenarios sound familiar to Lauren*, whose partner subjected her to years of what she now considers coercive control. “I thought he was being a good guy when he bought me a new phone and set it up on his business account,” he said. “But really it was so he would have access to all my text messages and who I call.”
He also set up his email, he says, and was able to access his Facebook account. Later, he would confront her about innocuous messages. “It’s a campaign to dominate and control someone,” Lauren says.
During the audit, we scrolled through the family sharing settings on my phone. MacDonald tells me that if I log in from a new location to a shared account for a streaming platform, for example, a message could be sent to the original account, giving me away.
Ultimately, in a family violence situation, it could be a child’s account that reveals my movements and location, including the app that sends daycare updates. One trend Grahame of the Women’s Law Center has observed is that perpetrators are giving children items to enable GPS monitoring, such as a smart watch. In another case, a man installed a tracker on his daughter’s toy frog.
Griffith University criminologist Molly Dragiewicz has researched how children could participate in the abuse of technology through everything from cell phones and GPS tracking to gaming devices and social media. She says some forms of surveillance-like tracking apps have become normalized between parents and children.
“The exact same technologies can be used for good or harm depending on the context of the relationship,” he says. “It is not about specific technologies. It’s about the context in which they are used.”
Audits must take trauma into account
Digital security audits like the one I conducted with MacDonald are not easily accessible and funding can vary by state. In Victoria, programs such as the Personal Security Initiative can help facilitate access to security audits, among other security measures. But if a victim-survivor uses a private service, the cost can run into hundreds of dollars.
Another concern raised by several advocates is the lack of vetting of those working in the private security space, as well as whether they are adequately trauma-informed and aware of the specific risks related to family violence.
Diarmaid Harkin, senior lecturer in criminology at Deakin University, has researched some of the solutions offered for technology-facilitated abuse. He says any claims about technology that can “detect” spyware should be closely examined, as the sector is evolving rapidly and there will always be limitations.
“Those (technology security) audits themselves need to be audited,” Harkin says. “Is counseling appropriate from a technical perspective, but is it also appropriate in the context of domestic violence?”
MacDonald also believes the security industry needs better standardization when it comes to family violence safety assessments, to ensure risks are not overlooked. She says she has seen some providers do a “factory reset” on phones, for example, erasing important evidence that might be needed in court.
It could also simply be unsafe for the victim-survivor to disconnect the perpetrator from their devices without first consulting family violence services or the police, he says. “If we reach an agreement, then we will have a discussion about the best way to manage it. If you were to cut off that access without any additional security planning, the behavior could escalate.”
Even as the government pushes for digital platforms to be designed with safety first in mind, we can’t promise victim-survivors absolute safety, says Dr. Dragiewicz. Spyware is constantly evolving, but the technology we need to function every day – to work, communicate, and pay bills – also creates risks. It’s unrealistic to simply ask people to log off, he says.
“Much of the responsibility for taking care of technological security falls on the victim. “We are not actually addressing or disrupting the behavior of abusers,” he says.
Lauren now works with a group called DV Safe Phone, which provides free cell phones to victim-survivors of family violence.
“Certainly, when someone is looking for power and control, they know how much we all depend on our phones now,” he says.
“Being able to have access to a phone they don’t know about… can really change their life.”
*Name only for privacy reasons.