Smart devices being used for domestic abuse
October 21, 2020 |
The weaknesses of the internet of things to hacking has long been known. That doesn’t mean it has been dealt with adequately. The common problem is access to those devices through inadequate security or weak passwords from third parties. A recent BBC article How smart devices are exploited for domestic abuse demonstrates how the internet of things can be used track and terrorise.
A machine or application is in and of itself neither evil or good. It has no value. It provides a service or performs a function. As the article makes clear features designed to assist, such as a doorbell camera, can be used by partners or ex partners to surveil. Family apps, which I find creepy, are designed to monitor children’s safety. But the data can be relayed to an ex partner to help he or she to stalk. The design features of apps can make it hard to switch off that information flow particularly if the perpetrator installed the app, set the password and is familiar with its use.
The article provides:
The number of domestic abuse cases has increased dramatically since the UK’s Covid lockdown – and tech has played a role.
Smart speakers, tracking apps and key-logging software are among products that have made it easier for perpetrators to maintain control of victims and continue abuse.
Domestic-violence charity Refuge says more than 70% of those it provides support to have reported tech-related abuse within a relationship.
Two people who experienced abuse during the pandemic shared their stories with BBC Click.
They asked to remain anonymous for their own safety.
“When he left the house, that’s when I started to see that he was using the Ring doorbell camera to track me,” says Kate, who is using a pseudonym. She is referring to Amazon’s internet-connected security device. It triggers alerts when it detects motion in front of a home and allows live footage or recordings to be watched from afar.
“I could take the battery out of it if I wanted to, but I didn’t feel like I could because he would say to me, ‘You’re compromising our children’s safety’.
“I was worried that he would go to the police and try and suggest that I’m a bad mother.”
Another explained how her partner used Amazon’s virtual assistant to monitor her via a function that lets users remotely connect to enabled smart speakers and listen/speak via an intercom-like facility.
“He would set up all the accounts,” says Sue, who is also using an alias.
“He would set up family-sharing on things. There were various Alexa devices all over the property.
“He could drop in from outside or he could go to someone’s house and ring the Alexa when we were at home.”
Abuse experienced by men also increased during the pandemic.
The Respect Men’s Advice Line reports receiving 5,000 more calls during the start of the UK lockdown than in the same period the year before.
But women are still more likely to experience violence and harassment. Three-quarters of domestic abuse victims recorded by the police last year were female, according to the Office for National Statistics’ latest figures.
‘In control‘
Dr Leonie Tanzer says she frequently comes across this issue of control in a study of gender and internet-of-things devices she is leading at University College London.
“The perpetrator, who very often tends to be male, is the person that purchases the device [and] maintains the device,” she explains.
“That gives that person a lot of control over both the environment they’re in but also the device admin settings.”
Both Sue and Kate’s experiences confirm this view.
‘We are all in this bubble in the house,” says Sue.
“Even when I leave, he can see my location through my [smart]watch, or my phone or my iPad or anything.
“I just realised how little control I had over mine and the kids’ life and how much he had. I had to get out.”
She says her partner locked her our of their shared Amazon account which had her credit-card details attached to it, giving him the ability to spend money she would then be obligated to cover – in effect a means of control.
“I rang up Amazon and I said I can’t take my cards off this account,” she recalls.
“They said, ‘Sorry, you just have to cancel your bank cards’.
“The companies should know what the products could be used for.”
A landmark domestic abuse bill aims to make it illegal to use modern technology to track or spy on partners or ex-partners.
The legislation, which covers England and Wales, includes a statutory definition of domestic abuse that recognises coercive or controlling behaviour involving smart technologies.
It gives police extra powers to respond to domestic abuse cases involving tech.
The law is expected to get Royal Assent in the next couple of months.
As with many areas of life, technology can also be used to offer solutions and help, to targets of abuse.
But Refuge warns that some of the apps on offer pose further risk of harm.
“We have seen many agencies develop apps for the sole purpose of protecting and offering support to victims of domestic abuse, but often these apps have clear failings and can in fact compromise victims’ safety, [for instance] features that disclose the victim’s location,” says the charity.
Many people are spending more time than ever at home as a result of the coronavirus, and that means more sharing of software and services.
So now, more than ever, Kate suggests, their developers need to think through what happens when relationships break up.
‘When you’re in a couple, that account is going to be registered to one email address,” she says,
“When something goes wrong, the person who is unable to use it can’t do anything about it. You can’t rectify anything or change the details.”
Burden of safety
A team of security experts at IBM has considered how to minimise the risks of tech enabling domestic abuse.
It has devised a set of design principles to guide other device- and software-makers.
It believes the onus is too often on targets of abuse having to educate themselves rather than product-makers having to think through the consequences of their creations.
“We believe the burden of safety shouldn’t be on the shoulders of the end-user, and we felt it was important to shift at least some of that onus on to thoughtful designs,” IBM’s Lesley Nuttall tells BBC Click,
She says home devices, for example, could show alerts when they’re remotely activated and have a manual override.
“A lot of the smart devices are designed on the premise that all persons in the home are happy to share information with one another, but this happy scenario doesn’t recognise that there are many variations in family life,” she explains.
Family apps are used by many to monitor kids’ safety.
But by design they share a lot of information and can be misused in an abusive relationship.
“They share other pieces of information, such as battery level, which seems like a small innocuous piece of data,” Ms Nuttall says.
“But in the hands of an abuser, the victim can’t escape that barrage of abuse by simply switching off their phone, saying the battery has died.”
IBM also warns that perpetrators often send abusive messages via the reference descriptions given to low-value online bank transfers or gift notes added to internet shopping purchases.
“[There could be] intelligent monitoring of those free text fields to block abusive messages,” says Ms Nuttall.
“Banking transactions particularly can automatically flag ongoing patterns of small transactions for further investigation.”
She added that one bank in Australia was “horrified by the scale and the nature” of what it found when it looked into the issue, and has since taken action.