Join 3,512 readers in helping fund MetaFilter (Hide)


You feel like you’re carrying the abuser in your pocket.
May 9, 2014 3:02 PM   Subscribe

Sarah’s abuser gained access to every password she had. He monitored her bank accounts and used her phone to track her location and read her conversations. She endured four years of regular physical and emotional trauma enabled by meticulous digital surveillance and the existing support services, from shelters to police, were almost powerless to help her. “We wish we could just stop the clock because we need to catch up,” said Risa Mednick, director of the Cambridge domestic violence prevention organization Transition House. To fight back, Transition House and others turn to the same methods used by intelligence agencies in order to keep their clients safe.
posted by ChuraChura (26 comments total) 21 users marked this as a favorite

 
I'm kind of side-eyeing the claim that "existing support services, from shelters to police, were almost powerless to help her" for over four years. If your phone is being tracked, get a new one. If your passwords were cracked, set new ones or get a new account. Your bank accounts aren't being monitored without the bank's help, so either get legal on them or get new accounts. A skilled cracker can undoubtedly make your life miserable, don't get me wrong, but they aren't magical. There's plenty of counter-techniques without 'stopping the clock'.
posted by tavella at 3:21 PM on May 9 [12 favorites]


And reading further down, the problem was that she was giving him all the stuff, and Tor isn't going to help that at all. I'm kind of mystified by the story, in fact -- the problem was psychological, in terms of getting Sarah to the point where she would stay away from him and stop giving him access to everything. It wasn't in any way technological. Tor seems like a bizarre peg to hang the story on.
posted by tavella at 3:27 PM on May 9 [31 favorites]


tavella: well, the site is still in beta.
posted by slater at 3:39 PM on May 9 [1 favorite]


The man insisted, citing the need to protect his cover, that Sarah grant him access to every aspect of her life: Cell phone, social media, bank accounts, website passwords. Everything.

Feeling she had nothing to hide, Sarah complied. That compliance soon evolved into a complete relinquishing of freedoms.


This is horrible, but this isn't a technological problem, and there's no technological solution for it.
posted by xmutex at 3:51 PM on May 9 [7 favorites]


It is true that a big part of the problem here was that she surrendered her information to him --e.g. early on, believing his tale that he was an FBI agent --The man insisted, citing the need to protect his cover, that Sarah grant him access to every aspect of her life: Cell phone, social media, bank accounts, website passwords. Everything. Feeling she had nothing to hide, Sarah complied.

However, years of dealing with DV have taught me that surveillance is a very common form of control. Classically, abusers will monitor odometers and bank accounts and phone records, to name a few common items. And technology is one more giant leg up for them. That's what makes DV so insidious - the abuser is right inside the victim's life, and very tough to dislodge without a complete life makeover. They know the victim's car, home, friends, bank, work, school, etc.

So part of the problem here is "psychology," i.e. that this poor woman did get back together for a time with her abuser and went back to reporting her whereabouts at all times -- but the bigger issue is that disentangling from an abusive relationship is hard for anyone who has ever fallen for an abuser. The abuser just knows too much and has too much penetration.

And, frankly, this kind of digital stalking is a problem even without DV dynamics. I recently dealt with a case of a woman whose computer repair person used what h/she found on her PC to threaten and terrorize her. S/he has been very hard to find and stop, for months now.
posted by bearwife at 3:55 PM on May 9 [15 favorites]


The provided quote makes this sound like an IT security issue, when it is not. She could have had 100 passwords, each 256 random characters long and used ZOMG 7 VPNs, and none of it would have mattered if she felt she had to hand the relevant credentials over.

I'm not minimizing her plight but, as others have said, this is not technological issue. The problem is an abusive asshole manipulating someone in profoundly disturbing ways.
posted by Dark Messiah at 4:02 PM on May 9 [2 favorites]


She gave him access at one point, and then he had it. There was no simple way of removing his access because it bled into every part of her life. This is what abusers do, with or without tech to enable them. The tech component is just a new way abusers have found to control their victims.

And once a person has control of you, and begins making threats on your life or the lives of your family members, it can be extraordinarily difficult to extract yourself. Many abuse survivors have made multiple failed attempts to leave their abusers by the time they actually get out. These early attempts often fail because of threats -- on the victim's life, on her access to her children, on her business connections -- and because it seems that law enforcement has no way of stopping a person from carrying out their threats. In real life, lots of women have their lives threatened and most don't get anything from the cops or court except a piece of paper that says your abuser is supposed to stay away from you. Except he wasn't supposed to abuse you, either, and he did that.

Existing support services are powerless to help a lot of people in a lot of abuse situations -- it makes total sense to me that they would be incapable of addressing this particular threat. And it makes total sense to that they would look for ways of creating a technological solution like a Total Password Reset Button, so that when a victim asks for help cutting ties she is able to do so quickly. When a woman decides to leave an abuser, she often needs to do it instantaneously for safety reasons. Her life is actually in danger, and so are the lives of those around her. As long as an abuser has control over her information -- regardless of whether she gave it to him four years ago or not -- she is going to be unable to fully extract herself from his grasp.
posted by brina at 4:02 PM on May 9 [4 favorites]


Regardless of the situation in this particular article, there is definitely an interesting/scary story to be told about the use of technology in domestic violence situations. I went to a training about this at my local DV shelter a few years ago, and I remember being surprised at just the dizzying number of angles of attack that someone who is truly trying to control/terrify you has access to. Just don't answer calls from their number? What if they use a spoofing website to make their call show up as someone in your phone book? Block them from your social networks? It's rare that you'll have an entirely different set of acquaintances, what if they gain access from a friend of a friend? Trackers in cars and phones, forcing you to tell them your passwords...I mean, yes, you CAN just change everything, but that stuff is exhausting even once, not to mention if you keep having to do it, always living in dread that your abuser will find the new number/password/account and here we go all over again. As a DV services provider, how do you help with that? Well, if there is brainpower working on a technological solution, so much the better.
posted by theweasel at 4:03 PM on May 9 [4 favorites]


Despite the intricacies of this particular situation, the use of mobile and IT resources by abusers to continue the abuse and stalking is a recurring problem which many support organizations have difficulty addressing due to a lack of training.

Last year I performed a research project designed to help improve personal smartphone privacy and analyze privacy threats emanating from popular applications. These training and research resources are available for anyone to use here.
posted by mobunited at 4:03 PM on May 9 [9 favorites]


Speaking as a social worker - and one who works in a technologically dependent/driven organization - this article is bizarre. I can see the need for technologies like Tor - secure browsing, anonymous browsing, etc are important things for staff and clients alike. Heck, in the 21st century, they are important for everyone.

But the bigger need is for training, awareness and good security practices around technology. The technology is useless without those - if you give someone your password, I don't care what system you are using, it's been short circuited. You not only need the technology, you need to know how to use it - and the problems I see inside my organization have lead me to two conclusions:

1. We often attempt to view technology as a "simple" fix/response to complex problems; however, technological solutions often create and introduce complexity in and of themselves. Training, training, and more training are needed.

2. Proper, secure use of any technology is a trade-off - the better the security, the less the convenience of the solution. And users who are inconvenienced will either not use the system or find a work around that compromises the security ("I'll just keep my password list on my keyboard tray!").

This article just doesn't answer the big questions around how to properly deploy and use a technological solution to the social issue it outlines.
posted by nubs at 4:03 PM on May 9 [9 favorites]


This is horrible, but this isn't a technological problem, and there's no technological solution for it.

Technology amplifies/generates a lot of things. It wasn't always the case that having a short sequence of alphanumeric numbers meant that you had a totalizing, live, up-to-date record of where someone is.

"Let me have your iCloud password" => "I can see where you are via Find My Phone".

When Susan's abuser persuades Susan to give over a password, it appears to be "hey, just write a few letters down on a post-it." To Susan's abuser, it appears to be: "I can see where you are, right now."

In this case, technology translates the holding of a password into the surveillance of the abused. It's way easier to bully/coerce/convince someone to give up a few text characters than it is to convince them to install a bunch of video cameras around their home, or to wear a lo-jack bracelet. Yet current technology makes the latter violence more and more plausible, easier, and thus casually available to an abuser.

This may appear to be a nitpick, but it isn't. Guns are a technology, but we commonly understand that the presence of that technology in a situation changes the social dynamic of the situation altogether. We wouldn't say, "oh, it's just another piece of technology, don't mind the fact that I am holding a gun." Similarly we wouldn't say of gun control that it's "not about the technology of a gun". Or -- if we did, it might appear to be described to us like, "guns don't kill people, people kill people."

Which is all to say that I don't think this a technological problem alone. I think there are there are technological solutions, in the same way that stopping NSA surveillance is both a political issue and a technological issue intertwined in a complex network, in the same way that guns are both technologies and objects laden with social implications, so that stopping accidental gun deaths at homes is both about making safer guns (biometric gun locks), safer handling protocols (biometric gun safes), and better education (teaching kids about the dangers of guns), as well as larger systematic issues (why allow guns in the first place?)

To return to the topic at hand, I wonder if using password managers (combined with a lot of counseling, therapy, support) would help; if the abuser discovers one password, they don't necessarily have access to another account. Or perhaps it would be helpful to create a program/team/process that transitions a persons's accounts to new, clean, uncompromised ones. I could even imagine a password/account manager ala Mint or LastPass that lets you access your accounts only through the service --- and would log and report suspicious logins.
posted by suedehead at 4:19 PM on May 9 [9 favorites]


Something to help people boot people out of their digital life is sorely needed. This article is just poorly researched. Unless your abuser works for the government or an ISP (or has access to your wifi) Tor is probably at the bottom of the list.

The article seems to be conflating the creepazoids that hack webcams and laptops to spy on people as a hobby with garden variety manipulative assholes.
posted by RobotVoodooPower at 4:36 PM on May 9 [2 favorites]


Misrepresenting the nature of the problem at hand might could easily make things worse for people in danger.
posted by blue t-shirt at 5:09 PM on May 9 [5 favorites]


one friendly nerd could have steered her to new accounts, a new phone and new passwords in under an hour. a friendly, but less humanitarian nerd, knowing she was being spied on, could have set up a sting...

"oh stanley, i'm so hot to experience the joy of your magnificent body, on the riverbank just downstream from the bridge, at midnight..."

the spy goes up on the bridge at midnight. the nerd is up on the hilltop above the bridge, raining down cinderblocks or small arms fire or whatever, until the spy repents.
posted by bruce at 6:08 PM on May 9 [3 favorites]


theweasel: "Block them from your social networks? It's rare that you'll have an entirely different set of acquaintances, what if they gain access from a friend of a friend?"

This is compounded by other people. They've got your social network, when it comes to facebook. So they've got your friendslist (say, conservative, 30 people).

That's 30 vectors to track you by, if you make a new account.

That's 30 people to hack, if they don't find you just by trawling friendlists.

That's 30 people who need to know not to fucking tag you in public photos.

That's 30 people saying where they are, where the local haunts are, what the plans are.

That's 30 people who are vulnerabilities not only for your online presence, but your offline one.

That's not even counting friends-of-friends.

So you dump facebook, entirely. And any web presence associated with your old one. And you do it again, and again, each time making new connections and foregoing old hobbies because you are unique, you do have a style, and a stalker will track that better than anything.

I mean, that's without hacking you, or your stuff. That's just going by one public profile, at one point.

(This post brought to you by experience, second hand) (my friend still won't use facebook, but has twitter, and her stalker has been charged, after ten years of this)
posted by geek anachronism at 9:22 PM on May 9 [6 favorites]


Part of the problem is that people need to plan before they leave. It takes time to do everything that needs doing, and to work through all the editions that come with deciding to leave. In those months, people need to find somewhere to live, figure out what to do with kids or animals, get enough money together, move their stuff out, etc. If your abuser has access to your phone and your laptop, that becomes substantially more difficult. It means no calls to a hotline or government office. No looking at Craigslist for somewhere to live. No looking at supportive websites that help you to decide if you're being abused and if you want to take the steps to leave. No messaging someone on Facebook to ask for help or support. No sneaking out of work on your lunch hour to see a counselor or go to a shelter to get resources or ask questions. No applying online for benefits, or jobs, or housing. No sneaking a little money away a bit at a time in a secret bank account. And any attempt to change any of this becomes another opportunity to be abused.

Yes, no one should share passwords. That's a problem technology can't fix. But once you need to leave, you need a way to plan your escape in secret, and that's a problem technology CAN fix. An innocuous looking (or invisible) browser extension that conceals your history and pings your phone to display a visit to Starbucks instead of a visit to the domestic violence shelter for a counseling visit, or a piece of web design that makes a support site look like an online newspaper in your Mac bar, sound pretty useful in that context.
posted by Snarl Furillo at 1:16 AM on May 10 [4 favorites]


In your navigation bar. Your navbar. Silly autocorrect.
posted by Snarl Furillo at 1:42 AM on May 10 [1 favorite]


The man insisted, citing the need to protect his cover

DingDingDing! When someone tells you this, it is because they are scamming you. It happened to a friend of ours, and it was really hard to explain to her that (a) it was enormously unlikely that her newly-met boyfriend was actually a US Navy SEAL; (b) someone operating under cover is not going to tell this to a newly-met girlfriend; and (c) I mean, just look at him, do you believe the nonsense that is coming out of his mouth.

She married him and it Did Not Go Well.
posted by Joe in Australia at 3:14 AM on May 10 [4 favorites]


If someone really were a spy, they would not need to ask for your passwords.
And yes, when you need to get out, 'friends' can be more of a problem than a help. Goes ten-fold for on-line friends.
posted by Katjusa Roquette at 7:26 AM on May 10


I guess I should elaborate on my initial comment, which I do stand by.

Good practices for keeping yourself more anonymous online are absolutely good measures to promote, once someone has come to terms that they are in an abusive relationship and earnestly want to stay out of it — and away from their abuser.

That said, enhanced security practices can be problematic if provided to someone who is still unsure. It's more fuel for the abuser, should they discover it. "What is this - what are you hiding from me?", etc. If the abuser still has power, then it will either achieve nothing, or further exacerbate an already dangerous problem.

The best locks in the world serve no purpose, if the monster is inside your house already.
posted by Dark Messiah at 8:28 AM on May 10


Technology, including tracking software, social media, maybe remote access to your computer, which maybe includes the camera are all new ways for a stalker or abuser to be even more obsessive about a victim. It exacerbates the problem. But women not having the strength to say No, being brought up to be compliant, technology doesn't make that happen.
posted by theora55 at 9:53 AM on May 10


Precisely. This is a woman, who on being walked through getting a restraining order, on having her supposedly hacked-for-tracking phone confiscated for legal investigation, on being driven to the airport by police for safety and put up in a safe refuge by her best friend, started googling for pay phones in the neighborhood to call her partner. Ain't no technology in the world that is going to fix that. There's absolutely a story in Sarah, how even with all the resources and help in the world there are abused people that self-sabotage, and talking about ways to get them out of that mindset. But that story has nothing to do with Tor.
posted by tavella at 10:31 AM on May 10


An innocuous looking (or invisible) browser extension that conceals your history and pings your phone to display a visit to Starbucks instead of a visit to the domestic violence shelter for a counseling visit, or a piece of web design that makes a support site look like an online newspaper in your Mac bar, sound pretty useful in that context.

There already is such an 'extension', a function built into nearly every major browser. In Firefox, "Private Window". In Chrome, "Incognito Window". In IE, "InPrivate Browsing". And if you are handing over free access to your life and your phone and your accounts, putting some kind of technological trick on your phone simply announces your intentions, as opposed to using the simple instructions to leave your phone at home, to buy a burner phone at 7-11 with cash and keep it at work, etc. They don't need new technology, they need a runbook on how to use existing technology and techniques.

Not to mention, any technological trick to report a false location from a mobile phone would be quickly turned by criminals, including abusers, into a way to conceal their crimes.
posted by tavella at 10:50 AM on May 10


>Precisely. This is a woman, who on being walked through getting a restraining order, on having her supposedly hacked-for-tracking phone confiscated for legal investigation, on being driven to the airport by police for safety and put up in a safe refuge by her best friend, started googling for pay phones in the neighborhood to call her partner. Ain't no technology in the world that is going to fix that.

Not quite. Here's how it actually unwound, according to the story:
The friend found Google searches for pay phones in the area and assumed Sarah was trying to make contact with her partner. According to Sarah he had emailed her, violating the restraining order. She called to notify the domestic violence shelter of the violation.
posted by virago at 8:33 AM on May 12


Yes, but instead of reporting the restraining order violation to the police so that they could bring her partner to court, she was apparently looking for a pay phone she could call him from. There's a limit to how much people can help you if you won't cooperate. And it's not like emailing her required any technical knowledge or access to her account.

There must be plenty of cases where someone was having problems with a genuinely sophisticated stalker, people have mentioned being involved with such cases above. And there's certainly the issue of disentangling social networks, even if your stalker has no special knowledge. I'm just baffled on why they chose to hang the story on this particular case, where it just didn't have much to do with technology.
posted by tavella at 1:14 PM on May 12


Not to mention, any technological trick to report a false location from a mobile phone would be quickly turned by criminals, including abusers, into a way to conceal their crimes.

Criminals are already using any technological trick available to them to commit many kinds of crimes, including stalking and harassing their romantic partners, so no, I'm not real worried about the coming technomafia or whatever.

Yes, but instead of reporting the restraining order violation to the police so that they could bring her partner to court, she was apparently looking for a pay phone she could call him from.

No. That's not what the article says. The friend assumes she was going to call the partner. Sarah says she wanted to call the shelter to tell them he violated the restraining order. I get that you hate this woman for, like, being dumb enough to date a man who beat her up and have an email address at the same time, but maybe you could actually focus on what is written in the article.

I'm just baffled on why they chose to hang the story on this particular case, where it just didn't have much to do with technology.

Because Sarah worked at a domestic violence shelter, neatly illustrating the way that shelters themselves can be compromised by this kind of technology-based stalking? Because shelter staff were alarmed that her abuser figured out what courthouse she was filing in and thought it represented an escalating use of technology to harass victims? Because they thought her case was typical of the several attempts it takes most victims to fully exit an abusive relationship, compounded by her abuser's complete technological access to her life? Because there's no perfect case in which the only locus of control is technological, rather than technological, emotional, physical and financial, and the article is about how all of those loci interact with and reinforce each other, and how lagging understanding of technology makes it harder to dismantle the others? Or, I don't know, maybe they just hoped people would talk about how hopeless and pathetic she was on the Internet.
posted by Snarl Furillo at 2:14 PM on May 12 [2 favorites]


« Older What is Nina Totenberg wearing?...  |  Buffy the Vampire Slayer as Lu... Newer »


This thread has been archived and is closed to new comments