Computer security researchers aim to prevent technological abuse

Computer security researchers aim to prevent technological abuse

Cornell Tech researchers have created a new approach to help victims of domestic violence prevent abusers from hacking into their devices and social networks to monitor, harass and hurt them.

The model emphasizes “continuity of care” so that clients experience a seamless relationship with a volunteer technology consultant over time, similar to a healthcare setting. It matches survivors with consultants who understand their needs and builds trust, provides multiple ways for survivors to securely communicate with consultants, and securely stores their history and concerns about technology abuse.

“The management of personal data in technology abuse is a complex thing that cannot always be ‘solved’ in a single half-hour visit,” said Emilie Tseng, MS ’19, PhD student and lead author of an article on the model. “Most of the approaches that exist in tech support are limited by a single protocol more akin to an emergency room than a primary care provider.”

Tseng will present the document, “Care Infrastructure for Digital Safety in Domestic Violence”, in April at the ACM CHI Conference on Human Factors in Computer Systems in New Orleans.

Tseng and his colleagues at Cornell Tech’s Clinic to end technological abuse developed the new approach, in partnership with the NYC Mayor’s Office to End Domestic and Gender-Based Violence. Their research is based on eight months of data, as well as interviews with volunteer technology consultants and experts in intimate partner violence (IPV).

“This work offers an honest look at both the pros and cons of running a volunteer technology counseling service for survivors of IPV, as well as the challenges that arise as we work to safely provide IT security advice as care,” the co-author said. Nicholas Dell, associate professor at the Jacobs Technion-Cornell Institute at Cornell Tech. “We hope our experiences will be useful to others interested in helping at-risk communities facing computer insecurity.”

Survivors can experience many forms of gender-based violence, including technology-facilitated abuse, said Cecile Noel, commissioner for the mayor’s office to end domestic and gender-based violence. “Cornell Tech’s groundbreaking program not only helps survivors of technology abuse, but also works to better understand how people abuse technology so we can create better protections for survivors,” Noel said. “We are proud of the vital role our long-time partner Cornell Tech plays in improving the lives of survivors.

Technology abuse often exists within a larger web of harms, Tseng said. “In an ideal world, ‘Geek Squad’ members would be able to handle technological abuse with the sensitivity of a social worker.”

Abusers can abuse their victims through technologies such as spyware, also known as stalkerware, and through improper use of location tracking features on phones and other devices. They harass their former partners on social media, such as posting private photos and impersonating their victims to alienate family and friends. Attackers can also hack into email accounts and change recovery emails and phone numbers, which could devastate their victims’ careers.

In previous models, counselors remained anonymous, which impacted their ability to build trust with survivors. Short, one-time appointments were not long enough to meet customer needs. And the appointments took place at a specific time; survivors who could not leave their homes or find a safe, private place to take a call were unable to access services and could not reach counselors at other times. It can be frustrating and even traumatic for survivors to share their stories with new consultants at every appointment, Tseng said.

One of the main goals of the team is to provide survivors with more peace of mind and a sense of empowerment – ​​that they have the tools to meet future challenges. “With technology, there are so many ways to stay entangled with your abuser even after you’ve physically and romantically left the relationship,” Tseng said.

A tricky part is determining how realistic the support is. Although a single “urgent care” visit is probably insufficient, a prolonged commitment would be unsustainable for the consultants and the clinic as a whole. “In several cases, consultants ended up working with clients over numerous appointments spanning weeks or months,” Tseng said.

As a next step, she wants to explore other ways to assess the ongoing relationships between safety and care from the perspective of survivors, especially people from marginalized communities.

Dell co-created the clinic to end technology abuse with Thomas Ristenpart, associate professor at Cornell Tech; Dell and Ristenpart are also affiliated with the Cornell Ann S. Bowers College of Computing and Information Science.

The other co-authors of the article are Ristenpart, postdoctoral associate Rosanna Bellini, doctoral student Mehrnaz Sabet and Harkiran Sodhi, MBA ’21. The research was funded in part by a donation from Google and support from the National Science Foundation.

Adam Conner-Simons is director of communications at Cornell Tech.