'Privacy threats in intimate relationships' by
Karen Levy and Bruce Schneier in (2020) 6(1)
Journal of Cybersecurity states
This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective protective measures fail when applied to intimate threats. Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks.
The authors comment
The information security community tends to focus its attention on a canonical set of attackers: companies tracking our activities online, criminals looking to steal our data, government agencies surveilling us to gather information, and hackers out for the “lulz.” But a huge number of threats are much more quotidian, performed by much less powerful and less technically savvy actors with very different motives and resources. These attackers know their victims well, and have much greater access to their information, devices, and lives in general. We call these attacks intimate threats, in which one member of an intimate relationship—a spouse, a parent, a child, or a friend, for example—violates the privacy of the other.
Intimate threats have garnered little explicit attention from the security and privacy communities and from system designers. For example, a recent review of 40 academic analyses of smart home security anticipated 29 different threat actors and 100 different types of threats—but the threat model of a domestic abuser was almost entirely absent across the literature. We argue that these threats ought to be treated as a primary concern.
Intimate threats represent the way a huge number of people actually experience insecurity and privacy invasions every day. These threats are so common as to be treated as routine and often overlooked, but they are experienced much more frequently—and often with greater direct impact on victims’ lives—than many of the threats that dominate the security discussion. And they disproportionally impact society’s most vulnerable and least powerful people, often including women, children, the elderly, and the physically or cognitively impaired. Though these threats are, by their nature, difficult to definitively quantify, the indicators we have suggest the scope and scale of intimate threats. In one survey, 31% of participants admitted to snooping through another person’s phone without permission in the past year. A recent Pew survey found that the majority of parents check their teenagers’ browsing histories and social media profiles. Forty-eight percent looked through phone records and text messages, and 16% tracked teens’ locations via their cell phones; half reported knowing the password to their teenager’s email account. An NPR survey of US domestic violence shelters indicated that 85% of shelters had worked with survivors who had been stalked using GPS devices, and that 75% had helped survivors who had been subject to eavesdropping using remote tools. A survey in the UK found that 85% of abuse survivors reported being subject to online abuse as part of a pattern of their abuse more generally. Taken together, figures like these suggest that privacy invasions by intimates are pervasive and deserving of focused study.
In addition to being important on their own, intimate threats can be precursors to more traditional forms of privacy and security threat. Intimate privacy invasions can result in the destruction of valuable or personal data, like financial records or family photographs. They can be the first step in financial fraud. In abusive partner situations, they can be a precursor to physical, emotional, and sexual abuse [6, 7]. And even well-intentioned intimate monitoring can create a slippery slope of acceptability, inuring users to accepting surveillance as a mode of social control in other contexts.
Finally, a more systematic consideration of intimate threats stands to benefit socio-technical security research as a field. These threats pose difficult technical challenges, made more complex by the social relationships in which they are embedded—which are marked by different degrees of authority and autonomy within relationships. They present a mixture of motivations for privacy invasion, often including beneficent motivations like protection and care. They pose novel and interesting questions about privacy boundaries: what degree of monitoring is socially and normatively acceptable in intimate relationships, and how system designers might best accommodate divergent and dynamic preferences. Directly addressing these issues extends the field and provides designers with an opportunity to better address real-world situations. In this way, our work fits into a broader scheme of research that prioritizes the sociotechnical and behavioral dimensions of security and privacy across different social contexts, and which recognizes the critical importance of interdisciplinary approaches to developing solutions.
Our goals in this article are twofold. While emerging research has begun to examine privacy threats within particular intimate relationships, we are aware of no work that synthesizes common characteristics or design considerations of these threats from across intimate contexts. Our first goal, then, is to describe intimate threats as a class of privacy problems, drawing out the features that characterize the category. Many of these features involve the violation of implicit assumptions that hold more readily in other contexts of privacy threat. A better understanding of these common features is required to more adequately protect against intimate threats.
Our second goal is to articulate a set of design considerations that is cognizant of intimate threats. These are difficult problems, and our intention is not to prescribe an exhaustive “checklist” that will immunize a technological system against all intimate threats. Rather, we aim to supply researchers, designers, and policymakers with a conceptual toolkit for recognizing and taking these threats seriously, as well as a critical assessment of the design trade-offs they entail.