IGF 2020 Pre-Event #12 Stop stalkerware: tackling digital stalking helps victims of domestic violence

    Time
    Monday, 2nd November, 2020 (16:15 UTC) - Monday, 2nd November, 2020 (17:15 UTC)
    Room
    Room 3
    About this Session
    Stalkerware are commercial software that enables a remote user to monitor the activities on another user’s device without that user’s consent. Mostly used in domestic violence, it is growing issue at global level. Join the discussion with the Coalition against Stalkerware and other international stakeholders working with victims and perpetrators to identify ways to act together against this developing cyberthreat.

    Kaspersky

    Description

    Background: Stalkerware is 'software made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without that user’s consent and without explicit, persistent notification to that user in order to intentionally or unintentionally facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence’. Stalkerware seems to be an underestimated global problem: actually, it is a very serious and growing issue. Based on Kaspersky statistics, stalkerware is of growing interest to malicious users. The number of our users facing stalkerware rose by 67% in 2019, a trend that concerned a large number of countries. Although there is a need for more research on the gender nature of stalkerware use, the available data paints a clear picture that the main victims of technology-facilitated abuse are women, while those doing the abusing are mainly men. To tackle this issue, 10 organizations launched in November 2019 a global initiative called the Coalition Against Stalkerware: www.stopstalkerware.org.

    Objectives: In this IGF 2020 session, members of Coalition Against Stalkerware and stakeholders from other organizations will discuss the problem of stalkerware, and how it might be addressed by all actors including the civil society, researchers, government authorities and law enforcement agencies. The event aims to inform about the problem of stalkerware, discuss possibilities to raise awareness toward it, but also help users protect themselves, and identify new fields for multistakeholder activities.

    Format: The event will be marked by a high-level panel gathering stakeholders from different regions and different horizons, including:

    • Private Sector: Christina Jankowski; Kaspersky (Germany)
    • Civil Society: Rachel Gibson, Senior Technology Safety Specialist, National Network to End Domestic Violence (USA)
    • Tech Community: Sanjana Rathi, Research Analyst, Cyber Peace Foundation (India)
    • Intergovernmental organization: Philipp Amann, Head of Strategy, Europol European Cybercrime Center EC3 (Netherlands)
    • Moderator: Arnaud Dechoux, Kaspersky (France)
    • Demo: Felix Aimé, Kaspersky GReAT (France)

    Through the use of interactive tools, participants will have the opportunity to raise questions and share thoughts. The expected outcome of the session is to have concrete ideas for future activities to mitigate the risks arising from stalkerware, to attract possible partners for cooperation, and to create awareness raising activities.

    We look forward to discussing with you this important topic on November 2!

    1. Key Policy Questions and related issues
    How to raise awareness of users regarding the threat of stalkerware, in order to mobilize stakeholders and therefore better protect victims?
    What are the intersections between the issue the issue of stalkerware with domestic violence in general?
    What could be the new fields for multi-stakeholder activities at international and local level to bring coordinated response to the stalkerware issue?
    2. Summary of Issues Discussed

    The session discussed the following issues related to digital stalking and domestic violence:

    • The lack of awareness regarding stalkerware: a vast majority of people would not be aware of the existence of such spyware and the associated risks. Awareness campaigns and materials should be developed and made available to all local stakeholders (broad agreement)
    • The need for coordinated response: law enforcement agencies, governments, associations supporting victims as well as cybersecurity companies should act together to bring an effective response to the stalkerware cyberthreat. For instance by supporting the work of the Coalition Against Stalkerware (www.stopstalkerware.org) and by offering technical trainings to the actors involved in the fight against digital stalking (broad agreement)
    • The unclear legal framework of stalkerware: while a majority seem to agree stalkerware should be prohibited by law, some assess this is not the right way to go forward and their misuse is to be sanctioned. In-depth discussions are needed at international and national levels on this key issue (needing further discussion)
    3. Key Takeaways

    An increasing number of IT users are the object of digital stalking, especially through widely accessible commercial spyware, also known as “stalkerware” or “spouseware”. Statistics from cybersecurity company Kaspersky show an increase of 67% in the detection of stalkerware with mobile users globally in 2019. While feedback from local associations show women are the main victims of such malicious spyware, further studies would be needed to better assess who the victims are and how their life is impacted.

    Despite this growing trend, on all continents and in all countries, awareness of the stalkerware threat remains too low. Therefore, we need to act together to bring efficient response to this developing issue. The international Coalition Against Stalkerware was born in 2019 with this clear objective. One obvious way to go forward is to offer awareness materials to local stakeholders, and develop trainings for both support associations working with survivors, law enforcement officers and judiciary authorities.

    Finally, there is a clear need to address the legal status of stalkerware in each country in order to discourage abusers to use such spywares. As stalkerware remain legal, their use without the consent of the victim is definitely illegal: national authorities and international bodies have adapt legal frameworks to tackle the issue more efficiently.

    6. Final Speakers
    • Private Sector: Christina Jankowski; Kaspersky (Germany)
    • Civil Society: Rachel Gibson, Senior Technology Safety Specialist, National Network to End Domestic Violence (USA)
    • Tech Community: Sanjana Rathi, Research Analyst, Cyber Peace Foundation (India)
    • Intergovernmental organization: Philipp Amann, Head of Strategy, Europol European Cybercrime Center EC3 (Netherlands)
    • Moderator: Arnaud Dechoux, Kaspersky (France)
    • Demo: Felix Aimé, Kaspersky GReAT (France)
    7. Reflection to Gender Issues

    An important part of the session addressed gender issues as stalkerware are often used in domestic violence. Local feedback from stakeholders involved in the fight against domestic violence show women are often targeted by such commercial spyware. It is necessary to raise awareness in targeted user groups, better support victims and work with both survivors and perpetrators to bring an efficient response to this worldwide issue.

    8. Session Outputs

    Results of online polls carried out during the IGF Pre-Event:

    • Have you suspected of being affected by stalkerware? Yes, myself: 20% / Yes, a friend or relative: 20% / No, never: 60%
    • Do you think the legal framework efficiently protects victims against stalkerware? Yes: 6% / No: 67% / I don’t know: 28%
    • Do you think stalkerware should be legally prohibited? Yes: 82% / No: 14% / I don’t know: 5%
    • What are your ideas for multi-stakeholder activities? What do you think could be useful?
      • Digital literacy would matter a lot in this regard especially in the developing countries where the digital penetration is far too low and the potential impact of harms is very high.
      • Awareness raising for survivors - warning signs of stalkerware on your device.  Trainings for law enforcement.
      • "multiagency work awareness"
      • Community based victim support groups
      • To create a legal framework in truly multistakeholder environment
      • Legal recourse against companies that develop stalkerwares
      • Partnership between tech companies and non profit organisations in order to train workers on the issue and how to act against it.
      • Underdeveloped and developing countries needs more orientation.
      • Safety-by-design, encouraging tech companies to build safety protections into the products they develop before the release them to the market
      • Law enforcement needs trained on how to access the evidence to hold abusers accountable.  This includes prosecutors and judges.
      • Manufacturers of IoT devices should consider how their products can be misused
      • Stalkers need to be prosecuted not technology. Raising awareness amongst end-users, law enforcement community, security professionals about the malicious use of such software is the key to tackle the problem.

     

    Other useful resources:

    9. Group Photo
    Stop Stalkerware Pre-Event IGF 2020
    10. Voluntary Commitment

    Kaspersky, as other members of the Coalition Against Stalkerware, has committed to fighting domestic violence, stalking, and harassment by addressing the use of stalkerware and raising public awareness about this issue.