Privacy Threats in Intimate Relationships

Reviewed by Greg Wilson / 2021-08-28
Keywords: Privacy, Security

All of the proceeds from my next two books are going to support the Red Door Shelter in Toronto. One of the first things shelters like it do if someone is trying to escape an abusive situation is replace their phone, because their abuser may well have installed tracking and monitoring software on it to keep an eye on them. That scenario isn't discussed in most computer security courses, both because hackers with nose rings make for better cinema and because intimiate attacks usually target individual women rather than threaten CEOs' annual bonuses.

Levy2020 is a great introduction to this problem that I think every programmer should read. It talks about the types of attackers and their victims, common features of intimate threats, and implications for policy and design. These are necessarily high-level; translating them into specific features in commonly-used applications would be a great exercise for a class or a product team.

In my experience, it's hard to get programmers to care about privacy and security—really care, not just pretend to care—because at some level they know that they themselves are unlikely to be harmed. I don't know if building a security curriculum around countering threats like this will do better, but I think it's worth a try. Even if it doesn't make programmers care any more than they do now, it's still worth trying.

If you see a drowning child that you are able to save, you save the child because you are able to do so. If any further reason is required, then it is unlikely that any further reason will be persuasive.
Fred Clark

Levy2020 Karen Levy and Bruce Schneier: "Privacy threats in intimate relationships". Journal of Cybersecurity, 6(1), 2020, 10.1093/cybsec/tyaa006.

This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective protective measures fail when applied to intimate threats. Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks.