Computer-security researchers aim to prevent tech abuse

Researchers at Cornell Tech have created a new approach to helping survivors of domestic abuse stop assailants from hacking into their devices and social media to surveil, harass and hurt them.

The model focuses on “continuity of care,” so clients experience a seamless relationship with one volunteer tech consultant over time, similar to a health care setting. It matches survivors with consultants who understand their needs and establish trust, offers survivors multiple ways to safely communicate with consultants, and securely stores their tech abuse history and concerns.

“Personal data management in tech abuse is a complex thing that can’t always be ‘solved’ in a single half-hour visit,” said Emily Tseng, M.S. ’19, a doctoral student and lead author on a paper about the model. “Most of the approaches that exist in tech support are limited by a one-size-fits-all protocol more akin to an emergency room than a primary care provider.”


Cornell impacting New York State

Tseng will present the paper, “Care Infrastructure for Digital Security in Intimate Partner Violence,” in April at the ACM CHI Conference on Human Factors in Computing Systems in New Orleans.

Tseng and her colleagues at Cornell Tech’s Clinic to End Tech Abuse developed the new approach, in partnership with New York City’s Mayor’s Office to End Domestic and Gender-Based Violence. Their research draws on eight months of data, as well as interviews with volunteer technology consultants and experts on intimate partner violence (IPV).

“This work provides an honest look at both the benefits and burdens of running a volunteer technology consultant service for IPV survivors, as well as the challenges that arise as we work to safely provide computer security advice as care,” said co-author Nicola Dell, associate professor at Cornell Tech’s Jacobs Technion-Cornell Institute. “Our hope is that our experiences will be valuable for others who are interested in helping at-risk communities experiencing computer insecurity.”

Survivors can experience many forms of gender-based violence, including technology facilitated abuse, said Cecile Noel, commissioner of the Mayor’s Office to End Domestic and Gender-Based Violence. “Cornell Tech’s groundbreaking program not only helps survivors experiencing technology abuse but is also working to better understand how people misuse technology so that we can create better protections for survivors,” Noel said. “We are proud of the critical role our longstanding partner Cornell Tech plays in improving the lives of survivors.”

Tech abuse often exists within a larger web of harm, Tseng said. “In an ideal world, the people on the ‘Geek Squad’ would be able to treat tech abuse with the sensitivity of a social worker.”

Assailants can abuse their victims through tech including spyware, also known as stalkerware, and through inappropriate use of location-tracking features in phones and other devices. They harass their former partners on social media, such as by posting private photos and posing as their victims to alienate family and friends. Abusers can also hack into email accounts and change recovery emails and phone numbers to their own, potentially devastating their victims’ careers.

In previous models, counselors remained anonymous, impacting their ability to build trust with survivors. Short, one-time appointments were not long enough to address clients’ needs. And appointments took place at a specific time; survivors who could not leave their homes or find a safe, private place to take a call were unable to access services and couldn’t reach counselors at other times. It can be frustrating and even re-traumatizing for survivors to share their stories with new consultants at each appointment, Tseng said.

One of the team’s larger goals is to offer survivors more peace of mind and feelings of empowerment – that they have the tools to handle future challenges. “With technology, there are so many ways to remain entangled with your abuser even after you’ve physically and romantically left the relationship,” Tseng said.

One tricky element is determining how much support is realistic. While a one-time “urgent care” visit is probably insufficient, prolonged engagement would be unsustainable for consultants and the clinic as a whole. “In several cases, consultants ended up working with clients over many appointments stretching on for weeks or months,” Tseng said.

As a next step, she wants to explore additional ways to evaluate ongoing security-care relations from the perspective of survivors, particularly people from marginalized communities.

Dell co-created the Clinic to End Tech Abuse with Thomas Ristenpart, associate professor at Cornell Tech; both Dell and Ristenpart are also affiliated with the Cornell Ann S. Bowers College of Computing and Information Science.

Other co-authors on the paper are Ristenpart, postdoctoral associate Rosanna Bellini, doctoral student Mehrnaz Sabet and Harkiran Sodhi, MBA ’21. The research was funded in part by a gift from Google and support from the National Science Foundation.

Adam Conner-Simons is director of communications at Cornell Tech.

/Public Release. View in full here.