We’re looking for apps I don’t remember downloading, and which platforms can access my smartphone’s camera or microphone; who else can see my calendar, my notes, my emails.
We also check the basics: whether my device is actually registered to my name and email address, and whether I have two-factor authentication turned on.
Rose MacDonald, cofounder of Nansen Digital Forensic Services, is walking me through the digital safety audit she provides to victim-survivors of family violence. I’m talking to the former police detective and digital forensics specialist so that I can better understand the experience of people who are subject to this kind of abuse – and how they can minimise the risks.
We examine who might be able to access my Google or iCloud accounts. What third-party platforms are connected to the account, and whether my emails are being forwarded to another address.
Sometimes when MacDonald does these audits she finds hi-tech surveillance tools – spyware, for example, which buries itself deep in your phone’s software. But this kind of technology costs money and much more often, she says, perpetrators take advantage of the opportunities for surveillance offered by everyday features: the shared accounts or location sharing tools that reveal more than we realise.
“What we find more typically is misconfiguration of normal settings … and breaches of the cloud environment. If they’ve got a username and password to something, you don’t really need a lot of technical knowledge,” she says.
The use of technology to “control, abuse, track and intimidate” is a common feature of family violence in Australia. A report published in 2020 found that almost all of the 442 frontline DV practitioners surveyed had had clients “who had experienced technology-facilitated stalking and abuse”, with particular risks for women with disabilities or those who are from Aboriginal, Torres Strait Islander or non-English speaking backgrounds.
Advocates have told Guardian Australia about trackers in cars and secret cameras, but also messages of intimidation sent via bank transfers and even online shopping purchases.
“It can be really insidious [and] really difficult, if you think about how many accounts you have on different sites, how many passwords,” says Rosa Grahame, principal solicitor of the family law practice at Women’s Legal Centre ACT.
‘I thought he was being a nice guy’
In my audit, MacDonald and I talk about my wifi network at home and who set it up; whether the password has been changed. Do I know what it is? We check whether my calls are being forwarded to another number.
We look at my Bluetooth connected devices. If I had a smartwatch, for example, this is where we might have a discussion about who bought it – was it me or someone else? “We start thinking about [whether] the perpetrator of violence got access to the account [and] the health data, which might show your location,” MacDonald says.
As she runs forensic software that looks for traces of foreign devices and suspicious activity, MacDonald says the audits are also about education. She wants people to leave understanding the relationship between their device and the cloud.
“I explain to them … if a perpetrator got into this environment … they can access your Gmail, they can access maps, they can access your documents,” she says.
These scenarios are familiar to Lauren*, whose partner subjected her to years of what she now sees as coercive control. “I thought he was being a nice guy when he bought me a brand new phone and set it up on his business account,” she said. “But it was really so that he had access to all my text messages and who I’m calling.”
He also set up her email, she says, and was able to get into her Facebook account. Later, he would confront her over innocuous messages. “It’s a campaign for dominance and control over someone,” Lauren says.
During the audit, we scroll through my phone’s family sharing settings. MacDonald tells me that if I log in from a new location to a shared account for a streaming platform, for example, a prompt might be sent to the original account – giving me away.
Ultimately, in a family violence situation, it could be a child’s account that reveals my movements and location – even the app that sends updates from daycare. One trend Grahame from the Women’s Legal Centre has observed is perpetrators giving children items to enable GPS monitoring, such as a smart watch. In another case, a man installed a tracker in his daughter’s toy frog.
Criminologist Molly Dragiewicz of Griffith University has researched how children might be involved in technology abuse via everything from mobile phones and GPS tracking to gaming devices and social media. She says some forms of surveillance-like tracking apps have been normalised between parents and children.
“The same exact technologies can be used for good or to do harm depending on the context of the relationship,” she says. “It’s not about specific technologies. It’s about the context in which they’re used.”
Audits need to be trauma-informed
Digital safety audits like the one I undertook with MacDonald are not easily accessible, and funding can vary by state. In Victoria, programs such as the Personal Safety Initiative can help facilitate access to safety audits among other security steps. But if a victim-survivor uses a private service, the cost can run to hundreds of dollars.
Another concern raised by several advocates is the lack of vetting of those in the private security space – as well as whether they are properly trauma-informed and aware of the specific risks related to family violence.
Diarmaid Harkin, a senior lecturer in criminology at Deakin University, has researched some of the solutions offered for technology-facilitated abuse. He says any claims about technology that can “detect” spyware needs to be deeply scrutinised, as the sector is rapidly evolving and there will always be limitations.
“Those [tech safety] audits themselves need to be audited,” Harkin says. “Is the advice appropriate from a technical perspective, but also is it appropriate in the context of domestic violence?”
MacDonald also believes the security industry needs better standardisation when it comes to family violence safety assessments, to ensure risks aren’t being missed. She says she’s seen some providers do a “factory reset” on phones, for example, erasing important evidence that might be needed in court.
It might also simply be unsafe for the victim-survivor to disconnect the perpetrator from their devices without first consulting family violence services or police, she says. “If we find a compromise, then we have a discussion around the best way to manage it. If I was to cut that access off without any further safety planning, that could escalate behaviour.”
Even as the government pushes digital platforms to design for safety first, we can’t promise victim-survivors absolute security, Dr Dragiewicz says. Spyware is constantly evolving, but also the technology we need to function every day – to work, communicate and pay bills – creates risks. It’s not realistic to simply ask people to disconnect, she says.
“A lot of the responsibility for taking care of tech safety is offloaded on to the victim. We’re not actually addressing or interrupting the behaviour of the abusers,” she says.
Lauren now works with a group called DV Safe Phone, which provides free mobile phones to victim-survivors of family violence.
“Certainly, when someone’s after power and control, they know how much everyone relies on our phones now,” she says.
“To be able to have access to a phone that they don’t know about … it can really be life-changing.”
* First name only for privacy reasons
• In Australia, the national family violence counselling service is on 1800 737 732. In the UK, call the national domestic abuse helpline on 0808 2000 247, or visit Women’s Aid. In the US, the domestic violence hotline is 1-800-799-SAFE (7233). Other international helplines may be found via www.befrienders.org.
