Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition
Read more
Main Logo Expert commentary on tech and security

‘Safety by design’ could prevent domestic abuse through smart devices

Andi Brown 28 February 2024
Share On:
Smart devices can facilitate domestic abuse, but there are ways to design safety features that empower victims instead
Main Top Image
Image created with the assistance of Midjourney

Smart devices have revolutionised the way we interact with each other and our environments. Despite their promise, there exists a concerning reality: smart devices can facilitate abuse.

UK domestic violence charity Refuge said in April 2023 that 59% of the women and children it supported in 2020-2021 considered that technology played a role in their abuse. An empirical study identified 62 distinctive—yet recurring—methods of exploitation. None of these required any specialised IT skills or knowledge of the smart device. Rather, smart devices tend to offer dual-use opportunities in which their standard functions are readily misused to abuse others.

In January, we published research on how smart devices can become tools for abuse (ie, their ‘abusability’) in domestic violence scenarios. Through an abusability analysis of 13 commercially available smart devices, our study identifies seven features that may inadvertently facilitate harm and proposes specific solutions for each identified abusable feature.

Facilitating harm

Design flaws that exacerbate power imbalances worsen abusability. In other words, certain design choices allow an abuser to access and control smart devices (ie, functions and data) used by victim-survivors.

One major issue is the lack of clear indicators and notifications when someone is accessing these devices or sharing data. This deficit can lead to surreptitious and unauthorised usage by abusive partners. Imagine not knowing if your smart doorbell video footage is being watched by an abuser, or if an abuser is checking your fitness tracker data to monitor your location. This lack of transparency can compromise the privacy, security, and safety of individuals.

Moreover, many smart devices fail to keep records or provide notifications of who is using them or accessing their data. This means that abusers can easily spy on victim-survivors or control devices remotely, all without leaving a trace. It’s a chilling reality that strips victim-survivors of their privacy and autonomy.

The lack of usage and access records may also impede the collection of potential evidence against an abuser. Consider, for example, that a victim-survivor is aware that their abuser is repeatedly accessing the security camera footage of their home, but the device does not record this activity. This means there is no evidence of the abusive behaviour and may inadvertently encourage it further.

Another alarming issue is devices’ susceptibility to password-reset attacks. Abusers can hijack smart device accounts because they know the victims’ email credentials. These are often shared in the context of intimate relationships, but can also be coerced or easily guessed. In these cases, abusers gain unauthorised access to the device by masquerading as the victim. Exploiting password-reset attack vulnerabilities can thwart victim attempts to secure smart devices, and their sensitive information, against abusers.

Finally, smart devices frequently operate on a hierarchical user system with a primary administrative account required to initialise set up and manage subsequent functions and secondary accounts. This results in administrative account holders being unilaterally granted the ability to govern and monitor the device interactions of other users. The power imbalance that arises through hierarchical user systems epitomises the access and control disparity that enables abuse.

Mitigating the risk of abuse

Improved transparency is a necessity to reduce abuse. At a minimum, light- or noise-emitting notifications should signal to individuals when smart devices are collecting information and data is being shared. This will help diminish the likelihood of covert surveillance.

More significantly, individuals deserve clarity on who accesses smart device data, how, where, and when. One possible solution is to provide a visual representation of recent activity when the device is activated, or the associated app is opened. It could include whose account details were used, from which devices, in what locations, and at what times. This feature could assist in identifying smart device misuse by notifying individuals of illegitimate and abusive patterns of access.

Comprehensive and accessible recordings of user and device access information can also help document instances of misuse. This data may encourage victim-survivors to seek help and/or provide valuable evidence for legal proceedings. Hence, improved transparency can empower individuals to defend their privacy and well-being.

Moreover, robust security protocols can also reduce abusability by preventing unauthorised access. Measures such as multi-factor authentication for password-reset processes can help victim-survivors retain control over their smart devices.

However, commitment to reducing abusability extends beyond discrete technical solutions. It requires a cultural shift – a collective recognition of the importance of prioritising safety in the design and implementation of smart devices. This necessitates embracing the principle of safety by design, an ethos that places paramount importance on user safety and rights throughout the development of products and services.

In the context of domestic violence, safety by design must prioritise protection from abuse. This requires an active effort to prevent abusers from misusing smart devices. Integrating safety-by-design features, such as those identified above, reduces smart device abusability, empowering victim-survivors and providing increased security and privacy protections for standard consumers.

The benefits of safe devices

The adoption of safety-by-design practices for smart devices is overtly beneficial for several reasons. First, it prioritises the safety and well-being of consumers. By designing devices with built-in safeguards, manufacturers demonstrate a commitment to protecting their customers from potential harm. This not only fosters trust and confidence among users but also aligns with ethical considerations of responsible technology development.

Furthermore, safety-by-design practices can mitigate legal and reputational risks for manufacturers. In the event of smart devices facilitating harm, companies that have implemented robust safety features are better positioned to defend themselves against potential liabilities. Moreover, prioritising safety can enhance brand reputation and differentiate products in a competitive market, attracting conscientious consumers who value the by-product of enhanced security and privacy features.

Beyond legal and commercial considerations, safety-by-design practices contribute to broader societal goals of promoting digital inclusion and social justice. This inclusive approach to technology development fosters a more equitable digital landscape where everyone can participate safely and with confidence.

Implementation

The above benefits demonstrate that incorporating abusability and domestic violence considerations into safety-by-design frameworks for smart devices is warranted. Strategies such as government regulation (to incentivise and enforce safety standards) and industry collaboration (to facilitate knowledge-sharing and best practices among stakeholders) can help achieve this goal.

Regular consultation with domestic violence experts and frontline support workers will further alleviate the risk of smart devices facilitating abuse. It will help ensure that safety-by-design efforts align with the needs and experiences of victim-survivors.

In the United States, one such organisation is the National Network to End Domestic Violence (NNEDV) Safety Net Project, which hosts an annual conference addressing the intersection of technology and abuse. Similar efforts exist globally. In Australia, organisations such as The Women’s Services Network (WESNET), Australia’s National Research Organisation for Women’s Safety (ANROWS), and the eSafety Commissioner work towards the goal of reducing technology-facilitated abuse, including the emerging threat posed by smart devices.

Advocacy organisations provide resources on implementing safety-by-design practices and are actively involved in design collaboration with a range of technology companies. The book Design for Safety by Eva PenzeyMoog is another excellent resource on safety-by-design implementation.

Together, let us strive towards a future where smart devices offer convenience and efficiency but reduce their existing susceptibility to facilitate abuse.

avatar
Andi Brown

Related

Featured image
Binding Edge
Satellites: Our invisible infrastructure
Benjamin Charlton 24 January 2024
Read more arrow
Featured image
Binding Edge
Debunking NotPetya’s cyber catastrophe myth
Tom Johansmeyer 10 April 2024
Read more arrow
Featured image
Binding Edge
Reading between the lies: using leak sites to analyse ransomware trends
Janina Inauen / Max Smeets 1 November 2024
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by Virtual Routes (“Virtual Routes”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by Virtual Routes.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants Virtual Routes exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

Virtual Routes, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify Virtual Routes, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

Virtual Routes reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond Virtual Routes’ reasonable control impairs the integrity or proper functioning of the Competition, as determined by Virtual Routes in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, Virtual Routes reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.