Session
Kaspersky
Background: Stalkerware is 'software made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without that user’s consent and without explicit, persistent notification to that user in order to intentionally or unintentionally facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence’. Stalkerware seems to be an underestimated global problem: actually, it is a very serious and growing issue. Based on Kaspersky statistics, stalkerware is of growing interest to malicious users. The number of our users facing stalkerware rose by 67% in 2019, a trend that concerned a large number of countries. Although there is a need for more research on the gender nature of stalkerware use, the available data paints a clear picture that the main victims of technology-facilitated abuse are women, while those doing the abusing are mainly men. To tackle this issue, 10 organizations launched in November 2019 a global initiative called the Coalition Against Stalkerware: www.stopstalkerware.org.
Objectives: In this IGF 2020 session, members of Coalition Against Stalkerware and stakeholders from other organizations will discuss the problem of stalkerware, and how it might be addressed by all actors including the civil society, researchers, government authorities and law enforcement agencies. The event aims to inform about the problem of stalkerware, discuss possibilities to raise awareness toward it, but also help users protect themselves, and identify new fields for multistakeholder activities.
Format: The event will be marked by a high-level panel gathering stakeholders from different regions and different horizons, including:
- Private Sector: Christina Jankowski; Kaspersky (Germany)
- Civil Society: Rachel Gibson, Senior Technology Safety Specialist, National Network to End Domestic Violence (USA)
- Tech Community: Sanjana Rathi, Research Analyst, Cyber Peace Foundation (India)
- Intergovernmental organization: Philipp Amann, Head of Strategy, Europol European Cybercrime Center EC3 (Netherlands)
- Moderator: Arnaud Dechoux, Kaspersky (France)
- Demo: Felix Aimé, Kaspersky GReAT (France)
Through the use of interactive tools, participants will have the opportunity to raise questions and share thoughts. The expected outcome of the session is to have concrete ideas for future activities to mitigate the risks arising from stalkerware, to attract possible partners for cooperation, and to create awareness raising activities.
We look forward to discussing with you this important topic on November 2!
Report
The session discussed the following issues related to digital stalking and domestic violence:
- The lack of awareness regarding stalkerware: a vast majority of people would not be aware of the existence of such spyware and the associated risks. Awareness campaigns and materials should be developed and made available to all local stakeholders (broad agreement)
- The need for coordinated response: law enforcement agencies, governments, associations supporting victims as well as cybersecurity companies should act together to bring an effective response to the stalkerware cyberthreat. For instance by supporting the work of the Coalition Against Stalkerware (www.stopstalkerware.org) and by offering technical trainings to the actors involved in the fight against digital stalking (broad agreement)
- The unclear legal framework of stalkerware: while a majority seem to agree stalkerware should be prohibited by law, some assess this is not the right way to go forward and their misuse is to be sanctioned. In-depth discussions are needed at international and national levels on this key issue (needing further discussion)
An increasing number of IT users are the object of digital stalking, especially through widely accessible commercial spyware, also known as “stalkerware” or “spouseware”. Statistics from cybersecurity company Kaspersky show an increase of 67% in the detection of stalkerware with mobile users globally in 2019. While feedback from local associations show women are the main victims of such malicious spyware, further studies would be needed to better assess who the victims are and how their life is impacted.
Despite this growing trend, on all continents and in all countries, awareness of the stalkerware threat remains too low. Therefore, we need to act together to bring efficient response to this developing issue. The international Coalition Against Stalkerware was born in 2019 with this clear objective. One obvious way to go forward is to offer awareness materials to local stakeholders, and develop trainings for both support associations working with survivors, law enforcement officers and judiciary authorities.
Finally, there is a clear need to address the legal status of stalkerware in each country in order to discourage abusers to use such spywares. As stalkerware remain legal, their use without the consent of the victim is definitely illegal: national authorities and international bodies have adapt legal frameworks to tackle the issue more efficiently.
- Private Sector: Christina Jankowski; Kaspersky (Germany)
- Civil Society: Rachel Gibson, Senior Technology Safety Specialist, National Network to End Domestic Violence (USA)
- Tech Community: Sanjana Rathi, Research Analyst, Cyber Peace Foundation (India)
- Intergovernmental organization: Philipp Amann, Head of Strategy, Europol European Cybercrime Center EC3 (Netherlands)
- Moderator: Arnaud Dechoux, Kaspersky (France)
- Demo: Felix Aimé, Kaspersky GReAT (France)
An important part of the session addressed gender issues as stalkerware are often used in domestic violence. Local feedback from stakeholders involved in the fight against domestic violence show women are often targeted by such commercial spyware. It is necessary to raise awareness in targeted user groups, better support victims and work with both survivors and perpetrators to bring an efficient response to this worldwide issue.
Results of online polls carried out during the IGF Pre-Event:
- Have you suspected of being affected by stalkerware? Yes, myself: 20% / Yes, a friend or relative: 20% / No, never: 60%
- Do you think the legal framework efficiently protects victims against stalkerware? Yes: 6% / No: 67% / I don’t know: 28%
- Do you think stalkerware should be legally prohibited? Yes: 82% / No: 14% / I don’t know: 5%
- What are your ideas for multi-stakeholder activities? What do you think could be useful?
- Digital literacy would matter a lot in this regard especially in the developing countries where the digital penetration is far too low and the potential impact of harms is very high.
- Awareness raising for survivors - warning signs of stalkerware on your device. Trainings for law enforcement.
- "multiagency work awareness"
- Community based victim support groups
- To create a legal framework in truly multistakeholder environment
- Legal recourse against companies that develop stalkerwares
- Partnership between tech companies and non profit organisations in order to train workers on the issue and how to act against it.
- Underdeveloped and developing countries needs more orientation.
- Safety-by-design, encouraging tech companies to build safety protections into the products they develop before the release them to the market
- Law enforcement needs trained on how to access the evidence to hold abusers accountable. This includes prosecutors and judges.
- Manufacturers of IoT devices should consider how their products can be misused
- Stalkers need to be prosecuted not technology. Raising awareness amongst end-users, law enforcement community, security professionals about the malicious use of such software is the key to tackle the problem.
Other useful resources:
- The international Coalition Against Stalkerware has developed awareness materials including a video in several languages: www.stopstalkerware.org
- National Network to End Domestic Violence’s Technology Safety & Privacy Toolkit for Survivors https://www.techsafety.org/resources-survivors
- Kaspersky report on the State of Stalkerware in 2019: https://press.kaspersky.com/stories/stalkerware/
- Europol report on the online sexual extortion and coercion of children and teenagers: https://www.europol.europa.eu/publications-documents/online-sexual-coercion-and-extortion-form-of-crime-affecting-children-law-enforcement-perspective
- Europol movie on this topic for awareness and prevention purposes, available in several languages: https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/online-sexual-coercion-and-extortion-crime
Kaspersky, as other members of the Coalition Against Stalkerware, has committed to fighting domestic violence, stalking, and harassment by addressing the use of stalkerware and raising public awareness about this issue.