Exploring technology safety in the context of intimate partner violence, sexual assault, and violence against women.
Managed by the Safety Net Project at the National Network to End Domestic Violence (NNEDV), this blog explores the intersection between technology, intimate partner violence, sexual assault, and violence against women.
Safety Net focuses on the intersection of technology and abuse, and we work to address how that abuse impacts the safety, privacy, accessibility, and civil rights of survivors. Our team provides expert training and technical assistance, creates and disseminates resources, and influences conversations on technology abuse and safety globally. Safety Net is a project of the National Network to End Domestic Violence.
January is National Stalking Awareness Month and January 28 is Data Privacy Day. In observance of these, we recognize four pillars to ensuring both survivors’ and the general population’s well-being: Safety, Privacy, Security, and Access. These guide our work every day in helping to achieve technology safety for all. While they go hand-in-hand, we’ll look at each one below.
Read More
Stalking Awareness Month Graphic
As we commemorate National Stalking Awareness Month and Data Privacy Day today, we recognize four pillars to ensuring both consumer and survivor well-being: Safety, Privacy, Security, and Access. These pillars are the foundation that guides our work every day in helping to safeguard technology safety for all. While all of these go hand-in-hand, we’ll look at each one below.
Safety: In today’s digital age, survivors have an exhausting list of considerations to protect their information and their safety. Whether protecting location, online activity, home, and work addresses, or children’s whereabouts, so much of this is critical for a survivor’s safety. Survivors have a right to technology and shouldn’t have to choose between staying safe and using a device or platform. Many people rely on the internet to shop, look for jobs, search for resources, maybe even conduct business as part of their livelihood. Strong privacy and security policies and settings, along with access to technology, help keep all of us safe.
Privacy: Today is Data Privacy Day, but survivors and consumers alike always have a need for privacy. Whether a person wants to make sure that their accounts are private from the prying eyes of family members or future employers, or survivors of stalking who need to know the platforms they use do not share information with others, privacy benefits everyone. Strong privacy policies, settings, and protections mean that survivors and consumers can have one more way to take back control over their digital lives.
Security: Having a secure way to communicate with trusted individuals, seek online resources or help, or have a place to store legal, health, or other personal documents is incredibly important. As consumers, we share our information when using online spaces, services, and apps and hope that it remains secure. Strong security measures help ensure that personal information does not get into the wrong hands.
Access: Building a platform that is intentional in centering the needs of survivors and consumers means considering the accessibility needs of those who live with disabilities, speak another language, or have culturally-specific privacy and safety needs. Built from these perspectives, technology can be used by as many survivors and consumers as possible. Accessibility barriers that keep survivors from getting assistance can be a significant safety risk. Making sure that we have accessible products, platforms, and technologies should be a core tenet of our work.
Building and using technology with all this in mind can be challenging. For survivors, it can be exhausting and terrifying. Fortunately, more and more online platforms and services are building in End-to-End (E2E) Encryption as the default functionality to protect the privacy and security of users and their data. We’re always happy to see these announcements and even more thrilled when the platform has clearly also considered safety and accessibility!
E2E Encryption can be a little hard to understand, but it’s a really important feature to ensure privacy – and if you’re a victim service provider, to protect confidentiality. Safety Net worked with the Internet Society on a new resource to help survivors and service providers understand E2E Encryption more. Whether you’re a technology start-up, a victim service provider, or a survivor – understanding and using E2E encryption can be an important step to prioritizing safety, privacy, security, and ensuring access.
These four pillars guide us in this work and allow survivors and consumers the ability to harness the power to remain online in a safe and meaningful way.
When thinking about domestic violence victims, data privacy isn’t the first thing that comes to mind for most people. But here at Safety Net, it’s always a top priority for us, and we spend a lot of time helping local domestic violence programs and other victim service providers understand the impact that their use of technology can have on the privacy of the survivors they work with.
Understanding what real data privacy looks like can be complicated. As we move ever more rapidly into a technology-driven world, local domestic violence programs are under increasing pressure to join in and adopt new technologies. There are many benefits to this – it means that survivors have new ways to find help that are often easier (and in some ways safer) than making a phone call or showing up at the front door, and it means the administrative work programs have to do can become more streamlined, giving them more time to spend helping those they are there to assist. But as with everything related to domestic violence, there are major risks involved in the use of technology that must be considered and minimized before moving forward.
Let’s start with why data privacy is so important. When survivors seek help, they take huge personal risks. If their abusive partner finds out they’ve asked for help, the abuse often escalates. They also face the possibility of harmful social and economic repercussions, like housing discrimination, job loss, and exclusion from their family or community. The information victims share with the domestic violence programs is often incredibly sensitive, and if others gain access to it, it can be used to cause further harm to them. This is why the Violence Against Women Act (VAWA) requires such stringent confidentiality practices – well beyond what the more widely known HIPAA practices require. (Learn more about this in our HIPAA/VAWA/VOCA FVPSA Privacy Comparison resource.)
Domestic violence programs often ask us to help them learn and understand best practices related to data privacy and online services. A practice we are constantly encouraging programs to look at is the use of zero-knowledge encryption services. When we suggest that as the best option for confidentiality, many want to know “But what does that even mean?!” Well, zero-knowledge encryption is the best way to ensure that the information being sent between the survivor and the program, or the information that is being stored in the cloud by the program, is protected against all third-party access (a third-party is anyone who is not the victim or the program that is helping them out).
When a domestic violence program uses cloud-based services, they are essentially storing the information they are collecting at an outside location. And it is standard practice for most cloud-based companies to have access to the data that is being stored. This means that if they choose, they can go in and read all of the information the domestic violence program has stored about the victims they are working with. But when a software company uses zero-knowledge encryption, even THEY can’t see the data.
Here’s a helpful analogy for understanding how zero-knowledge encryption works: Imagine a physical storage company where you can rent a vault to store your organization's paper files. When you go there to rent a vault, they let you know that you will be the only one who has a key to your vault, and that there is no way to get into the vault without that key. The vault can't be broken into. And the storage company does not have an extra copy of the key. No one but you, or someone you give the key to, can get into the vault. This is what zero-knowledge encryption does for survivors' data. It ensures that only the domestic violence program has the key to unlock and access the data they have entered about survivors. This is why we consider this the gold standard of data protection, and the one that most clearly aligns with VAWA confidentiality obligations. Software companies are third parties. And they get approached by other third parties - like law enforcement and abusers' attorneys - to share the data stored on their servers. If the software company can't see the data, and they can't hand it over to others who might use it to harm the survivor, the privacy and safety of the survivor is much more secure.
If you have questions about this, feel free to reach out to us. To learn more about privacy and confidentiality, check out our Technology & Confidentiality Toolkit.
Managed by the Safety Net Project at the National Network to End Domestic Violence (NNEDV), this blog explores the intersection of technology and privacy and intimate partner violence, sexual assault and violence against women.
Click here if you are worried about someone else knowing that you visited this website.
This privacy policy explains the information/data we collect from you when you visit this website, how we share or use that information, and your rights.
