Avast CISO Jaya Baloo led a panel that explored several myths and misconceptions about tech abuse
At this year’s Collision conference, a virtual panel of leaders debated the major societal issue of tech abuse. The panel, led by Avast CISO Jaya Baloo, featured:
At the outset, tech abuse was defined as the use of technology to track, harass, surveil, coerce, isolate, terrify, and control another person and it exists in a broader environment of intimate partner violence.
“We always want to make sure we’re framing this in the context of: it’s not always the technology that’s to blame,” Olsen said. “If you remove the technology, you’ll still have the person as well as the context of greater abuse.”
Baloo referenced stalkerware — technology that’s used to covertly track and spy on someone without their consent — as one example of tech abuse. During the Covid-19 pandemic and lockdowns across the world, Avast has tracked a major uptick in stalkerware and spyware installs. She also acknowledged that what Avast can see is just the tip of the iceberg.
In order to get a broader view of the real effects of stalkerware and tech abuse, Baloo presented the panel with four myths and misconceptions about tech abuse. Here’s how they responded.
Myth #1: “Tech abuse is pretty rare and the benefits of tech far outweigh the narrow instances of misuse.”
One criticism of tech abuse is that it affects only a small portion of society — and therefore the benefits of technology outweigh the real-world effects. But, as Lyles points out, intimate partner violence is a worldwide epidemic, with one in three women reporting experiencing physical or sexual violence at least once in their lifetime.
“We know that this is a crime that’s vastly underreported,” Lyles said. “Intimate partner violence is the most pervasive type of violence against women. Considering this, we have to consider that issues and control and violence are part of our everyday lives.”
According to Parsons, when we talk about tech, we generally talk about one group benefiting and the other losing. And in this case, the potential losses are actually catastrophic.
“We might say society as a whole benefits, but what about the very real costs others pay?” she asked. “You don’t have to look at statistics very long to see how things like this start in cyberspace and end up in physical space. We’re talking about people who land in the hospital, or have their kids stolen away — or they die. Are we talking about giving someone convenience and the cost is someone’s life? Or the life of a child? Or the mental health of a child?”
From the survivor perspective, Olsen reports that tech abuse is “coming up consistently” in surveys about what people are concerned about when leaving an abusive relationship. The reason is twofold: 1. Personal privacy is extremely important when you’re trying to escape an abuser and; 2. Losing access to technology means “losing access to the world in so many ways,” Olsen said.
Myth #2: "Stalkerware is just glorified Find My Friend.”
The basic sentiment behind this myth about tech abuse is: Who cares? We all use stuff like Find My Friend or Find My iPhone, right? What’s the big deal? Cohn said this myth gets one thing right: The underlying technology for stalkerware and useful apps is the same.
“Most technology can be used for good or for evil,” she said. “Everyone knows that a hammer can put in a nail — and can also kill someone. It’s the same with technology.”
The goal, she said, is not to deny people the benefits of the technologies but rather to mitigate their misuse. In order to truly do that, however, we need to make vast changes across society. Tech abuse is an issue that can’t and won’t be solved by the tech industry alone.
“In order to do what Cindy is talking about, the people creating the tech have to figure out that those unintended consequences are possible,” Parsons added. “Technologists need to think outside their personal experiences. So maybe what needs to happen is expansion of what constitutes the stakeholder group. Someone who is trying to design just a Find My Friend probably isn’t thinking about how someone might try to use that technology.”
Parsons was talking about the need to get a variety of voices and perspectives in the room where it happens, so to speak. In other words: tech companies need to actively work to get more technical people from underrepresented backgrounds on staff. Designing from a trauma-informed perspective is also essential if companies are going to address these issues from “go.”
“We need diversity and inclusion on tech teams,” Suils said. “When there is one homogenous demographic designing tech, we run into these problems because the vision is limited.”
Olsen points out that so many technologies today are created with the assumption that someone is safe, even when they aren’t. She points to IoT smart devices — like home surveillance — as an example of how a tool can be used in unintended ways. A home surveillance system assumes that the people are safe inside the home. But a victim of domestic abuse isn’t safe at home at all.
Myth #3: “With all the tech today, who isn’t being tracked? This is part of 21st century life.”
From Facebook to browsers to smartphones, most people at this point know that we’re being tracked by tech companies. And while some (uneasily) accept this as inevitable, Cohn has spent her career pushing back.
“The business model that has taken over the internet is about surveillance,” she said. “So many tools we rely on are already two-faced. They’re not really serving us — they’re serving a secondary service.”
The goal, she said, needs to be creating a new online business model that doesn’t rely on surveillance. Once the need for these technologies is eliminated, it will be more difficult for abusers to misuse them.
Myth #4: “Tech abuse isn’t a problem that tech companies can solve without destroying user experience for everyone else.”
Where some people see an insurmountable problem when it comes to getting rid of the pervasive surveillance economy that we currently live in, Cohn sees a challenge for the entire industry.
“Tech is supposed to be about thinking big, changing the world, and thinking different!” Cohn said. “If you think of yourself as an innovator, here’s your problem! The person who can win in the next marketplace is the person who can build a surveillance-free internet that serves all of us.”
This is what innovators ought to be thinking about, she continued. Tech entrepreneurs need to ask: Where’s a problem in society that I can build a tool to help solve?
“And if you’re not thinking about that, are you really an entrepreneur?” Cohn asked . “I encourage you to think about your role in it in that frame, because we need you.”
Parsons points out that entrepreneurs tend to solve problems they’re passionate about. It’s our job as a society, then, to make building a non-surveillance based tech world and economy something that people want to address.
“Not that we don’t know how to do it — there are examples already,” she said. “But there aren’t enough people out there who are passionate enough to build it.”
One example to look to, Lyles said, is how activists got corporations to care about their carbon footprints and climate change — something that people use to say would be impossible to achieve. It took years of struggle, harm, and litigation for those changes to be enacted, she said, but they were enacted. If we care about this issue, then, we’re all going to have to put in the work.
“But it’s never going to change course if we don’t have people with a diverse set of leanings, perspectives, and identities involved across the board,” Lyles said. "The way tech looks today is not representative of how I think everyone on this panel believes tech should look if it’s going to not cause harm.”
Combatting tech abuse is a huge task -- and it’s going to require everyone to get on board. Companies like Avast, groups like the Coalition Against Stalkerware, and victims’ rights advocates are leading the way in protecting people against the misuse of technology. And, remember, like Baloo said: This is just the tip of the iceberg. There’s still so much work to do.
38,000 people connected online at Collision 2021. Check out the event website for additional looks at this year's event, as well as plans for 2022.
In the eighth episode of our podcast Avast Hacker Archives, security expert Dave Aitel demystifies the NSA, explains the fallacy of the term “zero-day,” and tells Avast CISO Jaya Baloo what started him down the hacker’s path.
In the seventh episode of our podcast Avast Hacker Archives, Avast CISO Jaya Baloo talks with Phil Zimmermann, creator of the PGP email encryption package and longtime activist for privacy and human rights.