Re: [hrpc] Intimate Partner Violence Digital Considerations
Sofía Celi <cherenkov@riseup.net> Thu, 20 April 2023 12:56 UTC
Return-Path: <cherenkov@riseup.net>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8373EC151530 for <hrpc@ietfa.amsl.com>; Thu, 20 Apr 2023 05:56:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jP0s-rZpz8NL for <hrpc@ietfa.amsl.com>; Thu, 20 Apr 2023 05:56:16 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B2A0C14CE2C for <hrpc@irtf.org>; Thu, 20 Apr 2023 05:56:16 -0700 (PDT)
Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4Q2Hhv4S1PzDqk3 for <hrpc@irtf.org>; Thu, 20 Apr 2023 12:56:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1681995375; bh=72Vfk0PP42XCqc9Sl9eQ9IoDgfNjBuvaVvueaqyb8mA=; h=Date:Subject:To:References:From:In-Reply-To:From; b=QKrTY9OEkBRqZ25QnPQNxFDhFLWxp7Qpcwmf4kHfeNOMrPV1W1r0dyYstKBiE30E1 wKX+3grLLzb2zDqiXmAX0D+x8gO3QNYyvvHjLVWO4XWV7vHFMjSO0WDsLw0jp30jAz p1+IU76VS8OMGtd967zLTdoASoeduzQ2I1kcZYJQ=
X-Riseup-User-ID: FA87FD89F2B5605499E99A9EB742CB4C78FCE1071C7E3B19CB749CDE20B77E26
Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4Q2Hhv17GpzFsQy for <hrpc@irtf.org>; Thu, 20 Apr 2023 12:56:14 +0000 (UTC)
Message-ID: <9092b763-b600-7e91-a1a6-add99bb73274@riseup.net>
Date: Thu, 20 Apr 2023 13:56:13 +0100
MIME-Version: 1.0
To: hrpc@irtf.org
References: <GV1PR07MB83347845CC623C8F26ACF99A98899@GV1PR07MB8334.eurprd07.prod.outlook.com>
From: Sofía Celi <cherenkov@riseup.net>
In-Reply-To: <GV1PR07MB83347845CC623C8F26ACF99A98899@GV1PR07MB8334.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/EA_290tcc4fJQGjyvW-glhQEa_U>
Subject: Re: [hrpc] Intimate Partner Violence Digital Considerations
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2023 12:56:20 -0000
Dear, Leonie, Thank you so much for all these points and nice e-meeting you! I opened issues for the points made over here: https://github.com/claucece/draft-celi-ipvc/issues > 1. I wondered if it may also be helpful to emphasise “gaslighting” in > the text explicitly (fits under “perception of threat”). I am saying > this because both the over- and underestimation of a device’s > capabilities can be misused (we highlighted this in a recent report > for the UK Government > <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/978692/The_UK_code_of_practice_for_consumer_IoT_security_-_PETRAS_UCL_research_report.pdf>). That is a very interesting point. I think perhaps is needed a section more related to IoT devices and how they can be used for this. We didn't focus on those kind of devices in the first pass, but it is def a needed addition. > 2. Perhaps you also would like to flag smart, Internet-connected > devices as they open up avenues for remote, physical control (we > have worked on this extensively here > <https://www.emerald.com/insight/content/doi/10.1108/978-1-83982-848-520211049/full/html>, here <https://dl.acm.org/doi/10.1145/3368860.3368861>, and here <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3350615>, for example). Yes! Agreed in the previous point ;) > 3. The low/high-tech dimensions of this abuse pattern could be made > explicit. This fits with the sentence that an “attacker can be > technologically savvy or not” (we stress this in our work with UK > support sector organisations here > <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3931045>); Yes! There is some literature that explores that a high-tech knowledgeable attacker can mount more complex attacks (sniffing the network, for example). Adding a section on this seems like a good idea. > 4. Under “3.2. Tech-based IPV tactics”, you could feature “hacker for > hire” services (which we mention in Chapter 6 here > <https://www.taylorfrancis.com/books/edit/10.4324/9780429316098/technology-domestic-family-violence-bridget-harris-delanie-woodlock>). Although, I must flag that the prevalence of this is not clear. I have only heard anecdotal evidence from frontline workers that said victims/survivors had stated that their partner had threatened them with this (which, if not correct, relates to [1] above). This is interesting. I heard from first-hand accounts as well, but I haven't been able to confirm. It could be part as you say of a "perceived threat". > 5. Under “Compromise of accounts”, you may also want to underline the > impersonation to sign victims/survivors up for services (without > their consent/awareness), including for porn sites or online banking > (which then facilitates economic abuse). > 6. Lastly, Deepfakes may be something worth accenting in the text. Yes! Agreed on both points as well! > > Hope this is useful and happy to provide further input if wanted. For sure! Thank you very much for this! We will be working on integrating these points and send a revised document ;) Thank you, -- Sofía Celi @claucece Cryptographic research and implementation at many places, specially Brave. Chair of hprc at IRTF and anti-fraud at W3C. Reach me out at: cherenkov@riseup.net Website: https://sofiaceli.com/ 3D0B D6E9 4D51 FBC2 CEF7 F004 C835 5EB9 42BF A1D6
- [hrpc] Intimate Partner Violence Digital Consider… Leonie Tanczer
- Re: [hrpc] Intimate Partner Violence Digital Cons… Sofía Celi