No year that includes tech-enabled abuse can be said to be a good year. But 2022 has certainly been an eventful year for the technologies used as instruments of coercive control domestic abuse situations, ranging from stalkerware to physical trackers.
In February, EFF called for the FTC to investigate a class of stalkerware apps uncovered by TechCrunch journalist and security researcher Zack Whittaker. The network of consumer-grade spyware apps wasn’t just pernicious, it was insecure. Whittaker discovered that the apps shared a security flaw that exposed the private data of approximately 400,000 people. TechCrunch identified the compromised apps, which are practically identical in look and operation, as Copy9, MxSpy, TheTruthSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker, and GuestSpy. Not only did TechCrunch provide instructions for how to identify and remove the Android spyware from a device, but they also launched a tool to help Android users know if their device was compromised.
In April, Maryland's legislature unanimously passed SB 134, a bill that requires law enforcement agencies to learn, as part of their standard training, to recognize the common tactics of electronic surveillance and the laws around such activities. This bill, which was inspired by conversations between Senator Barbara Lee’s Office and EFF, aims to mitigate the frustration and gaslighting so many survivors of tech-enabled abuse have felt when trying to report their experiences to law enforcement.
In July, Australian police arrested Jacob Wayne John Keen, the creator of Imminent Monitor stalkerware. Keen allegedly sold the app, designed to spy on Windows computers, to 14,500 people in 128 countries over a period of seven years before the website was shut down. The website specifically advertised features designed to keep the presence of the app secret from the user. 85 warrants were executed in Australia and Belgium, 434 devices seized, including the app-maker’s custom-built computer, and 13 of the app’s most prolific users were arrested. The investigation involved actions in Colombia, Czechia, the Netherlands, Poland, Spain, Sweden, and the United Kingdom. EFF hopes to see more such actions in the future.
Apple has had a very mixed year, taking important steps to secure devices for high-risk users, including survivors of tech-enabled abuse, while also facing the fallout from the disastrous launch of their physical tracker, the Air Tag, whose mitigations against use as a stalking device began as woefully inadequate and have progressed to merely bad. Just in time for Christmas, Apple finds itself the defendant in a class action lawsuit on behalf of people who have been stalked using Air Tags, with a filing that draws heavily on EFF’s criticisms of the product.
Air Tags are not the only physical tracker that has sparked concerns about stalking. Tile put out a scanning app to allow people concerned about stalking discover if there is a Tile tracking them. Like Apple’s tracker detection app for Android, launched at the end of 2021, it requires a pro-active scan to search for unwanted tracking devices. EFF continues to advocate for a more comprehensive approach to anti-stalking mitigations for physical trackers, calling on all physical tracker manufacturers to agree on and publish an industry standard that would allow developers to incorporate physical tracking detection into both mobile apps and operating systems.
Last of all, EFF has finished off the year with a victory in the fight against tech-enabled abuse. The Safe Connections Act, a common-sense bill that makes it easier for survivors of domestic violence to separate their phone line from a family plan while keeping their own phone number and requires the FCC to create rules to protect their privacy, has passed into law.