Legal gaps allow cellphone ‘stalkerware’ to thrive, researchers say


“The laws haven’t really caught up with the technology,” says Nadine Casemore of the women’s multi-service agency Sistering; Casemore has worked with survivors of intimate partner violence. “This is becoming a weapon, when it comes to intimate partner violence and gender-based violence.”

What the reports call “stalkerware” is usually primarily marketed as a tool for people who want to monitor the cellphone activity of children or employees. Many users download the apps for these legitimate, legal purposes.

But the apps can easily be repurposed by users to surveil, control, or terrorize current or former intimate partners, the researchers found — and are sometimes openly or clandestinely advertised for monitoring intimate partners without consent.


“Catch cheating spouse — it’s time to start spying,” advertises one. Among other features, the software developer advertises that its app is undetectable and can listen to and record the target phone’s surroundings in real-time.

Another app identified by the reports as stalkerware only visibly advertises itself as a parental control tool. But the researchers found that its website had concealed source code that referenced spying on spouses, cheating and fidelity. The text was tagged “SEO,” or search engine optimization, which is the term for techniques meant to place a website higher up in search results.

The researchers found that these apps re-victimize abuse survivors by failing to clarify how they can delete their data when they did not meaningfully consent to its collection in the first place. Many have insecure software update systems that leave phones vulnerable to intrusions, and have failed to adopt policies to notify the targets of stalkerware in the case of data breaches — something that has happened repeatedly, the researchers noted.

READ ALSO  Silicon Valley Betting Big on Legal Tech

Canada’s data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), stipulates that businesses need to obtain meaningful and ongoing consent when they collect personal information, and must give users the right to access and delete their own data. Stalkerware developers fail to meet these obligations.

“Given our findings, we find it deeply concerning that these companies operate in Canada in their present capacity, and we argue that their present operations would likely require significant modification for the businesses to operate legally,” the Citizen Lab authors write.

But unlike more robust European privacy laws, Canada’s privacy commissioner can investigate and issue recommendations under PIPEDA, but cannot compel changes without a federal court order. The researchers recommend that the Government of Canada update the privacy commissioner’s enforcement toolkit, including adding the ability to extract fines.

The reports were funded by a grant from a program at the Office of the Privacy Commissioner of Canada that supports independent privacy research.

The analysis also found that buying spyware primarily useful for secretly intercepting private communications is likely a criminal offence; many other facets of stalkerware use, creation, and sale violate Canadian criminal, civil, privacy, and regulatory laws. But there is a gap between what the law says and “what legal remedies are readily available to victims in practice”; police, lawyers, judges, and front-line workers should be better educated on stalkerware and the law, the authors say.

The researchers also point out that there is no technological fix for the corrosive and violent effects of patriarchal gender inequalities, which give rise to stalkerware in the first place. But it is another reason to try to remedy gender and other diversity imbalances in the technology sector.

READ ALSO  Goo Hye Sun's legal reps respond to Oh Yeon Seo's legal action for Ahn Jae Hyun affair defamation

“It’s people who are most likely to be impacted who are not necessarily creating and developing the apps, but who would be the ones most likely to raise that sound of alarm early on in the design process and say, ‘Hey, maybe people won’t only use this to monitor their children in completely legal, ethical and consensual ways,'” says Khoo.

Kate Allen is a Toronto-based reporter covering science and technology. Follow her on Twitter: @katecallen

Kate Allen is a Toronto-based reporter covering science and technology. Follow her on Twitter: @katecallen



Source link

WP Twitter Auto Publish Powered By : XYZScripts.com