Skip to main content

Intimate Partner Violence Digital Considerations

Document Type Active Internet-Draft (individual)
Authors Sofia Celi , Juliana Guerra , Mallory Knodel
Last updated 2023-03-13
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
None                                                             S. Celi
Internet-Draft                                                     Brave
Intended status: Informational                                 J. Guerra
Expires: 14 September 2023                            Derechos Digitales
                                                               M. Knodel
                                                           13 March 2023

            Intimate Partner Violence Digital Considerations


   This document aims to inform how Internet protocols and their
   implementations might better mitigate technical attacks at the user
   endpoint by describing technology-based practices to perpetrate
   intimate partner violence (IPV).  IPV is a pervasive reality that is
   not limited to, but can be exacerbated with, the usage of technology.
   The IPV context enables the attacker to access one, some or all of:
   devices, local networks, authentication mechanisms, identity
   information, and accounts.  These kinds of technical compromise exist
   in addition to on-path attacks, both active and passive [RFC7624].
   In this document we describe the tactics the IPV attacker uses and
   what kind of counter-measures can be designed in IETF protocols.

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

Celi, et al.            Expires 14 September 2023               [Page 1]
Internet-Draft                    ipvc                        March 2023

   This Internet-Draft will expire on 14 September 2023.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Definition of technology-based IPV  . . . . . . . . . . . . .   3
     2.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Technology-based IPV attacks  . . . . . . . . . . . . . . . .   3
     3.1.  The intimate attacker . . . . . . . . . . . . . . . . . .   4
     3.2.  Tech-based IPV tactics  . . . . . . . . . . . . . . . . .   4
     3.3.  Kinds of tech-enabled IPV attacks . . . . . . . . . . . .   5
     3.4.  Means of attacking  . . . . . . . . . . . . . . . . . . .   8
   4.  Specific abused technology  . . . . . . . . . . . . . . . . .   9
   5.  Recommendations . . . . . . . . . . . . . . . . . . . . . . .   9
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   8.  Informative References  . . . . . . . . . . . . . . . . . . .  10
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   Intimate partner violence (IPV) refers to physical, emotional,
   verbal, sexual, or economic abuse of a person by a current or former
   intimate partner.  It is understood that in IPV cases there is an
   unequal power relationship that enables the abuser to cause harm in
   romantic or sexual relationships, as well as child or elder abuse, or
   abuse by any member of a household.

   Digital technologies are central in modern lives and can be used as a
   way to enable and enhance IPV.  At the same time, IPV is not
   considered enough when designing digital technologies, networks, or
   Internet protocols against threats.  This lack of consideration has
   put pressure on health professionals and social workers to mitigate

Celi, et al.            Expires 14 September 2023               [Page 2]
Internet-Draft                    ipvc                        March 2023

   technology-enabled abuse and its effects.  In turn, survivors and
   targets develop ad hoc strategies for digital privacy and safety for
   themselves alone and only in rare cases are protocol design or
   cybersecurity best practice available tactics.  This type of abuser,
   "the attacker you know", is neither on- nor off-path, they have
   complete access to-- perhaps even share-- devices and local networks.
   They can even coerce their targets.

   This document describes the tactics used in technology-based IPV.  It
   provides recommendations for the design of protocols and
   implementations to mitigate those tactics.  In what follows, we first
   describe IPV and related terminology, the kind of tactics attackers
   use, and we end with the recommendations.

2.  Definition of technology-based IPV

   Technology enables and enhances IPV attacks with pervasive
   surveillance, overt monitoring, and coercive access.  IPV refers to
   physical, emotional, verbal, sexual, or economic abuse of a person by
   a current or former intimate partner.  By "partner" we mean anyone
   with a close relationship with the victim that can exercise abuse in
   a romantic or sexual relationship, as well as child or elder abuse,
   or abuse by any member of a household.  In cases of IPV there is an
   unequal power relationship that enables the attacker to cause harm.
   [Dragiewicz2018] calls this "digital coercive control" whereby
   Internet-enabled technology-- through access to local networks,
   devices and accounts-- becomes a mechanism to exert control, to
   conduct surveillance, or to aggravate and harass.

2.1.  Terminology

   In the rest of this draft, we will use this terminology:

   *  Attacker: By "attacker" we mean an abuser in an IPV situation that
      is using digital tools to enable and enhance abuse.  An attacker
      can also be referred as "perpetrator".

   *  Victim: By "victim" we mean the subject of a attack.  Notice that
      we are using this term only in the context of an attack scenario:
      we prefer the term "survivor" otherwise.

3.  Technology-based IPV attacks

   In order to describe IPV attacks that are enabled or exacerbated by
   Internet technology, we first describe our assumptions about the
   attacker and common tactics that can be used.  Then the types of
   technology-enabled IPV attacks are described.

Celi, et al.            Expires 14 September 2023               [Page 3]
Internet-Draft                    ipvc                        March 2023

3.1.  The intimate attacker

   The attacker we present in this document is one that either has
   forceful control of accounts, devices, and/or authentication
   information for accessing systems, or uses public information to
   exercise control.  The kind of attacker can be technologically savvy
   or not.  We define this attacker as one of the strongest ones as it
   can have unlimited access to systems and devices.

   The attacker has some kind of physical access to the victim (or has
   had it in the past), and often shares a common social network with
   them.  In some cases, it can be the legal owner of the devices/
   accounts a victim uses.

3.2.  Tech-based IPV tactics

   There are many ways in which digital and networked technology can
   facilitate an attacker perpetrating IPV.  Here we informally list
   their main groups:

   *  Ready-made tools: Attackers can use applications or devices that
      are solely built to facilitate IPV.  These apps are sometimes
      called "stalkerware" or "spouseware".

   *  Dual-use tools: Attackers can use applications, control settings
      or devices built for beneficial or innocuous purposes and
      repurpose them for harm.  This is the case, for example, of anti-
      theft devices that can be repurposed for stalking.

   *  Impersonation attacks: Knowing personal information coupled with
      access to authentication mechanisms gives an attacker the ability
      to fully authenticate to services and accounts of the victim,
      effectively impersonating them.  This can be executed to the
      degree that the victim can no longer successfully authenticate

   *  UI-bound impersonation attacks: Attackers can abuse technology to
      enhance IPV by abusing the UI of a specific tool.  In this case,
      attackers become authenticated but adversarial users of a system.
      They cannot, however, escalate to root privileges or access other
      underlying functionalities of the system.  They are bound to
      whatever system they managed to authenticate to.  We will explore
      later the ways attackers use to forcibly gain authentication to a

Celi, et al.            Expires 14 September 2023               [Page 4]
Internet-Draft                    ipvc                        March 2023

   *  Social media and forums: Attackers can learn and share information
      on how to use technology to enhance IPV through the usage of these
      tools.  They can also receive narrative justification to condone
      their behaviour.  They can also perform cyberstalking,
      cyberbullying, doxxing with the usage of these tools.

   *  Perception of threat: The mere presence of a pervasive threat is a
      form of control.  The perception that technology can be used to
      enhance IPV is a tactic of attackers to control victims, take away
      agency and abuse them.  This can lead to lack of trust in
      technology and further isolates the victim from seeking and
      receiving support.

3.3.  Kinds of tech-enabled IPV attacks

   *  Monitoring: One of the most prevalent methods to enhance IPV is
      the usage of active monitoring of any online account that the
      victim has or of any action that the victim does in the digital
      world.  This includes a variety of behaviors that feel unwelcomed
      and intrusive, and can involve threats.  The monitoring is
      "active" in that is a permanent action that the victim can be
      aware of or not, and that the abuser might want to make them aware
      or not.  It can include:

      -  Monitoring e-mail, chat-based or social media communication, or
         browsing history either directly on the victim's computer or
         through specialised applications.

      -  Monitoring location and whereabouts by looking at the metadata
         of communication, by using location-help applications, or by
         using specialized applications.

      -  Monitoring any data sent over the network by mounting DNS
         attacks or other specialised attacks.

      -  Monitoring any information found on the UI by looking at
         laptops screens, or other device's screens while the victim is
         using them.

      -  Using the Internet to seek public or private information to
         compile a victim's personal information for use in harassment.

      In this type of attack, we see these dimensions:

      -  Monitoring of the content of communications either at the
         application layer or other layers.

      -  Monitoring of the UI content of application tools.

Celi, et al.            Expires 14 September 2023               [Page 5]
Internet-Draft                    ipvc                        March 2023

      -  Monitoring of location information.

   *  Compromise of accounts: Research suggests that in IPV, an attacker
      may demand access to a victim's accounts for continuous monitoring
      and/or restricting their communication with others.  This is
      different from the previous point in that the perpetrator demands
      access (or uses invasive tools) to tools and contents, rather than
      using "publicly available" tools or by monitoring without
      coercion.  This type of attack is mounted in order to reduce the
      "life space" or "space for action" that the victim-survivor may
      have to perform activities that do not involve their attacker.
      Once an attacker has access to an online account, they can use
      that to:

      -  Delete data, which can be communication data, documents and

      -  Have access to friends, family and contacts.

      -  Have access to communication, audio-video content, and any
         associated metadata.

      -  Lock out or change the authentication mechanisms that grant
         access to the account.

      -  Impersonate by using the victim's online identity to send
         false/forged messages to others or to purchase goods and

      -  Impersonate by using the victim's online identity to publicly
         post information that can be private or fake.

   *  Compromise of devices: This attack is similar to the above, but
      the attacker demands access to the victim's devices.  The goal is
      the same as the above but the result is more impactful as it
      restricts access to accounts that are accessed through the device.
      It can also prevent any connection to the Internet.  Once an
      attacker has access to the device, they can use it to:

      -  Phisical prevention of use of the device (the device can be
         used, for example, to call police services, which is restricted
         with this attack).

      -  Access contacts and data (media or messages) stored in it.

      -  Access to accounts and authentication mechanisms for other
         accounts (saved passwords or authenticator apps -2-factor
         authentication-, for example).

Celi, et al.            Expires 14 September 2023               [Page 6]
Internet-Draft                    ipvc                        March 2023

      -  Perform impersonation.

      -  Perform denial of access to the device, networks or the
         Internet in general.

      -  Destroy the device itself and any information stored in it.

      -  Impersonate by using the victim's online identity as accessed
         through the device. to publicly post information that can be
         private or fake.

   *  Exposing of private information or media: This attack builds on
      top of other attacks.  Once an attacker has access to an account
      or device, they can use this access to gather private information
      or private media stored in it.  This can later be used for
      threatening, extortion, doxing (posting private information), and
      more.  It can also be used to gather information regarding bank
      accounts, tax information and more.

   *  Denial of access: This attack can be built on top of other
      attacks.  It can consist of denying access to a device, but also
      denying access to the Internet in general by destroying routers
      (or network devices), changing Wi-Fi passwords or network
      settings.  The goal is to disallow access to services, or contact
      with family and friends.  It can also take the form of disrupting
      digital communications by flooding a victim's communication tool
      with unwanted messages or by sending a virus program.

   *  Threats: This attack can be considered as a dimension of the
      previous attack as it can result on a denial of access attack.  It
      consists on sending e-mail, chat-based messages or social media
      messages that threatens, insults, or harasses a victim.

   *  Harrassing: This type of attack seems to appear in different

      -  On-going harassment with the goal of intimidation, humiliation
         and monitoring.

      -  Harrassment that appears after a victim has "disconnected" to
         continue coercion: "[Disconnecting] often makes it worse.
         Clients are much more at risk when they actually separate from
         their abusers because he suddenly no longer has any control
         over that victim.  So often the only thing left is through the
         phone, so he's going to start harassing you, calling, texting.
         If you change your number, now he's most likely going to go
         crazy.  So that's when he's going to start stalking you any way
         he can."

Celi, et al.            Expires 14 September 2023               [Page 7]
Internet-Draft                    ipvc                        March 2023

      Harrassment can be anonymous, but a victim often knows from whom
      harrassment messages/actions come from; but, due to its anonymity,
      it is unable to hold atackers accountable.  The systems we have in
      place often need that harrassment content is permanently available
      so that an investigation takes place.  This enhances the abuse a
      victim is suffering.

3.4.  Means of attacking

   The above attacks can be carried out in different ways.  We list
   there the most common ones:

   *  Installation of spyware or spoofing: This form of attack consists
      of installing unwanted tools into a device in order to gain access
      to accounts or for active monitoring.  It can also take the form
      of remote access by remotely "hacking" security questions,
      passwords or any authentication mechanism.  Most of the time,
      these tools are installed without the victim's knowledge.

   *  Coercion and control: This form of attack consists of using
      coercion and control (which can be physical, emotional or
      psychological) to gain access to devices, network devices,
      accounts or digital information.  It often takes the form of
      forcing victims to reveal passwords or account/devices
      authentication mechanisms.

   *  Shared network plans between family/relationship members: Often
      times, an attacker is the legal "owner" of a device (owning
      children's devices, for example) or accounts (a bank account, for
      example), or they have access to accounts/devices as they are part
      of a shared family plan.  This enables an attacker to carry out
      the previously mentioned attacks without the knowledge of the
      victim and without the need for installation of tools.

   *  Monitoring: This means of attack consists of the abuse of social
      media and any public information found on digital tools from the
      victim that has been shared through them.  It also involves
      installing tools for active monitoring on devices or using
      "bening" applications in a dual-use manner (applications, such as
      the "track my phone" one).

   *  Exposure: This means of attack consists of the abuse of social
      media to enhance harassment.  It consists of using social media to
      post harmful content to humiliate, to harass family or friends,
      for doxxing or to non-consensually share intimate/private media.

Celi, et al.            Expires 14 September 2023               [Page 8]
Internet-Draft                    ipvc                        March 2023

4.  Specific abused technology

   In the research of the ways attackers use technology to enhance IPV,
   we see this specific technology being abused:

   *  Passwords and authentication mechanisms: all authentication
      mechanisms can be used to enhance IPV as they are the single point
      of failure used by attackers to get access to the account and/or
      devices (and, once they have access to those, they can get further
      access to other accounts or devices).  Attackers can use
      specialised tools (to be installed in devices) to record
      authentication mechanisms, they can coerce victims in order to get
      access to devices, and more.  They can also mount these attacks
      against fingerprints and biometric authentication mechanisms,
      2-factor authentication devices/applications and more.

   *  Media and private information: attackers can use the access to
      accounts/devices to gain access to media and private information.
      This media can later be used to bribe a victim, to humiliate them
      (by publicly posting it), to enhance harassment and more.

   *  Recovery of account mechanisms: as with authentication mechanisms,
      attackers can use 2-factor authentication devices, accounts and/or
      applications to get access to other accounts or profiles

   *  Lack of blocking mechanisms and abuse of anonymous mechanisms:
      Often times attackers carry out abuse by:

      -  Contacting through fake numbers

      -  Contacting through fake accounts

      -  Sending messages to applications that have a "open" chanel for
         receiving any message.

      -  Abusing of read-recipes to enhance control.

      -  Abusing the lack of blocking mechanisms.

5.  Recommendations

   We list here some recommendations to protocol designers to mitigate
   technology-enabled IPV:

   *  Build proper authentication systems: authentication mechanisms
      should provide:

Celi, et al.            Expires 14 September 2023               [Page 9]
Internet-Draft                    ipvc                        March 2023

      -  A non-deletable and non-modifiable list of who has access to

      -  A way to recover access to an account and to change
         authentication mechanisms.

      -  Provide mechanisms to revoke access.

   *  Storage and sharing of media: media should be stored/posted in
      such a way that:

      -  It can be taken down at the request of a victim if it consists
         of private media posted without consent.

      -  Provide good and private mechanisms for reporting the posting
         of non-consented media.

      -  Provide a way to destroy media once a device is in the hands of
         an attacker.

   *  Social media: social media can be a way for attackers to enhance
      monitoring.  They should:

      -  Provide proper blocking systems that are not limited to an
         individual account.

      -  Provide mechanisms by which only "accepted" people are able to
         send messages to an account.

   *  Browser history or searching information/metadata should be
      deleted by default.

   *  End-to-end encryption must be the default in order to prevent
      network monitoring.

   *  Considering local attackers when designing sensitive applications.

   *  Plausible deniability for sensitive applications.

6.  Security Considerations

7.  IANA Considerations

   This document has no actions for IANA.

8.  Informative References

Celi, et al.            Expires 14 September 2023              [Page 10]
Internet-Draft                    ipvc                        March 2023

              Dragiewicz, M., Burgess, J., Matamoros-Fernández, A.,
              Salter, M., Suzor, N. P., Woodlock, D., and B. Harris,
              "Technology facilitated coercive control: domestic
              violence and the competing roles of digital media
              platforms", 6 September 2022,

   [NCAV]     Abuse, N. C. A. D. V., "National Statistics Domestic
              Violence", 6 September 2022,

   [RFC7624]  Barnes, R., Schneier, B., Jennings, C., Hardie, T.,
              Trammell, B., Huitema, C., and D. Borkmann,
              "Confidentiality in the Face of Pervasive Surveillance: A
              Threat Model and Problem Statement", RFC 7624,
              DOI 10.17487/RFC7624, August 2015,

   [WHO]      Organization, W. H., "Understanding and Addressing
              Violence Against Women: Intimate Partner Violence", 2012,


   Thanks to:

   *  Lana Ramjit and Thomas Ristenpart for their insipiring work on
      this area, and guidance for this draft.

   *  Shivan Kaul and Pete Snyder for discussions, guidance and support.

Authors' Addresses

   Sofia Celi

   Juliana Guerra
   Derechos Digitales

   Mallory Knodel

Celi, et al.            Expires 14 September 2023              [Page 11]
Internet-Draft                    ipvc                        March 2023


Celi, et al.            Expires 14 September 2023              [Page 12]