Skip to main content

Intimate Partner Violence Digital Considerations
draft-irtf-hrpc-ipvc-01

Document Type Active Internet-Draft (hrpc RG)
Authors Sofia Celi , Juliana Guerra , Mallory Knodel
Last updated 2024-11-08
Replaces draft-celi-irtf-hrpc-ipvc
RFC stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Formats
Additional resources GitHub Repository
Mailing list discussion
Stream IRTF state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-irtf-hrpc-ipvc-01
None                                                             S. Celi
Internet-Draft                                                     Brave
Intended status: Informational                                 J. Guerra
Expires: 12 May 2025                                                    
                                                               M. Knodel
                                                                     CDT
                                                         8 November 2024

            Intimate Partner Violence Digital Considerations
                        draft-irtf-hrpc-ipvc-01

Abstract

   This document aims to inform how Internet protocols and their
   implementations might better mitigate technical attacks at the user
   endpoint by describing technology-based practices to perpetrate
   intimate partner violence (IPV).  IPV is a pervasive reality that is
   not limited to, but can be exacerbated with, the usage of technology.
   The IPV context enables the attacker to access one, some or all of:
   devices, local networks, authentication mechanisms, identity
   information, and accounts.  These security compromises go beyond
   active and passive on-path attacks [RFC7624].  With a focus on
   protocols, the document describes tactics of the IPV attacker and
   potential counter-measures.

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at
   https://github.com/claucece/draft-celi-ipvc.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

Celi, et al.               Expires 12 May 2025                  [Page 1]
Internet-Draft                    ipvc                     November 2024

   This Internet-Draft will expire on 12 May 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Definition of technology-based IPV  . . . . . . . . . . . . .   4
     2.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
   3.  Technology-based IPV attacks  . . . . . . . . . . . . . . . .   5
     3.1.  The tech-asisted IPV attacker . . . . . . . . . . . . . .   5
     3.2.  Tech-based IPV tactics  . . . . . . . . . . . . . . . . .   6
     3.3.  Kinds of tech-enabled IPV attacks . . . . . . . . . . . .   7
     3.4.  Means of attacking  . . . . . . . . . . . . . . . . . . .  10
   4.  Specific abused technology  . . . . . . . . . . . . . . . . .  11
   5.  Recommendations . . . . . . . . . . . . . . . . . . . . . . .  12
   6.  Resources . . . . . . . . . . . . . . . . . . . . . . . . . .  15
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
   9.  Informative References  . . . . . . . . . . . . . . . . . . .  15
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  17
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  18

1.  Introduction

   Intimate partner violence (IPV) refers to physical, emotional,
   verbal, sexual, or economic abuse of a person by a current or former
   intimate partner, hereafter referred to as the abuser or
   attacker.[WHO] IPV is characterized by an unequal power dynamic that
   enables the abuser to exert control and harm within romantic or
   sexual relationships context.  While IPV often manifests in these
   contexts, it also extends to child and elder abuse or abuse
   perpetrated by any member of a household.

Celi, et al.               Expires 12 May 2025                  [Page 2]
Internet-Draft                    ipvc                     November 2024

   Digital technologies are central in modern lives and can be used as a
   way to enable and enhance IPV.  Technology-based IPV has profound
   implications on the physical, psychological and emotional health of
   survivors, affecting them not only at the individual level but also
   disrupting their broader social environment [ref].  Furthermore,
   technology-based IPV can create an immediate potential for offline,
   real-world harm, as attackers can use these methods to control,
   locate, or confront their victims in person.  This blending of
   digital abuse and offline harm increases the severity and urgency of
   the threat faced by victims.

   There is significant existing work in the field of online gender-
   based violence [IPVTechBib][CSP] and technology-based IPV [Freed]
   mainly focused on response and resiliency, including digital privacy
   and safety strategies.  Nevertheless, even when this literature
   exists, IPV is not considered enough when designing digital
   technologies, networks, or Internet protocols, and it is not part of
   threat-modelling.  Protocol design or cybersecurity best practices
   rarely account for IPV-specific scenarios, as seen in only a few
   cases [CETAStrategies].  These omissions highlight the need to
   consider the privacy and security risks involved, as noted in
   [RFC6973].

   Unlike traditional "attackers", an abuser in the context of IPV is a
   close and familiar figure: an "attacker you know."  This attacker is
   neither solely on-path nor off-path; they often have full access to
   their target's devices and local networks, sharing intimate spaces
   and information.  Moreover, abusers can coerce and manipulate their
   victims (hereafter, referred to as targets) directly.

   This document outlines the tactics employed in technology-based IPV
   and offers recommendations for designing protocols and technologies
   to mitigate these tactics.  It begins with a comprehensive overview
   of IPV and related terminology, followed by an exploration of the
   specific tactics used by abusers, culminating in actionable
   recommendations for the digital design community

   Although the category of technology-abuse includes practices such as
   Child Sexual Abuse Material (CSAM), or digital manipulation of images
   and videos (deepfakes) to exhibit and slander women [Witness], those
   tactics are out of scope in this document, since the attacker is not
   part of the victim's social environment, i.e. they do not necessarily
   have access to the victim's local network.  However, in some
   ocasions, this distinction doesn’t always hold.

   The point of this document is to describe technological means by
   which abuse may be enacted.  It is not claiming, and cannot claim,
   that these means are inherently abusive.

Celi, et al.               Expires 12 May 2025                  [Page 3]
Internet-Draft                    ipvc                     November 2024

2.  Definition of technology-based IPV

   Technology-based intimate partner violence (IPV) refers to the use of
   digital tools and technologies to enable, escalate, and reinforce
   abusive behaviors.  IPV itself encompasses physical, emotional,
   verbal, sexual, or economic abuse committed by a current or former
   intimate partner.  A "partner" in this context is not limited to
   romantic or sexual relationships, but can extend to anyone with a
   close relationship to the victim, including household members
   involved in child or elder abuse.  What defines IPV is the inherent
   unequal power relationship, where the abuser leverages this imbalance
   to inflict harm and exert control.

   In technology-based IPV, the attacker exploits various forms of
   digital technology to perpetrate abuse, often through pervasive
   surveillance, overt monitoring, coercive access to devices or
   accounts, and manipulation of digital communications.  This is known
   as "digital coercive control" [Dragiewicz2018], which is a form of
   abuse where access to personal technology, such as smartphones,
   social media, or local networks, becomes a means for the abuser to
   assert control, engage in stalking, or inflict psychological
   harassment.  Internet-enabled technologies amplify the abuser's
   ability to conduct continuous surveillance or escalate harm remotely,
   reinforcing the unequal power dynamic present in IPV situations.

   While technology-facilitated abuse can affect anyone, it is crucial
   to recognize its intersection with gender-based violence.  As noted
   by [APCFramework], "women and girls face specific cyber threats in
   the digital age that are considered forms of gender-based violence as
   they occur because of their gender, or because they
   disproportionately affect one gender."  This intersection arises
   because digital abuse is embedded in the same offline structural
   violence that perpetuates gender inequality, but the technological
   dimension introduces new elements: searchability, persistence,
   replicability, and scalability.  These features allow abusers to more
   easily track their targets, replicate abusive content, and escalate
   harassment across platforms, magnifying the harm inflicted.

   Furthermore, the unique aspects of technology-based IPV—such as the
   ability to monitor in real-time, manipulate social media, or restrict
   access to digital resources—can severely limit a victim's autonomy
   and mobility.  This creates a new layer of control that extends
   beyond traditional physical spaces into the digital realm, making it
   harder for victims to escape the abuse, as the abuser often has
   constant or even remote access to the victim’s digital life.

Celi, et al.               Expires 12 May 2025                  [Page 4]
Internet-Draft                    ipvc                     November 2024

   Ultimately, technology-based IPV is not just an extension of
   traditional abuse; it is an evolving form of violence that
   capitalizes on the pervasive and intimate nature of digital
   technology to create a form of control that is difficult to detect
   and even harder to escape.  Addressing this issue requires a deep
   understanding of both the technical tools used by abusers and the
   social dynamics at play, including the broader structural
   inequalities that enable such abuse.

2.1.  Terminology

   In the rest of this draft, we will use this terminology:

   *  Attacker: By "attacker" we mean a person, an abuser in an IPV
      situation that is using digital tools to enable and enhance abuse.
      An attacker can also be referred to as "perpetrator".

   *  Victim: By "victim" we mean a person who is subject or target of
      an attack.  Notice that we are using this term only in the
      temporary context of an attack scenario.  We prefer the term
      "survivor", which recognizes the agency and resistance tactics of
      those facing IPV, but for the purposes of this document we focus
      on the fact of being subject of specific technology-based IPV
      attacks.

3.  Technology-based IPV attacks

   In this section, we describe IPV attacks that are enabled or
   exacerbated by Internet technology.  First, we outline our
   assumptions about this type of attacker and common tactics they may
   use.  Then, we describe the types of technology-enabled IPV attacks.

3.1.  The tech-asisted IPV attacker

   The attacker we focus on in this document is someone who either
   forcefully controls accounts, devices, and/or authentication
   information used to access systems, or leverages publicly available
   information to exert this control.  This attacker may or may not be
   technologically skilled (it might be "technology savvy" or not).
   From a threat model perspective, this attacker is one of the
   strongest ones as it can use their abilities to gain unlimited access
   to systems and devices without needing significant financial or
   computational resources.

   The attacker typically has (or has had) physical access to the victim
   and often shares a common social network with them.  In some cases,
   the attacker may legally own the devices or accounts the victim uses,
   further complicating the victim’s ability to maintain control.

Celi, et al.               Expires 12 May 2025                  [Page 5]
Internet-Draft                    ipvc                     November 2024

   The attacker is not implied to have infinite computing power or
   unrestricted access to external systems (e.g., companies
   infrastructure).  Rather, the focus is on their ability to gain
   unlimited access to the victim's personal devices and accounts due to
   their proximity, control, or manipulation of the victim's
   authentication mechanisms and personal data.

3.2.  Tech-based IPV tactics

   There are many ways in which digital and networked technology can
   facilitate an attacker perpetrating IPV.  For an in-depth reading,
   see [TBMDGMMDR] and [CDOHPFLDMR].  Below, we informally categorize
   the main tactics attackers use:

   *  Ready-made tools: Attackers can use applications or devices that
      are solely built to facilitate IPV.  These types of technology are
      sometimes referred to as "stalkerware" or "spouseware".

   *  Dual-use tools: Attackers can repurpose applications, settings or
      devices built for beneficial or innocuous purposes to cause harm.
      This is the case, for example, of anti-theft devices that can be
      repurposed for stalking, or to location-tracking tools.  The
      latter is subject to its own considerations [DULT].

   *  Impersonation attacks: Knowing personal information coupled with
      access to authentication mechanisms gives an attacker the ability
      to fully authenticate to services and accounts of the victim,
      effectively impersonating them.  This can be executed to the
      degree that the victim can no longer successfully authenticate
      themselves to their services or accounts.

   *  UI-bound impersonation attacks: Attackers can abuse technology to
      enhance IPV by abusing the User Interface (UI) of a specific tool.
      In this case, attackers become authenticated but adversarial users
      of a system.  They cannot, however, escalate to root privileges or
      access other underlying functionalities of the system.  They are
      bound to the UI of whatever system they managed to authenticate
      to.  We will explore later the ways attackers use to forcibly gain
      authentication to a system.

   *  Social media and forums: Attackers can learn and share information
      on how to use technology to enhance IPV through the usage of these
      platforms.  These spaces may also provide narrative justifications
      for abusive behavior and facilitate cyberstalking, cyberbullying,
      and doxxing.

Celi, et al.               Expires 12 May 2025                  [Page 6]
Internet-Draft                    ipvc                     November 2024

   *  Perception of Threat and Vulnerability: The awareness of a
      pervasive threat can act as a powerful form of control.  Attackers
      often leverage the perception that technology could be used for
      IPV as a means of manipulating victims, eroding their sense of
      safety and agency.  This can extend to perceptions of
      vulnerability within the victim's network or system: the mere
      suspicion of a vulnerability could compound feelings of
      insecurity.  Research on user perceptions of technology
      trustworthiness, especially within messaging apps (see [UPMSG]),
      indicates that perceived threats and vulnerabilities in
      communication channels can discourage users from trusting or
      seeking help through these technologies.  Such dynamics can
      further isolate victims and create additional barriers to
      receiving support.

3.3.  Kinds of tech-enabled IPV attacks

   *  Monitoring: A prevalent tactic to facilitate IPV is the active,
      intrusive monitoring of the victim’s online activities and
      accounts.  This ongoing surveillance can encompass a range of
      behaviors that feel invasive, often involving threats or
      intimidation.  The "active" nature of this monitoring means it may
      be apparent to the victim or entirely hidden, depending on the
      abuser's intent.  Forms of monitoring include:

      -  Monitoring of communication, which can be e-mail-based, chat-
         based or social media communications, or browsing information
         (history, cookies or more) either directly on the victim's
         device or through specialised applications.

      -  Monitoring location and whereabouts by looking at the metadata
         of communication, by using location-help applications, or by
         using specialized applications.

      -  Monitoring any data sent over the network by mounting DNS
         attacks or other specialised attacks.

      -  Monitoring any information found on the UI by looking at
         devices screens while the victim is using them.

      -  Data gathering by using the Internet to seek public or private
         information to compile a victim's personal information for use
         in harassment.

      -  Monitoring security cameras or systems for home security

      In this type of attack, we see these dimensions:

Celi, et al.               Expires 12 May 2025                  [Page 7]
Internet-Draft                    ipvc                     November 2024

      -  Monitoring of communication content at various layers,
         including the application layer (e.g., chat or email content)
         and network layers (e.g., packet inspection or traffic
         analysis).

      -  Monitoring of the UI content of application tools.

      -  Monitoring of location information.

   *  Compromise of accounts: An attacker may demand access to the
      victim's accounts to continuously monitor, control, manipulate or
      restrict their digital communications and activities.  Unlike
      passive monitoring with publicly available tools, the attacker
      demands access to tools and contents in order to reduce the "life
      space" or "space for action" that the victim has for independent
      activities.  Once access is obtained, an attacker can:

      -  Delete data, which can be communication data, documents and
         more (essentially, any data stored in the account).

      -  Gain access to contacts such as friends, family or colleagues.

      -  Gain access to communications, audio-video content, and any
         associated metadata.

      -  Modify or manipulate any communications, audio-video content,
         and any associated metadata.

      -  Lock out or change the authentication mechanisms that grant
         access to the account.

      -  Impersonate the victim by using the victim's online identity to
         send false/forged messages to others or to purchase goods and
         services.

      -  Impersonate the victim by using the victim's online identity to
         publicly post information that can be private or fake,
         impacting their reputation and sense of security.

      -  Impersonate the victim by using the victim's online or legal
         identity to sign victims up for services.

      -  Exposing private information or media by distributing intimate
         or private data (which could have been adquired via coercive
         tactics).

Celi, et al.               Expires 12 May 2025                  [Page 8]
Internet-Draft                    ipvc                     November 2024

   *  Compromise of devices: This attack is similar to the above, but
      the attacker demands access to the victim's devices.  The goal is
      the same as the above but the result is more impactful, as it
      restricts access and gives access to accounts that are accessed
      through the device.  It can also prevent the victim from having
      any connection to the Internet.  Once an attacker has access to
      the device, they can use it to:

      -  Phisically prevent the use of the abilities given by the device
         (the device can be used, for example, to call police services,
         which is restricted with this attack).

      -  Access contacts and data (media or messages) stored in it.

      -  Access to accounts and authentication mechanisms for other
         accounts (saved passwords or authenticator apps -2-factor
         authentication-, for example).

      -  Perform impersonation.

      -  Perform denial of access to the device, networks or the
         Internet in general.

      -  Destroy the device itself and any information stored in it.

      -  Impersonate by using the victim's online identity, as accessed
         through the device, to publicly post information that can be
         private or fake.

   *  Exposing Private Information or Media: This attack often builds on
      other the forms of attack.  Once an attacker gains access to an
      account or device, they can harvest sensitive data, including
      personal and/or private media, messages, and private documents.
      This stolen information can then be used to threaten, extort, or
      humiliate the victim.  For example, intimate images may be used
      for blackmail, or private details such as bank account and tax
      information may be exploited.  The attacker may also engage in
      doxxing by publicly sharing private details to damage the victim’s
      reputation or relationships.

   *  Denial of Access: This attack can also be built upon previous
      ones, and its objective is to block the victim's access to
      essential services.  It can include physical measures such as
      destroying routers or network devices, changing Wi-Fi passwords,
      or modifying network settings.  This prevents the victim from
      connecting to the Internet or accessing online services.  Denial
      of access may also target financial abuse, such as restricting the
      victim's access to online banking or digital wallets, making it

Celi, et al.               Expires 12 May 2025                  [Page 9]
Internet-Draft                    ipvc                     November 2024

      difficult or impossible for them to manage their finances.  Denial
      of access can also extend to digital communication disruptions,
      such as flooding the victim’s communication platforms with
      unwanted messages or deploying viruses to compromise their
      devices.  The goal is to isolate the victim, severing their
      connection to the outside world, including family, friends, and
      support networks.

   *  Threats: Often intertwined with denial of access, threats involve
      sending harassing or abusive messages via email, chat, or social
      media.  These messages may include insults, intimidation, or
      direct threats of harm.  The purpose is to instill fear,
      destabilize the victim's emotional state, and force compliance,
      either by causing distress or pushing the victim toward further
      harmful actions.  Threats can escalate into more severe attacks,
      including denial of access or exposure of private information.

   *  Harassment: Harassment can be anonymous, but in many cases, the
      victim knows the identity of the attacker.  However, due to the
      anonymity of certain platforms, the victim may struggle to hold
      the perpetrator accountable.  The systems in place often require
      that harassing content be permanently available for investigation,
      but this can, in turn, prolong the victim's exposure to the abuse.
      Harassment can manifest in various forms and dimensions:

      -  Ongoing Harassment: This type of harassment is persistent, with
         the goal of intimidating, humiliating, and psychologically
         tormenting the victim.  It often involves repeated messages,
         threats, or actions that make the victim feel unsafe or
         violated.

      -  Post-Disconnection Harassment: Once the attacker no longer has
         physical control over the victim, they may resort to
         cyberstalking or continued harassment online.  This form of
         abuse allows the attacker to maintain control over the victim
         by stalking their digital presence, often through social media,
         messaging platforms, or by monitoring their activities in other
         ways.

3.4.  Means of attacking

   The attacks described above can be carried out using various methods.
   Below are some of the most common approaches:

   *  Spyware Installation and Spoofing: This method involves installing
      malicious software on the victim's device to gain unauthorized
      access to their accounts or to conduct active monitoring.  It may
      also include spoofing techniques to bypass security measures, such

Celi, et al.               Expires 12 May 2025                 [Page 10]
Internet-Draft                    ipvc                     November 2024

      as remotely compromising security questions, passwords, or other
      authentication methods.  These tools are typically installed
      without the victim's knowledge, giving the attacker covert access
      to their personal information.

   *  Coercion and Control: This form of attack leverages physical,
      emotional, or psychological manipulation to gain access to a
      victim's devices, network credentials, or digital information.  It
      often involves forcing the victim to reveal sensitive details,
      such as passwords, PINs, or authentication mechanisms for their
      accounts and devices, creating an environment of control and fear.

   *  Shared Network Plans and Account Ownership: In some cases, an
      attacker may be the legal owner of a device (e.g., a parent's
      control over a child's device) or have access to shared family
      accounts or network plans.  For instance, an abuser may control a
      joint bank account or device within a shared family plan, allowing
      them to carry out attacks without the victim's knowledge and
      without needing to install malicious software.

   *  Monitoring: This method involves the exploitation of social media
      and other publicly available information to track the victim's
      activities.  It may also include the installation of monitoring
      tools on the victim's devices or the abuse of "benign"
      applications (e.g., location-tracking apps) in a malicious way.
      The attacker uses these tools to keep tabs on the victim's
      movements and interactions, often in secret.

   *  Exposure: This method involves the use of social media platforms
      to amplify harassment.  It includes actions such as posting
      harmful content to embarrass, humiliate, or intimidate the victim,
      or sharing private information like intimate images without
      consent.  This form of attack may also involve doxxing, where the
      victim's personal details are shared publicly to cause distress or
      harm to their relationships and reputation.

4.  Specific abused technology

   Research into how attackers exploit technology to enhance IPV reveals
   that the following technologies are frequently abused:

   *  Passwords and Authentication Mechanisms: Authentication systems
      are often the primary point of failure in IPV attacks.  Once an
      attacker gains access to a victim's account or device, they can
      use that access to compromise additional accounts or devices.
      Attackers can use specialized tools, often installed
      surreptitiously on the victim's device, to capture authentication
      data.  They may also coerce victims into revealing passwords or

Celi, et al.               Expires 12 May 2025                 [Page 11]
Internet-Draft                    ipvc                     November 2024

      bypassing security features.  This includes targeting biometrics
      (e.g., fingerprints, facial recognition), two-factor
      authentication (2FA) systems, and other multi-layered security
      methods.

   *  Media and Private Information: Attackers who gain access to
      devices or accounts can harvest private media and sensitive
      personal information.  This data can then be used to extort the
      victim, humiliate them (by sharing it publicly), or escalate
      harassment.  Private communications, photos, and other intimate
      materials are particularly vulnerable to such exploitation, often
      used as leverage in controlling or threatening the victim.

   *  Account Recovery Mechanisms: In addition to direct access to
      authentication mechanisms, attackers can manipulate account
      recovery processes to gain unauthorized access to accounts.  This
      includes exploiting weaknesses in 2FA devices, recovery email
      systems, or password reset tools.  By compromising these systems,
      attackers can gain control over multiple online profiles,
      furthering their ability to surveil and control the victim.

   *  Lack of Blocking Mechanisms and Exploitation of Anonymous
      Channels: Many platforms and communication tools lack effective
      blocking or reporting mechanisms, which attackers exploit to
      continue their abuse.  Common tactics include:

      -  Using fake phone numbers or burner accounts to contact the
         victim.

      -  Sending messages via platforms with open channels that do not
         require mutual consent (e.g., messaging apps with open chat
         features).

      -  Exploiting "read receipts" or similar features to monitor the
         victim's engagement with their messages, thereby gaining
         further control.

      -  Abusing the absence of robust blocking features to maintain
         constant contact and harassment.

5.  Recommendations

   The following recommendations are tailored for protocol and systems
   designers to help mitigate technology-enabled IPV, recognizing that
   IPV often occurs within the broader context of structural violence
   (which can be gender-based violence).  While these attacks are
   facilitated or exacerbated by technological tools, the
   recommendations focus on enabling victims to regain control, prevent

Celi, et al.               Expires 12 May 2025                 [Page 12]
Internet-Draft                    ipvc                     November 2024

   the abuse of power, and limit attackers' ability to carry out actions
   that entrench their control.

   *  Build proper authentication systems: Authentication mechanisms
      should be designed with the following features:

      -  Account Access Transparency: Maintain a non-deletable and non-
         modifiable list of devices with access to accounts and a record
         of active sessions.

      -  Recovery and Revocation: Provide secure ways to recover access
         to accounts and change authentication mechanisms.  Allow easy
         revocation of access, including when an account or device is
         compromised.

      -  Clear Notifications: Send notifications when:

         o  New devices are used to access an account.

         o  Attempts to access accounts occur.

         o  Changes are made to account details.

      -  Approval Mechanism for Access: Implement a system that allows
         users to approve or deny access attempts from new devices or
         locations.

   *  Storage and sharing of media: Media should be handled in a way
      that allows the victim to retain control:

      -  Media Takedown: Ensure that private media posted without
         consent can be taken down at the victim's request.

      -  Dealing with Re-posting: Implement mechanisms to prevent re-
         posting of previously reported non-consensual media, either by
         blocking its sharing or by flagging it across platforms and
         devices.

      -  Secure Reporting Mechanisms: Provide private, confidential ways
         to report non-consensual media, with systems in place to ensure
         the victim's privacy is protected.

   *  Social Media Platforms: Social media can be a powerful tool for
      perpetrators, enhancing monitoring and control.  Platforms should:

Celi, et al.               Expires 12 May 2025                 [Page 13]
Internet-Draft                    ipvc                     November 2024

      -  Comprehensive Blocking Systems: Provide blocking systems that
         go beyond individual accounts, potentially linking accounts and
         devices associated with a blocked user to prevent continued
         harassment or monitoring.

      -  Restricted Messaging: Enable users to set privacy controls that
         allow only approved contacts to send messages to their
         accounts.

   *  Browser and Search Data: Browsers and search engines should
      prioritize privacy and security:

      -  Automatic Deletion: Browser history, search information, and
         related metadata should be deleted by default after each
         session or within a specified time frame (triggerred by users,
         for example).  This protects users from unwanted surveillance.

   *  End-to-end encryption must be the default for any messaging in
      order to prevent network monitoring and ensure that digital
      communications remain private.

   *  Gender Sensitivity in Design:

      -  Gender-Informed Design: Designers should adopt a gender-
         sensitive approach when developing tools and applications.
         Recognizing the structural inequalities inherent in IPV helps
         build systems that are supportive of the unique needs of
         victims.

   *  Local Attackers and Sensitive Applications

      -  Security for Local Attackers: When designing sensitive
         applications, ensure that they are secure against local
         attackers, including those who may have physical access to the
         device.  Sensitive applications refer to any software or
         services that handle private or confidential data, such as
         personal accounts, financial tools, and communication
         platforms.

   *  Detection Tools and Analytics

      -  Building Detection Tools: Develop advanced detection tools with
         IPV-specific algorithms and systems.  These tools should focus
         on identifying patterns of control and abuse, as well as
         enhancing logging and analytics for detecting unusual or
         suspicious activity.  Consider guidance for building such tools
         [UNGUI].

Celi, et al.               Expires 12 May 2025                 [Page 14]
Internet-Draft                    ipvc                     November 2024

   *  Engineer plausible deniability for sensitive applications.

   *  Build detection tools and improve logging and analytics for user
      agents and devices with IPV in mind.

   *  Transparent Reporting: IPV-related issues should not be viewed
      solely as privacy concerns.  It’s crucial to address areas such as
      transparency in reporting mechanisms, identity management, and
      proper accountability measures in tech systems to counter the
      misuse of power.

   It is important to note that IPV should not be mistaken to be a
   privacy issue alone.  Furthermore any tech-based solutions and
   interventions that only address privacy can be used by attackers,
   helping them to cloak their attacks from the victim and other means
   of detection.  Power is imbalanced in IPV and technology entrenches
   power.[Citron]

   It's essential to acknowledge as well that implementing these
   recommendations will not fully eliminate IPV due to the broader power
   imbalances in society.  However, these measures can play a critical
   role in addressing the use of technology to facilitate abuse.
   Addressing IPV through technology must be viewed as a step toward
   giving victims the tools to regain control, while simultaneously
   limiting the means by which abusers can continue their attacks.

6.  Resources

   *  Cornell Tech's Clinic to End Tech Abuse
      https://www.ceta.tech.cornell.edu/

   *  List of domestic violence hotlines around the world
      https://en.wikipedia.org/wiki/List_of_domestic_violence_hotlines

   *  Procedures and tools for clinical computer security
      https://www.usenix.org/conference/usenixsecurity19/presentation/
      havron

7.  Security Considerations

   This document is about security considerations.

8.  IANA Considerations

   This document has no actions for IANA.

9.  Informative References

Celi, et al.               Expires 12 May 2025                 [Page 15]
Internet-Draft                    ipvc                     November 2024

   [APCFramework]
              Communication, A. for P., "A framework for developing
              gender-reponsive cybersecurity policy", n.d.,
              <https://www.apc.org/sites/default/files/gender-
              cybersecurity-policy-litreview.pdf>.

   [CDOHPFLDMR]
              Chatterjee, R., Doerfler, P., Orgad, H., Havron, S.,
              Palmer, J., Freed, D., Levy, K., Dell, N., McCoy, D.,
              Ristenpart, T., and E. Tseng, "The Spyware Used in
              Intimate Partner Violence", n.d.,
              <https://ieeexplore.ieee.org/document/8418618>.

   [CETAStrategies]
              Abuse, C. to E. T., "Resources from the Clinic to End Tech
              Abuse", n.d.,
              <https://www.ceta.tech.cornell.edu/resources>.

   [Citron]   Citron, D. K., "The Fight for Privacy: Protecting Dignity,
              Identity, and Love in the Digital Age", 2023,
              <https://wwnorton.com/books/9780393882315>.

   [CSP]      Abuse, C. to E. T., "Computer Security and Privacy for
              Survivors of Intimate Partner Violence", n.d.,
              <https://www.ipvtechresearch.org>.

   [Dragiewicz2018]
              Dragiewicz, M., Burgess, J., Matamoros-Fernández, A.,
              Salter, M., Suzor, N. P., Woodlock, D., and B. Harris,
              "Technology facilitated coercive control: domestic
              violence and the competing roles of digital media
              platforms", 6 September 2022,
              <https://www.tandfonline.com/doi/
              abs/10.1080/14680777.2018.1447341>.

   [DULT]     WG, I. D., "Detecting Unwanted Location Trackers", n.d.,
              <https://datatracker.ietf.org/wg/dult/about/>.

   [Freed]    Freed, D., Palmer, J., Minchala, D., Levy, K., Ristenpart,
              T., and N. Dell, "Technologies and Intimate Partner
              Violence: A Qualitative Analysis with Multiple
              Stakeholders", 2017, <https://doi.org/10.1145/3134681>.

   [IPVTechBib]
              Maynier, E., "Selected Research Papers on Technology used
              in Intimate Partner Violence", n.d.,
              <https://ipvtechbib.randhome.io/>.

Celi, et al.               Expires 12 May 2025                 [Page 16]
Internet-Draft                    ipvc                     November 2024

   [NCAV]     Abuse, N. C. A. D. V., "National Statistics Domestic
              Violence", 6 September 2022,
              <https://ncadv.org/learn-more/statistics>.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,
              <https://www.rfc-editor.org/rfc/rfc6973>.

   [RFC7624]  Barnes, R., Schneier, B., Jennings, C., Hardie, T.,
              Trammell, B., Huitema, C., and D. Borkmann,
              "Confidentiality in the Face of Pervasive Surveillance: A
              Threat Model and Problem Statement", RFC 7624,
              DOI 10.17487/RFC7624, August 2015,
              <https://www.rfc-editor.org/rfc/rfc7624>.

   [TBMDGMMDR]
              Tseng, E., Bellini, R., McDonald, N., Danos, M.,
              Greenstadt, R., McCoy, D., Dell, N., and T. Ristenpart,
              "The Tools and Tactics Used in Intimate Partner
              Surveillance: An Analysis of Online Infidelity Forums",
              n.d., <https://arxiv.org/abs/2005.14341>.

   [UNGUI]    Division, U. N. P. F. G. T., "Guidance on safe and ethical
              use of technology to address GBV and HP", n.d.,
              <https://datatracker.ietf.org/meeting/118/materials/
              slides-118-hrpc-unfpa-gbv-tech-guidance-00>.

   [UPMSG]    Unbreakable, "Unbreakable: Designing for Trustworthiness
              in Private Messaging", n.d.,
              <https://www.designtrustworthymessaging.org/>.

   [WHO]      Organization, W. H., "Understanding and Addressing
              Violence Against Women: Intimate Partner Violence", 2012,
              <https://apps.who.int/iris/bitstream/handle/10665/77432/
              WHO_RHR_12.36_eng.pdf>.

   [Witness]  Gregory, S., "Deepfakes, misinformation and disinformation
              and authenticity infrastructure responses: Impacts on
              frontline witnessing, distant witnessing, and civic
              journalism", n.d., <https://journals.sagepub.com/
              doi/10.1177/14648849211060644>.

Acknowledgments

   Thanks to:

Celi, et al.               Expires 12 May 2025                 [Page 17]
Internet-Draft                    ipvc                     November 2024

   *  Lana Ramjit and Thomas Ristenpart for their insipiring work on
      this area, and guidance for this draft.

   *  Shivan Kaul and Pete Snyder for discussions, guidance and support.

Authors' Addresses

   Sofia Celi
   Brave
   Email: cherenkov@riseup.net

   Juliana Guerra
   Email: juliana@usuarix.net

   Mallory Knodel
   CDT
   Email: mknodel@cdt.org

Celi, et al.               Expires 12 May 2025                 [Page 18]