Internet-Draft | ipvc | March 2023 |
Celi, et al. | Expires 14 September 2023 | [Page] |
This document aims to inform how Internet protocols and their implementations might better mitigate technical attacks at the user endpoint by describing technology-based practices to perpetrate intimate partner violence (IPV). IPV is a pervasive reality that is not limited to, but can be exacerbated with, the usage of technology. The IPV context enables the attacker to access one, some or all of: devices, local networks, authentication mechanisms, identity information, and accounts. These kinds of technical compromise exist in addition to on-path attacks, both active and passive [RFC7624]. In this document we describe the tactics the IPV attacker uses and what kind of counter-measures can be designed in IETF protocols.¶
This note is to be removed before publishing as an RFC.¶
Source for this draft and an issue tracker can be found at https://github.com/claucece/draft-celi-irtf-hrpc-ipvc.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 14 September 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Intimate partner violence (IPV) refers to physical, emotional, verbal, sexual, or economic abuse of a person by a current or former intimate partner. It is understood that in IPV cases there is an unequal power relationship that enables the abuser to cause harm in romantic or sexual relationships, as well as child or elder abuse, or abuse by any member of a household.¶
Digital technologies are central in modern lives and can be used as a way to enable and enhance IPV. At the same time, IPV is not considered enough when designing digital technologies, networks, or Internet protocols against threats. This lack of consideration has put pressure on health professionals and social workers to mitigate technology-enabled abuse and its effects. In turn, survivors and targets develop ad hoc strategies for digital privacy and safety for themselves alone and only in rare cases are protocol design or cybersecurity best practice available tactics. This type of abuser, "the attacker you know", is neither on- nor off-path, they have complete access to-- perhaps even share-- devices and local networks. They can even coerce their targets.¶
This document describes the tactics used in technology-based IPV. It provides recommendations for the design of protocols and implementations to mitigate those tactics. In what follows, we first describe IPV and related terminology, the kind of tactics attackers use, and we end with the recommendations.¶
Technology enables and enhances IPV attacks with pervasive surveillance, overt monitoring, and coercive access. IPV refers to physical, emotional, verbal, sexual, or economic abuse of a person by a current or former intimate partner. By "partner" we mean anyone with a close relationship with the victim that can exercise abuse in a romantic or sexual relationship, as well as child or elder abuse, or abuse by any member of a household. In cases of IPV there is an unequal power relationship that enables the attacker to cause harm. [Dragiewicz2018] calls this "digital coercive control" whereby Internet-enabled technology-- through access to local networks, devices and accounts-- becomes a mechanism to exert control, to conduct surveillance, or to aggravate and harass.¶
In the rest of this draft, we will use this terminology:¶
In order to describe IPV attacks that are enabled or exacerbated by Internet technology, we first describe our assumptions about the attacker and common tactics that can be used. Then the types of technology-enabled IPV attacks are described.¶
The attacker we present in this document is one that either has forceful control of accounts, devices, and/or authentication information for accessing systems, or uses public information to exercise control. The kind of attacker can be technologically savvy or not. We define this attacker as one of the strongest ones as it can have unlimited access to systems and devices.¶
The attacker has some kind of physical access to the victim (or has had it in the past), and often shares a common social network with them. In some cases, it can be the legal owner of the devices/accounts a victim uses.¶
There are many ways in which digital and networked technology can facilitate an attacker perpetrating IPV. Here we informally list their main groups:¶
Monitoring: One of the most prevalent methods to enhance IPV is the usage of active monitoring of any online account that the victim has or of any action that the victim does in the digital world. This includes a variety of behaviors that feel unwelcomed and intrusive, and can involve threats. The monitoring is "active" in that is a permanent action that the victim can be aware of or not, and that the abuser might want to make them aware or not. It can include:¶
In this type of attack, we see these dimensions:¶
Compromise of accounts: Research suggests that in IPV, an attacker may demand access to a victim's accounts for continuous monitoring and/or restricting their communication with others. This is different from the previous point in that the perpetrator demands access (or uses invasive tools) to tools and contents, rather than using "publicly available" tools or by monitoring without coercion. This type of attack is mounted in order to reduce the "life space" or "space for action" that the victim-survivor may have to perform activities that do not involve their attacker. Once an attacker has access to an online account, they can use that to:¶
Compromise of devices: This attack is similar to the above, but the attacker demands access to the victim's devices. The goal is the same as the above but the result is more impactful as it restricts access to accounts that are accessed through the device. It can also prevent any connection to the Internet. Once an attacker has access to the device, they can use it to:¶
Harrassing: This type of attack seems to appear in different dimensions:¶
Harrassment can be anonymous, but a victim often knows from whom harrassment messages/actions come from; but, due to its anonymity, it is unable to hold atackers accountable. The systems we have in place often need that harrassment content is permanently available so that an investigation takes place. This enhances the abuse a victim is suffering.¶
The above attacks can be carried out in different ways. We list there the most common ones:¶
In the research of the ways attackers use technology to enhance IPV, we see this specific technology being abused:¶
Lack of blocking mechanisms and abuse of anonymous mechanisms: Often times attackers carry out abuse by:¶
We list here some recommendations to protocol designers to mitigate technology-enabled IPV:¶
Build proper authentication systems: authentication mechanisms should provide:¶
Storage and sharing of media: media should be stored/posted in such a way that:¶
Social media: social media can be a way for attackers to enhance monitoring. They should:¶
This document has no actions for IANA.¶
Thanks to:¶