FEATURE: E&T MAGAZINE – IoT devices and smart domestic abuse: who has the controls?

From revenge porn to cyber-stalking, digital technologies have created new means for gender-based domestic violence and abuse. As Internet of Things-enabled systems flood our homes and lives, should we be on our guard?

In May 2018, in the first case of its kind in a UK court, a husband was convicted of stalking after he spied on his estranged wife by hacking into their smart home hub, installed in the kitchen.

Using a mobile app, the perpetrator logged into the audio facility on the iPad system display and listened in as his spouse confessed to her mother that she no longer loved him. Moments later he was at the door, confronting her about what she had just said.

The story is one of the first recorded instances of Internet of Things (IoT) technology – in this case a wireless system used to control the lighting, central heating and alarm – being deliberately abused by a domestic partner.

While no physical harm came to the victim, research shows the incident could have had a more violent end. According to the charity Refuge, two women are killed each week by a current or former partner in England and Wales; one in four will experience domestic violence in their lifetime, with women twice as likely to be victims than men.

The recent conviction is timely, given that researchers at the University College London are concluding a six-month feasibility study into the implications of IoT on gender-based sexual and domestic violence and abuse.

‘IoT’ in the study refers to interconnected ‘things’ and systems which are the direct and indirect extension of the internet into a range of physical objects, many of which were previously offline, such as lightbulbs and smart meters.

“Just like laptops or smart phones, IoT devices harvest data; however, due to their interconnectedness, they provide even more granular information about the habits and preferences of users,” explains lead author of the Gender and IoT (G-IoT) study, Dr Leonie Tanczer, a social scientist at the university’s Department of Science, Technology, Engineering and Public Policy.

The research aims to ascertain if these types of IoT technologies are or could be used by perpetrators of domestic violence and abuse against their victims.

Domestic abuse is extremely complex. It can be sexual, economic and psychological, with abusers using different tools, including technology, to exert control and often isolate their victims.

Research has shown that common devices, such as smart phones and laptops, along with social networking sites, have been routinely used to facilitate online harassment, domestic and sexual abuse.

Examples include perpetrators using the ‘Find My iPhone’ app to track a partner’s location or purchasing a smart phone for a girlfriend or spouse and then controlling how and when they use it. In extreme cases, the offender will install spyware software, such as Spyzie and WebWatcher, to track the location and activity on a particular gadget.

The pervasive nature of IoT technologies creates new opportunities for such abusive behaviour.

“Internet-enabled household appliances, wearable devices, or connected autonomous vehicles create new interdependencies between systems that were previously neither ‘smart’ nor interlinked,” says Tanczer. “Our study examines how dynamics of tech abuse as seen with phones or social media usage could be applied to the IoT ecosystem.”

The G-IoT study is run in collaboration with the London Violence Against Women and Girls (VAWG) Consortium, Privacy International and the PETRAS IoT Hub. Tanczer and her colleagues Dr Simon Parkin, Dr Trupti Patel and Professor George Danezis interviewed key stakeholders, such as domestic violence and abuse organisations, frontline support workers, police representatives and academics. They have also begun compiling a technical analysis of the most common in-home IoT devices: Google Home, Amazon’s Alexa and Philips Hue Lightbulbs, examining how they are managed and accessed and how the user interacts and amends the interface.

What quickly became clear was that although IoT-mediated abuse is not yet widespread, these systems show potential for exploitation. They found issues around cross-platform interdependencies and data exchanges, shared accounts, tracking/location capability, audio and video functionality.

In a wider context, anecdotal evidence collected by Refuge and other organisations shows that when technology is used to abuse a partner it is often the perpetrator who is the most technologically savvy and therefore will install and manage the devices.

If an abuser buys an Amazon Echo for the home they will most likely be the main account holder, with the victim sharing its ‘benefits’. This means the perpetrator can login and view all the device’s voice command and purchase history, giving them an opportunity to spy on their unwitting spouse. Furthermore, to stop the device from recording, a user has to actively put it on mute, an action that could arouse suspicion in a controlling partner.

The study found that to isolate and exert control using an Amazon Echo account, the abuser could apply ‘Child Account’ settings to their adult partner restricting what the user can view or purchase through it.

“Social media abuse is more psychological, but with home devices it can be physical control, you could potentially deprive someone of their basic human needs,” explains Dr Trupti Patel.

For example, in an extreme scenario, with in-home systems such as Hive, which allows remote control of a thermostat, lights, plugs and to even detect motion in different rooms, potentially an abuser could deprive their victim of heating during winter, the use of electric plugs and also monitor them as they enter, leave and move around the house. Smart locks create similar risk vectors.

“Whereas before there may have been some escape time for the victim, because of the constant tracking nature of internet-enabled devices it could become impossible to find time and space to not be monitored, whether by a phone, a Fitbit or smart car,” says Millie Graham Wood, a solicitor at Privacy International. “It’s so granular that even if a spouse sneaked the heating on for 15 minutes, the smart meter will give them away.”

This is, of course, a futuristic scenario, but Tanczer says the aim of the study is to ‘proactively highlight’ opportunities for abuse so as not to have to react to the issues only after they present themselves.