When Irish actor Hannah Rose May got an alert on her phone from Apple’s Find My app she didn’t think anything of it. However, when she opened it she realised someone had used an AirTag to track her for more than two hours at an after-hours event at Disneyland.
May took to Twitter to share her experience, noting that she was lucky enough to have been able to disable the tracker before she drove home, and warned others about the potential danger posed by the small tags.
She isn’t alone. There are stories all over Twitter, Instagram and Reddit about incidents where people – often women – found they were being tracked without their knowledge. In August a man appeared in court in Wales accused of stalking his former partner, one element of which involved glueing an AirTag under the bumper of her car.
It wasn’t supposed to be like this when Apple released the AirTag in April last year – it was intended as a way to keep track of your belongings: keys, bags even a scooter. It was not intended to track people, either with or without their knowledge. But that is what has happened.
Apple has since made some changes to the system to try to limit any potential harm. On set-up users are warned against tracking people without consent, and also that tags could be linked back to owners by law enforcement.
The tags also alert people using iPhones if there is an unknown tag travelling with them through a pop up on their phone. The Find My app can then be used to play a sound to locate the tag and also to disable it. For those without iPhones Apple built the Tracker Detect app to scan for tags nearby. AirTags will also occasionally chirp to make their presence known once it is out of range of its owner for a period.
However, an unsuspecting victim could be carrying the tag around for a number of hours before being alerted, providing detailed location information to its owner.
Apple is not the only company to produce such tags. Tile, for example, has small Bluetooth trackers the size of a button that can be hidden inside bags and wallets, or stuck to the underside of a bicycle frame. They are designed to be subtle and when lost mode is activated, they use Tile’s network of users to ping their location back to the tag owner.
That makes them a risk for stalking. Earlier this year Tile added a “scan and secure” feature to its app that allows both Tile owners and those without an account to scan for tags that may be travelling with them. Smartphone owners must activate the scan manually and, with no pop-ups or audio alerts, it could be some time before a person is aware that their movements are being tracked.
One in five women in Ireland have experienced domestic violence, according to figures from Women’s Aid. Technology is playing an increasing role in violence against women, with 41 per cent of abused women saying they had experienced harassment or tracking by electronic means.
Technology meant to keep us safe and make our lives easier has become a weapon to be used against us. And it’s a problem that seems set to get worse as technology advances.
Location services on mobile phones can be used as a means to keep an eye on someone’s location; smart home technology, such as video doorbells, wifi connected alarms and IP connected cameras can be used to monitor who comes and goes from our homes and at what time, and what we are doing throughout the day. Add in some wifi connected appliances, and it builds up a detailed picture of your daily life that could be weaponised in the wrong hands.
There is a term for it: technology-facilitated abuse. It is the use of technology to control, threaten, monitor or harass someone. That can include the use of technology to track your whereabouts, monitoring your internet activity, or using fake profiles for harassment; excessive calls, emails and texts, or threatening, insulting or abusive messages to you or your family and friends. Sharing intimate images online without consent – image-based sexual abuse that is sometimes referred to as “revenge porn” – is also deemed abusive behaviour, and is now a crime in Ireland.
Denying access to technology to isolate someone or restricting access to finances using technology are also forms of abuse.
The impact can be devastating. Women who have suffered such abuse report feeling anxious and vulnerable, and a lack of control over their own lives. The invasion of privacy, the potential damage to personal relationships and their reputations has far-reaching consequences.
While the behaviour is acknowledged, knowing how to tackle it is another problem altogether. Support organisation Women’s Aid has produced several guides for women on how to stay safe, covering everything from mobile phone safety to deleting browsing history.
This week sees a new guide published that aims to provide further support to women who have experienced this abuse. Produced by Safe Ireland, in association with the National Cyber Security Awareness (NCSA) Task Force, it is intended to be used by frontline domestic abuse responders to help support women who have been victims of technology-facilitated abuse. It is part of a 12-month collaboration between the two organisations.
At first glance it doesn’t seem like a natural fit. Safe Ireland is the national development and co-ordination body working to eradicate domestic abuse and coercive control in Ireland; the NCSA taskforce brings security professionals together to discuss forces that reduce human risk in a world of borderless security. But the two are crossing over more and more lately.
During the pandemic domestic violence surged in Ireland. And, according to Safe Ireland, that included a rise in the use of technology-facilitated abuse against women.
Add in the shift to hybrid working, and Safe Ireland says a number of gaps around tech security were highlighted that need to be addressed.
It was a conversation between two old friends that kicked off the collaboration. Claire Kearney, from Safe Ireland, and Connor McEnroy, who works with Hewlett Packard Enterprise (HPE) in Galway, were on a camping trip when a conversation about their work prompted the idea that the domestic abuse sector and the cyber security industry could collaborate and come up with a way to deal with what was obviously a growing problem.
That led to a call with HPE’s Joanne O’Connor and Annie Hennelly to come up with ideas to help Safe Ireland develop a response to the problem, and they tapped their network of cyber security experts to help.
Then came the NCSA task force’s involvement, which identified several gaps in the current awareness and training aspects of responding to women in domestic violence situations, specifically around the weaponisation of technology and the acceleration of abuse it facilitated.
“Our collaboration with the National Cyber Security Awareness Task Force focuses the expertise, knowledge and training of the cybersecurity industry in Ireland directly on the dynamics of coercive control and actively supports frontline domestic violence services in their response work,” said Mary McDermott, chief executive of Safe Ireland. “It is much-needed, and will strengthen victims’ capacity to identify and act effectively to limit abusive control of their lives.”
The new booklet is designed not only to be used by charities and refuges dealing directly with victims of abuse, but also gardaí, nurses and other healthcare professionals who may encounter women and children at risk of abuse. Safe Ireland is also hoping that it will be used by friends and family of victims.
Staying off technology isn’t always a possibility. But tech companies can also play a part in solving the problem, becoming more conscious of their role in the safety of their designs when developing online products and services. Online platforms, for example, should make reporting tools easy to locate and simple to navigate, providing contact information for the relevant law enforcement and authorities.
Safe Ireland points to technology design principles devices by tech giant IBM to combat domestic abuse that companies should consult when designing or reviewing their products, services and tools. These include diversity in the development team; empowering users to make informed choices on their privacy; building secure technology, while collecting only the necessary data; combating gaslighting with timely reminders and notifications; and ensuring products are accessible to all regardless of technical ability.
“Many of us rely on technology and social media to keep us connected to work, friends and the businesses or services we need. This connection is important for all of us,” Safe Ireland said. “However, for women experiencing domestic abuse and coercive control, connecting online comes with many risks.”
Warning signs of technology-facilitated abuse
– Unexpectedly locked out of accounts
– Device is slower to switch on, a spike in data usage, or battery life is poorer than usual
– Unknown financial transactions on accounts
– Perpetrator has access to information he or she shouldn’t, such as location
– Insists on sharing passwords or gaining physical access to devices
– Sets up a new camera or security system that seems unnecessary
– Gives the children new electronic gifts and insists that these are used