Amy had been enduring violence from her husband for more than a year when she made the decision to leave in 2016. He had isolated the 27-year-old mother of two from her family and friends, forced her to quit her job and monitored her electronic communications by phone and computer.
Amy had tried to leave him on two prior occasions, but both times he caught her when she reached out for help. (CNBC has changed her name and some details to protect her safety.) He threatened her by saying he was tracking her whereabouts.
Then, Amy came across an organization called Operation Safe Escape when reading postings on a social media website for survivors of domestic violence. It's a charity made of up of security experts who offer technical assistance to victims of violence through local shelters and safe houses.
Amy used a secret application designed by software engineer volunteers for domestic violence victims under surveillance by their abusers. The app was made to look like the innocuous sort of smartphone download most people have on their phones, but with a hidden backdoor, where Amy could keep the important details of her escape plan.
She used the app to plan a careful exit strategy to a safe house. On the day she left, Amy followed Operation Safe Escape's guidelines, which included resetting her phone to its original factory settings and leaving it on the kitchen counter. She picked up a new prepaid phone provided by the organization, with the app installed and all her safety plan information included. This time, she was able to get out safely with her children, according to Operation Safe Escape co-founder and senior adviser Christopher Cox.
A frightening paradox
When Cox, a cybersecurity expert, first tried to describe the technology challenges of people stuck in violent domestic situations, he ran into a problem. People in his profession couldn't imagine a victim of keyloggers or spyware — common malicious software associated with cybercriminals — living with the perpetrator 24/7, and hadn't thought about how to design for that scenario.
But the problem is common among domestic violence victims, Cox said. It's why he and around 30 experts in different security disciplines worked to establish Operation Safe Escape in 2014.
The organization helps create solutions for victims who often have very little personal privacy, including over their technology and devices. They also help advise shelters on how to help their clients leave their abusers, one of the most dangerous periods for a domestic violence victim.
"Many people, when they find out a friend or family member is in a situation like this, will tell them to call a local shelter or domestic violence hotline. But for many of these victims, their channels of communication are being tracked, their cell phones are being checked, their computers are being checked, they don't have a lot of freedom of movement," said Cox.
"When it really becomes dangerous is if the individual is gaining their own sense of control and getting ready to leave, that means the abuser is losing their control. And they will do anything to get it back."
This is what Amy experienced, he said. After each attempt to leave, her husband shut down her access to the outside world further.
Security professionals, typically trained in dealing with corporate crises or public disasters, already know the importance of establishing clear channels of communication. But when the crisis is happening in the home, securing the channel itself is safe becomes a priority and a new challenge, Cox said.
The smartphone app Amy used to store her safety plan is one key, he said. Safety plans can include shelter addresses, phone numbers of a divorce attorney or a newly established bank account or credit card numbers. These are stored and encrypted on a secure server, so if the phone is lost or stolen, the information can be retrieved on another device.
Cox and his colleagues also conduct frequent Q&A sessions via social media for victims or people helping them. He advises people to "self-dox," or quickly find as much information about themselves online as they can, and work to take down those public details that before an abuser follows the same trail. The tactic works for anyone seeking more online privacy, he said.
Operation Safe Escape also advises clients to use Tails — short for The Amnesic Incognito Live System, a Linux-based service that provides anonymous internet access and is popular with hackers — or another virtual private network, particularly if they escape to a shelter or hotel that only has open wireless networks. These steps can help bypass spyware, a type of malicious software that abusers sometimes install to monitor a victim's computer.
'Endless' surveillance options
"It never ceases to amaze me how creative abusers can get," said BilliJoy Carson, who founded Arizona-based Kick at Darkness, an organization that has worked with Operation Safe Escape and provides support and counseling to survivors of domestic abuse, trafficking, stalking and assault. New technology has also made many abusers more enabled and more creative than ever, she said.
"You can have a really dumb abuser with smart tech and now they're a smart abuser. And many apps that are created for a good purpose are then used for control," she said. Carson said she's seen abusers track victims by using apps meant to allow parents to check in on the location of their children, or ensure a friend got home safe from a night out.
Maureen Curtis, vice president of criminal justice programs for New York-based Safe Horizon, the city's largest advocacy organization for victims of violence, said technology has greatly changed how advocates advise victims of violence. As part of their response to the problem, Safe Horizon partnered with IBM last year on a training program meant to help staff members learn about best practices for preserving safety and privacy online.
In the past, abusers would typically keep tabs on their victims through a limited series of actions, like checking the mileage on a victim's car whenever he or she arrived home, Curtis said. The electronic options for tracking are much vaster, including work and home computers, personal phones, and even other internet-connected devices like smart watches or fitness bands.
"Historically, we may have responded by having a standardized safety plan, which involved a series of common steps -- like going to a shelter, getting an order of protection," Curtis said.
"Now it really has to be individualized. A person may be stalked via email or by their phone, or threatened by text message. Often the person who is stalking is very tech savvy."
