When Julie’s boyfriend came home with a brand new iPhone for her at the end of the summer in 2019, Julie saw it as a peace offering—a sign that their relationship was on the mend.
A few weeks earlier, her boyfriend Steve had flown into a rage, trashing the apartment they shared, punching Julie in the face and breaking her nose. He’d smashed her phone when she tried to call for help. But now, here he was with a replacement phone, and despite Steve’s past behavior, Julie convinced herself the gift was a sign things would be alright. (Julie asked TIME to use pseudonyms for her and Steve to protect her privacy.)
She was particularly impressed that her boyfriend of two months had set up the new phone with her favorite apps and was encouraging her to get out and see friends.
“I had never been allowed to go out and enjoy myself,” says Julie, a 21-year-old living in London. “I thought it was a change in our relationship.”
The euphoria didn’t last. Six months later, as COVID-19 sent the U.K. hurtling into a lockdown, Julie found herself in a nightmare shared by untold numbers of domestic violence victims: trapped with an abuser who was exploiting the pandemic and using technology to control her every movement.
Abusers have long used tech to spy on victims, but the pandemic has given them greater opportunities than ever before. It’s much easier to get access to a partner’s phone to alter privacy settings, obtain passwords, or install tracking software when people are spending so much time together in close proximity. For couples not in lockdown together, abusers may feel a greater need to track their partners. Survivors have also reported that their abusers are surveilling them in an attempt to gather evidence of them breaking lockdown rules and using it against them.
Compounding the problem: it’s much harder for targets of abuse to escape as the fear of infection discourages them from moving in with relatives and friends or fleeing to shelters. And in-person counseling and other programs that serve people in abusive relationships who need help have been curtailed.
The problem of tech abuse pre-dates the pandemic, though data is limited. The U.K.-based organization Refuge, which assists domestic violence survivors, said in 2019 that around 95% of its cases involved some form of tech abuse ranging from tracking a partner’s location using Google Maps to downloading stalkerware and spyware apps on phones. In 2019, the U.S.-based National Network to End Domestic Violence found that 71% of domestic abusers monitor survivors’ device activities: 54% downloaded stalkerware onto their partners’ devices. A study published by the Journal of Family Violence in January 2020 found that 60–63% of survivors receiving services from domestic violence programs reported tech-based abuse.
Experts say that the pandemic has likely made the problem worse. In July, the antivirus company Avast said that after COVID-19 placed people around the world in lockdown, rates of spyware and stalkerware detection skyrocketed, increasing by 51% globally within a month of lockdowns being implemented in March. In June, the antivirus company Malwarebytes found that there was a 780% increase in the detection of monitoring apps and a 1677% increase in the detection of spyware since January. While anti-virus companies expected to see a small rise in the number of detected spyware apps due to improvements in their detection technology, the dramatic increase during lockdown was a red flag to them that abuse was increasing.
Eva Galperin, the director of cybersecurity at Electronic Frontier Foundation, says that anti-virus companies have good reason to warn that tech abuse is on the rise—it lets them portray themselves as solutions to a dangerous problem. “Having said that, this doesn’t mean stalkerware isn’t an increasing problem,” she says, “and that they aren’t the solution.” Domestic violence organizations have reported an increase in the number of reported tech abuse cases since the pandemic began in March, corroborating the findings of antivirus companies. Some survivors have reported stealth surveillance while others have been forced to share their locations with their abusers 24/7. Refuge reports that 40% of the 2,513 tech-abuse survivors who have sought their services since the pandemic began had also experienced sexual violence and 47% had been subject to death threats
“In lockdown, many of the women we supported were living with perpetrators of abuse, and we received countless reports of tech threats,” says Jane Keeper, the director of operations at Refuge.
One of those women was Julie.
When Julie, a hairdresser, met Steve on Tinder in June 2019, the connection was immediate. Within weeks, they were living together. And just weeks later, he began hitting her. Like many people in abusive relationships, Julie convinced herself that Steve would change, even as the violence became worse during their time together.
Then he gave her the new phone. Things seemed to improve, though Julie noticed that Steve was obsessed with making sure she always carried the phone with her and didn’t let the battery die. One evening a few weeks after he gave her the phone, Julie was on a cab ride home and received a text from Steve asking her to stop at McDonalds to grab dinner, telling her she would be passing one in five minutes. “How does he know what I’m doing?” Julie remembers thinking to herself.
She knew better than to ask him to explain. It would only make him angry. As months passed, Steve’s violent flare-ups returned, and Julie became increasingly concerned for her safety.
Finally in February 2020, Julie felt she could no longer handle the violence and controlling behavior. She contacted police, who put her in touch with Refuge, whose tech team assessed her phone.
“That’s when it clicked,” Julie says. “The phone was hacked.”
Steve had been using the new phone against Julie from the start. Among other things, he’d obtained her passwords to log into her social media accounts and had changed the privacy settings to track her location when she was out.
Such tactics instil fear in a person being abused; they know that if they change their phone’s settings, it will quickly become clear to the abuser. “So you just have to let it happen,” says Julie, who blocked Steve in February, only to have him find a way to access her accounts again later when they got back together.
Another form of tech abuse involves installing software on a device that enables someone to track and record everything, from text messages to phone calls. Steve had also done this with Julie’s phone.
Rebecca, 42, endured yet another form of tech abuse—involving a “smart” doorbell. Rebecca learned that her ex-husband was keeping tabs on her via the camera-equipped doorbell system on the London home where she lived with the couple’s children. (Rebecca asked that TIME use a pseudonym to protect her and her children’s privacy). But Rebecca feared taking the camera down. “He would tell me, ‘if you take those cameras down, you’re compromising the security of our children and I’ll report you to the police,’” she says.
So when the pandemic struck, Rebecca kept the cameras in place. In April, she says a neighbor saw Rebecca’s ex-husband beating her and called police. When officers arrived, the ex-husband told them he had video footage of Rebecca’s friend visiting her during the lockdown period, against coronavirus restrictions. “He used the doorbell to spy on what I was doing to try to get me in trouble with the police,” says Rebecca. (Police never followed up on the claims by Rebecca’s ex-husband that she was violating quarantine rules, she says.)
Many countries, including the U.K., have laws against stalking, but stalkerware apps themselves generally are not illegal unless it can be proved that they marketed themselves specifically to enable abuse. In the United States, for instance, only two stalkerware companies faced federal consequences between 2014 and 2019. One was ordered to shut down their application and pay a $500,000 fine. The other was barred from promoting their products.
Companies that market the software have a variety of means for dodging liability. Some avoid legal action by disguising themselves as parental surveillance applications. A stalkerware company that used to market itself as “Girlfriend Cell Tracker” now identifies as “Family Locator for Android,” according to Kevin Roundy, a researcher at NortonLifeLock, a cybersecurity company based in Tempe, Arizona.
“The application has the same functionality,” Roundy says. “It was clearly designed to covertly track a girlfriend but now is saying its purpose is to keep kids safe.” Part of the problem is that app stores allow these companies to market their products on their platforms: ‘Family Locator for Android’, for instance, remains available on Google Play Store.
Advocates say one solution would be to make it illegal for parental surveillance applications to operate in stealth mode, which leaves users of devices unaware they are being watched by an application downloaded onto their device without their knowledge. “It’s the stealth mode functionality of stalkerware that is extremely problematic and allows it to be misused,” says Galperin. “There is no reason whatsoever for companies not to have addressed this except that there is a market for it.”
Galperin says a big challenge of getting lawmakers interested in the problem is that cybersecurity debates orbit around questions of national security, not threats to individuals.
During the nearly one year they were together, Julie broke up with Steve at least once and even called the police on him to report the abuse. He was arrested, then released on bail, and the case was dropped. Eventually, the couple reunited—not unusual in abusive relationships, where victims are often driven by fear, financial dependence, and a genuine belief that they can fix the relationship.
But after the U.K. went into lockdown on March 23, Julie regretted letting Steve move back in with her. “It was his perfect scenario,” she says. “He could see and watch everything I was doing.”
Once, she sought refuge at a friend’s house. When she returned to the apartment, Steve poured bleach on her. “He said he could smell someone else on me,” Julie says. Finally in June, she broke up with Steve for good after again reporting his abusive behavior to police. They arrested Steve on domestic abuse charges, then released him on bail a few weeks later. Julie says she has not had contact with him since then.
Julie is now free from her previous relationship, but knows many others are not. And though the pandemic makes it more difficult for survivors to seek help, Diana Freed, a PhD candidate in Computing and Information Science at Cornell Tech who volunteers at the Clinic to End Tech Abuse, says it is crucial that survivors know there are still resources available to them. Her clinic, like many organizations, has made tech abuse services and information available online, offering webinars on how to disconnect from surveillance applications or leave toxic relationships.
For women like Julie and Rebecca, these services have been lifesaving during the pandemic. With the help of Refuge, Julie has secured all her devices and passwords as well as moved into a house with CCTV cameras installed outside. These services have helped her feel safe and secure. As the pandemic rolls on, Julie and Rebecca urge others not to delay seeking help.
“Because I can tell you,” Julie says, “it gets more dangerous when they start tracking you.”