EU Cyberpolicy Forum: Regulating stalkerware and other forms of gender-based cyber violence in Europe: perspectives from politics, industry and civil society
Arnaud Dechoux, Public Affairs Manager Europe
The topic of gender-based online violence – also referred to as ‘cyberviolence’ – is an issue for which both EU and national authorities and stakeholders are starting to consider a need to act by developing online and offline solutions and by proposing legislation. Given the increasingly rapid digitalization of our daily lives caused by the pandemic, many reports, such as Kaspersky’s State of Stalkerware in 2020 report and studies like the EPRS study (Combating gender-based violence: Cyber violence, 2020), clearly show that cyberviolence cases, such as those involving the use of stalkerware, have dramatically risen in recent years.
As a response to this worrying trend, the European Parliament is currently discussing two initiative reports (one on cyberviolence, the other on gender-based violence) that aim to address the challenges brought by gender-based online violence and cyberstalking. Also, in the fourth quarter of 2021, the European Commission should be publishing a legislative proposal on combating gender-based violence, for which it has already conducted a public consultation to which Kaspersky contributed.
With our new edition of the EU Cyberpolicy Forum: “Regulating stalkerware and other forms of gender-based cyber violence in Europe: perspectives from politics, industry and civil society”, we gathered high-level experts and policymakers to understand how to best prevent the rise of cyberviolence and identify the best practices to protect the victims of such abuses.
Although this topic is only recently gaining the attention it deserves at EU level, our discussion was fueled by top-class speakers from EU agencies and institutions as well as from cybersecurity stakeholders: Alessandra Moretti, Member of the European Parliament (Italy); Alessandra Pauncz, Executive Director at the European Network for the Work with Perpetrators of Domestic Violence (WWP EN); Cláudia Pina, European Judicial Cybercrime Network Support Team Coordinator at Eurojust; and Christina Jankowski, Senior External Relations Manager at Kaspersky.
Regarding the state of play of cyberviolence in Europe, all the speakers recognized how online forms of violence have increased during the pandemic and how cyberviolence could already be considered a European, cross-border issue. As explained by Cláudia Pina, EU national courts (such as in Portugal and Estonia) already deal with stalkerware-related cases. Christina Jankowski confirmed that Kaspersky detected in 2020 stalkerware cases in all 27 Member States of the European Union, with Germany, Italy and France being the three most-affected countries, in that order. She added that, according to the European Institute on Gender Equality, 70% of women who have experienced cyberstalking have also experienced at least one form of physical or/and sexual violence from an intimate partner.
Looking at the potential solutions, Alessandra Moretti insisted on the need not only to urgently adopt an EU law against cyberviolence, but also on the need to have – as supported by all the speakers – a common definition of cyberviolence. Discussing stalkerware apps specifically, Alessandra Pauncz declared in the same way that, such ‘disrespect of privacy’ needed to be addressed from a legal standpoint, particularly as stalkerware lies on the same continuum as gender-based cyberviolence.
Finally, the conversation focused on the general lack of awareness and training as well as on the need for online service providers and the public sector to better coordinate (together with NGOs and NPOs), as highlighted by Cláudia Pina. For Alessandra Moretti, preventing gender-based violence also means educating young people and addressing the issue of cyberviolence in schools. On the issue of raising awareness and the help to be provided to victims specifically, Christina Jankowski explained that Kaspersky co-founded the Coalition Against Stalkerware together with WWP EN and eight other organizations either working with survivors or perpetrators of domestic violence, and is active in digital rights advocacy for cybersecurity companies. Beyond that, Kaspersky works with the partners of the Coalition to further develop TinyCheck, a free and open-source stalkerware detection tool, designed specifically for non-profit organizations to help support victims/survivors of domestic violence and protect their privacy. In view of the DeStalk project, supported by the Rights, Equality and Citizenship Programme of the European Union, in which WWP EN and Kaspersky are part of the consortium, Alessandra Pauncz argued that working with tech professionals and well-trained service providers was of utmost importance for the sharing of necessary technical knowledge to be able to safely remove malicious apps as well as to have similar criteria for detecting stalkerware apps.
We look forward to hosting you at our next #EUCyberPolicyForum. If you are interested in participating in forthcoming EU policy-related webcasts organized by Kaspersky, please send us an email at email@example.com. In the meantime, you can watch the recording of our webcast here.
Coalition Against Stalkerware: If you suspect being monitored or want to educate yourself on how to help victims and survivors, you can find the Coalition’s video on stalkerware and how to protect against it on the homepage of the Coalition Against Stalkerware website (stopstalkerware.org, available in English, German, Spanish, French, Italian and Portuguese). A dedicated page on stalkerware detection, removal and prevention is also available here, and the list of organizations able to support victims and survivors can be found here.
Organizations that want to become partners and/or be listed on the resources’ website may contact the Coalition Against Stalkerware via the website.
TinyCheck: the source code of the stalkerware detection tool TinyCheck, as well as some technical documentation, can be downloaded here on Github. A short explanatory video is available here on YouTube.
DeStalk: In the EU-funded DeStalk project, the consortium – consisting of major gender-based violence and cybersecurity experts from Fundación Blanquerna, Kaspersky, Una Casa per l'Uomo, Regione del Veneto and the WWP European Network – works together to develop strategies and tools to recognize and eliminate gender-based cyber violence and stalkerware in intimate relationships. Most importantly, the project team will create an e-learning package on cyberviolence and stalkerware, available in most-spoken European languages and targeting practitioners, authority officials and policy-makers. Beyond that, the consortium will upgrade and test existing tools for practitioners working within victim support services and perpetrator programmes. Last but not least, there will be a test of a regional pilot awareness-raising campaign combined with replication guidelines to be used by strategic stakeholders.
Visit the project website, available in English, German, Spanish, Italian and French. At the bottom of the page you can subscribe to the project newsletter to get the latest updates on the training sessions.
Recent national regulations addressing digital stalking:
- In 2020, France introduced a new bill on domestic violence which, among others, reinforced sanctions on secret surveillance: geolocalizing someone without his/her consent is now punishable with one year’s imprisonment and a fine of 45,000 euros. If this is done within a couple, the sanctions are potentially higher: two years' imprisonment and a fine of 60,000 euros. Link to the bill (article 17): here.
- In Germany, an ongoing legislative process on the Act to Amend the Criminal Code: more effective combating of stalking, and better recording of cyberstalking – specifically mentioning stalkerware. In the government draft of the law, one amendment is made in § 238 (2) 5., describing particularly serious cases of stalking if the offender “in the course of an offense as defined in paragraph 1, number 5, uses a computer program whose purpose is the digital spying on other persons.”
- In May 2021, the Diet, Japan’s parliament, enacted a bill to amend the stalker regulation law. In addition to other aspects, under the revised law obtaining location information of people's smartphones through apps without their authorization is illegal. The scope of places for stalking subject to regulation was expanded to newly include "current locations" of targets, in addition to their homes, schools and workplaces, as stalkers in some past cases were able to identify real-time locations of their targets based on social media posts.