Decrypting sextortion
7 Dec 2016 13:30h - 14:30h
Event report
[Read more session reports and live updates from the 11th Internet Governance Forum]
The session started with introductions by Ms Catherine Garcia van Hoogstraten, Digital Governance, Information Technology & Cybersecurity advisor, researcher and lecturer at The Hague University of Applied Sciences, describing sextortion as a phenomenon consisting of non-consensual pornography: images and videos obtained by stolen, leaked or shared photos. She went into further detail by stating how the current architecture of the Internet and social media enables increased forms of exposure and how these vulnerabilities can lead to scalability, replicability and searchability of private information.
After the panellists introduced themselves, the discussion started with Ms Alejandra Cantón Moreno, CISO at Giesecke & Devrient, asking participants to question who we are and what constitutes part of our identity, saying how all information which is part of our identity requires protection. She continued by talking about how social engineering is used to steal sensitive information. She presented the social engineering experiment she conducted for the workshop to demonstrate how trusting people can be with their personal data, even a highly ‘aware’ and ‘knowledgeable’ crowd at an event such as the global IGF. More than 50 IGF participants were asked for info such as their name, company, email address and only 6 people asked for detailed information from the surveyors and answered the questions after receiving superficial information. Only one person refused to provide personal information stating they already have during registration. This displayed how easy it is to obtain information through social engineering, highlighting the vulnerability of younger people as well as the less digitally aware adults. Moreno underlined how a few pieces of personal info could lead to identity theft and other negative outcomes.
Mr Nicolás E. Díaz Ferreyra, PhD Fellow at the User-Centered Social Media RTG, University of Duisburg-Essen, Germany, took the floor introducing his research on online self-disclosure, stressing how people can be unaware or forget the fact that social media services and other online services used are not free of breaches like identity theft, stalking, information leakage and so on. Mentioning how everyone discloses vital, basic information and the fact that online and offline social norms of sharing information is not the same, users are emotionally unattached from the info they provide online, compared to the real world. Ferreyra talked about the importance of raising awareness of the possible dangers to information sharing online. He elaborated on the instructional awareness system they used particularly on Facebook, which requests consent when a user is about to release an intimate image or video.
Ms Arda Gerkens, President, International Association of Internet Hotlines & Managing Director and member of Dutch Senate, went back to social engineering by giving examples of how sharing seemingly trivial info can lead to contact by strangers looking to gain trust which may lead to sharing of photos and videos which will later can used for sextortion purposes. She also mentioned that young people could not think of the possible consequences when sharing sensitive images.
Ms Su Sonia Herring, ISOC IGF Ambassador and Youth IGF Delegate from Turkey, added to the discussion by quoting the research paper conducted in late 2015, which found that focus on negative outcomes is not very effective as a discouragement for youth and in fact, it has recently been shown to have the forbidden-fruit effect. She also noted that many young people were more aware of consequences of self-disclosure than their adult counterparts and this did not prevent them from sexting or similar online sexual behaviour; concluding that instead of focusing on negatives education youth and adults to take part in safer sexual online expression could be more beneficial.
A participant mentioned how research displayed young people in India who use sexting and similar practices are very aware of what they are doing, the possible consequences and stated how the term ‘excessive self-disclosure’ may conclude in victim blaming/shaming. Gerkens stressed the difference between consensual and non-consensual sharing while pointing out serious consequences of sextortion leading to victims of suicide.
Ms Jamila Venturini, Researcher at Centre for Technology & Society at FGV Rio Law School, said that with time, users have gotten used to providing personal information guided by the terms of Use (ToU) even when the terms are not explicitly accepted, the fact that the services are used imply that terms are accepted. Citing her study which analysed approximately 50 online platforms’ ToU, it found that there were plenty of rules regarding privacy and the protection of data. She added how the language of these terms is not easy to understand as it is mostly complicated law jargon, which opens the way for companies to use the data of their users more freely. The analysis also displayed common points between different ToUs in the way that they said the data provided may be shared with third parties, may be stored for a certain amount of time and so on. Help pages and videos that inform users were mentioned as good examples. She highlighted that when it comes to freedom of expression, ToU did not seem to address the subject as much as privacy, and when it does it usually refers to copyright issues. The general clauses which state that certain content may be taken down, provide no transparency when it comes to the process of taking down content; such as when, how and under which circumstances the take down would occur, which directly relates to cases of sextortion. Venturini also mentioned that 44 platforms out of 50 stated that they may take down content without notifying end users.
Ms Maria Cristina Capelo, Public Policy & Government Relations at Google, stated that there is a consistent approach for dialogue from platforms and products and that Google is in constant dialogue with advocacy groups, reminding everyone of the fact that revenge porn did not exist when ToUs were created. She stressed that companies take this issue seriously and when non-consensual sexual content is asked to be taken down, this request is approved. This is effective across all Google platforms and products. She noted that removing unlawful content from a search engine did not remove it from the Internet and that Google also demoted search results of sites that were known to host illegal content including revenge porn, or any content. The crime across countries may not (and usually does not have) explicitly stated legislation for all platforms to do their jobs more effectively. This lack of legislation is contributing to the problem.
Ms Hanane Boujemi, Hivos Senior Manager Internet Governance Programme, iGMENA, brought up that not only women but men are also victims to these crimes while touching on the fact of how having legislation was not always easy across different countries and cultures. She underlined taking down content may result in problematic implications again across different cultures since it can be used to silence and censor LGBT or minority sexual expression online. Boujemi underlined the need for more comprehensive rules and guidelines on online platforms.
Gerkens took the floor and called for all platforms to use hash technology to prevent re-uploading of known sexploitation content which is also a serious problem for victims. While a participant stressed the need for automated responses for faster action, another participant asked for legislation efforts to be heightened across countries. A British politician mentioned the İstanbul Convention, how it was not ratified and even certain signatory countries were considering withdrawing their signatures because the implementation was too expensive. It was mentioned how ratification, implementation and enforcement was very important and that people should remind their governments that this is costing lives.
Garcia van Hoogstraten said that there was concrete criminalisation of sextortion in countries across the world such as the US, Israel, Canada, Japan, and the Philippines, and that Brazil was considering legislation. However, she highlighted that any legislation addressing sextortion should not be limited to those conducted by current or former partners since hackers who do not personally know the victims engage in sextortion very often.
The session ended with a participant who mentioned the need to consider the problem of enforcement, even when it is in legislature, due to cultural norms and the reluctance of the law enforcement to consider sextortion as a serious crime and the problem of rape videos in places like India where there are different layers of crime. She also touched on different consequences for the male and female users. It was also mentioned that there was rise in the male victims of sextortion by 50% percent in recent years. There were suggestions to look for solutions in the offline world from a social, cultural aspect and the need for education to combat sextortion.
by Su Sonia Herring, Internet Society Turkey