Research conducted by Deakin researchers has found that readily available consumer spyware products potentially violate a range of Australian laws, relating to harassment, stalking, identity theft and fraud.
The Consumer Spyware Industry
Invasive surveillance software, known as ‘spyware’, is presently available to general consumer audiences. A sizeable market has emerged of a number of companies who sell spyware targeted at consumers who wish to place a smartphone or personal computer under intensive monitoring. This research focused exclusively on smartphones and discovered that it is relatively easy to purchase software that can remotely collect text messages, phone conversation recordings, GPS location data, and access the camera of a targeted device. Crucially, this data can be collected ‘by stealth’ with the user of the device having no indicators that their privacy is being compromised.
The widespread availability of spyware therefore, creates clear risks that this software can be used abusively. It is easy to anticipate that spyware will be used to violate individual’s privacy and that compromised data will be used as an aid for harassment, intimidation, bullying, and coercion. Abusive use of spyware has already been widely documented in the context of domestic and family violence. Women’s Aid (2018) in the UK report that 29% of abuse victims experienced the “use of spyware or GPS locators”, in 2017 there were 130 reported cases of spyware to the UK’s National Stalking Helpline (Lyons 2018), and in the US, there have been a number of notable homicide cases wherein perpetrators tracked their victims through the use of spyware (Citron 2015).
Beyond domestic and family violence, spyware is also a threat to general privacy. Deploying spyware against an individual without their knowledge is a clear violation of their human right to privacy (Article 12, UDHR), and as will be explored in later chapters of this report, in violation of multiple laws within Australia. It is neither morally or legally acceptable to ‘spy’ on others and yet multiple ‘spyware’ vendors eagerly advertise the ‘spying’ capabilities of their product. Consider, for example, the names of spyware companies: ‘MSpy’, ‘FlexiSpy’, ‘TheTruthSpy’, and ‘SpyEra’.
Consumer spyware is a threat to digital privacy. It could act to undermine digital confidence in the privacy of our smartphones, and it should always be emphasized that it is a particularly acute danger to victims of domestic and family violence. Combatting the abusive threat of consumer spyware is therefore urgently required. It is necessary to explore the policy options of limiting, mitigating, and if possible, eliminating, the threat of spyware. This report will hopefully offer a contribution to this goal.