“Stalkerware” developer fined $410,000 by NY Attorney General, required to notify victims

As recently reported by the Electronic Frontier Foundation, the New York Attorney General fined Patrick Hinchy and the 16 companies he runs a total of $410,000 for producing and selling spyware and stalkerware apps. Such apps can be used, as the name suggests, to spy on or stalk another person, often a spouse or intimate partner. Users were able to access victim’s personal messages, view their location, activate the microphone remotely, and more.

In addition to the fine, the companies have been required to notify victims that their devices were compromised and modify the spy app’s previously-obscured icon on the victim’s device to indicate it’s true purpose, as well as providing more information if the app is opened. They are also required to post removal instruction on their website and provide links to domestic violence resources.

In a press release announcing the move, New York State Attorney General Letita James noted, “[s]nooping on a partner and tracking their cell phone without their knowledge isn’t just a sign of an unhealthy relationship, it is against the law.” Specifically, its use likely violates federal wiretapping laws, state recording and privacy laws, the Electronic Communications Privacy Act (ECPA), Computer Fraud & Abuse Act (CFAA), and more. Purchase and use of these tools have already led to convictions, and this move may lead to even more.

The recent move against stalkerware developers is a significant victory for those who have had their privacy violated by these malicious apps. Not only does it provide a sense of relief for survivors of domestic violence and victims of stalkerware, but it also serves as a warning to those who may consider purchasing these apps. They should be aware that they are breaking the law and that sooner or later, the consequences will catch up with them.

As a proud founding member of the Coalition Against Stalkerware, Operation Safe Escape applauds the actions taken by New York and encourages other states to follow in their footsteps. While there is still much work to be done in the fight against stalkerware, this is a pivotal shift shift toward the right direction.

Proposed England and Wales law would decriminalize non-consensual deepfake pornography and removes the barrier of “intent”

A proposed new law in England and Wales will close a loophole in non-consensual pornography laws and criminalize the sharing of pornographic deepfakes without consent.

The Online Safety Bill removes the requirement for prosecutors to prove an intent to cause distress, which has allowed offenders to avoid prosecution in the past by claiming they didn’t “intend to cause harm.”

Deepfakes allow creators to overlay an individual’s face on another person in a video, often making it look like the target is performing the actions in the source video. This has been for comedic effect, such as overlaying Steve Buscemi’s face over Jennifer Lawrence’s appearance at the golden globes, or less commonly for political purposes. Unfortunately, the technology can also be used to seemingly place an unwilling victim into pornographic videos.

Partially due to a growing awareness of deepfake technology, lawmakers felt compelled to tighten and update existing laws to aid in prosecution and protect victims of fake and nonconsensual pornographic images.

When announcing the measures, Justice Secretary Dominic Raab said they wanted to “give women and girls the confidence that the justice system is on their side and will really come down like a ton of bricks on those who abuse or intimidate them”.

In a BBC interview in 2021, one unnamed deepfake porn creator said that such measures would make him stop doing it. He said, “if I could be traced online I would stop there and probably find another hobby.”