In September 2024, APC brought together a group of experts from different regions working on gender, feminist technology, cybersecurity policy and governance, and technical standards to discuss and share viewpoints on gender approaches to cybersecurity. This report presents perspectives and insights shared at this event. The following were key observations made by participants during the roundtable:
- Cybersecurity threats to women and sexually diverse people need to be considered holistically and take into account the nuanced experiences of communities in the global South.
- Threats in regions such as Africa, Asia and Latin America include gendered disinformation attacks, hate speech, smear campaigns, doxing, loss of personal and sensitive data and privacy rights through “scooping”, surveillance and hacking, and harms from states trying to enforce laws that are found to be too restrictive.
- The effects of these attacks on women, female politicians, and gender and sexual rights activists include self-censorship and severe psychological harm. Women politicians have been forced to withdraw from mainstream political life, and activists have been forced offline altogether.
- The use of spyware, stalkerware and the hacking of social media profiles is common, while products such as location tracking devices or features are also being used for abuse and surveillance.
- Threat modelling in the design of new technologies needs to take into account the specific and different kinds of online attacks that are experienced by communities
and not assume that there can be a one-size-fits all approach to digital security. An intersectional approach is necessary to help to understand how various identities, whether gender, race or socioeconomic status, among others, intersect and impact cybersecurity experiences. A key concern is the invisibility of marginalised communities in threat modelling because their experiences are not acknowledged in design processes. - Specific attention needs to be paid by tech companies to algorithmic transparency, increasing the language scope of moderation tools, ease of use of security features, digital literacy training, and strengthening reporting mechanisms.
- Standardisation bodies need to take a human-centric rather than a systems approach to standards setting. Cybersecurity needs to be considered as a societal security issue focusing on societal threats. In this way, human rights and gender equality should be central to standards-setting processes.
- Encouraging a greater level of community participation in standards-setting processes entails making these processes understandable by non-technical participants. Interpretation and the translation of documents in standards bodies is a critical need. Marginalised communities also face administrative and resource challenges when trying to engage in technical standards-setting processes for digital technologies, such as visas and the cost of travelling to venues often in the global North.
- There is a need for stronger regulation and intersectional legal frameworks to complement work done in strengthening the gender responsiveness of standards bodies and design processes. However, states often make use of spyware for surveillance, which can compromise their ability to regulate fairly and in the public interest.
- It is important for activists to take a multi-pronged advocacy approach. Organisations need to engage technology design processes and standards-setting bodies, while also working outside of these structures. Key areas of intervention include producing evidence-based research, developing practical tools to support activists and victims of abuse, and running digital literacy and skills programmes. Collaborating with experts from different fields is also important, given the complexity of the cybersecurity landscape.
Read the full report here.