| | | | | |
---|
US | Very low | 0.748 | 0.823 | 76, free | 100 |
Poland | Very low | 0.722 | 0.859 | Not included | 93.86 |
Indonesia | Medium | 0.697 | 0.700 | 47, partly free | 94.88 |
Uganda | Low | 0.706 | 0.544 | 51, partly free | 69.98 |
Egypt | Very high | 0.626 | 0.645 | 28, not free | 95.48 |
Brazil | Low | 0.726 | 0.630 | 64, partly free | 96.6 |
Detailed social, political and legal context is vital to understanding the online and offline impacts of gendered cyber harms, including where offline gendered harms manifest online (i.e. when they are cyber-enabled), and where cybersecurity issues – broadly defined – are central to the presence of such harms (i.e. when they are cyber-dependent).
Gendered cyber harms do not, of course, occur only in the six countries discussed in this chapter; nor is the prevalence or severity of such harms exceptional in these countries. A more comprehensive global comparative analysis is beyond the scope of the paper, as similar harms may occur in nearly all countries and world regions. Even as regards these six countries, the paper does not make any claims regarding the frequency or severity of cascading or compounding gendered cyber harms. Instead, the examples cited are intended to be illustrative of the potential – in some cases, actual – links between different kind of gendered cyber harm.
4.1 Connections between mis/disinformation and data privacy around abortion and reproductive health
Abortion rights and reproductive health are highly controversial political issues in many countries, and recent legislative developments in the US and Poland demonstrate the fragility of access to safe and legal abortion for people who become pregnant. In the US, the Supreme Court’s overturning of Roe v. Wade in June 2022 led to almost complete bans on abortion in 14 states in the following year. The strictest of the revised state provisions, in Louisiana, does not allow exceptions in cases of rape or incest, although the actual implementation of similar exceptions in other states is far from clear. Reflecting wider inequalities in the US healthcare system, one study estimated that in the hypothetical case of a total cessation of abortions across all US states, the number of maternal deaths would increase by 24 per cent; the greatest risk would be for non-Hispanic black people, with the estimated number of maternal deaths increasing by 39 per cent.
In the case of Poland, the Constitutional Tribunal ruled in 2020 that access to abortion is unconstitutional in the case of severe and irreversible fetal abnormality or incurable illness that threatens the fetus’s life. As a result, Polish law currently permits abortion only to safeguard the life or health of a woman, or where a pregnancy results from rape. Even with such minimal exceptions, ambiguity around the law and grounds for prosecution – compounded by fears that a subsequent legal requirement for doctors to collect data on all pregnancies could in effect create a so-called ‘pregnancy register’ – has caused some medical practitioners to refuse abortion procedures, leading to, in at least one case, the death of a pregnant woman. Such steps form part of an incremental reduction in reproductive and gender rights in Poland since 2015, when the right-wing, conservative Christian and populist Law and Justice Party entered power. Under the new administration formed by Donald Tusk following the 2023 legislative elections, there is the prospect of some liberalization of the country’s abortion laws, but the broad political spectrum represented in his coalition government will influence how far-reaching – or restricted – any reforms may be.
Abortion is the subject of much online misinformation (false information spread unintentionally) and disinformation (false information spread intentionally). A study of Google searches in the US for ‘abortion pill’ found three of the top five results were anti-abortion websites peddling prevalent false claims about a pill’s medical consequences and legal requirements. A separate study by the same authors found most Google searches were conducted in US states with the strictest abortion laws. Others have labelled abortion-related content as ‘the next infodemic’, borrowing the World Health Organization’s term for the proliferation of false information about the COVID-19 pandemic.
In 2022, research and analysis conducted by the Institute for Strategic Dialogue found that abortion content on major social media platforms was ‘widespread and unchecked’ and ‘meant to instill uncertainty and fear’. This included both high-profile pages and advertising content, the latter of which directly generates revenue for the platforms. The study also found global discrimination in platform policy and response measures, as information labels warning of potentially false or misleading content on YouTube videos did not appear unless accessed from some English-speaking countries.
Such content constitutes a gendered cyber harm, even without considering the online abuse and threats known to be experienced by pro-choice activists, advocates and politicians. In political contexts where decisions on abortion have damaging consequences for people who are pregnant and people who conduct abortions, such misinformation and disinformation can either increase insecurity or perpetuate a false sense of security on an inherently gendered matter. The spread of this type of online content can be the result of lax privacy and security features and/or deliberate platform design choices, with the latter sometimes influencing the former, and leads to insecurity offline as individuals are denied important information and coerced into courses of action that might be life-threatening or a violation of their rights. Here, especially, we see how offline and online gendered harms can be mutually reinforcing.
Such gendered cyber harms, centered on the harmful consequences of online content, are compounded by the extensive collection of sensitive personal data by femtech devices and apps. Many femtech products collect directly or indirectly measured data on users’ body temperature, sleep patterns and other pattern-of-life information, as well as data input by users on their menstrual cycle, for instance. In the past decade, the privacy and security practices of period-tracking and other femtech apps have come under scrutiny. In one high-profile instance, the state of California concluded a settlement with a technology company investigated in connection with an app’s ‘serious privacy and basic security failures that put women’s highly-sensitive personal and medical information at risk’, including by allowing third parties access to a user’s information without the user’s consent. A 2021 report by the International Digital Accountability Council found that some fitness and wellbeing apps – including period-tracking apps – sent unencrypted personal information to third parties, some of which were based in countries with ‘weak data protection laws and a history of human rights abuses’. The implications of poor data practices involving these types of mobile applications are global and extensive: combined with other socio-political gendered constructs, legislation and practices, the cascading and compounding harm is significant.
Data collection on an individual’s menstrual cycle in general, and the lack of privacy protections around the sale, transfer and use of such data – as well as unclear requests for consent from the user – has generated new risks for pregnant people considering an abortion. In the US, the 2022 Supreme Court decision overturning Roe v. Wade was met with a flurry of concerns that data used to monitor and track periods and fertility could be ‘weaponized’ by health providers and used to prosecute people seeking abortions. In Poland, the entry into force, in 2022, of the legal requirement for doctors to collect data on all pregnancies raised concerns over how such data could be used to intimidate or prosecute women and their families.
Some commentators consider that such fears could be overstated, arguing for instance that while ‘data collected by fertility apps, tech companies and data brokers might be used to prove a violation of abortion restrictions, in practice, police and prosecutors have turned to more easily accessible data’ such as online search histories. While law enforcement agencies may continue to rely on the relatively high evidential standards of device browser records, a vast range of gendered cyber harms may result before any case reaches this stage. In particular, as social media platforms personally curate content, data flows between femtech apps and platform apps stored on the same device (and supposedly anonymized large-scale data resold via intermediaries) are more likely to result in tailored abortion misinformation and disinformation being delivered via an individual’s personal feed.
Other potential harms include technology-facilitated violence and abuse. It is possible, for instance, for an abusive partner to gain access to sensitive information related to an individual’s reproductive health – a privacy violation in itself – and then use this information to control, manipulate or otherwise further harm that person. Examples of such harms include coercing a partner into unwanted pregnancy, denying them access to contraception, or using data or information from a device to instigate or underpin further offline harms.
While law enforcement agencies may continue to rely on the relatively high evidential standards of device browser records, a vast range of gendered cyber harms may result before any case reaches this stage.
Another area of potential harm relates to the availability and accessibility of femtech: denial-of-service attacks or other availability threats to femtech providers could, for instance, limit users’ access to important time-sensitive information. This area of risk demonstrates the importance of a broad and human-centred understanding of what constitutes ‘critical infrastructure’, entailing going beyond information and digital infrastructures of national or economic significance to also include those infrastructures that underpin social lives and individual experiences.
It is important to understand that violations in femtech data privacy can be directly connected to false and misleading online content about abortion and reproductive health. These two forms of gendered cyber harm cascade both ways. On the one hand, femtech data could contribute to social media algorithms determining what ads, pages or content an app user is shown, including about abortion; and, on the other hand, proliferation of harmful online content around policy and regulatory shifts could create a ‘legitimizing’ environment for data breaches and privacy violations. The issues also compound, as together they increase the overall level of harm to individuals and groups affected. The compounding harm is most starkly experienced by women being denied vital healthcare and/or being exposed to abuse and discrimination.
Here, a range of technical, social and individual factors together create an environment of digital and physical insecurity. This insecure environment cannot be corrected only through better data protection and better cyber hygiene regarding the use of technologies to enable or facilitate personal decisions. Both are required, but they need to be accompanied by stronger state protection for vulnerable or at-risk individuals, together with meaningful efforts to understand and respond to gendered security issues – be these in healthcare or in cyberspace.
4.2 Cybersecurity risks to LGBTIQ+ communities
The rights of LGBTIQ+ people are curtailed across the world. Since 2015, the LGBTIQ+ community in Indonesia – a majority Muslim country with a largely secular constitution – has faced ‘creeping criminalization’, including campaigns to ban discussion of LGBTIQ+ rights on university campuses, an Islamic legal opinion calling for corporal punishment of same-sex relations, and increasingly inflammatory rhetoric from regional and national politicians. A former defence minister, while in office, described homosexuality as ‘a kind of modern warfare’ that was undermining the country’s sovereignty. The country’s long-anticipated new criminal code, approved by parliament in December 2022, effectively criminalizes consensual sex outside of marriage. Marriage between same-sex couples is not permitted in Indonesia, and Human Rights Watch warned that, although the crimes of extramarital sex or cohabitation can only be prosecuted if the complainant is the spouse, parent or child of the accused, women and LGBTIQ+ people would be disproportionately affected by the new provisions since they are more likely to be reported for infidelity or for relationships those family members disapprove of.
In Uganda, a majority Christian country, a growing conservative movement has been financially and politically supported by some US Christian evangelical fundamentalist groups for at least 20 years. These groups have campaigned against gender equality and LGBTIQ+ rights in Uganda through preaching, political connections and the media. Homosexuality has long been indirectly criminalized through the British colonial-origin penal code, although a 2014 Anti-Homosexuality Act, which made provision for punishment of ‘aggravated homosexuality’ with life imprisonment, was swiftly annulled (ostensibly on procedural grounds) following opposition from human rights defenders within Uganda and international (especially US government and UN) pressure. A new Anti-Homosexuality Act was signed into law in 2023.
In both Indonesia and Uganda, there is a clear slide towards online abuse, discrimination and vilification of LGBITQ+ identities and communities – i.e. hate speech, as described in Chapter 3. There is also state overreach on the part of each country, as legislation criminalizes LGBTIQ+ activities. Uganda’s 2023 legislation includes the use of ‘a computer, information system or the internet’ in its criminalization of ‘promotion of homosexuality’, explicitly adding a cyber element to the criminalization of LGBTIQ+ activities. In Indonesia in 2018, two men operating a Facebook account to arrange meetings for gay people were charged under the 2008 electronic information law for ‘creating and transmitting pornographic content’. The Indonesian government also sought to progressively impose various kinds of censorship on social media platforms for the same reason, including via efforts to ban same-sex emojis in 2016, and requesting that Google remove 73 LGBTIQ+ apps – including the gay dating app Blued – from its Google Play Store in 2018.
Online abuse and criminalization under information and cybercrime laws are not the only cybersecurity risks to which LGBTIQ+ people in Uganda and Indonesia are exposed. Some reports suggest that advanced spyware and surveillance software has been used to target LGBTIQ+ communities, constituting a privacy violation in addition to hate speech and state overreach. In Uganda in 2014, shortly after the country’s then anti-homosexuality legislation was enacted, the civil society organization Unwanted Witness warned that LGBTIQ+ people were being targeted by phishing attacks that installed what was, at that time, thought to be a form of the well-known ‘Zeus’ cybercriminal malware. Subsequently, in 2015 Buzzfeed News conducted an analysis of emails leaked by Wikileaks that, they argued, showed that the (now defunct) Italy-based spyware company Hacking Team had discussed selling its software to the Ugandan government. In one internal email, an engineer had observed that cybersecurity firms ‘think we are a new Zeus’. Hypothetically, the gendered cyber harms from malicious software in general (including data leaks, blackmail and ransom) can be compounded by the potential for such software to aid digital and physical repression by the state, through collecting intelligence identifying individuals for arrest or intimidation, and providing evidence for conviction under the legislation discussed above.
Similarly, according to a Haaretz investigation in 2018, the Indonesian government purchased surveillance software to ‘create a database of LGBT rights activists who had been targeted for surveillance’. In 2019, one Grindr user in Indonesia observed that the app had become ‘full of escorts, drug dealers, and undercover police’, and that ‘extortion [by police] is common’. The normative and practical links between institutionalized discrimination by the state and the broader phenomenon of ‘sextortion’ by primarily non-state criminal actors apparently underscore that not only does sextortion rely on a sense of shame amplified by threat of legal sanction, but in some states members of law enforcement agencies themselves may be perpetrators of blackmail and extortion.
Overall, gendered cyber harms in Uganda and Indonesia are cascading: online abuse appears to be used by law enforcement agencies to identify people who are LGBTIQ+, who are then subject to state surveillance and criminal prosecution via data misuse and privacy violations. These gendered cyber harms are also compounding, in that LGBTIQ+ people, and especially activists within LGBTIQ+ communities, must consider all these risks simultaneously in seeking to fully express their sexual orientation and gender identity. The cybersecurity measures necessary to enable this full expression are broad and holistic, spanning better cyber hygiene, strong data protection, and processes, strategies and legislation to counter and reduce online abuse and hate speech.
An increase in repression, first targeting LGBTIQ+ communities and then moving towards broader gendered discrimination and the criminalization of a wider range of ‘sexual offences’ to underpin conservative gender norms, suggests that, in some contexts, cyber threats to LGBTIQ+ communities might be an early indicator of a wider shift in negative government policies and attitudes to diverse gender expression in general – and gendered cyber harms in particular. In the context of a deepening suppression, seen in many countries worldwide, of diverse aspects of gender identity, a focus on a particular community, group or individual provides an entry point for later and wider expansion of gender-insensitive policies.
4.3 Misogynistic hate speech and discriminatory cybercrime prosecutions
In many jurisdictions, cybercrime laws exist to curb and prosecute cybercriminal activity. However, there is little consensus at global level on what constitutes a ‘cybercrime’ and what is within the scope of cybercrime legislation. This ambiguity – together with the extension of the offline world to the online world and the sheer scope of potential criminality online – has enabled some countries to include so-called ‘morality clauses’ in cybercrime laws. These clauses or provisions in cybercrime laws – i.e. legislation that is intended as a cybersecurity measure –have been used to oppress and criminalize dissidents, activists and human rights defenders in multiple countries. While ostensibly in place to prevent or deter cybercrime, morality clauses in cybercrime laws often embody conventional and traditional gendered norms and stereotypes, and are used to enforce gendered behaviour online and criminalize behaviour that does not conform with offline social standards or norms. Additionally, they are often ambiguously defined and arbitrarily applied. This has cascading and compounding consequences: the inclusion of morality clauses in cybercrime laws creates an enabling environment to enforce gendered norms online, leading to the over-criminalization of women and LGBTIQ+ communities and facilitating misogynistic hate speech towards those who are perceived to be non-conforming in online spaces.
In Egypt, a majority Muslim country with a substantial Coptic Christian minority, the main legislative tool for state enforcement of prevalent gender norms until early 2020 was the 1961 Law on Combating Prostitution, especially Article 9(c), concerning ‘whoever habitually engages in debauchery or prostitution’, and Article 14(a), criminalizing incitement to or publicity of debauchery. In more recent years, digital evidence from dating apps, chats and photos or videos found on individuals’ devices was frequently used as evidence in the prosecution of people accused of engaging in acts of consensual gay sex, along with prosecutions of transgender people and other gender-nonconforming identities and practices. However, challenges from defence lawyers and NGOs successfully focused on the 1961 law’s requirement for an element of publicity (i.e. committing an act publicly), which was difficult to prove based solely on private conversations on users’ devices.
Instead, prosecutors began to try ‘morality’ cases in the economic courts, created in 2008, which have jurisdiction over the 2003 Telecommunication Regulation Law and the 2018 Anti-Cyber and Information Technology Crimes Law, in addition to other financial and economic laws. Article 76 of the Telecommunication Regulation Law criminalizes the ‘misuse of telecommunications’; and Article 25 of the Anti-Cyber and Information Technology Crimes Law criminalizes the use of technology to ‘infringe on any family principles or values in Egyptian society’, with a minimum sentence of six months.
In recent years in Egypt, digital evidence from dating apps, chats and photos or videos found on individuals’ devices was frequently used as evidence in the prosecution of people accused of engaging in acts of consensual gay sex, along with prosecutions of transgender people and other gender-nonconforming identities and practices.
In July 2020, five women social media influencers (the youngest of whom was 17 years old), were convicted by the economic court under Egypt’s Anti-Cyber and Information Technology Crimes Law, in connection with content that they had posted on TikTok. Two of the women were each given two-year prison sentences and fined $18,000. On appeal, one of the two was acquitted and the other had her sentence overturned; however, the same women were subsequently convicted on criminal charges of ‘human trafficking’, ultimately receiving six- and three-year sentences. Such use of cybercrime and telecommunications laws in the courts system in effect functions to police women’s public representation of their bodies and identities.
In contrast, cybercrime law enforcement action appears to overlook serious crimes of sexual violence that include cyber elements. In some jurisdictions – including Egypt – the combination of state overreach in some cases and lax enforcement in others risks exacerbating the discriminatory effects of morality-based cybercrime legislation and can potentially act as an enabler for misogynistic hate speech around such incidents, retraumatizing and compounding the harms inflicted on victims.
For example, in one such case, a woman posted a video via TikTok in which she recounted having been raped. The post went viral, and images of her assault were subsequently released online. The victim was herself then detained under morality-related charges. She was released shortly afterwards, and five of the people she accused were sentenced over the next two years. The combination of lax (and subjective) enforcement of cybercrime laws and state overreach had clear cascading and compounding effects: the women was a victim of rape, and the perpetrators posted images of her assault online without her consent (a clear privacy violation). These images – and the woman’s viral video – led to victimization and misogyny on social media, and an improper application of legislation that resulted in the woman’s detention. It is important to note that the cascading and compounding impacts of such cases are ongoing: the repercussions facilitate the further cascading and compounding of gendered cyber harms, hindering women’s participation in online spaces, with negative effects on social equality, political participation and democracy.
These negative consequences for social equality, political participation and democracy are not endemic to one country or one region. Women politicians all over the world are openly and frequently subjected to online misogyny and sexist and gendered abuse. Concerning Brazil, for example, studies of online abuse against candidates during municipal elections in 2020 highlighted the intersectional nature of such abuse: Black women were victims of racial and gendered discrimination, and transgender councillors also suffered increased abuse. One study emphasizes how such abuse is enmeshed with prevalent concepts of masculinity. Another connects it to a broader ‘masculine crisis’ of economic origins. Most starkly, the murder, in 2018, of a Black, bisexual city councillor, Marielle Franco, highlighted the connection between online misogyny in politics and physical violence. Supporters of Jair Bolsonaro – a candidate for the presidency at the time of Franco’s death – launched disinformation campaigns designed to undermine Franco’s legacy and deter the (online and offline) feminist mobilization that followed her death. At the same time, it has been argued that Franco’s murder was a catalyst for a ‘transformation of feminist debates on online gender-based violence in Brazil’.
Similar risks extend to people working in the media sector, too: a 2021 study by Reporters Without Borders demonstrated how journalists in Brazil also face overlapping threats from gender-based and political disinformation and abuse on social media, further underscoring that online violence generates offline violence.
Recent legislation in Brazil has sought to address online misogyny, including on social media platforms. These efforts exemplify an important aspect of the relationship between state legislation and online abuse from a gendered perspective: while state overreach in itself can be a source of gendered harm, legislative changes can also be crucial in tackling gendered cyber harms. Three important new laws were enacted in 2021. The first two criminalized, respectively, stalking online and offline (Law 14.132) and the infliction of psychological violence on women (Law 14.188). The third law, passed in August 2021 (having been repeatedly tabled and redrafted since 2014), sought specifically to prevent and combat violence against women in politics, as well as criminalizing election disinformation (Law 14.192). These new measures built on a longer history of increased legal protections for women in situations of gender-based violence, especially an eponymous law introduced in 2006 after campaigning by Maria da Penha, a Brazilian human rights defender and activist. Other Brazilian legislation also enables victims of non-consensual intimate images dissemination (NCIID) to file civil lawsuits or private criminal prosecution. Such legislative developments point to and encourage a broadening conception of cybersecurity that elevates online disinformation and abuse as a security priority and emphasizes the fluidity between offline and online gendered harms. While not all are explicitly cybersecurity measures, they demonstrate growing awareness of the need to safeguard women’s participation in online spaces and shore up their security in cyberspace.
Despite this substantial shift in relevant legislation in Brazil, new legal protections remain insufficient due to their limited implementation and tendency to be subsumed by wider gendered assumptions and cultures in politics and law enforcement. A 2020 study, for instance, found that court judgments on online gender-based violence did not use the term ‘hate speech’ or consider women as a group targeted by such abuse. According to one academic, there is an ‘active, almost militant form of sexism entrenched in the entire [Brazilian] legal system’, making success very difficult for lawsuits regarding online gender-based violence, and domestic violence courts more generally. Some progress has been made: notably, for instance, victims of NCIID can request urgent protective measures, with such claims processed through specialist domestic violence courts. However, resort to prosecution is highly dependent on financial and educational status, leading to class-based inequalities in access to justice. This lack of recognition that such violence is gender-based, or that gender should be considered a protected category or characteristic, highlights how entrenched attitudes and norms impede prosecution of online misogyny, leading to its continuation – and thus further gendered cyber harms – even when the legislative tools to combat it exist.
Overall, in both Egypt and Brazil, the gendered cyber harms resulting from online misogyny and sexism in the criminal justice system are closely related. These harms cascade in both directions: as the targeting of politicians along with gender and women’s rights activists in Brazil shows, seeking to achieve justice for instances of online gender-based violence generates further violence online, while online abuse itself leads to – and is met with – gendered assumptions and judgments in the courts. They also compound, as the same victims suffer the consequences of both kinds of harm. However, the cases of Egypt and Brazil are different in important respects: Egypt’s cybercrime law itself contains discriminatory elements, exacerbated further by law enforcement agencies’ interpretation and practice; in Brazil, there has been a significant move towards greater legal protections against gendered cyber harms. Consequently, and unlike Egypt, Brazil is not a case of legislative ‘state overreach’ causing gendered cyber harms. Instead, there are tensions between different parts of the state – in particular between relevant new legislation and the judiciary – which result in discriminatory cybercrime prosecutions and, in consequence, cybersecurity that is not gender-sensitive or gender-transformative.
In both cases, connecting risk areas and better understanding their intersection can help reduce gendered cyber harms that result from a combination of state legislation, cyber insecurity, and social stigma and discrimination. The isolation of policy areas (including, but not limited to, content moderation and mis/disinformation), legislative tools to combat privacy violations and discrimination, and the social and legal manifestation of gendered norms together contribute to the overall risk landscape. Feminist methodologies and principles and gender analyses of proposed measures and mechanisms to tackle security issues can help ensure all legislation and national strategies are designed and implemented in a gender-sensitive way, to advance rather than impede gender equality.