Tom Ristenpart

May 6, 2022 at 11:00 AM on Zoom / Soda Hall

Mitigating Technology Abuse in Intimate Partner Violence and Encrypted Messaging

Abstract: Computer security is traditionally about the protection of technology, whereas trust and safety efforts focus on preventing technology abuse from harming people. In this talk, I'll explore the interplay between security and tech abuse. First, I'll overview our work on technology abuse in the context of intimate partner violence (IPV). IPV is a widespread social ill affecting about one in four women and one in ten men at some point in their lives. Via interviews with survivors and professionals, online measurement studies, and reverse engineering of malicious tools, our research has provided the most granular view to date of technology abuse in IPV contexts. This has helped educate our efforts on intervention design, most notably in the form of what we call clinical computer security: direct, expert assistance to help survivors navigate technology abuse. Our work led to establishing the Clinic to End Tech Abuse, which has so far worked to help hundreds of survivors of IPV in New York City. Second, I'll discuss another line of work on how basic security tools like encrypted messaging need to be adapted in light of tech abuse. Here we find a fundamental tension between the desire for messaging service providers to help moderate malicious content and the confidentiality goals of encryption, which prevent the platform from seeing content. I'll show how we end up reconceptualizing and redesign basic cryptographic tools to more securely support content-based moderation in encrypted messaging. The talk will include content on abuse, including discussion of physical, sexual, and emotional violence.

Bio: Thomas Ristenpart is an Associate Professor at Cornell Tech and a member of the Computer Science department at Cornell University. His research spans a wide range of computer security topics, with recent focuses including digital privacy and safety in intimate partner violence, mitigating abuse and harassment online, cloud computing security, improvements to authentication mechanisms including passwords, confidentiality and privacy in machine learning, and topics in applied and theoretical cryptography.

Security Lab