Data and device security for domestic abuse survivors

Safe Connections Act could help domestic abuse survivors take control of their digital lives

A bill introduced in the US Senate could help domestic abuse and sex trafficking survivors—including those tracked by stalkerware-type applications—regain digital independence through swift, shared phone plan termination and the extension of mobile phone plan subsidies.

Titled the Safe Connections Act, the bill targets the significant problem of shared mobile phone contracts between abuse survivors and their abusers. For survivors in these situations, a shared mobile phone plan could reveal who the survivor has called and when. Shared mobile phone plans also complicate matters for survivors who hope to physically escape their abusers, as abusers could report phones owned in their name as stolen, weaponizing law enforcement to locate a survivor.

Democratic US Senator Brian Schatz, who is one of the sponsors of the bill, said that he hopes the Safe Connections Act will give control back to survivors.

“Giving domestic violence abusers control over their victims’ cell phones is a terrifying reality for many survivors,” Schatz said in a press release. “Right now there is no easy way out for these victims – they’re trapped in by contracts and hefty fees. Our bill helps survivors get out of these shared plans and tries to find more ways to help victims stay connected with their families and support networks.”

Importantly, the bill would also extend easier access to government-subsidized mobile phone programs, which means that survivors being tracked through stalkerware-type applications could more easily toss their compromised device and start anew.

What does the Safe Connections Act do?

The Safe Connections Act—which you can read in full here—was introduced earlier this year by a bipartisan slate of US Senators, including Sens. Schatz of Hawaii, Deb Fischer of Nebraska, Richard Blumenthal of Connecticut, Rick Scott of Florida, and Jacky Rosen of Nevada.

The bill has three core components to aid “survivors,” which the bill defines as anyone over the age of 18 who has suffered from domestic violence, dating violence, sexual assault, stalking, or sex trafficking.

First, if passed, the bill would place new requirements on mobile service providers—such as Verizon, AT&T, T-Mobile, and Mint Mobile—to more rapidly help survivors who request to remove either themselves or an abuser from a shared phone plan, whether the survivor is the primary account holder or not. Wireless phone companies will have to honor those requests within 48 hours, and in doing so, they cannot charge a penalty fee, increase plan rates, require a new phone contract under a separate line, require approval from the primary account holder if that account holder is not the survivor, or prevent the portability of the survivor’s phone number so long as that portability is technically feasible.

Also, in severing a shared phone contract, companies must also sever a contract for any children who are in the care of a survivor.

The bill specifies, though, that survivors who make these requests will have to show proof of an abuser’s behavior by submitting one of two categories of information. Survivors can submit “a copy of a signed affidavit” from licensed social workers, victim service providers, and medical and mental health care providers—including those in the military—or a survivor can submit a copy of a police report, statements provided by police to magistrates or judges, charging documents, and protective or restraining orders.

The second core component of the bill would require phone providers to hide any records of phone calls or text messages made to domestic violence hotlines. As the bill states, those providers must “omit from consumer-facing logs of calls or text messages any records of calls or text messages to covered hotlines, while maintaining internal records of those calls and messages.”

This provision would not come into effect until 18 months after the bill passes, and it would require the US Federal Communications Commission to create a database of those hotlines, providing updates every quarter. This section would also apply to providers of both wireless and wired phone services.

A possible stalkerware intersection

The third component of the Safe Connections Act could help survivors who are also facing the threat of stalkerware. The bill would enroll survivors who have severed their contract under the new powers of the bill into the government’s Lifeline phone assistance program “as quickly as feasible,” with a period of coverage in the program for a maximum of six months.

The Lifeline program, run by the FCC, attempts to provide subsidized phones and phone services to low-income communities. Extending program eligibility to survivors could help them physically escape their situations while offering them a quick opportunity to regain digital independence.

In fact, in Malwarebytes’ continued work to protect users from the threat of stalkerware, it has learned that many of those who suffer from stalkerware tracking often have to leave their cell phones behind and start with entirely new devices.

As Chris Cox, founder of Operation Safe Escape, told Malwarebytes Labs last year when discussing how to help survivors of domestic abuse who have encountered stalkerware on their devices:

“What we always advise, consistently, if an abuser ever had access to the device, leave it behind. Never touch it. Get a burner,” Cox said, using the term “burner” to refer to a prepaid phone, purchased with cash. “You have to assume the device and the accounts are compromised.”

With access to the Lifeline program, that purchase of a new device could become more feasible.

Unfortunately, the benefits of the Lifeline program must be looked at comprehensively. Last year, Malwarebytes Labs discovered that two Android devices offered through the Lifeline program actually came with pre-installed malware. The devices are no longer available through Assurance Wireless, which was the supplier contracted with the Lifeline program, but the broader point remains: No one should have to suffer lowered cybersecurity because of their income. With the Safe Connections Act, we hope that the Lifeline program’s unfortunate mishap does not repeat, harming even more communities.


David Ruiz

Pro-privacy, pro-security writer. Former journalist turned advocate turned cybersecurity defender. Still a little bit of each. Failing book club member.