The Dialogue Around Digital Security Must Account for Gendered Risks

Gender is not a fringe element of cybersecurity.

May 31, 2023
Nobel Laureate Maria Ressa gestures after a Manila court acquitted her in a tax evasion case, in Quezon City, Philippines, January 18, 2023. Ressa is a central figure in the battle against technology-facilitated gender-based violence.

In late 2022, Yemeni activist Sara Alwan attempted suicide following months of online blackmail. Her case is not unique. From state-coordinated online attacks on Iranian feminist groups, and the gender trolling of women leaders in Brazil, Hungary, India, Italy and Tunisia, to the massive range of digital attacks against Nobel laureate journalist Maria Ressa, gendered digital violence is as prevalent as ever.

Described as gender-based “online violence” and “digital attacks,” these forms of violence are rarely framed as cyberattacks or cybercrime and are often excluded from discussions of cybersecurity altogether. Yet they should be framed as such, and part of the broader discussion.

In the spring of 2023, the Global Network of Women Peacebuilders, in partnership with ICT4Peace Foundation, released a study on human-centric cybersecurity from a gender and conflict perspective. Through in-depth interviews with activists in 16 conflict-affected or fragile countries, the research sought to understand the cyberthreats and risks women in leadership or other public roles view as most present and urgent. We found that while women activists and leaders view cyber violence as a critical threat, their experiences of cyber insecurity remain unaddressed by either relevant national-level policies or discussions at the multilateral level.

Cybersecurity from the Perspective of Women On the Ground

Women in conflict-affected and fragile contexts face a dual landscape of violence: an online ecosystem of gendered threats and attacks, and an offline context of gendered insecurity. Indeed, women who dedicate their efforts to peace building — including conflict prevention and building social cohesion during or after conflicts — stress that gendered violence emerging from cyberspace is an existential threat to the success and continuation of their work.

Where trust building is the foundation for peace, technology-facilitated gender-based violence (TFGBV), gendered misinformation and disinformation, and other gendered cyberthreats work to reduce communities’ trust in women peace builders and to delegitimize their work. Gender-blind understandings of cybersecurity not only affect individual women and women leaders but also jeopardize prospects of peace and security for entire communities.

TFGBV can take many forms, including online harassment, trolling, hate speech, doxxing, and the leaking of personal information, including intimate images and videos. Women’s sexualities, bodies, marital status and personal relationships are its common subjects.

In the course of our research, interviewees confirmed during discussions that TFGBV, gendered disinformation and misinformation, and anti-feminist and violent radicalization are major threats to their cybersecurity. One interviewee from Cameroon shared: “I have experienced [TFGBV] first-hand, and many other women peacebuilders have experienced it. The same patriarchy that exists offline has a seat in the online space.” Interviewees from the Democratic Republic of the Congo and Kenya shared examples of women peace builders labelled as sex workers by social media users, to the detriment of these women’s reputations and work.

Targeted disinformation portrays women peace builders as collaborators with an armed group or state involved in a given conflict. Such portrayal shatters communities’ trust in women and can undo years of their work. In the words of an Armenian woman interviewee: “Peace building is unique in this regard. People who are considered to be enemies are meeting online and communicating. [It’s] different from someone who is advocating for gender equality or human rights.”

Misinformation and disinformation also affect post-conflict processes and the reintegration of those affected by conflict into civilian life. In one case, Nigerian women who had been rescued from the radical Islamist group Boko Haram were misidentified as sex workers who’d been providing services to the group’s members. As a result, home communities were unwilling to re-accept these women and girls.

In discussing the gendered nature of cyber insecurities faced by men and boys, our interviewees pointed to the link between online anti-feminist and violent radicalization. Anti-feminist radicalization is frequently a gateway to other forms of violent radicalization — a link discussed frequently in feminist discourses on radicalization, yet absent from most mainstream discussions of the phenomenon. Other interviewees expressed concern about the glorification of past conflicts and a reversal of progress on long-standing peace.

For women peace builders, digital surveillance and monitoring amplify the psychological burden of threats and violence. The women we spoke to identify the state, including foreign governments, and the private sector as key surveillance actors. One Yemeni woman shared that cases of surveillance and cyberattacks supported by foreign states involved in the proxy war are common and well-known among women activists. Online surveillance by armed groups, paramilitary groups, de facto ruling authorities and community members is also common.

Several women who participated in our research told us that gendered cyberthreats and violence have caused them to take their work “underground,” self-censoring or stepping back from digital public spaces. Such was the case for Azeri journalist Arzu Geybulla, who was forced offline after becoming the target of gendered disinformation and TFGBV because of an interview she did about the Azerbaijani-Armenian ceasefire. Other women are forced to stop their work altogether.

Gendered cyber violence does not stay online. It leads to offline, physical threats to women’s safety. The women we interviewed spoke of peers and fellow activists forced into hiding, who temporarily left their homes and cities, or permanently fled to other countries. In extreme cases, such as that of Sara Alwan in Yemen, women have taken their own lives as a result.

Even so-called conventional cyberattacks, such as those aimed at critical or information infrastructure, can have gendered impacts.

Gender- and Conflict-Sensitivity in Cybersecurity Policies and Frameworks

Peace building and the digital world are now undeniably intertwined. The threats emerging from cyberspace pose a heightened risk to women and girls in conflict-affected and fragile settings. Despite this, gender remains almost entirely absent from discussions of cybersecurity.

Indeed, in our report’s analysis of 111 public national cybersecurity strategies that were available in spring 2022, we found that only 14 make any reference to gender. Among these, most mention gender in passing, or point out the gender gap in technology and cybersecurity industries. Only two of the strategies we analyzed consider these issues under the umbrella of TFGBV. The unique cyber vulnerabilities faced by activists, including men and women, are even less present. In fact, 19 national strategies point to activists as potential perpetrators of cyberattacks.

Many countries captured by the research, including advanced and emerging economies, are still navigating the complex legislative landscape required to address threats such as TFGBV and gendered disinformation as forms of cybercrime. Several of our interviewees expressed concern about potential legislative overreach and, in particular, dual-use “fake news” laws that could be used to persecute them for their work.

Developments at the multilateral level are similarly slow. While cyberthreats faced by women leaders and activists are addressed in resolutions 33/2 (2016) and 38/7 (2018) of the UN Human Rights Council and reports of the Special Rapporteur on violence against women, they have yet to breach the surface at multilateral cybersecurity fora.

The United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security and the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security remain largely gender-blind and have only recently begun providing a checkbox recognition to the relevance of gender. The two groups’ substantive engagement with the issue of gender is thus far limited to women’s participation in the field of cybersecurity.

The truth is that gender is not a fringe element of cybersecurity. Even so-called conventional cyberattacks, such as those aimed at critical or information infrastructure, can have gendered impacts. Last November, a ransomware attack on the Australian health insurance provider Medibank ended with posts on the dark web of customers’ abortion health records. The 2016 WikiLeaks dump known as the “Erdogan emails” included the personal and sensitive information of the majority of Turkish female voters, jeopardizing their offline lives and safety.

As long as national and international cybersecurity discourse and policies focus only on threats to states and businesses, they remain blind to the heightened and particular risks faced by women, and ignore their critical roles as providers of cybersecurity for their communities. That cannot help but threaten hard-won gains in building peace.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

About the Author

Panthea Pourmalek an independent researcher focusing on digital governance, gender and cybersecurity.