How EFF's Eva Galperin plans to destroy the stalkerware industry

Eva Galperin is one of my colleagues at the Electronic Frontier Foundation, running our Threat Lab project, where she has made it her personal mission to eradicate stalkerware: malicious software marketed to abusive spouses, overbearing parents, and creepy employers, which runs hidden on mobile devices and allows its owner to spy on everything his target is doing ("Full access to someone’s phone is essentially full access to someone’s mind" -Eva).

Eva's project is already bearing fruit: she's about to give a major talk at Singapore's Kaspersky Security Analyst Summit where she's shaming antivirus and security companies for their refusal to grapple seriously with stalkerware (for example, mobile anti-virus tools sometimes flag stalkerware, but confusingly label it as "not a virus"). Ahead of her talk, Kaspersky has already announced that it will change the way it handles stalkerware warnings.

Eva's also responsible for a major outreach effort to survivors of stalkerware: she's followed up with the respondents to an open call for stories of suspicious, stalkerware-like events in the lives of survivors of domestic abuse, intervening with tech companies, finding lawyers, and sitting with them, "holding their hand and telling them everything will be OK."

Andy Greenberg's Wired profile of Eva gives a great peek into the kinds of extraordinary people I'm privileged to work with at EFF, and a sense of just how excellent Eva is, personally.

"The stories don't start with 'my phone is acting weird,'" says Dave Maass, another staffer for EFF's Threat Lab, who at one point helped Galperin sort through the flood of requests. "They start with 'someone beat me up, or raped me, or threatened my children.' Horrendous stories. Having the emotional fortitude to hear these stories, to probe them, is one of Eva's real strengths."

But within months, Galperin could tell that her work as a hands-on stalkerware first responder wouldn't scale. So she began looking for a different approach. "I looked at the entire problem, and I tried to think about what could create the most bang for the buck," she says. "If a victim can run antivirus and say 'you’re not on my phone,' that would mean a lot."

Hacker Eva Galperin Has a Plan to Eradicate Stalkerware [Andy Greenberg/Wired]