Chapter 19 Exercises

Exercise 19.1 — The Spectrum Placement Activity (Small Group)

Estimated time: 30–40 minutes Group size: 3–5 students

Instructions:

Read each of the following scenarios. As a group, discuss where each falls on the spectrum from "agreed mutual transparency" to "stalkerware-facilitated abuse." Assign each scenario a position on a scale from 1 (fully consensual and mutual) to 5 (coercive abuse), and explain your reasoning.

Scenarios:

A. Maya and her partner Ben mutually agreed to share location through Apple's Find My. Both can see each other's location. Maya occasionally checks where Ben is when he's running late; Ben does the same. Neither has mentioned any discomfort with the arrangement.

B. After their teenage daughter was in a minor car accident, the Johnsons installed Life360 on her phone. She knows about it and objected initially but accepted it after a conversation. Her location is visible to both parents, and she can see her parents' locations.

C. Derek checks his girlfriend's Instagram likes, follows, and tagged posts every day. She doesn't know he does this. He uses what he finds to ask her indirect questions about who she's been seeing.

D. Amara asks her partner Carlos to share location "just to know you're safe." When Carlos said he'd rather not, Amara got very upset and said he was clearly hiding something. Carlos has since shared his location. He has not shared Amara's phone screen with the location app; Amara has not offered.

E. A parent installs monitoring software on their 8-year-old's tablet without telling the child, believing children that age don't need to know they're being supervised online.

F. Jayden's ex-girlfriend, after their breakup, continues to view his location through a shared Google account he doesn't know still has access. She uses the location to appear at locations where Jayden is, presenting it as coincidence.

G. A parent of a 16-year-old reads every single text their child sends, using an app the child knows about but cannot remove without losing phone access. The parent uses content from the texts to confront the teen about their friends, relationships, and opinions.

After individual placements: Compare your placements across scenarios. Where did the group agree? Where did you disagree? What factors drove disagreement?

Write a 200-word group reflection: What are the most contested questions in determining where relationship surveillance falls on this spectrum?

Exercise 19.2 — Stalkerware Research and Industry Analysis (Individual)

Estimated time: 45–60 minutes

Instructions:

Research one stalkerware product currently available on the market. (You may use products discussed in the chapter, such as mSpy or FlexiSPY, or search for alternatives.) Do not purchase or download any product; use publicly available website information, app store listings, and news coverage.

a. Document the marketing. What use cases does the product's marketing present? Does it explicitly mention partner monitoring? How does it describe itself versus how security researchers describe it?

b. Document the technical capabilities. What does the product monitor? (Location, messages, calls, browser history, keystrokes, photos, social media?) What does the product require for installation?

c. Identify the dual-use dimension. Could this product have legitimate uses? What are they? What design features would indicate whether it is being used legitimately or for abuse? (Hint: consider whether the monitored person knows about the software.)

d. Research regulatory status. Has the product been subject to any regulatory action (FTC, state AG, international)? Has it been removed from or restricted in app stores?

e. Write a 500-word analysis: Evaluate whether this product should be legal. If yes, what regulations would you require? If no, how would you enforce a ban given the dual-use problem?

Exercise 19.3 — The Parental Monitoring Design Challenge (Small Group or Individual)

Estimated time: 45–60 minutes

Instructions:

You are a design team at a technology company tasked with building a parental monitoring app that genuinely serves children's safety while respecting their developing privacy interests. Your product should not become a stalkerware product when used by controlling parents.

Design a parental monitoring tool by answering the following questions:

a. Age differentiation: How should the monitoring scope differ for children ages 8, 12, and 16? What would you monitor at each age, and what would you not monitor?

b. Disclosure design: How would your app ensure that the child knows about the monitoring? What mechanisms would prevent "secret" installation?

c. Consent architecture: At what age would your app require the child's affirmative consent (not just the parent's setup) to be installed? What would the consent process look like?

d. Safety without surveillance: Take Bark's model as inspiration. How could your app flag safety signals without giving parents access to all communications?

e. The controlling parent problem: Your app will be installed by some parents who will use it as a control mechanism rather than a safety mechanism. What design features could reduce the app's utility for coercive purposes while preserving its utility for safety purposes?

f. Exit mechanism: At what age does the monitored child gain the right to turn off monitoring independently?

Present your design as a one-page product specification. If working in a group, compare your designs and identify the three most contested design decisions.

Exercise 19.4 — Supporting a Friend: What Would You Do? (Individual Reflection)

Estimated time: 30–40 minutes Note: This exercise involves imagining responses to distress disclosure. Students who have personal experiences with IPV may find it helpful or may prefer to approach it as a theoretical exercise. Your instructor can provide alternative exercises on request.

Instructions:

Consider the following scenario:

A close friend tells you that they think their partner might be monitoring their phone. They've noticed their partner seems to know things about their communications and location before being told. They're not sure — maybe it's coincidence, maybe they mentioned things they don't remember mentioning. But they're uneasy.

Part A — Immediate response:

What do you say to your friend in the next five minutes of this conversation? Write out a script (or bullet points) for how you would respond. Consider: - How do you validate their experience without either dismissing concerns or escalating them? - What information would help clarify the situation? - What resources would you want to share, and when?

Part B — Resources:

Research the following resources and summarize what each provides: - National Domestic Violence Hotline (thehotline.org) - Coalition Against Stalkerware (stopstalkerware.org) - Safety Net / NNEDV technology safety resources (techsafety.org) - Apple iOS Safety Check (Settings > Privacy & Security > Safety Check)

Part C — Technical guidance:

Based on what you've learned in this chapter, what technical steps might help your friend understand whether their device is compromised? In what order would you suggest they take these steps, and why (considering the safety planning principle that removal without planning can escalate danger)?

Part D — Reflection:

Write a 200-word reflection: What aspects of this scenario did you find most difficult? What would you want to know that this chapter doesn't tell you?

Estimated time: 60–75 minutes Recommended for students with legal, policy, or social work interests.

Instructions:

Research the current legal landscape for tech-facilitated coercive control in two of the following jurisdictions:

  • England and Wales (Serious Crime Act 2015, coercive control offense)
  • Scotland (Domestic Abuse (Scotland) Act 2018)
  • California (California Penal Code 646.9, stalking; AB 3269 and related legislation)
  • Connecticut (Public Act 21-78, coercive control)
  • Your home state (research the applicable statutes)

For each jurisdiction:

a. What behaviors constitute the offense? Does the definition explicitly include technology-facilitated control?

b. What must prosecutors prove to obtain a conviction?

c. What evidence is typically required, and how is technology-based evidence (device records, app logs, location data) treated?

d. What penalties apply?

After researching both jurisdictions:

Write a 600-word comparative analysis: - Which jurisdiction provides stronger protection against tech-facilitated coercive control? - What are the gaps in the stronger jurisdiction's framework? - What model legislation would you propose for a state that currently has no coercive control statute?