Invisible Threats: Data Breaches, AI, and the LGBTQIA+ Community
As we commemorate Pride and look back upon the month, it’s important to stop and reflect on the unique challenges faced every day by one of society’s most vulnerable groups: the LGBTQIA+ community. This is particularly true in the realm of computer security, where issues such as data breaches, misuse of information, and system vulnerabilities pose unique and significant threats. Those of us in the security industry often engage in high-level discussions and government lobbying around legislation and regulations. However, we must not lose sight of the fact that the digital landscape isn’t equitable for everyone. The products we create can inadvertently place certain individuals at a disproportionate risk when they are hacked or misused, and the fallout from our failures can be devastatingly high for some groups, especially the queer community.
In this article:
- Laws and platforms: the double-edged sword
- Community and safety: the need for moderation and education
- Core privacy concerns: the battle for data ownership
- Data breaches: the invisible threat
- Practical advice: staying safe in a digital world
- Sources and resources for the LGBTQIA+ community
Laws and platforms: the double-edged sword
The digital landscape is a complex one for the LGBTQIA+ community. On one hand, social media platforms provide a space for community building, communication, and idea sharing. On the other, these platforms can use AI to identify and reduce group identification, effectively muzzling free speech.
Legislation changes can also have a profound impact on the online life of LGBTQIA+ individuals. For instance, the recent overturning of Roe v. Wade — a case which many people think is just about abortion, but is fundamentally based on the right to privacy implied in the 14th Amendment — has raised concerns about potential infringements on the general right to marry. In states like Florida, proposed anti-trans laws have denied access to healthcare and assistance, further exacerbating these worries.
Moreover, the intersection of healthcare and data security is particularly fraught for the queer community. When one’s mere existence makes it illegal to provide them care, the implications of security issues in discovery and PHI breaches become all too real.
Community and safety: the need for moderation and education
The lack of moderation on many digital platforms often leads to increased harassment of LGBTQIA+ individuals. Without proper guardrails, this can result in significant mental harm. Furthermore, without community support, the suicide rate is higher for queer youths. The importance of social media for building community and outreach, especially for less-populated areas, is key to self acceptance and actualization. In countries where being anything other than straight is a punishable offense, social media can be a lifeline.
While the internet’s anonymity can be helpful to activists, it can also enable harassment and discrimination. Pure AI moderation of content combined with permitting (sometimes by simply not blocking or banning) accounts created to divide a populace or target a group with hate speech and other persecution by policy can be devastating. As such, it’s necessary to strike a balance between privacy and safety.
Core privacy concerns: the battle for data ownership
Specific to health and wellness apps: The question of who owns the data in healthcare apps is a pressing one. For people who get their periods or are on hormone replacement therapy, this data can be incredibly sensitive. I’ll touch more on the importance of reading the end-user license agreement (EULA) and privacy information of all your apps later in this post, but assume that every personal type of app can be subpoenaed or handed over to any law enforcement request. So consider carefully if you REALLY need “that” app on your device.
The Facial Recognition and Biometric Technology Moratorium Act of 2021 brought issues of misgendering and other concerns to the forefront. However, with state and federal laws often at odds, and international travel posing its own challenges, navigating these issues can be a minefield.
Consider if a hospital is breached, or their data records stolen. The records of LGBTQIA+ patients can be vulnerable to future blackmail, denial of care, legal action, or worse.
Data breaches: the invisible threat
Data breaches pose a significant risk to the queer community. Personal data and privacy information can be sold, and anti-LGBTQIA+ laws can use this data to clamp down on dissent under the guise of “protecting children” or “morality policing”. Hacking social media or dating sites is only the tip of the iceberg when most social media sites admit they will always cooperate with any government information or data requests — so when the request is from an anti-LGBTQIA+ administration, the fallout could potentially be deadly.
Practical advice: staying safe in a digital world
Despite these challenges, there are steps the LGBTQIA+ community can take to protect themselves.
Firstly, avoid building apps with authentication APIs, and never authenticate with federated permissions (that is, using your Facebook, Twitter, or Google accounts to login to apps and websites). Be aware of AI bias, facial recognition, and deepfakes. Use encrypted communications whenever possible and exercise good password hygiene.
When traveling across state or country borders, be mindful of the information on your devices. Any border authority can use your fingerprints or facial recognition to unlock a device, so make sure you turn your device off before crossing (or protesting, as the case may be.) Most phones/laptops require an actual password or pattern at start up, rather than accepting biometrics. No one can force you to reveal a password by law in most countries. But some agencies can ask you for your handle or social media account names. Be aware.
Don’t overshare in the wrong forums and always read privacy and EULA information carefully. Lastly, use hotspots instead of public WiFi whenever possible.
The digital world can be difficult for the queer community to navigate safely. But by understanding the risks and taking proactive steps, it’s possible to mitigate some risks. As we celebrate Pride month, let’s also celebrate the resilience and strength of LGBTQIA+ individuals in the face of these challenges.
Sources and LGBTQIA+ resources
- LGBT Tech
- The Legal Implications of Sexual Orientation-Detecting Facial Recognition Technology
- Computers are binary, people are not: how AI systems undermine LGBTQ identity
- Homosexuality: The countries where it is illegal to be gay – BBC News
- Why cybersecurity is an LGBTQ issue – OutVoices
- How Password cracking is approached by country
- Project Galileo – free cybersecurity protection for your group
- The Trevor Project – cybersecurity protection in support of queer youth websites
From Unassuming Beginnings to CISO Excellence: A Journey with Andrew Wilder
10 Essential Episodes of The New CISO Podcast
Generative AI and Top Honors: Highlights from Google Cloud Next ‘23
Defending Against Ransomware: How Exabeam Strengthens Cybersecurity
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See How New-Scale SIEM™ Works
New-Scale SIEM lets you:
• Ingest and monitor data at cloud-scale
• Baseline normal behavior
• Automatically score and profile user activity
• View pre-built incident timelines
• Use playbooks to make the next right decision
Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).
Get a demo today!