Navigating Traumatic Stress Reactions During Computer Security Interventions

At-risk populations need direct support from computer security and privacy consultants, what we refer to as a security intervention. However, at-risk populations often face security threats while experiencing traumatic events and ensuing traumatic stress reactions. While existing security interventions follow broad principles for trauma-informed care, no prior work has studied the domain-specific effects of trauma on intervention efficacy, nor how to improve the ability of tech abuse specialists to navigate them.

We perform a multi-part study into traumatic stress in the context of digital security interventions. We first interview technology consultants from three computer security clinics that help intimate partner violence survivors with technology abuse. We identify four challenges reported by consultants emanating out of traumatic stress, some of which appear to be unique to the digital security context. To better understand these challenges, we analyze transcripts of sessions at one of the clinics, extracting five patterns of how stress reactions affect consultations. We use our findings to develop new recommended best practices, including a new intervention protocol design to help guide security interventions.