Cybersecurity is often framed as a corporate or technical concern but it’s becoming evident that it’s a social justice issue too. Queer and trans communities are disproportionately targeted by cyberthreats. The recent ransomware attacks that upended the operations of a whole hospital chain had an inordinate effect on disabled people. And disinformation, artificial intelligence policing, and mass surveillance continue to criminalize Black, brown, LGBTQ+, and disabled communities.
Why do cyberattacks disproportionately affect structurally marginalized groups? One reason is that cybersecurity evolved out of military and corporate systems and that legacy still shapes who gets secured and who gets left behind.
“If you ask cybersecurity students, engineers at cybersecurity companies, what they do, they’d say, ‘Well, my job is to secure devices, platforms, software,’” says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, a nonprofit that aims to defend civil liberties in the digital world. In other words: Many cybersecurity professionals don’t see their job as protecting people — they’re protecting data.
“We secure people with power and money because those are the people who can pay,” Galperin says. And so, the response to those without certain types of privilege needing digital protection is the same as it is when they need physical protection: Sorry and good luck.
For example, as Galberpin explains, the use of stalkerware has been designated a gendered topic that isn’t a high priority. “One of the biggest problems that I have had doing stalkerware work is that frequently it is framed as a lady issue,” she says — which translates to: It’s diminished and dismissed as trivial. But that’s simply not true, she adds. In fact, as of 2020, 1 in 10 Americans had used stalkerware to track a partner or an ex, and cybersecurity industry reports suggest that use of stalkerware increased by 239% between then and 2023.
That means literally millions of people in the U.S. are being surveilled without their knowledge or consent. A violent partner or ex having access to your most private moments is terrifying enough. But stalkerware and other surveillance tech can also be used to criminalize and punish people. In some states where abortion is now illegal, the prosecution — i.e., the state — is allowed to use information garnered from surveillance software to criminalize people seeking abortion.
Many cybersecurity professionals don’t see their job as protecting people — they’re protecting data.
What we often call “tech abuse” in intimate relationships isn’t just a personal, domestic problem — it’s a microcosm of systemic surveillance. The tools used to control current, former or desired partners are the same ones used by authoritarian governments to track activists, journalists and dissidents. As Galperin puts it: “The dynamics of an abusive relationship and the dynamics of an authoritarian state are almost exactly the same.”
Galperin further emphasizes that the violence of surveillance tech and coordinated cyberbullying campaigns is very real. These aren’t just “online fights”; they spill out into real-world violence, doxing and policy shifts. Perhaps you recall the bomb threats sent to schools that employed queer teachers by the conservative vigilante group “Libs of TikTok” or the pornographic deepfakes meant to humiliate Rep. Alexandria Ocasio-Cortez (D-N.Y.)? Those examples are terrifying proof that online hate does not stay online.
And, as we’ve seen, digital disinformation campaigns, such as those that spread falsehoods about gender-affirming care, also have the potential to impact both public opinion and public policy. As always, the communities who are most vulnerable digitally are the same ones who are most vulnerable generally.
“The more precarious your life is, the less room to maneuver that you have, the less of a safety net that you have, the easier it is for a single breach of your personal data or your financial data or your health data to begin a cascade of events that can destabilize your life,” Galperin says.
What’s worse: When multiple forms of marginalization stack up, the digital threat becomes heavier. “Vulnerability exists along multiple axes, and marginalization exists in multiple axes,” says Galperin. “The further you are from being a cisgender, heterosexual, white guy, the more vulnerable you become.”
Hospitals, for example, have some really complicated limits on how up to date they can keep certain devices, Galperin explains. That’s because hospitals have many different kinds of technology that need to be compatible with each other in order to serve patients and not all of them can be updated with the latest cyberprotection software. That complexity makes them particularly vulnerable to attack.
But some people and groups are pushing for change. Galperin helped found the Coalition Against Stalkerware, and her work has always centered on protecting people — especially those in unsafe homes, relationships or communities. She’s not alone. Organizations such as Access Now’s Digital Security Helpline offer 24/7 support to activists and journalists under threat. Equality Labs combats caste-based digital violence, and the Digital Defense Fund equips abortion providers and advocates with tools to stay safe online. These groups, often led by people from the very communities most affected, treat cybersecurity as care work.
But the ability to do this work — of offering support, sharing resources, or even speaking out about digital harm — depends on a relatively fragile legal framework. One of the biggest threats to that framework right now is President Donald Trump’s push to gut Section 230 of the Communications Decency Act. “Gutting Section 230 is one of the very few things that is popular in a bipartisan manner in the House right now,” Galperin notes, “which is terrible because it’s one of the few things actually keeping the internet together.”
Section 230 is the law that states that social platforms like Facebook or Reddit aren’t legally responsible for most of what their users post. This is the fine print that allows online platforms to host content without being sued over every single post. If it gets gutted, only the biggest, wealthiest platforms will be able to survive the legal ramifications, while smaller, community-driven spaces, often safer for marginalized people, would be at risk of disappearing entirely.
“If you want to take a deeper look at the forces reshaping the internet,” Galperin says, “go check out the Take It Down Act and KOSA. They’re some of the latest attempts to censor the internet in the name of protecting the children.” Spoiler alert: They don’t actually protect children.
Even when everyone wants to do the right thing, structural barriers magnify risk, especially in underfunded systems. Cybersecurity breaches are not always about malice or neglect. Sometimes crucial systems are simply plagued by technological complications, budget issues and bureaucracies. But change is only possible if we start thinking about cybersecurity as the human rights issue that it is.