In two years, Lavinia Popinceanu went through fives phones and three laptops.
She tried changing her phone number and switching mobile phone service providers. She reset her devices to their factory settings, going in as an admin and wiping away all of her data. But none of it helped.
Popinceanu was being cyber-stalked.
She was getting her MBA at the University of Chicago when she met her stalker through a mutual classmate. She told him about her home country, Romania, where he said he'd soon be visiting.
After that, he was everywhere, she said.
"The in-person stalking was bad, but at the same time, the cyber-stalking had gotten pretty bad too," she said. "I just didn't realize how pervasive and invasive it was."
He had access to all her online accounts, including her banking ones. He'd remotely access the cameras and microphones on her devices. He tracked the GPS on her phone, and he'd show up wherever she went.
Popinceanu's stalker didn't need much to do it. His digital intrusion required no tech-savvy skills. All it took was some cash and a quick Google search.
Spyware. Spouseware. Stalkingware. Creepware.
The software he used goes by many names, all equally alarming: spyware, spouseware, stalkingware, creepware. The companies market themselves as "monitoring software" or "parental control software."
Call it what you will, the concept remains the same — easily downloadable software that provides full access to someone's iPhone, computer or tablet. Popinceanu said mSpy and FlexiSPY are among the most popular.
The list of features they offer is a long one: GPS tracking, text message and iMessage monitoring, third party app monitoring (such as WhatsApp, Facebook Messenger or Tinder), access to call logs and browser history, and the "keylogger" function, which records everything a victim types into his or her phone, exposing username and password information. Users can remotely block or listen in on phone calls and delete text messages.
They can also alert users as to when the device changes SIM cards or enters/exits pre-determined geographic boundaries.
Prices range anywhere from about $17/month to $200/quarter. Popinceanu said that while the companies tout themselves as parental or employer monitoring tools, they operate freely in the market, with very little to no regulation as to how they are used.
The companies list disclaimers on their websites that the software is to be used for “legal use only,” but there are no technical safeguards built into the technology to prevent inappropriate use.
"We inform our users that it's up to their consideration. We cannot monitor every use," said Rachel Burnham, mSpy's chief of marketing. "It's the same as people buying microwaves. They're supposed to cook food there, they're not supposed to cook a cat there. But you can't control it."
Should the company be alerted to an inappropriate or illegal use of their software, Burnham said they'd kick the user off and cancel his or her subscription.
Burnham said she wasn't aware, though, of how many times they've actually done so.
"It happens. I don't have an exact percentage."
But mSpy's social media history suggests that the focus on parental control is a relatively recent shift. These days, mSpy's Twitter feed is chockfull of parenting tips and jokes. More often than not, though, the company tweets horror stories of kids on the Internet, promoting its software as the perfect solution for the worried parent.
The company joined Twitter in 2011, according to their profile, but all tweets before 2014 are wiped away, with very few remnants of their former marketing tactics left to see.
Some remain, however, and shed light on where nicknames like "spouseware" may have originated.
When asked about those 2014 tweets, Burnham said, "Well, I've been here for a year now but since I've been here, I'm not aware of anything like this... We are avoiding it in every possible way and are trying to use it only for parental control."
The Disturbing Stats and the Local Solution
Legal disclosures or not, research shows that spyware companies are playing increasingly large roles in domestic abuse.
NPR studied the role of spyware in abusive relationships in 2014. They interviewed over 70 shelters across the country and found that 85 percent of the shelters they studied were working with victims whose abusers kept tabs on them using GPS tracking software.
Another 75 percent of the shelters they surveyed had victims whose abusers eavesdropped on their phone conversations remotely using phone monitoring software.
Cindy Southworth is Executive Vice President of the National Network to End Domestic Violence. She leads an initiative called Safety Net: National Safe & Strategic Technology Project, which examines the role of technology in domestic abuse and offers victims resources.
Southworth said that most domestic abusers tend to tell the victims that they have full access to their digital lives. Part of their MO, she said, is to keep the victim in fear.
"Every domestic violence case I've seen, the offender taunts with information they shouldn't have," she said. "So, 'I know you were texting your sister,' for example... The nature of the crime is to lure that power over someone... The goal is to put somebody in terror and have them know they are being monitored."
Sometimes, she said, abusers will even give their victims a smartphone as a gift. It's not until much later that the victim realizes the smartphone had spyware preloaded on it.
In cases like Popinceanu's, however, when being stalked by a stranger or little-known acquaintance, that dynamic changes. In that case, she said, there are some signs of digital infiltration, though they are subtle.
"The only two early detectable signs that would indicate spyware had been installed are battery drain and a spike in data plan usage," she said.
"The goal is to put somebody in terror and have them know they are being monitored."
Given her research and experience, Popinceanu wanted to find a way to protect her phone from being infiltrated again.
The solution she was looking for didn't exist.
So, in 2015, she founded her mobile cybersecurity startup i4Spy.
"With every pitch, I start off by asking the audience how many of them are using an anti-virus solution for their computers, and most of them do," she said. "When I ask them a question about how they're protecting their mobile devices, none of them raise their hands — or very few."
i4Spy is a consumer-facing Software as a Service security app for mobile phones. The app runs in the background, Popinceanu said, and monitors for incoming threats.
"The technology is slightly different from an anti-virus, but it functions the same way and scans your device, tells you whether there's a threat, and then remediates against the threat and protects your device going forward," she said.
The detection aspect is free, but users can sign up for a monthly subscription to get access to the remediation and protection services. The company isn't yet disclosing any financial information, she said, but they hope to launch in the fall, with the start of the school year.
It will likely cost around $10 a month, Popinceanu said.
"For each subscription [purchase], we're giving away one subscription to an individual, in many cases women, who can't afford it," she said.
She moved to D.C. in April to join Phoenix-based social entrepreneurship accelerator SEED SPOT's first D.C. cohort. They're now working out of a local co-working space.
"There's a stigma attached to it. Many are scared that if they're associated with you, they'll be under attack, as well."
Popinceanu first thought of the idea while taking an entrepreneurship class in grad school, and simultaneously going through the legal battle against her own stalker. Her class had a call for pitches.
"At the time, I thought I need validation from entrepreneurs to see if this is something that would be of interest," she said. "I decided to pitch on the spot."
She won the competition in October 2015. After that, Popinceanu got serious about switching gears. She turned down a full-time offer as an investment banker in New York and committed to creating what is now i4Spy.
"As I was undergoing this and I was starting to do research, I found out that Senator Al Franken had proposed a bill both in 2014 and 2015 to make these applications illegal," she said. "He tried to take them out of the gray zone and put them in the black zone. The bills did not go through either year."
Popinceanu started to look into stalking incidents in the United States, she said, but she found a "notorious lack of data."
"It hinges on the fact that a lot of women are not only under-reporting incidents, but they're not speaking about them," she said. "There's a stigma attached to it. Many are scared that if they're associated with you, they'll be under attack, as well."
But, she said, she's willing to risk the consequences if it leads to stronger regulation and more protections.
"i4Spy is about bringing this message to life, that there's nothing wrong with you or anything you did if this happens to you. I'm fine with taking all the stigma and reverberations... I can live with that as long as the mission is accomplished to raise awareness and make people aware that these things are going on, and on a large scale, at that," she said.
Image used via CC BY-SA 4.0 - Credit Psyomjesus
