Data Weaponization and Gender

Data weaponization is the act of using data to manipulate, deceive, coerce, or attack someone or otherwise inflict harm. Data can be acquired and misused in various ways, depending on whether it is publicly available or restricted, and if restricted, whether access is authorized or unauthorized. For instance, data breach occurs when restricted data is accessed without authorization by external perpetrators. It can also be leaked through unauthorized disclosure when individuals disclose data either accidentally or with malicious intent. If access to data is authorized, the authorization may be granted knowingly or under false pretenses, such as through social engineering techniques and other forms of manipulation. Additionally, data can be extracted by coercing and intimidating the targets.

“Data weaponization is the act of using data to manipulate, deceive, coerce, or attack someone or otherwise inflict harm.”

In cases when data is given knowingly, using it beyond the scope of authorization in terms of time or function can constitute data weaponization. This occurs as a result of excessive data collection and sharing practices, where data is utilized for unauthorized purposes without the user’s consent.¹ Publicly available data can be misused for malicious purposes, including, doxing, stalking, and other forms of harassment. Additionally, audio and image data that is publicly accessible can be manipulated or employed in synthetic media to create deepfakes.

Not all data is equally susceptible to misuse. Personal and sensitive data poses the highest risks of exploitation. Personal data comprises name, address, phone number, email, and biometrics, while sensitive data includes medical information and data related to gender identity or sexual history and orientation. A combination of personal and sensitive data is typically more high-risk than a single piece of personal information.² For example, data breaches involving medical data can cause more harm if they are combined with personally identifiable information.³

Harm can be defined as direct and/or indirect, immediate and/or long-term adverse effects of an attack on the victim. Serious harm occurs where the harm arising from an attack has resulted, or may result, in a real and substantial detrimental effect on the individual. That is, the effect on the individual is more than mere irritation, annoyance, or inconvenience. Harm to an individual includes physical harm; economic, financial or material harm; emotional or psychological harm; and reputational harm. A person may be impacted by one type or a combination of different forms of harm.⁴ The gravity of harm depends on the consequences experienced by the victim, such as irreversibility, duration of exposure, and extent of damage.⁵ Both identity and context influence the nature and severity of inflicted harm, and vary based on the type of personal information exposed, the level of sensitivity of the data, the duration for which the information was accessible, as well as personal circumstances, including vulnerability or susceptibility to harm. Contextual aspects encompass the various circumstances, conditions, and environment in which the attack occurred, and the actions taken to prevent and mitigate the harm.

Gendered harms refer to adverse effects to a person based on—and often specific or exclusive to—their gender. These are often negative impacts, including those that reinforce existing gender norms, biases, stereotypes, discrimination, power structures, and other harmful dynamics.⁶ While this paper assesses gender in terms of vulnerability, women as well as gender and sexual minorities are not inherently vulnerable groups, meaning they are not vulnerable by nature and in all times and places. Perceiving them primarily as victims can exacerbate gender stereotypes and bias, lead to unintended negative consequences, and distract from the actual structural and systemic causes of gendered harm.⁷

“Gendered harms refer to adverse effects to a person based on—and often specific or exclusive to—their gender.”

Gender can be defined as the attributes and opportunities associated with being male and female. While definitions of gender vary, it is commonly understood that gender exists on a spectrum and is socio-culturally constructed. The word “gender” is not synonymous or interchangeable with “women.”⁸ Gender norms are changeable over time; they inform individual identities, social relations, and the distribution of resources and power in society. Although gender is often comprehended as expressing expectations regarding appropriate behavior for men and women, gender is nonbinary and diverse. It refers to people of all gender identities and expressions. Gender equality therefore refers to equal rights, opportunities, and outcomes for men, women, girls, boys, and people of diverse gender identities and expressions. Gender identity is the deeply felt understanding of one’s gender.⁹

Citations

Samuel Wairimu and Lothar Fritsch, “Modelling Privacy Harms of Compromised Personal Medical Data: Beyond Data Breach,” Proceedings of the 17th International Conference on Availability, Reliability and Security 133 (2022): 1–9, source.
Already three pieces of personal data—such as gender, date of birth, and zip code—can provide enough information to uniquely identify most individuals. These data are “quasi-identifiers”: attributes that do not uniquely identify individuals on their own. Nevertheless, once someone combines them with other quasi-identifiers or other data, they can narrow down the possible individuals to the point of uniquely identifying the individual. Constantinos Patsakis and Nikolaus Lykousas, “Man vs. the Machine in the Struggle for Effective Text Anonymisation in the Age of Large Language Models,” Scientific Reports 13, no. 16026 (2023), source.
Violeta Lyskoit, “Sensitive Data,” NordVPN, June 9, 2024, source.
Sourya Joyee De and Daniel Le Métayer, PRIAM: A Privacy Risk Analysis Methodology (Inria Research Centre Grenoble – Rhône-Alpes, 2016), source.
Wairimu and Fritsch, “Modelling Privacy Harms of Compromised Personal Medical Data,” source.
Rebecca Emerson-Keeler, Amrit Swali, and Esther Naylor, Integrating Gender in Cybercrime Capacity-Building: A Toolkit (Chatham House, 2023), source.
Chatham House Cyber Policy team, Gender Mainstreaming and the Proposed Cybercrime Convention: Commentary on the Consolidated Draft (Chatham House, 2022), source.
Emerson-Keeler, Swali, and Naylor, Integrating Gender in Cybercrime Capacity-Building, source; Veronica Ferrari, Katharine Millar, Allison Pytlak, and Tatiana Tropina, Inclusive Cyber Norms: A Toolkit (Global Partners Digital, 2023), source.
Ferrari, Millar, Pytlak, and Tropina, Inclusive Cyber Norms, source.

Welcome to New America, redesigned for what’s next.

Education & Work

Democratic Futures

Global Security

Technology & Democracy

Thriving Families

Trending Topics

Real Skills, Real Income: Why Youth Apprenticeship Is Resonating Now

Future-Proofing U.S. Nuclear Policy: Forecasting Outcomes of the Nuclear-Armed Sea-Launched Cruise Missile

Debunking Myths on Student Parent Data Collection

The App Store Accountability Act Poses Serious Concerns for Privacy, Security, and Free Expression

Redrawing School Boundaries for Fairer Funding

Reframing Fusion Voting as a Practical, Powerful Reform Strategy

Harnessing Terrorism Data to Reshape U.S. National Security Policy

Establishing a National Housing Loss Rate

New America Fellows

Making Child Care Work for Student Parents

Drinking Water Data for the Nation: Version 1.0 Release Webinar

The Understated Value of Regional Intermediaries for Workforce and Economic Development

The Charleston Regional Youth Apprenticeship Model

Gendered Harms of Data Weaponization

Table of Contents

Data Weaponization and Gender

Citations

Data Weaponization and Gender

Gendered Harms of Data Weaponization