Chapter 7: Conducting Appointments
This chapter introduces principles for working with clients. We provide suggestions for structuring an appointment and include examples of consultant-client interactions in existing clinics. For an introduction to the principles of technology abuse itself, please see Helping with Tech Abuse.
Instead, this chapter focuses on non-technical aspects of an appointment, including how to prepare for an appointment, how to manage the flow of the appointment, and how to structure advice to clients. We also offer tips around language and wording and make note of common pitfalls and client behaviors that may require careful attention.
In this chapter:
Principles for Working with Clients
In Chapter 2: Overview of a Technology Abuse Clinic, we introduced guiding ethics for technology abuse clinics. This section builds on these guiding ethics by emphasizing concrete approaches for communicating with clients that are consistent with the spirit of those ethics.
Client-centered: Respect the clients’ wishes and trust them to be the final authority on what actions are best for their situation. Presenting options, explaining risks, and making recommendations reaffirms clients’ agency; making decisions for them or pressuring them into an action does not.
Transparency: Let clients know why you are asking the questions you ask, what you are writing down, what you are looking for in their devices and accounts, and the nature of any communication with their care team (advocate, lawyer, etc), if any.
Meet the client at their technical literacy level: Inquire about whether or not a client is familiar with a technological concept and offer to explain it if they are not. Avoid condescension with clients of all levels of technical literacy.
Know what the law requires of you: Are you a mandatory reporter in your state? What constitutes mandatory reporting? Be cognizant of your legal obligations, and adhere to them, as not doing so will put the clinic's legitimacy and ability to function in jeopardy. If you are collecting data for research, be aware of your institution’s research ethics requirements (e.g., Institutional Review Board approval processes).
Avoid judgment: It is common for clients to share aspects of their life that do not directly relate to technology abuse, some of which you may not personally agree with or which may involve illicit or illegal behavior. However, unless you are a mandatory reporter (see above), clients seeking help should not have to fear that information they share in a vulnerable setting would be used against them. Relatedly, avoid asking questions about a client’s situation that are not directly related to their technology abuse concerns.
Rely on expert DV training: While we provide tips on phrasing and language to use, this toolkit cannot replace expert-led training on how to incorporate sensitive, inclusive language and practice into interactions with clients.
Handling an Appointment
We break the appointment structure into three stages, organized chronologically: preparation, consultation, and follow up. Not all of the elements discussed in each stage may be necessary, and if the clinic service delivery model allows for tracking multiple appointments with individual clients, then some stages may be repeated.
Preparing for an Appointment
Clients often face complicated, multi-faceted technology safety risks. The difficulty of addressing all of these complexities is compounded by the limiting factor of time; we have found that even when a service model allows for repeated appointments, clients often have difficulty returning for second or third sessions. Thus, clinic sessions benefit from a structured plan to leave clients with at least some of their concerns addressed.
How much preparation prior to a client appointment that you will be able to do will largely depend on what information the clinic receives from the intake form and what amount of detail the client has given in the form. Most intake forms should, at a minimum, identify high-level categories of concerns, as well as the type and model of any devices the client is concerned about; this allows the referral coordinators to pair the client with a technology consultant familiar with those devices, if possible. An important caveat is that, for a variety of reasons, the intake form may often contain vague, inaccurate, or out-of-date concerns. It is helpful to view it as a guide, but to avoid taking it as gospel.
Before any appointment, consider preparing the following:
A quiet, private, and appropriate space with stable Internet to conduct the appointment.
For remote appointments, for example, it is not recommended to conduct the appointment in a public place such as a coffee shop.
[In-person] Child-care and/or an appropriately staffed waiting room for clients with dependents.
Any prior, relevant information provided by the client (e.g., their intake form).
A predetermined practice for using names.
Technology consultants may not be comfortable sharing their names with clients. Some may be. In our clinics, we leave this up to individual consultants; names can help build rapport, and there is always an option to use a pseudonym, if desired.
A mechanism for taking notes.
Taking notes is useful for keeping track of important information, such as how many devices/accounts the client has, the client’s specific concerns, troubling technology behaviors and connecting these behaviors with specific devices, and dates that the person of concern may have had access to devices or accounts.
However, ensure you also have a clear policy regarding storage, deleting, and anonymizing notes (e.g., shredding paper notes, deleting non-cloud stored notes, or saving them in accordance with established data preservation policies).
Easy access to relevant technology abuse resources (e.g., guides).
Often consultants will benefit from having similar devices or accounts to the client’s available, particularly for remote consultations where the consultant cannot see what the client is looking at. Accounts for common platforms can be provided by the clinic.
Emotional + mental preparation.
Clients may share difficult and detailed stories of abuse when discussing their technology concerns.
Clients may also frequently not show up to appointments; in our experience, nearly a third to a half of appointments are cancellations or no shows (for a wide variety of justifiable reasons).
Conducting the Consultation
One of the most challenging aspects of helping clients with technology abuse may be sifting through the information presented by the client and soliciting more details to accurately identify potential cases of technology abuse. We divide the consultation into a suggested three-phase approach for consultations: (I) understand, (II) investigate, and (III) advise. While the first two exploratory phases should happen in order, a session may need to repeatedly cycle through them before moving on to advising.
Clients come in with a variety of concerns, and it can be challenging for a consultant to understand precisely what the client is describing. Often, clients will have broad or ambiguous descriptions of technology behavior (e.g., bad cell service, hot or slow devices) or imprecise descriptions of technology abuse (e.g., "they have access to everything", "she can see everything I do"). It is important for the consultant to begin by working to understand what the client is experiencing. In so doing, it is important to strive to be validating and non-judgemental.
Tip: Phrase questions in a way that affirms the client’s experience.
Example: Client states: “They can see everything I do.”
Avoid: Accusatory responses, such as “What proof do you have?”
Try instead: “What made you aware that they can see what you’re doing? Can you give us some examples of when they knew something that they shouldn’t have known?”
We suggest starting with some time dedicated to letting the client explain, in their own words, why they sought out a consultation, even if the client has already provided some of this information in an intake or referral form. Clients may have many devices or accounts of different types, each obtained at different times. It is useful to have note-taking apparatus available to write down pertinent information such as the device make and model, who it was purchased and set up by, and the date that the person of concern may have last had access.
During the 'understand' phase of an appointment, the technology consultant will likely need to sort through the information provided by the client and ask questions to obtain more information about specific technology concerns. See the Technology Safety Checklist provided as a checklist for useful prompting questions.
Tip: It is not uncommon for clients to discuss other forms of abuse (e.g.: physical, sexual, verbal) as they talk about technology-specific abuse, particularly as they recall timelines. Professionalism is important, but it is okay to express sympathy that is appropriate for the gravity of the story (e.g.: "Oh wow, that's awful!" or "That's really terrifying!")
Example: Client shares details about an incident of physical abuse that occurred during a vacation, as it was the first time they realized the abuser had access to their devices.
Offering platitudes or ignoring the story and moving on, which can seem dismissive.
Asking unnecessary follow-up questions about their abuse, which can be voyeuristic
Attempting to act as a therapist for the client. Even if you are a licensed therapist, the client did not come to the clinic asking for therapy.
Judgments about the abuser (judgments of a situation or action are okay), as clients may have a complicated or defensive relationship with the abuser.
Try instead: Acknowledge what they shared, express concern, and try to redirect back to the technology abuse: "I am so sorry to hear that; that sounds like it was really scary. I know it must be hard to talk about, but this information helps us understand how we might help with securing your technology from [the person who's harming you]" (Note: consultant should mirror the language/pronouns used for the abuser.)
Some sessions are more difficult for consultants to navigate with sensitivity than others. For example, some clients may become distressed and overwhelmed, even to the point of expressing a wish to harm themselves or others. Other clients may be hypervigilant, i.e. displaying a self-protective distrust of technology and perhaps even the technology consultant, which may manifest as an concern that all their devices are 'instantly and always hacked'. This is not the same as an unfounded belief in conspiracy, as it is situated in their real abuse history; however, occasionally, clients may have such delusional beliefs. It is not the job of the technology consultant to try to treat or even distinguish these cases; they must simply treat each client's technology concerns with due diligence.
Additionally, consultants should appreciate that clients may have sought help from other resources (e.g., law enforcement) and previously been met with disbelief or otherwise incredulous responses. Not being believed can increase trauma responses, including feelings of hypervigilance and mistrust, which can make trying to understand the client’s technology concern more difficult. Consultants may hear clients make defensive statements, such as “I know this sounds crazy, but…” As stressed elsewhere in this toolkit, consultants should respond in an affirming way, and not express skepticism about client experiences. Even if a client’s fears are not technologically founded, that doesn’t invalidate their feelings. That said, consultants can and should explain what is likely or unlikely in terms of a technology risk, such as pointing out that it’s not feasible for an abuser to remotely hack up-to-date devices.
The intake process can attempt to check that the client would benefit from the specific services offered by the clinic, but no intake will be perfect. Consequently, consultants should be prepared through training for a range of dynamics that could present during a session, including the challenges of navigating difficult sessions with clients. A clinic may want to consider assigning a second consultant to sessions, when available, to provide mutual support and to assist in identifying concrete steps that can be addressed.
Takeaways: Create a comfortable and affirming space for clients to share their experience. Anticipate that clients may be embarrassed about their lack of technical knowledge or fear that they won’t be believed, and use language to deliberately counteract these fears. Ask for examples, details, important dates, and signs they may not have noticed.
Based on information gathered from the client, the technology consultant should prioritize which problems to try to help the client with. At this point, the technology consultant can begin to work with the client to make a plan for which technology issues to begin investigating. For example, if a client has presented multiple concerns, such as belief their location is being tracked, a compromised email address, and harassment on social media, then the technology consultant can repeat these concerns back to the client, suggest which to prioritize, and ask the client if they agree with that prioritization.
Tip: Avoid making promises to clients about the results of the investigation that cannot be guaranteed. It can be tempting or even difficult to realize when you are using over-promising language in the moment, so actively work on setting expectations with clients.
Example: Client shares that they believe the abuser can read all of their messages and emails.
Avoid: "We will look into this and find out what's really happening.", or "We can make sure that that doesn't happen again."
Try instead: "We will take a look together and do our best to help. Your safety is our priority." or, "We'll do everything within our power to help find an explanation."
A crucial feature of this phase is that the technology consultant is working with the client to examine the existing configuration of a piece of technology while avoiding making any changes.
Safety note: Making changes without investigating the status of the technology can result in the loss of crucial evidence or unwittingly send a notification to the abuser that may trigger an escalation of behavior, such as instigating physical violence, increased harassment, or involving friends and family members.
A non-intrusive investigation may include:
looking at the security or privacy settings on an account,
looking at a list of installed apps on a device,
scanning a WiFi network to find connected devices, or
searching for a physical tracker.
In each of these examples, the technology consultant and client are looking for detailed information about the potential causes of a technology problem, without disturbing or changing the status quo.
Tip: Clients may feel traumatized or triggered by even looking at their technology. If in-person, some clients may prefer to let the consultant physically handle the devices. Other clients may not want anyone else to touch their devices. We encourage consultants to ask the client what their preference is, and in either case, the consultant should always explain what they are doing and why.
Example: "We'd like to take a look at the settings of your device to see if we can find some information that may help us understand the situation. Would you like us to walk you through the steps, or would you prefer if we handled your device for you?"
If the client chooses the latter option, the consultant could respond by saying: "Sure, we're happy to do that for you. We'll show you what we're doing. First, I'm opening up the system’s preferences..."
Takeaways: After understanding the client's technology abuse experiences, work with the client to inspect their devices, accounts, technology, and surroundings (e.g., vehicles, IoT/spy devices, purses/backpacks) to uncover additional clues. Avoid making any changes at this stage, such as logging out accounts or changing a password.
Investigating the cause of certain behaviors will often require exploring several different explanations. It is helpful to ensure that consultants are equipped with resources reminding them of those explanations. Given the time-limited nature of sessions, it is also useful to investigate those explanations from most common to least common. Consultants should also feel comfortable letting clients know that they need to do further research or consult with their colleagues when necessary to provide the most complete or up-to-date information. While we reserve a discussion of the technical explanations for the next chapter (Helping With Tech Abuse), we also provide an example of resources like the Technology Assessment Questionnaire (TAQ) in the Appendix that can consultants can use to keep track of investigative strategies and suggested wording for sensitive questions.
III: Plan, Inform, and Advise
After working to understand and investigate the client’s concerns, the client and consultant should ideally be able to ascertain or rule out several sources of technology abuse at this stage. (See Helping With Technology Abuse for more details.)
If the consultant and client have found a possible source of compromise, (e.g. found an unrecognized device, unauthorized log-in, or misconfiguration), there are several next steps that could occur.
The first step is to encourage the client to document the compromise and explain why that could be important. Even if the client is not currently pursuing legal action, they may want to in the future or may want the documentation for proof in non-legal settings. Self-documentation (e.g., the client taking screenshots of security interfaces) as a practice is strongly encouraged.
The second step is to determine whether removing the source of compromise will alert the person causing harm. If so, it is vital that the client be informed of the potential risks. If the client has a DV advocate, the consultant should talk to the client about following up with their advocate for further risk assessment and safety planning. For example, a knee-jerk reaction to finding a physical device may be to immediately disable it; however, the consultant and client should pause to discuss what can occur should a device be disabled.
Tip: If signs of compromise are uncovered, it is important to explain to the client what information may have been leaked to the person causing harm. However, clients will likely need time to process, and may want this information written down to remind themselves later. Tone is as appropriate as language here; try to use a calm but sympathetic voice. Clients will react to how you react, so if you feel nervous, take a moment to control your own reaction.
Example: Consultant and client find out that the person causing harm has been logged into the client's iCloud.
Avoid: Immediate problem solving, downplaying or overplaying the risks, e.g. "This is really bad! We should remove it now." or "[They] have definitely been reading all your email!", or "Don't worry, [they] probably haven't even been checking it."
Try instead: "How are you doing? Would you like to take a minute? We can walk through what this means now or I can send some follow up information." Or, "I'm sorry, I know this is really upsetting. Do you need a moment? There are some safety steps we can take, but we can talk through them when you're ready."
Lastly, after documentation and discussing risk, the consultant can discuss options for remediating the issue and talk through steps for preventing future compromise. It is important to thoroughly check any connected devices or accounts (for example, investigate the recovery email if it is an account, or scan the WiFi if the client finds an unknown device). We also recommend doing a thorough check of any other devices and accounts if possible, even if the client was not initially concerned about them.
More often than not, an investigation will yield some ambiguous security concerns, but little or no clear evidence of compromise. In this scenario, we still recommend following the same steps as above for identified security risks; in fact, it may be more crucial to document anything unusual if it is ambiguous.
In this scenario, it is important to explain the different possibilities and risks to the client in a way that avoids instilling fear. While the client’s safety is paramount, and the risk associated with abuse escalation should be explained if possible, it is important to help normalize the everyday security risks involved with using digital technologies as distinct from abuse. For example, a client may understandably display extreme anxiety about technology behaving in 'normal' but frustrating ways, such as a slow device or poor cell phone reception, or might be convinced that spam messages, pop up ads, texts, etc. are all sent from the person causing them harm
Tip: It is not uncommon for abusers to threaten their victims by mixing exaggerated claims of their technological capabilities with tangible acts of harm. An advantage of a technology clinic is that consultants can help 'deprogram' the fear inculcated by abusers without dismissing the clients concerns through gentle but firm education.
Some strategies and phrasings that help with this include:
Relying on expertise accumulated by the technologist and clinic, such as sharing research that indicates that most tech abuse is not very sophisticated.
Validating the client’s concerns by sharing (anonymized) stories encountered with other clients. "A lot of clients that we see feel the same way, and it's totally understandable. We've found in practice that..."
Relating stories of receiving similar harassing messages from spammers, "e.g,. I get those kinds of calls, too, and they're annoying but unfortunately very common."
Explicitly stating that abusers tend to over exaggerate their abilities. "We hear from a lot of clients that their abusers state that they can do X, but in practice, we know that it's technically not possible in most circumstances."
If nearing the end of the session, this phase should also include a wrap-up in which the consultant notes what steps they took with the client and any potential follow-up action items, as well as a plan for getting back in contact if necessary.
Post-Appointment Follow Up
Follow up options post-appointment will depend on the clinic and its service model. However, we suggest having set protocols to allow follow-up communication, such as recording necessary information about a client’s case and contact information, along with mechanisms to ensure those protocols are followed for everyone's safety.
Some safety guidelines to consider:
If you plan to share information with another care worker (e.g., a lawyer, social worker, advocate), ensure that you have the client's explicit consent to do so and that you do not violate confidentiality agreements.
Some clients may be concerned about how they will be portrayed to, e.g., a lawyer, especially if little concrete evidence was found.
Transparency can help: let the client know exactly what you will say and give them the ability to edit the information you send.
For information that affects the client's safety (e.g., abuse escalation risks, information about past compromises), confirm with the client that you have their permission to share that information and with who, specifically.
Be careful of handing out written resources, pamphlets, or flyers. If the client still shares space with the abuser, this may put them at increased risk of harm.
Adhere to the data safety practices established by the clinic for protecting private client information, discussed in detail in Clinic IT and Data Infrastructure.
Technology consultants should not give out their personal information to clients or have direct follow up with clients outside of the clinic’s protocols.