Accusations of programmer Jacob Appelbaum’s years of sexual misconduct and harassment have rocked the tech and security communities this week. On Tuesday, security engineer Leigh Honeywell became the first woman to publicly detail the sexual violence she claims he committed.
Appelbaum, a noted privacy and security expert, is perhaps best known for his decade of work at the Tor Project, a U.S.-based nonprofit responsible for maintaining Tor, the anonymity software used throughout the world by countless journalists, activists, dissidents, and dark net criminals for secure communication.
Appelbaum stepped down from his position on May 25. In the wake of his exit, allegations of “sexual misconduct” surfaced late last week on a site created to document alleged incidents of Appelbaum’s behavior. The entries were anonymous but painfully detailed. One contributor, “River,” alleged Appelbaum raped her in front of his friends. Another, “Forest,” claims she was platonically sharing a bed with Appelbaum when she woke up and found her pants unzipped, with his hands groping underneath her underwear.
In a blog post, security engineer Leigh Honeywell said she was was romantically involved with Appelbaum between 2006 and 2007, and described numerous incidents of inappropriate behavior. Honeywell writes:
In that time we spent together, he violated boundaries I set as though they were a game, particularly at times when I was intoxicated. There were a number of times I felt afraid and violated during interactions with Jacob. Being involved with him was a steady stream of humiliations small and large as he mistreated me in front of others and over-shared about our intimate interactions with friends who were often also professional colleagues.
Honeywell recounts a sexual encounter involving Appelbaum and her primary partner, Paul Wouters. During the act, Appelbaum allegedly turned violent while ignoring the couple’s safeword. Honeywell and Wouters had to repeatedly ask Appelbaum to stop. The experience was “profoundly upsetting,” she wrote.
In Honeywell’s account and other anonymous stories of Appelbaum’s behavior, a common thread has emerged: Allegations that Appelbaum, often egregiously, violated boundaries that were set by the individuals.
“I spoke up because it was more painful not to, and in solidarity with those who can’t, whatever their reasons are,” Honeywell told the Daily Dot.
As these stories emerge, people may wonder why no one has come forward before now. According to the Tor Project’s director, Shari Steele, the organization knew about some of Appelbaum’s behavior prior to his departure. She wrote in an official statement:
Over the past several days, a number of people have made serious, public allegations of sexual mistreatment by former Tor Project employee Jacob Appelbaum.
These types of allegations were not entirely new to everybody at Tor; they were consistent with rumors some of us had been hearing for some time. That said, the most recent allegations are much more serious and concrete than anything we had heard previously.
Over the weekend, Appelbaum released a statement, saying, “[T]he accusations of criminal sexual misconduct against me are entirely false.”
For many women and victims of sexual misconduct or assault, telling people within their professional communities can lead to further abuse or harassment. It’s this fear that can lead to a pervasive sense of complacency. A recent study found that out of 200 women in technology, 60 percent had experienced sexual harassment, 65 percent of which came from a superior. And 30 percent of women feel afraid for their safety because of things that happen at work.
As Honeywell writes, “Jacob was a charismatic and central figure in the security community I spent the early part of my career in. Many of our friends and colleagues saw the way he treated me and did nothing about it, so it took me years before I realized how abusive he was to me.”
Multiple witnesses to Appelbaum’s sexual harassment, including a Tor employee, told the Daily Dot on Tuesday that they can confirm incidents of alleged sexual misconduct, including one in which they intervened to stop a woman from getting physically sexually harassed at a hotel. Andrea Shepard, a senior Tor developer, and Tor employee and Library Freedom Project founder Alison Macrina vouched for the authenticity of some of the stories on the anonymous website.
Commenting on the larger issues of sexism and the culture of fear in the tech industry, security researcher Jessy Irwin said: “If something bad happens to a woman, there are allies who stand by and support her. But there is a much louder chorus of men who will flat out go on the offensive and begin victim blaming from the first moment something happens. This is especially rough because the field is lacking in gender balance, but can be even worse because the same skills that make some security practitioners good at their jobs also make them even better at deciding to target or harass women who come forward or speak out.”
People in certain communities talk amongst themselves about who to avoid, sharing horror stories of inappropriate behavior, sexism, and unwanted advances, but it rarely becomes public knowledge.
In the white, male-dominated technology culture that often rejects proposals like Codes of Conduct and abuses those who suggest them, it’s not uncommon for women to form their own support groups to ensure safety at events and work. For instance, at Security BSides, BlackHat, and DEFCON conferences, women attendees have organized via grassroots methods to provide on-demand safety and security for anyone who might need it. Called Backup Buddies, the phone number alert system will ping Erin Jacobs, partner at Urbane Security, via voice and text if someone needs help. Other “Buddies” will be alerted if she is unable to assist.
“The very skills that many people use in their jobs makes it easy for them to compartmentalize their behavior [and] socially engineer situations to make the victim feel guilty, and then cover their tracks however needed,” Irwin said. “While this doesn’t describe the vast majority of people in security or privacy, it describes enough that it’s a problem. Many parts of security have very deep ethical implications, and not everyone working in it has high ethical standards.”
As Honeywell notes in her post, she has the privilege of being able to come forward publicly about her experience. Often, victims of sexual misconduct, assault, sexism, or other inappropriate behaviors stay silent because they come from marginalized communities, are fearful of losing their jobs, face financial instability and concerns over personal safety, or are worried about hostility from their communities.
Even if people do publicly share their stories and appeal law enforcement to help, abusers often don’t receive punishment that the victim or public feels to be appropriate. Consider the case of Brock Turner, a Stanford swimmer recently convicted of sexually assaulting a woman behind a dumpster. He was sentenced to six months of jail time, a punishment many people around the country consider to be laughably lenient.
Honeywell wrote her story publicly to support those who can’t. Her blog post ends with a three-step call to action for those who are “horrified by this and want to take action.” The first is the simplest but hits the hardest: “Believe victims.”
Update 4:44pm CT, June 14: Tor Project core members Alison Macrina and Isis Agora Lovecruft have identified themselves as two of the anonymous authors alleging sexual misconduct by Appelbaum.
If you are a victim of sexual assault or want more information on sexual assault, contact the Rape, Abuse & Incest National Network at 1-800-656-HOPE (4673). If you are a victim of domestic abuse or want more information on domestic violence and resources for victims, contact the National Domestic Violence Hotline online or at 1-800-799-SAFE (7233).