A leaked draft opinion suggesting US Supreme Court could overturn landmark abortion rights ruling Roe vs. Wade renewed concerns about how US law enforcement could ask tech companies to hand over Americans’ data if they were to prosecute people obtaining or providing abortion services.
Tech companies and data brokers often collect, store and sell years of information about their users. There are few federal regulations protecting this data, making the information, which includes location data, internet searches and communication history, extremely valuable and easily accessible to law enforcement.
This data could also allow law enforcement to easily track people seeking abortion information or abortions in states where the practice is criminalized, reinforcing the need for privacy regulations. data, healthy individual “digital security hygiene” and better retention of company data. Strategies.
“The greater harm is going to be that all of this data that is collected about location, people’s health, menstrual health and pregnancies is now going to be used to find and prosecute people who may or may not be seeking these services. maybe not even looking for those services,” said Cooper Quintin, senior technologist at the digital rights advocacy group Electronic Frontier Foundation. are simply stored in data silos, be used for mass prosecutions, mass arrests and cause very significant harm.”
While there are steps individual users can take to protect themselves and minimize the data they give to companies that may be requested by law enforcement, Quintin says the decisions companies make regarding concerns user data could have far-reaching implications.
“There’s a 100% parallel to climate change – it’s often framed as an individual consumer issue when it’s really up to the companies and institutions that do the most damage and need to do the most work to solve it,” he said.
How the police might search for abortion seekers
Digital security issues around abortion are already manifesting in several US states. “Even though abortion is still legal today in all 50 states, the reality is that many people in this country are already living in a post-Roe world and dozens of people have been criminalized for their pregnancy outcomes. “said Elizabeth Ling, the helpline’s lead attorney. to the If/When/How Reproductive Legal Helpline.
As a result, many people opt for “self-directed” abortion where they receive pills in the mail rather than going to local clinics, Ling said. The Internet has made self-directed abortion options more accessible to those seeking legal and safe avenues of abortion outside of a medical setting. But it has also created a digital footprint that makes it much easier to track an individual’s efforts to get an abortion.
Already, information such as a someone searching the internet for abortion pills has been used in cases of miscarriage and termination of pregnancy. “If Roe is overturned, the need for self-managed abortion will certainly increase, and surveillance of people seeking abortion care will be at an all-time high,” she said.
Today, there are several means of law enforcement can use to access user data. Agencies can simply access your phone whether at the border or through a subpoena. Law enforcement and government agencies may also purchase user information through data brokers, companies such as Lexis Nexis, Equifax and X Mode, which collect, buy and sell user information. Or they can issue subpoenas and warrants to tech companies requesting the data those companies have collected.
Different types of law enforcement requests to technology companies generate different types of user information. In some cases, technology companies may only hand over an individual’s subscriber information in response to certain subpoenas. But there is also broader safeguards that law enforcement are increasingly using that can capture a wide web of consumer information, such as geofencing warrants and keyword search warrants.
In both of these cases, law enforcement asks a technology company for information about all devices that meet certain conditions. In the case of geofencing warrants, the police search for all devices that are in a certain place at a certain time. For keyword search warrants, the police searches all information for devices that search for a certain term on the Internet.
Police have used geofence warrants, for example, to get a list of people who were near an alleged crime scene around the time it happened. Already people have declare that one is a suspect or arrested for a crime he did not commit simply because he was in the wrong place at the wrong time. A keyword search warrant that searches for device information for anyone who has searched for an abortion pill or a geofencing warrant that searches for anyone who was in or around a Planned Parenthood, for example, n is not outside the realm of reality in a post-Roe world. these can all be used to access information about, and potentially criminalize, people seeking or seeking abortions, Quintin said.
While consumers can take a few steps to try to limit the information they share with companies that can then end up in the hands of law enforcement, companies have the most power to protect users, a- he declared. “First of all, I would really like companies to stop working with data brokers and stop selling location data to those data brokers,” he said. But the most important thing companies can do is reduce the amount of data they store about their users, especially since they may not have the power or ability to deny a legal request. as a court-ordered subpoena.
“Any business that doesn’t want to be liable for the massive amount of damage that will result needs to start taking concrete steps to minimize data now,” Quintin said. “So data brokers, stop keeping all data that is not absolutely necessary. Companies, allow your customers to easily delete their data.
Quintin also said companies must encrypt all customer data they store in a way that only consumers can decrypt it. “But it’s a technology challenge that not all companies are ready to take on, although I would say they should, especially companies that deal with women’s health.”
How to Practice “Digital Security Hygiene”
While the lion’s share of the responsibility lies with companies profiting from the sale of data, experts say there is still a lot that individuals can do to practice good “digital security hygiene”.
“Understandably, people may worry about how their efforts to learn about their legal rights and options for ending a pregnancy in order to make the best decision for themselves may be used against them as evidence,” said Ling. “People can go to Repro Legal Helpline resource on internet safety to learn more about steps they can take, such as using a VPN, secure messaging apps like Signal, or preventing others from seeing their search history if they share a device.
In addition to consulting EFF Oversight Survival Guide, Quintin said people who perform or request abortions should consider leaving their phones behind or, if they can’t, turn off their phone and location services. “These are reasonable steps to take if you think what you are doing is going to be criminalized,” he said. He also said that users should enable the disappear messages feature when using services such as WhatsApp and Signal and use Tor browsers to prevent their web browser history from being tracked and recorded.
Abortion providers have a more intense threat model because they are at risk of physical attack, but they can take the same actions as individuals, he said. “It’s the same principle of data minimization: leave as little data as possible behind.”
While there aren’t many secure appointment software options that abortion clinics and providers can use, Quintin said he suspects “it’s something every provider thinks about. very strong right now.”