Roe draft raises concerns data could be used to identify abortion seekers, providers

Concerns that data gathered from peoples’ interactions with their digital devices could potentially be used to identify individuals seeking or performing abortions have come into the spotlight with the news that pregnancy termination services could soon be severely restricted or banned in much of the United States.

Following the leak of a draft majority opinion indicating that the Supreme Court is poised to overturn Roe v. Wade, the landmark 1973 decision that established the federal right to abortion, privacy advocates are raising alarms about the ways law enforcement officials or anti-abortion activists could make such identifications using data available on the open market, obtained from companies or extracted from devices.

“The dangers of unfettered access to Americans’ personal information have never been more obvious. Researching birth control online, updating a period-tracking app or bringing a phone to the doctor’s office could be used to track and prosecute women across the U.S.,” Sen. Ron Wyden (D-Ore.) said in a statement to The Hill. 

Data from web searches, smartphone location pings and online purchases can all be easily obtained with little to no safeguards.

“Almost everything that you do … data can be captured about it and can be fed into a larger model that can help somebody or some entity infer whether or not you may be pregnant and whether or not you may be someone who’s planning to have an abortion or has had one,” Nathalie Maréchal, senior policy manager at Ranking Digital Rights, explained. 

There are three primary ways that data could travel from individuals’ devices to law enforcement or other groups, according to experts who spoke with The Hill.

The first is via third party data brokers, which make up a shadowy multibillion dollar industry dedicated to collecting, aggregating and selling location data harvested from individuals’ mobile phones that has provided unprecedented access to the daily movements of Americans for advertisers, or virtually anyone willing to pay.

Data brokers boast that they can provide buyers with in-depth pattern data by paying application developers to install their SDKs, essentially packages of code, that will send back data including precise locations. 

That information, experts warn, could easily be used to identify people traveling to get reproductive services.

Two cases of vendors selling aggregated data of people visiting Planned Parenthood facilities have been identified by the tech publication Motherboard this week. The outlet purchased a list of devices entering 600-plus locations over the course of a week from the firm SafeGraph for just $160. Both SafeGraph and Placer.ai, the other vendor Motherboard identified, have pledged to stop offering that info, but there is no guarantee that others will do the same.

“That’s extremely worrisome because if Motherboard can do it then anti-abortion activists can do it,” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, told The Hill.

Anti-abortion activists have a history of targeting clinics that perform abortions and individuals seeking the procedure with violence and harassment. Activist groups have already used phone location data to target ads at people visiting such clinics. 

And despite data sold by brokers being stripped of personal identifiers, that anonymization is flimsy and unlikely to hold, says Zach Edwards, a privacy researcher who audits mobile apps.

Especially if terminating a pregnancy is criminalized, Edwards explained, law enforcement could easily purchase anonymized data, find some evidence of individuals traveling from a state where abortions are banned to one where they are not, and then subpoena for internal data from brokers.

“[Brokers] are openly not minimizing this data internally,” he said, referring to the process of making data less traceable to a person. “They only minimize it externally and do a total shit job at it.”

The second way such data could be obtained is from tech companies themselves.

“Companies have to turn over information in response to subpoenas and other legal orders about all kinds of illegal activity all the time,” Maréchal said.

Search engines could face subpoenas for a list of everyone who sought out advice on how to get an abortion, or rideshare companies could be asked for information about individuals visiting suspected providers. Internet service providers in particular have data that could be very useful for identifying and locating individuals seeking or providing reproductive services.

While these companies could reject requests, more often than not they do comply with both formal and legal requests from law enforcement and federal agencies.

“If abortion is criminalized I absolutely think that government entities will demand that information and I’m not super optimistic about companies’ abilities to fight back effectively,” Maréchal noted.

The third way that data could end up in the hands of law enforcement is directly from digital devices.

Law enforcement officials have increasingly turned to technological tools, dubbed mobile device forensic tools by the nonprofit UpTurn, to extract and analyze information from suspects’ phones.

This is not a theoretical threat — prosecutors have already used phone data to establish intent to terminate a pregnancy.

In a 2017 case in Mississippi, Latice Fisher was charged with second-degree murder after showing up to a hospital after having lost her pregnancy. An investigation was launched based on suspicions tied to her failing to return for an ultrasound after admitting to being pregnant during a check up. Prosecutors used searches for the medical abortion pill misoprostol on her phone, which she turned over voluntarily, as evidence in their argument that she had “intentionally” terminated her pregnancy.

“We have no reason to think that those tools would not also be deployed if abortion were to be criminalized,” Cynthia Conti-Cook, a fellow at the Ford Foundation who closely tracks similar data uses, told The Hill.

Civil society groups have been pushing Congress for years to address America’s data privacy shortcomings. Federal legislation has struggled to break through partisan disagreements over how laws should interact with state standards and whether individuals should be able to sue those who violate restrictions.

Legislation more closely targeted at the potential for federal agencies to obtain data from third party brokers without a warrant, the Fourth Amendment is Not For Sale Act, was introduced earlier this term, but has not been brought up for a committee hearing despite bipartisan support.

“Passing the Fourth Amendment is Not For Sale Act would make it harder for Republican states to persecute women by buying up big databases of information without warrants and then hunt down anyone seeking an abortion,” Wyden, one of the bill’s lead sponsors, said. “But far more needs to be done to protect the rights of pregnant people. Every company that collects, stores or sells personal data should be aware that they could soon be a tool for a radical far-right agenda that is trying to strip women of their fundamental privacy rights.”

In the absence of congressional action, experts encouraged anyone who may provide or seek pregnancy termination services to adopt some digital hygiene tips.

“The people who are in the greatest danger right now and who are likely to be in the greatest danger in the near future are abortion providers and people who are working in abortion support networks,” Galperin said. “Those are people whose work needs to be thoroughly compartmentalized from the rest of their lives”

She recommended that while working those people not use their real names, use separate phones and emails, download a privacy protecting browser and be very cautious about installing applications on their personal phones.

For those who may seek an abortion in a state where doing so is ultimately criminalized, Galperin suggested that they avoid bringing their phones to the procedure or searching for methods to terminate a pregnancy on a browser where they’re logged into other services.

“I have spent more than a decade working with activists who are being surveilled by their governments often in authoritarian regimes, most recently in Russia, and I have seen things go very bad very quickly,” she noted, “which is one of the reasons why I think that people should be thinking about their digital footprint now.”

[Source]
Author: Chris Mills Rodrigo