A leaked draft opinion suggesting the US supreme court may overturn the landmark abortion rights decision Roe v Wade has renewed concerns over the ways US law enforcement could ask tech companies to hand over Americans’ data if they were to prosecute individuals getting or providing abortion services.
Tech firms and data brokers already collect, store and often sell years’ worth of information on their users. There are few federal regulations that protect such data, making the information, which includes data on location, internet searches, and communication history, extremely valuable and easily accessible to law enforcement.
That data could also make it easy for law enforcement to track down people searching for information on or seeking abortions in states where the practice would get criminalized, heightening the need for data privacy regulation, healthy individual “digital security hygiene” and better company data retention policies.
“The biggest harms are going to be that all of this data that is being collected about location, people’s health, menstrual health and pregnancies is going to be now used to find and prosecute people who may be seeking these services or who may not even be seeking these services,” Cooper Quintin, a senior staff technologist at digital rights group Electronic Frontier Foundation, said. “I’m concerned that all this data that’s already out there that’s already been collected and is just sitting in data silos is going to be used for mass prosecutions, mass arrests and do real significant harm.”
While there are steps individual users can take to protect themselves and minimize the data they are handing over to companies that can be requested by law enforcement, Quintin says the decisions companies make when it comes to user data could have far-reaching implications.
“There’s a 100% parallel to climate change – it gets framed a lot as an individual consumer issue when it’s really up to corporations and institutions that are doing the most damage and need to do the most work to solve it,” he said.
How police could search for abortion seekers
The digital security concerns around abortion are already playing out in several US states. “Even though abortion is still legal today in all 50 states, the reality is that many people in this country already live in a post-Roe world and dozens of people have been criminalized for their pregnancy outcomes,” Elizabeth Ling, a senior helpline counsel at the reproductive legal hotline If/When/How.
As a result, many people opt for a “self-managed” abortion where they get pills mailed to them rather than going into local clinics, Ling said. The internet has made self-managed abortion options more accessible to those seeking legal and safe abortion routes outside a medical setting. But it has also created a digital footprint that makes an individual’s effort to seek abortion much more easily tracked.
Already, information such as a person’s internet search for abortion pills has been used in cases dealing with miscarriages and pregnancy termination. “If Roe is overturned, the need to self-manage abortion is certainly going to increase and the surveillance of people seeking abortion care will be at an all-time high,” she said.
Today, there are several avenues law enforcement can use to access user data. Agencies can simply access your phone, whether at the border or through a subpoena. Law enforcement and government agencies can also buy user information through data brokers, companies such as Lexis Nexis, Equifax and X Mode, that collect, buy and sell user information. Or they can issue subpoenas and warrants to tech companies requesting the data those companies have collected.
Different types of law enforcement requests to tech companies yield different types of user information. In some cases, tech companies can only turn over an individual’s subscriber information in response to certain subpoenas. But there are also broader warrants that law enforcement is increasingly using that can capture a wide net of consumers’ information, such as geofence warrants and keyword search warrants.
In both these cases, law enforcement asks a tech company for information on any and all the devices that meet certain conditions. In the case of geofence warrants, police seek all the devices that are in a certain place at a certain time. For keyword search warrants, police seek all the information for devices that search for a certain term on the internet.
Police have used geofence warrants, for instance, to get a list of people who had been near an alleged crime scene at the approximate time that it occurred. Already, people have come forward about being suspected or arrested for a crime they didn’t commit simply for being in the wrong place at the wrong time. A keyword search warrant that seeks the device information for all of those who’ve searched for an abortion pill or a geofence warrant that seeks everyone who was in or around a Planned Parenthood, for instance, is not out of the realm of reality in a post-Roe world. These can all be used to gain access to information on, and potentially criminalize, people who are searching for or researching abortions, Quintin said.
While there are a few steps consumers can take to try to limit the information they’re sharing with companies that can then end up in the hands of law enforcement, companies have the most power to protect users, he said. “First, I would really love for companies to stop working with data brokers, and stop selling location data to these data brokers,” he said. But the most important thing companies can do is to reduce the amount of data they store on their users, especially since they may not have the power or ability to refuse a legal request like a court-ordered subpoena.
“Any company that doesn’t want to be responsible for the massive amount of harm that’s going to come from this needs to start taking concrete steps to data minimization right now,” Quintin said. “So data brokers, stop holding on to any data that’s not absolutely necessary. Companies, make it easy for your customers to actually delete their data.”
Quintin also said companies need to encrypt any customer data that they do store in a way that only allows consumers to decrypt it. “But that’s a technological challenge that not every company is willing to face, although I would argue that they should, especially companies dealing with women’s health.”
How to practice ‘digital security hygiene’
While the lion’s share of the responsibility falls to the corporations that profit from the sale of data, experts say there’s still quite a bit individuals can do to practice good “digital security hygiene”.
“Understandably, people may be concerned about how their efforts to learn about their legal rights and options for ending a pregnancy in order to make the best decision for themselves may be used against them as evidence,” Ling said. “People can go to the Repro Legal Helpline’s resource on internet safety to learn about steps they can take, such as using a VPN, secure messaging apps like Signal, or prevent others from seeing their search history if they are sharing a device.”
In addition to consulting EFF’s surveillance survival guide, Quintin said people providing or seeking abortions should consider leaving their phones behind or if they can’t do that then turning their phone and location services off. “Those are reasonable steps to take if you think that the thing you’re doing is going to be criminalized,” he said. He also said that people should have the disappearing messages feature turned on when they use services like WhatsApp and Signal and to use Tor browsers to avoid having their web browser history tracked and saved.
Abortion providers have a more intense threat model because they are in danger of physical attacks, but they can take the same steps as individuals, he said. “It’s the same principle of data minimization: leave as little data behind as you possibly can.”
While there are not many secure appointment booking software options abortion clinics and providers can use, Quintin said he suspects “that is something that every provider is thinking really hard about right now.”