New digital tools and laws protect abortion seekers’ privacy

New digital tools and laws protect abortion seekers’ privacy


Advocates warn that messages, search history, location data and even menstrual trackers are too easily accessible to police, anti-abortion groups and others.

play

Two years after the Supreme Court overturned Roe v. Wade, reproductive rights and data privacy advocates joined forces to launch a new kind of VPN: the Vagina Privacy Network.

The campaign offers a how-to guide on protecting digital privacy for people who fear their data could be used against them after they have an abortion, particularly those in one of the 14 states that ban the procedure. The seven tips range from using encrypted messaging apps to communicating on burner phones, which campaign creator MSI Reproductive Choices has handed out at reproductive rights marches across the country, said Whitney Chinogwenya, the organization’s global marketing manager.

“Confidentiality is an important part of seeking health information, so we really want to protect that,” Chinogwenya said.

The Vagina Privacy Network is just one of several new tools launched to help people proactively reduce their digital footprint as the legal landscape around abortion and data privacy continues to evolve.

The Electronic Frontier Foundation offers a guide to how digital surveillance works and how to protect yourself, called Surveillance Self Defense . The Digital Defense Fund has a guide to help people seeking abortions protect their privacy by browsing safely without tracking, sending private messages, and securing devices with strong passwords.

Advocates say instant messages, search histories, location data and even menstrual trackers are too easily accessible not only to police but also to anti-abortion groups, friends or family. Authorities have used digital footprints to investigate abortion-related cases long before the Dobbs ruling, including in Indiana, where a woman was convicted of having an abortion in 2015 using evidence such as private text messages and emails.

“There are people who have been targeted and their information has been posted online and their travel routes to and from home and their commutes have also been posted,” said Cynthia Conti-Cook, director of research and policy at the Surveillance Resistance Lab. “There’s a lot of potential use of access to digital information in interpersonal violence, and so the threats can come from within someone’s family, the threats can come from within someone’s community if someone disagrees with you.”

How data can be used against abortion seekers

Before the Supreme Court’s ruling in Dobbs v. Jackson Women’s Health, one piece of advice went viral: Delete your period-tracking apps. But Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, said that simply deleting these types of apps could give you a false sense of security.

“It’s bad advice because this is simply not the data that is being used in these prosecutions right now,” Galperin said.

Galperin said communications on platforms like Facebook Messenger, searches on search engines like Google and location data collected by various apps are among the digital evidence she is most concerned about.

In 2023, a Nebraska woman was sentenced to two years in prison after she pleaded guilty to ordering abortion pills online for her teenage daughter and helping to get rid of the fetus, the Associated Press reported. Norfolk police used a search warrant to access Facebook messages between the two, allowing detectives to charge Jessica Burgess with illegally performing an abortion at 20 weeks, the outlet reported.

Facebook parent company Meta wrote in a blog post about the case that the orders made no mention of abortion and were subject to nondisclosure orders, which have since been lifted.

Conti-Cook, who wrote a 2020 paper on the digital evidence used in abortion prosecutions, found that the targets of abortion-related prosecutions are often people who are “already in the crosshairs of law enforcement and prosecutors,” such as people on parole, probation, or who are being monitored for immigration proceedings.

“It’s being used against people who are already being targeted and criminalized,” she said. “So people who are already in criminalized communities that are dependent on criminalized economies.”

While law enforcement has the most sophisticated tools to extract and interpret personal data, Conti-Cook said that this type of information is also accessible to other third parties. He said reproductive health providers are increasingly the target of online harassment and doxxing.

Last year, a Texas man used text messages to file a wrongful death lawsuit against three women he claims helped his ex-wife terminate a pregnancy. In February, an investigation by a U.S. senator and the Wall Street Journal found that an anti-abortion group used location data to target women who visited 600 Planned Parenthood locations with anti-abortion ads on social media.

“There are many threats coming from different directions,” Conti-Cook said.

“It’s important to know and tell your friends that you have the right to refuse a pat-down,” Conti-Cook said. “You have the right to refuse to give consent to a pat-down of your person, your belongings, your car, your home, your phone.”

What tech companies can do to keep abortion seekers’ data private

The Electronic Frontier Foundation published a guide on steps companies can take to ensure they aren’t collecting sensitive data about people seeking abortions, “so they don’t have it when the government comes looking for it,” Galperin said. She said some companies have taken steps to strengthen privacy protections, but with mixed results. A 2023 Washington Post investigation found that Google wasn’t consistently removing location data from people who visited “highly private” places, including abortion clinics, as the company had promised to do.

The company disputed those claims and said it stands by its promise to delete this data. In December, Google announced it would store location data on a user’s device and encrypt location data stored in the cloud, meaning it will no longer be able to respond to geofence orders from law enforcement once the update rolls out, the company said. Geofence orders allow police to cast a virtual dragnet over crime scenes and locate people’s phones with an accuracy of about 10 feet.

Old cases cracked by mobile phones: How Police Use Geofence Commands to Solve Crimes

That same month, Meta began rolling out end-to-end encryption for Messenger, keeping data completely private between sender and recipient. Both Meta and Google comply with the majority of government requests for user data, according to their own reports.

“Meta responds to government requests for data in accordance with applicable law and our Terms of Service,” the company says on its transparency website. “Each request we receive is carefully reviewed for legal sufficiency, and we may reject requests that appear overly broad or vague or require more specificity.”

Conti-Cook said there’s more tech giants can do like this to thwart broad requests from law enforcement. When asked how period and ovulation tracking app Clue would handle a request for user data from U.S. law enforcement, CEO Audrey Tsang told USA TODAY, “We wouldn’t give up on it.”

“We don’t want our users’ data to be used against them,” she said.

Tsang said that because the company is based in Germany, it is required to follow the European Union’s data protection laws, which she called “among the strictest in the world.” Given that high standard, Tsang said the company has not made any changes to how it handles the sensitive data of its more than 10 million users worldwide following the overturning of Roe v. Wade.

“I think people everywhere were responding to the fear that their data could potentially be used against them in a form of reproductive surveillance,” she said. “I think that’s a very understandable fear. I can relate to that. But we’ve always been very careful about that.”

State lawmakers step up efforts to protect privacy of abortion seekers’ data

Meanwhile, several states, including Washington, Nevada, Connecticut, New York, Vermont, Massachusetts, New Jersey and California, have recently passed or introduced legislation designed to protect sensitive health information, said Amie Stepanovich, vice president of U.S. policy at The Future of Privacy Forum. In Illinois, a new law went into effect in January that bans government license plate data from being provided to law enforcement agencies in states with abortion bans, the AP reported.associated press reported.

As states like Idaho and Alabama attempt to criminalize helping residents travel out of state to obtain a license, An abortionSStepanovich noted that a federal rule related to the Health Insurance Portability and Accountability Act, also known as HIPAA, was recently updated to prevent health care providers from disclosing sensitive information to conduct a criminal, civil or administrative investigation of someone seeking reproductive health care in a state where it is legal to do so.

After hearing concerns from constituents about menstrual tracking apps, Rep. Vandana Slatter (R-Washington) said she looked into the issue and discovered that HIPAA doesn’t apply to all apps and websites. After meeting with dozens of stakeholders, Slatter introduced the My Health, My Data Act, which passed into law in full effect last month.

“The bill first ensures that very personal information about our private health care decisions cannot be collected or shared without your consent. It also protects the data from being sold to third parties,” Slatter said.

The bill would also prevent companies from using geofencing to track when people visit places like doctors’ offices or hospitals and using that data to target them with ads or collect health data, Slatter said. Given the popularity of medication abortion, she said those protections may need to be extended to other vulnerable locations like pharmacies and clinics.

Slatter said she has been approached by several other lawmakers who want to introduce similar legislation, and she hopes for more federal protections for reproductive health data. Stepanovich noted that Congress recently canceled a hearing on a piece of privacy legislation called the American Privacy Rights Act.

“I think ultimately, as we look at the need to protect individuals across the country and make sure that we have privacy protections available to everyone, we may need to see federal action on this,” Stepanovich said. “And I don’t know that we’re in a place where that’s going to happen anytime soon.”

Contributions by: Ryan Autullo, Austin American-Statesman; Kinsey Crowley, Ramon PadillaJavier Zarracina and Brett Molina, USA TODAY; Reuters