Big Tech silent on data privacy in post-Roe America • The Register
Period and fertility tracking apps have become weapons in post-Friday Roe America.
These seemingly innocuous trackers contain tons of data on sexual history, menstruation and pregnancy dates, all of which could now be used to prosecute women seeking abortions – or instigate digital witch hunts in states that offer abortion bonuses.
Below a law spent last year in Texas, any citizen who successfully sues an abortion provider, health center worker, or anyone who helps someone access an abortion after six weeks can claim at least $10,000, and other US states are following suit.
“We are only steps away from the digital nets for people providing access and potentially for people requesting abortions,” said EFF Cybersecurity Director Eva Galperin. The register.
And fertility tracking apps are just the tip of the digital monitoring iceberg.
Yes, they are “often a privacy and/or security nightmare,” Galperin said. “They track a lot of sensitive health data, including data indicating whether someone is potentially pregnant.” But, she added, there is a bigger concern.
The biggest danger right now is the industry selling location data, location data brokers, and the privacy of your web searches.
“The biggest danger right now is the location data sales industry, location data brokers, and the privacy of your web searches,” Galperin said. “One of the very first steps people take when looking for abortion information is a web search.”
The second step often includes mapping a health clinic or pharmacy that could be visited to purchase an abortion pill.
Who follows the trackers?
However, more than just maps collect location data. All sorts of apps, from weather to retail, use device GPS technology to track users’ locations, and unless someone steps down, these trackers can pinpoint exactly where a user is without no manual data entry.
Location data company Placer.ai, for example, complaints its software is deployed on more than 20 million devices and more than 500 mobile applications. Apparently, this location data allows, for example, Target to display device-targeted ads about nearby stores. But it is also a several billion dollars market, and such location data – including health and reproductive information – can be collected, bought and sold without users’ knowledge.
“Companies collect that data, sell it to data brokers, and data brokers sell it to third parties and sometimes fourth and fifth parties until they can’t figure out where that data is – and that’s very concerning,” Galperin said.
The Supreme Court of the United States decision Friday to overturn Roe v Wade – removing a constitutional right to abortion and allowing individual states exclude the procedural – presents a host of privacy and data security concerns for individuals and businesses across the tech landscape, including search engines, ISPs, app developers, social media platforms and beyond .
What service providers can expect
Last month, as it became increasingly clear that constitutional protections against abortion would soon be removed, EFF warned that “service providers can expect a series of subpoenas and search warrants for user data that could be used to prosecute abortion seekers, providers and attendants.”
The online civil liberties organization also told tech companies to “expect pressure to aggressively police the use of their services,” as well as further requests to hand over information to security forces. order, as such data “may be classified in many states as facilitating a crime”.
The non-profit Center for Democracy and Technology called today’s Supreme Court decision ‘devastating’ and also sounded the alarm over the use of private data to mount criminal cases against people. people.
“This decision opens the door to law enforcement and private bounty hunters seeking vast amounts of private data of ordinary Americans,” said CDT President and CEO Alexandra Reeve Givens. said in a report.
“Data about a person’s reproductive health decisions can also be revealed from sources such as their browser and search histories, email and text logs, app usage reproductive health and other commercial products that many users interact with on a daily basis.”
It’s worth pointing out here that it’s not just data from health apps that could be obtained and used by law enforcement: unencrypted text messages and emails, as well as web searches, are the types of information attorneys. used as evidence in abortion-related cases so far.
Echoing the EFF’s previous call to arms, the CDT called on tech companies to “step up” their actions on digital privacy. This includes enabling end-to-end encryption by default, limiting data collection and sharing it only with trusted partners, and stopping behavioral tracking.
However, for now, it is unclear how big tech will react.
Will tech companies “step up?”
Friday morning, The register contacted Amazon, Microsoft, Google, Meta and Twitter and asked: what will your company do to ensure that the data you collect will not be used to build a case against women seeking abortions and people or organizations providing abortion support?
As of 4 p.m. PT, none of them had responded. Since they typically comply with lawful requests from police and government agents for people’s personal information, during criminal investigations, companies can ultimately find themselves stuck between simply handing over that data or a meaningful overhaul. how they collect and process them.
We also posed this question to several major fertility apps. A few had already issued precautionary statements on the confidentiality of reproductive data.
“As the female co-CEOs of Clue, we promise you that we will never hand over your private health data to any authority who may use it against you”, Carrie Walter and Audrey Tsang wrote. “Your personally identifiable health data regarding pregnancy, pregnancy loss, or abortion is kept private and secure. We don’t sell it, we don’t share it for anyone else’s use, we don’t will not disclose them.”
“We prefer to close”
GP Apps, which makes the popular Period Tracker app, also noted email inquiries from users concerned about Roe’s cancellation and what it means for data privacy.
“We want to assure our users that we are categorically opposed to government excesses and believe that a hypothetical situation where the government subpoenas private user data from apps to convict people of having abortions is a gross violation of human rights,” the company said. wrote.
“In such a scenario, we will do everything possible to protect our uses from such an act,” he continued. “We would rather shut down the business than be complicit in this type of government abuse and violation of privacy.”
Ovia Health, in an email to The registersaid it does not sell data to data brokers and also allows users to delete their data at any time in its apps.
Finally, note that various companies are offer to pay travel expenses for employees who have to go out of state to have abortions.
Galperin said some tell her she was exaggerating the Supreme Court’s decision. Abortion is still legal in just over half of US states. “As a rich, white woman from California, no one is taking my abortions away from me today,” she said.
But she’s an infosec professional. “It’s my job to see threats come before they happen,” Galperin said.
“And my view of where all of this is headed is informed by 15 years of traveling around the world, working with vulnerable populations, including journalists and activists in the Middle East, Africa and South America,” she continued.
“I can tell you that when things go wrong, they go wrong very quickly, and the opportunities to mitigate damage and intervene become fewer and fewer as our rights are taken away from us.” ®