Period and fertility tracking apps have become weapons in post-Friday Roe America.
These seemingly harmless trackers contain tons of data on sexual history, menstrual periods, and pregnancy data, all of which could now be used to prosecute women who want an abortion — or to fuel digital witch hunts in states that offer abortion rewards.
Under a law passed last year in Texas and other US states, any citizen who successfully sues an abortion provider, health center worker or someone who helps someone access an abortion after six weeks can seek at least $10,000 follow this example.
“We are just a few steps away from digital trawls for people providing access and potentially for people seeking abortions,” said EFF Director of Cybersecurity Eva Galperin The registry.
And fertility tracking apps are just the tip of the digital monitoring iceberg.
Yes, they are “often a privacy and/or security nightmare,” Galperin said. “They track a lot of different sensitive health data, including data on whether a person may be pregnant.” But, she added, there’s a bigger concern.
The biggest threat right now is the location data selling industry, location data brokers and also the privacy of your web searches
“The biggest threat right now is the location data selling industry, the location data intermediaries, and also the privacy of your web searches,” Galperin said. “One of the very first steps people take when looking for abortion information is a web search.”
The second step often involves mapping out a health clinic or drugstore that might be visited to pick up an abortion pill.
Who follows the trackers?
However, more than just maps collect location data. All sorts of apps, from weather to retail, use the devices’ GPS technology to track users’ locations, and unless someone opts out, these trackers can pinpoint exactly where a user is without manual data entry.
For example, location data company Placer.ai claims its software is used on more than 20 million devices and over 500 mobile applications. This location data is said to enable Target, for example, to display targeted advertising on devices near stores. But it’s also a multi-billion dollar market, and this location data — including health and reproductive information — can be collected, bought, and sold without users’ knowledge.
“Companies collect this data, sell it to data brokers, and the data brokers sell it to third parties and sometimes fourth and fifth parties until they can’t understand where that data is anymore — and that’s very worrying,” Galperin said.
The U.S. Supreme Court’s decision Friday to overturn Roe v Wade — removing the constitutional right to abortion and allowing individual states to ban the procedure — raises a number of privacy and security concerns for individuals and businesses across the technology landscape, including Search engines, ISPs, app developers, social media platforms and more.
What service providers can expect
Last month, as it became increasingly clear that constitutional protections against abortion were about to be scrapped, the EFF warned that “service providers could face a spate of subpoenas and warrants seeking user data that could be used to track abortion seekers, providers and providers.” .
The online civil liberties organization also urged tech firms “to anticipate pressure to aggressively monitor use of their services,” along with new calls to release information to law enforcement agencies because that data “is classified as facilitating a crime in many states.” can become”.
The Center for Democracy and Technology called today’s Supreme Court ruling “devastating” and also warned that private data is being used to frame criminal cases against individuals.
“This decision opens the door to law enforcement agencies and private bounty hunters seeking vast amounts of private data from ordinary Americans,” CDT President and CEO Alexandra Reeve Givens said in a statement. “Data about an individual’s reproductive health choices may also be disclosed from sources such as their browsing and search history, email and text message logs, use of reproductive health apps, and other commercial products that many users interact with on a daily basis. “
Will tech companies “rise”?
Echoing the EFF’s earlier call to arms, the nonprofit appealed to tech companies to “step up” their efforts to protect digital privacy. This includes enabling end-to-end encryption by default, restricting data collection and sharing it only with trusted partners, and stopping behavioral tracking.
However, it is still unclear how Big Tech will react.
On Friday morning, The registry reached out to Amazon, Microsoft, Google, Meta and Twitter and asked: What will your company do to ensure that the data you collect is not used to build a case against women seeking abortion and against persons or Organizations offering abortion support? ?
As of 4 p.m. PT, neither of them had responded. Because they generally comply with lawful requests from police and government officials for individuals’ personal information, companies can ultimately find themselves stuck between merely handing over that information or significantly overhauling how they collect and process it in the course of criminal investigations .
We also asked this question to several major fertility apps. A few had already posted precautionary statements on reproductive privacy.
“As Clue’s female co-CEOs, we promise that we will never share your private health information with any authority that could use it against you,” wrote Carrie Walter and Audrey Tsang. “Your personally identifiable health information relating to pregnancy, miscarriage or abortion will be kept private and secure. We don’t sell them, we don’t give them to anyone else, we don’t give them away.”
“We’d rather close”
GP Apps, makers of the popular Period Tracker app, also noted email queries from users concerned that Roe was knocked over and what that means for privacy.
“We want to reassure our users that we are firmly opposed to government encroachment, and we believe that a hypothetical situation in which the government subpoenaes private app user data to convict people of having an abortion constitutes a gross violation of human rights,” das wrote Company.
“In such a scenario, we will do everything we can to protect our usage from such an act,” it said. “We would rather shut down the company than be complicit in this type of governmental encroachment and invasion of privacy.”
Ovia Health, in an email to The registrysaid it doesn’t sell data to data brokers and also allows users to delete their data at any time within its apps.
Finally, we note that different companies are offer to pay the travel expenses of employees who have to go abroad for an abortion.
Galperin said some tell her she’s exaggerating the Supreme Court’s decision. Abortion is still legal in just over half of US states. “As a rich white woman in California today, no one is taking my abortions away from me,” she said.
But she’s an infosec pro. “It’s my job to see threats coming before they arrive,” Galperin said.
“And my vision of where this is all going is shaped by 15 years of traveling around the world and working with vulnerable populations, including journalists and activists in the Middle East, Africa and South America,” she continued.
“I can tell you, when things get bad, they get bad very quickly, and the opportunities to mitigate harm and intervene become less and less as our rights are taken away from us.” ®
https://www.theregister.com/2022/06/24/big_tech_post_roe_wade/ Big Tech remains silent on future privacy protections in America after Roe • The Register