30
In a moment when dozens of states are poised to curtail abortion access, Washington has been put forward as a safe harbor for reproductive rights.
From Gov. Jay Inslee to health care providers to the largest Seattle-based employers, leaders in the state have committed to ensuring that abortion will be available even if state legislatures elsewhere criminalize it. Pregnant people denied care in their home states will continue to find it in Washington.
But privacy advocates now warn that authorities in other states may use data collected by Washington’s big tech companies to target people who travel here to terminate their pregnancies.
Law enforcement, for example, could use data collected by Microsoft, Amazon and other tech players to identify people who traveled to Washington to terminate their pregnancies.
Companies often collect users’ locations, measure how much time they spend at each spot and record their search histories. The data itself is anonymized, but privacy advocates say it is possible to piece it together using data patterns. Some data brokers include analyses.
Though privacy activists have long warned that too little has been done to protect the massive amounts of data collected by Big Tech, the leaking of a Supreme Court draft opinion indicating the court is poised to throw out prohibitions on excessive state-level abortion restrictions has elevated their concern.
Lawmakers in other states, including Missouri, appear ready to criminalize abortions, even those provided out of state.
“In a post-Roe world, service providers can expect a raft of subpoenas and warrants seeking user data that could be employed to prosecute abortion seekers, providers and helpers,” according to an article co-authored by Corynne McSherry. McSherry is the legal director of Electronic Frontier Foundation, an organization that advocates for digital civil liberties.
In late May, over 40 U.S. lawmakers sent a letter asking Google and Apple to stop collecting what they saw as unnecessary user location data to prevent people who have obtained abortions from being identified. Reps. Suzan DelBene and Pramila Jayapal, both Washington Democrats, signed on to the letter.
“While Google deserves credit for being one of the first companies in America to insist on a warrant before disclosing location data to law enforcement, that is not enough,” the letter said. “The only way to protect your customers’ location data from such outrageous government surveillance is to not keep it in the first place.”
In an interview, DelBene said a strong privacy protection law could help curb the risks people face when seeking abortions in other states. The data can be traced through apps that track menstrual cycles, for example, and through geolocation, she said.
“That availability, that data, could put people at risk,” DelBene said.
Warrants for user data aren’t novel or rare. Google received 11,554 warrants in 2020. These court orders require companies to submit geographic locations on a particular user over a certain period of time.
Amazon, Microsoft, Facebook and Google — all data providers with offices in the Seattle area — did not respond to inquiries about their data privacy policies.
Data might also be available for purchase on the private market. Last month, data broker SafeGraph said it would stop selling abortion information after a Vice investigation showed that it sold location data of visitors at over 600 Planned Parenthood locations, and analyses on where people lived. The price? $160.
As technology has evolved, privacy protections haven’t kept up, said Jennifer Lee, technology and liberty project manager at Washington state’s chapter of the ACLU. People’s information can be used without their consent. The extent of data tracking is unknown, she said.
“Data has always been collected on individuals over a long period of time,” Lee said. “The difference between that data collection is that now the tools have become more sophisticated.”
The 1996 Health Insurance Portability and Accountability Act protects medical files at clinics from disclosure, but it does not protect the data collected by technology companies, brokers and others.
Besides being used to track people seeking abortions, the data could also be used to harass abortion clinics, Lee said. With the data acquired, groups could track down clinics and harass workers and visitors there.
Google’s parent company Alphabet, Apple and Microsoft said they would cover travel costs for employees seeking out-of-state abortions. They did not disclose their policies on data tracking, or said whether they’ll honor court orders related to abortion-related criminal investigations.
Out of 26 states that are expected to ban abortions, 13 have already passed trigger laws. These will immediately go into effect if Roe v. Wade is overturned by the Supreme Court. As a result, the number of people traveling to Washington to get an abortion is expected to increase 385%, with most coming from Idaho and Montana, according to the Guttmacher Institute, a research organization that supports abortion rights.
Other states, such as Missouri, are seeking to pass laws that would ban residents from seeking out-of-state abortions.
The key to protecting user data, EFF’s McSherry said, is comprehensive federal regulations.
“But we’re not there yet, unfortunately.”
That’s hard to predict. Maybe. Probably. Certainly they’ll have access to all kinds of incriminating data and documentation that will be demanded for prosecutions.
But then they won’t be able to repeat endlessly that anti abortion laws will primarily harm LGBTQWERTY and BIPOC “people”. They’ll have to go silent on the matter.
That’s gonna be a tough call for them.
I dunno, it seems like saying the word "woman" has become a crime and the Seattle Times can't be trusted to push back against that.
I would encourage everyone to read the privacy rules that these companies abide by. I know Microsoft takes privacy seriously, particularly when it comes to health data, so if it was data collected by a device or app that they made then their policies would apply, and I know they are strict about user identifiable information. Most global companies are since the privacy laws in the EU are often much more strict than they are in the US. And health data is supposed to be strictly regarded. However, I would think it is probably possible to subpoena something like your calendar data if you have an outlook.com or Gmail mailbox. So don't put down calendar entries like "travel to Canada for abortion", and don't text all 87 of your friends if you think you're pregnant. Text no one. I'm sure someone more well versed than I could put together a comprehensive plan. Remember, nearly every app on your phones tracks your movement. Here's a link to Microsoft's privacy policy, there should be something similar for every company and app you use.
I encourage women to stop using menstrual tracking apps ASAP. They will definitely use your data to prosecute you.