This article was first featured in Yahoo Finance Tech, a weekly newsletter highlighting our original content on the industry. Get it sent directly to your inbox every Wednesday by 4 p.m. ET. Subscribe
Wednesday, June 29, 2022
The Supreme Court’s 6 to 3 decision to overturn Roe v. Wade has raised disturbing questions for U.S. consumers seeking abortions online or even researching them.
Could authorities subpoena information from online activity related to abortions? What about workers at major tech firms? Could they gain inappropriate access to users’ reproductive data? What about a Texas women who receives an abortion in New York, where the practice is legal? Could her online data be used against her in Texas?
The answers, experts say, are still unknown.
“It’s all uncharted territory,” Alexandra Givens, president and CEO of The Center for Democracy & Technology, told Yahoo Finance. “The concern is that Texas would enforce … a long arm statute so that they could go after people even for getting abortion services outside of the state.”
To help women seeking abortions, she said, tech companies of all sizes need to reevaluate the data they collect — and consider encrypting it if they don’t already. After all, if data can be used for targeted advertising, it’s not too large of a leap to imagine law enforcement using that same information to prosecute women for having abortions.
Tech companies can be compelled to turn over data
Technology companies ranging from Google-parent Alphabet (GOOG, GOOGL) to Facebook-parent Meta (META) to Microsoft (MSFT) and Apple (AAPL) frequently receive government requests for user data. In many instances, those companies reject the requests as overly broad even if they meet legal requirements.
“They have ways of pushing back, standing up, trying to slow the process down and just showing that they’re not going to just roll over and hand over information without a fight,” explained Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory.
But that doesn’t mean that companies don’t ever turn over data. They absolutely do. According to Meta, of the 59,996 government requests for data received between July and December 2021, the company turned over at least some information 88% of the time.
The reversal of Roe v. Wade has spurred interest in period and ovulation-tracking apps since those contain details related to pregnancies. But those aren’t the only apps that could reveal information about pregnancies. GPS data from a users’ phone or an app can be used to determine if someone has visited an abortion clinic; search information and posts on social media can show whether a person was looking into an abortion; and chat apps can provide information on whether someone helped a person get an abortion.
And all of that could be used against people by the states that outlaw or curb abortion.
“We’ve been on a path of collecting more data than we ever need, with the idea that at some point in time, we’ll be able to utilize that data either to create unique value for the consumer or monetize it in some way, shape, or form,” Ari Lightman professor of digital media and marketing at Carnegie Mellon University, told Yahoo Finance. “But we haven’t really thought through the risk profile associated with data and how it might get collected.”
Law enforcement isn’t the only threat to users’ reproductive privacy, however. Individuals working inside tech companies with access to sensitive user data also pose a threat.
“I’m also worried about insider threats because we have seen time and time again that malicious actors inside companies will misuse their access privileges to particular types of data in order to somehow abuse or harm particular users,” Pfefferkorn explained.
“Companies need to be thinking about themselves as a potential threat vector because of the possibility that some anti-abortion employee may decide to go vigilante and look for people that they can then either try to harass themselves or sue under Texas’s law or rat out to the cops in an antiabortion jurisdiction.”
Protecting data and knowing where it’s going
With so much at stake, companies need to dramatically rethink how they handle data. They’ll also need to determine if they will encrypt user data or not, which could keep companies from even having to worry about turning information over to law enforcement.
“Stopping behavioral tracking would be great,” said Daly Barnett, a technologist with the Electronic Frontier Foundation. “If the data isn’t being collected on end users that could potentially be used against them, then it won’t be exploited. There could also be things like pseudo anonymous access to their services so that users don’t have to identify themselves in order to use them.”
According to Givens, companies could simply choose to significantly limit the kind of user information they collect to keep them from having to even deal with turning over data in the first place.
As for users, they should strive to understand how their information is exploited, she said. That can include reading terms of services, and even using features like Apple’s App Tracking Transparency to prevent apps from tracking your activity across the web.
Everybody who has a smartphone should also understand when they do and don’t have to turn over their phones to law enforcement or even hospital staff members, she added.
As Givens says, “This is a moment for all users, whether you’re directly impacted by Dobbs or not, to push for and focus on stronger privacy protections.”