This article was originally published on Tech Policy Press.
The leak of a draft Supreme Court opinion sounded the alarm that the Court will almost certainly overturn its ruling in the 1973 reproductive rights case Roe v. Wade. Overturning Roe will immediately strip away the right to have a safe abortion in a number of states.
The draft opinion has also reignited concerns about government surveillance and its use of personal data. For decades, law enforcement at the local, state and federal levels have used digital surveillance tactics such as facial recognition, automated license plate readers, data brokers, and even Google’s search history database. Given the danger of states criminalizing abortion, and the various digital tools available to law enforcement and prosecutors, people’s personal health decisions could be subject to government surveillance, in particular by states that seek to monitor any infraction of strict anti-abortion laws. Consider these three areas of particular concern:
1. Consumer-Facing Apps Are Not Covered by HIPAA
Healthcare data shared with providers through telemedicine apps or online patient portals are all protected under the Health Insurance Portability and Accountability Act (HIPAA). However, there are many consumer-facing apps, such as period trackers and health and exercise trackers, that collect significant quantities of information about a user’s body but are not protected as medical records.
For example, Privacy International, a surveillance and privacy watchdog, found that some period tracking apps not only collect data about users’ cycles, but also track information about their sexual behavior and medication intake. Because these consumer-facing apps are not considered covered entities under HIPAA, the companies that create them can also share and sell the data they collect. Just last year, the Federal Trade Commission (FTC) finalized a settlement agreement with Flo Health after the company shared millions of users’ period and ovulation tracking information with marketing and analytics firms, including Facebook and Google.
2. Warrants Allow Police to Access Your Search History and Location
Our digital traces can offer a very personal and intimate picture of our offline lives. For law enforcement agencies, our digital presence is a treasure trove of potential evidence. A couple of tools have become increasingly popular among police: keyword search warrants and geofence warrants. Keyword search warrants are exactly what they sound like: police gaining access to a suspect’s search history. Geofence warrants allow police to search a database to find all cellphones within a particular area and time.
In a post-Roe world, police can obtain a keyword search warrant to identify someone who has searched online for an abortion clinic or other reproductive health services. With a geofence warrant, police can also determine when someone goes to an abortion clinic.
Law enforcement have already used warrants in these ways. In 2017, prosecutors relied on a woman’s internet search results for buying abortion pills online to charge her with the murder of her stillborn fetus. It was also reported earlier this month that data broker SafeGraph was selling aggregated location data about people who visited Planned Parenthood locations.
3. Police Can Buy Data from Data Brokers
The government can avoid warrant requirements altogether when it buys data from data brokers. There are virtually no restrictions on the government as a customer in the surveillance economy. Federal agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have purchased access to databases containing the location information of millions of cellphones and their users. In fact, the data broker market is estimated to be worth about $200 billion.
Existing statutes such as the Electronic Communications Privacy Act (ECPA) require government agencies to follow a legal process to access Americans’ electronic information. The Fourth Amendment of the U.S. Constitution also requires police to obtain a search warrant. However, data brokers are not covered by the ECPA and, as private actors, they are not beholden to the Fourth Amendment. As a result, data brokers can sell user information to government agencies.
For just $160, police can get a week’s worth of data on where people who visited Planned Parenthood came from, and where they went afterwards. The unregulated data broker market is also open to all customers, including anti-abortion groups. In 2016, the CEO of an advertising company worked with anti-abortion groups to send targeted advertisements to women sitting in Planned Parenthood clinics.
When states write new crimes into law, it is up to local prosecutors to decide how to enforce them. Still, Congress has struggled to pass legislation regulating the sale of Americans’ private data or to establish rules for how law enforcement can use digital surveillance tools in investigations.
In the absence of codified protections, individuals must be vigilant and know their rights. Organizations like the Digital Defense Fund and Electronic Frontier Foundation offer detailed guides for steps individuals can take to protect their digital privacy while researching and seeking an abortion or related services.
Currently, data privacy laws provide little protection for individuals. In the post-Roe world, the need for those protections is urgent, and critical.