After Dobbs v. Jackson, the Battle Shifts to Digital Privacy v. Surveillance
Since the recent reversal of Roe v. Wade — the landmark decision establishing a constitutional right to abortion — the vulnerabilities of reproductive health data and various other information stored on digital devices or shared through the Web have risen to the forefront.
Menstrual period tracking apps are an example of how technologies that collect information from users could be weaponized against abortions seekers. The apps, which help tens of millions of users in the U.S. predict when they’re ovulating, may provide evidence that leads to criminal prosecution in states with abortion bans, says Anton T. Dahbura, executive director of the Johns Hopkins University Information Security Institute. In states where abortion is outlawed, “it’s probably best to not use a period tracker,” he says.
Following the Dobbs v. Jackson ruling in late June that overturned Roe, even women who suffered a miscarriage could be suspected of having an abortion in some cases. While using these apps in anonymous mode may appear more secure, “data is notoriously difficult to perfectly anonymize,” Dahbura says. “Whether the data are stored on the user’s device or in the cloud, there are ways to connect that data to the user.”
Completely concealing one’s tracks in cyberspace poses enormous challenges. Digital forensics can take advantage of technology such as GPS apps, security cameras, license plate trackers, credit card transactions and bank records to reconstruct a person’s activities,” Dahbura says. “Abortion service providers are also in a world of risk for similar reasons.”
Practicing “good cyber hygiene” is essential. That’s particularly true in states where private citizens may be rewarded for reporting on women they suspect of having an abortion, such as Texas, which passed a so-called bounty hunter law last fall. To help guard against hacking, Dahbura suggests using strong passwords and two-factor authentication when possible while remaining on alert for phishing scams on email or texts.
Another option for safeguarding privacy is to avoid such apps entirely, but that choice will depend on an individual’s analysis of the risks and benefits, says Leah Fowler, research assistant professor at the University of Houston Law Center, Health Law & Policy Institute.
“These apps are popular because people find them helpful and convenient, so I hesitate to tell anyone to get rid of something they like without more concrete evidence of its nefarious uses,” she says. “I also hate the idea that asking anyone capable of becoming pregnant to opt out of all or part of the digital economy could ever be a viable solution. That’s an enormous policy failure. We have to do better than that.”
The potential universe of abortion-relevant data can include information from a variety of fitness and other biometric trackers, text and social media chat records, call details, purchase histories and medical insurance records.
Instead, Fowler recommends that concerned consumers read the terms of service and privacy policies of the apps they’re using. If some of the terms are unclear, she suggests emailing customer service with questions until the answers are satisfactory. It’s also wise for consumers to research products that meet their specific needs and find out whether other women have raised concerns about specific apps. Users interested in more privacy may want to switch to an app that stores data locally, meaning the data stays on your device, or does not use third-party tracking, so the app-maker is the only company with access to it, she says.
Period tracking apps can be useful for those on fertility journeys, making it easier to store information digitally than on paper charts. But users may want to factor in whether they live in a state with an anti-abortion stance and run the risk of legal issues due to a potential data breach, says Carmel Shachar, executive director of the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School.
Consumers’ risks extend beyond period tracking apps in the post-Roe v. Wade era. “Anything that creates digital breadcrumbs to your reproductive choices and conduct could raise concerns — for example, googling ‘abortion providers near me’ or texting your best friend that you are pregnant but do not want to be,” Shachar says. Women also could incriminate themselves by bringing their phones, which may record geolocation data, to the clinic with them.
The potential universe of abortion-relevant data can include information from a variety of fitness and other biometric trackers, text and social media chat records, call details, purchase histories and medical insurance records, says Rebecca Wexler, faculty co-director of the Berkeley Center for Law & Technology. “These data sources can reveal a pregnant person’s decision to seek or obtain an abortion, as well as reveal a healthcare provider’s provision of abortion services and anyone else’s provision of abortion assistance,” she says.
In some situations, people or companies could inadvertently expose themselves to risk after posting on social media with offers of places for abortion seekers to stay after traveling from states with bans. They could be liable for aiding and abetting abortion. At this point, it’s unclear whether states that ban abortion will try to prosecute residents who seek abortions in other states without bans.
Another possibility is that a woman seeking an abortion will be prosecuted based not only on her phone’s data, but also on the data that law enforcement finds on someone else’s device or a shared computer. As a result, “people in one household may find themselves at odds with each other,” says K Royal, faculty fellow at the Center for Law, Science, and Innovation at Arizona State University’s Sandra Day O'Connor College of Law. “This is a very delicate situation.”
Individuals and corporate executives should research their options before leaving a digital footprint. “Guard your privacy carefully, whether you are seeking help or you are seeking to help someone,” Royal says. While she has come across recommendations from other experts who suggest carrying a second phone that is harder to link a person’s identity for certain online activities, “it’s not practical on a general basis.”
The privacy of this health data isn’t fully protected by the law because period trackers, texting services and other apps are not healthcare providers — and as a result, there’s no prohibition on sharing the information with a third party under the Health Insurance Portability and Accountability Act of 1996, says Florencia Marotta-Wurgler, a professor who specializes in online consumer contracts and data privacy at the NYU School of Law.
“So, as long as there is valid consent, then it’s fair game unless you say that it violates the reasonable expectations of consumers,” she says. “But this is pretty unchartered territory at the moment.”
As states implement laws granting anyone the power to report suspected or known pregnancies to law enforcement, anti-choice activists are purchasing reproductive health data from companies that make period apps, says Rebecca Herold, chief executive officer of Privacy & Security Brainiacs in Des Moines, Iowa, and a member of the Emerging Trends Working Group at ISACA, an association focused on information technology governance. They could also buy data on search histories and make it available in places like Texas for “bounty hunters” to find out which women have searched for information about abortions.
Some groups are creating their own apps described as providing general medical information on subjects such as pregnancy health. But they are “ultimately intended to ‘catch’ women” — to identify those who are probably pregnant and dissuade them from having an abortion, to launch harassment campaigns against them, or to report them to law enforcement, anti-choice groups and others in states where such prenatal medical care procedures are now restricted or prohibited, Herold says.
In addition to privacy concerns, the reversal of Roe v. Wade raises censorship issues. Facebook and Instagram have started to remove or flag content, particularly as it relates to providing the abortion pill, says Michael Kleinman, director of the Silicon Valley Initiative at Amnesty International USA, a global organization that promotes human rights.
Facebook and Instagram have rules that forbid private citizens from buying, selling or giving away pharmaceuticals, including the abortion pill, according to a social media post by a communications director for Meta, which owns both platforms. In the same post, though, the Meta official noted that the company’s enforcement of this rule has been “incorrect” in some cases.
“It’s terrifying to think that arbitrary decisions by these platforms can dramatically limit the ability of people to access critical reproductive rights information,” Kleinman says. However, he adds, “as it currently stands, the platforms make unilateral decisions about what reproductive rights information they allow and what information they take down.”