EXPLAINER: Online privacy in a post-Roe world
The case of a Nebraska woman charged with helping her teenage daughter end her pregnancy after investigators obtained Facebook messages between the two has raised fresh concerns about data privacy in the post-Roe world.
Since before the U.S. Supreme Court overturned Roe v. Wade in June, Big Tech companies that collect personal details of their users have faced new calls to limit that tracking and surveillance amid fears that law enforcement or vigilantes could use those data troves against people seeking abortions or those who try to help them.
Meta, which owns Facebook, said Tuesday it received warrants requesting messages in the Nebraska case from local law enforcement on June 7, before the Supreme Court decision overriding Roe came down. The warrants, the company added, “did not mention abortion at all,” and court documents at the time showed that police were investigating the “alleged illegal burning and burial of a stillborn infant.”
However, in early June, the mother and daughter were only charged with a single felony for removing, concealing or abandoning a body, and two misdemeanors: concealing the death of another person and false reporting.
It wasn’t until about a month later, after investigators reviewed the private Facebook messages, that prosecutors added the felony abortion-related charges against the mother.
History has repeatedly demonstrated that whenever people’s personal data is tracked and stored, there’s always a risk that it could be misused or abused. With the Supreme Court’s overruling of the 1973 Roe v. Wade decision that legalized abortion, collected location data, text messages, search histories, emails and seemingly innocuous period and ovulation-tracking apps could be used to prosecute people who seek an abortion — or medical care for a miscarriage — as well as those who assist them.
“In the digital age, this decision opens the door to law enforcement and private bounty hunters seeking vast amounts of private data from ordinary Americans,” said Alexandra Reeve Givens, the president and CEO of the Center for Democracy and Technology, a Washington-based digital rights nonprofit.
WHY DID FACEBOOK TURN OVER THE MESSAGES?
Facebook owner Meta said it received a legal warrant from law enforcement about the case, which did not mention the word “abortion.” The company has said that officials at the social media giant “always scrutinize every government request we receive to make sure it is legally valid” and that Meta fights back against requests that it thinks are invalid or too broad.
But the company gave investigators information in about 88% of the 59,996 cases in which the government requested data in the second half of last year, according to its transparency report. Meta declined to say whether its response would have been different had the warrant mentioned the word “abortion.”
NOT A NEW ISSUE
Until this past May, anyone could buy a weekly trove of data on clients at more than 600 Planned Parenthood sites around the country for as little as $160, according to a recent Vice investigation. The files included approximate patient addresses — derived from where their cellphones “sleep” at night — income brackets, time spent at the clinic, and the top places people visited before and afterward.
It’s all possible because federal law — specifically, HIPAA, the 1996 Health Insurance Portability and Accountability Act — protects the privacy of medical files at your doctor’s office, but not any information that third-party apps or tech companies collect about you. This is also true if an app that collects your data shares it with a third party that might abuse it.
In 2017, a Black woman in Mississippi named Latice Fisher was charged with second-degree murder after she sought medical care for a pregnancy loss.
“While receiving care from medical staff, she was also immediately treated with suspicion of committing a crime,” civil rights attorney and Ford Foundation fellow Cynthia Conti-Cook wrote in her 2020 paper, “Surveilling the Digital Abortion Diary.” Fisher’s “statements to nurses, the medical records, and the autopsy records of her fetus were turned over to the local police to investigate whether she intentionally killed her fetus,” she wrote.
Fisher was indicted on a second-degree murder charge in 2018; conviction could have led to life in prison. The murder charge was later dismissed. Evidence against her, though included her online search history, which included queries on how to induce a miscarriage and how to buy abortion pills online.
“Her digital data gave prosecutors a ‘window into (her) soul’ to substantiate their general theory that she did not want the fetus to survive,” Conti-Cook wrote.
Though many companies have announced policies to protect their own employees by paying for necessary out-of-state travel to obtain an abortion, technology companies have said little about how they might cooperate with law enforcement or government agencies trying to prosecute people seeking an abortion where it is illegal — or who are helping someone do so.
In June, Democratic lawmakers asked federal regulators to investigate Apple and Google for allegedly deceiving millions of mobile phone users by enabling the collection and sale of their personal data to third parties.
The following month, Google announced it will automatically purge information about users who visit abortion clinics or other locations that could trigger legal problems following the Supreme Court decision.
Governments and law enforcement can subpoena companies for data on their users. Generally, Big Tech policies suggest the companies will comply with abortion-related data requests unless they see them as overly broad. Meta, for instance, pointed to its online transparency report, which says “we comply with government requests for user information only where we have a good-faith belief that the law requires us to do so.”
Online rights advocates say that’s not enough. In the Nebraska case, for instance, neither Meta nor law enforcement would have been able to read the messages had they been “end-to-end encrypted” the way messages on Meta’s WhatsApp service are protected by default.
“Meta must flip the switch and make end-to-end encryption a default in all private messages, including on Facebook and Instagram. Doing so will literally save pregnant peoples’ lives,” said, Caitlin Seeley George, campaigns and managing director at the nonprofit rights group Fight for the Future.
BURDEN ON THE USER
Unless all of your data is securely encrypted, there’s always a chance that someone, somewhere can access it. So abortion rights activists suggest that people in states where abortion is outlawed should limit the creation of such data in the first place.
For instance, they urge turning off phone location services — or just leaving your phone at home — when seeking reproductive health care. To be safe, they say, it’s good to read the privacy policies of any health apps in use.
The Electronic Frontier Foundation suggests using more privacy-conscious web browsers such as Brave, Firefox and DuckDuckGo — but also recommends double-checking their privacy settings.
There are also ways to turn off ad identifiers on both Apple and Android phones that stop advertisers from being able to track you. This is generally a good idea in any case. Apple will ask you if you want to be tracked each time you download a new app. For apps you already have installed, the tracking can be turned off manually.