Get all your news in one place
100’s of premium titles. One news app. Zero ads. Just $10 per month.
Salon

Abortion data breach top concern

A woman holding a smart phone in her hand, typing a message. Getty Images/fizkes

A location data firm said Wednesday that it would no longer sell information about people who visit abortion clinics after reporting on the company's sales raised alarm, but privacy advocates warned that strict regulation is needed to protect patients from such sales—particularly in light of news that abortion rights are likely to be rolled back by the U.S. Supreme Court.

Vice reported Tuesday that data firm SafeGraph has sold sets of aggregated location data regarding people who have visited abortion clinics including Planned Parenthood, showing where patients travel from, how much time they spend at the healthcare centers, and where they go afterwards.

The report sparked outcry from rights advocates including Frederike Kaltheuner, director for technology and human rights at Human Rights Watch, who said activities like SafeGraph's represent "what lack of data regulation means in practice."

Through a product called Patterns, company obtains location data from apps on users' cell phones, with many people unaware that their apps are sending such information to third parties.

SafeGraph sells the aggregated data to anyone on the open market and sold data about visitors to abortion clinics, including more than 600 Planned Parenthood medical centers, over a one-week period in April for just $160 to Vice, according to the outlet.

The data collected by the company includes an analysis of where users appear to live, based on where their cell phones generally are overnight.

"This is how you dox someone traveling across state lines for abortions—how you dox clinics providing this service," Zach Edwards, a cybersecurity researcher, told Vice.

According to CNBC, SafeGraph said Wednesday that its Patterns product will no longer collect data "for locations classified as NAICS code 621410 ('Family Planning Centers')...  to curtail any potential misuse of its data."

In a piece at Wired titled "Tech Companies Are Not Ready for a Post-Roe Era," Alejandra Caraballo of the Harvard Law School Cyberlaw Clinic warned on Wednesday that cell phone and app users may well be unknowingly tracked and targeted via their devices. She wrote:

Companies that traffic in personal, geolocation, advertising, or other data could become digital crime scenes for eager prosecutors armed with subpoenas... There may also be a reckoning for fertility- and menstruation-tracking apps that often sell user data. These apps could be a gold mine for states looking to target pregnant people with surveillance or even institute requirements for pregnancy registration. This idea is not far-fetched; it was proposed in Poland after a similar backsliding of abortion rights led by its conservative judiciary.

"These companies must take active steps to ensure that their technology is not used as a further tool to marginalize pregnant people," wrote Caraballo.

With the Supreme Court's right-wing majority set to overrule Roe v. Wadewrote Joseph Cox at Vice, "people seeking abortions who live in conservative states and can afford to are likely to start traveling to get an abortion. Location data could play into whether and how that travel is identified, making it even more urgent for regulators and lawmakers to consider how location data is collected, used, and sold."

Under laws like one that's currently being debated in Missouri, which would allow residents to sue women who leave the state to obtain abortion care, "location data like this could be used to build the case against a woman," said Democratic strategist Max Burns.

"All of those nightmare 'Abortion Bounty Hunter' laws?" Burns said. "They'll be powered by our data revolution."

Cox noted that forced pregnancy advocates have already proven savvy at using technology to harm women who seek abortion care, with anti-choice groups using location data to send targeted ads to women sitting in Planned Parenthood clinics to pressure them out of obtaining care.

"It's too easy for anyone to take advantage of data brokers' stores to cause real harm," said Electronic Frontier Foundation. "That's why the U.S. needs comprehensive data privacy regulation more than ever."