In the weeks since POLITICO first published a draft Supreme Court opinion overturning Roe v. Wade, digital surveillance experts and abortion rights advocates have been warning that the decision could make the online world a more dangerous place for those seeking abortions.
Data brokers have already been selling information about people visiting clinics and those who have downloaded period-tracking apps. Prosecutors have a history of using online search data to charge people alleged to have had abortions. Anti-abortion advocates have been accused of trying to hack abortion providers like Planned Parenthood in recent years.
But understanding how exactly these threats could change in a post-Roe world is messy and requires a basic understanding of the ways companies store, sell and use their users’ data. To help make sense of it all, POLITICO is answering questions readers have submitted about data privacy in a post-Roe world.
What are the digital surveillance threats to be concerned about in a post-Roe world?
If Roe is overturned, abortion advocates are worried about a few things: Prosecutors can easily request online search histories from tech companies or look through them on seized phones from those suspected of getting or providing an abortion. Geolocation data from phones has already been sold to data brokers detailing who visited an abortion clinic and when. Period trackers could, theoretically, also share user information about when they missed a week or could be pregnant with law enforcement if faced with requests.
A lot of this is possible because there are few laws on the books regulating how much data companies can collect, store and sell about their users in the United States, making this data easily accessible to prosecutors. Plenty of tech companies comply with judge-approved subpoenas for user data, like online search histories or, if their service isn’t encrypted, messages between users. Law enforcement can also seek out third-party data like phone location or demographic information from brokers to collect even more info.
While some of these issues are already a concern, digital surveillance experts are more concerned how this data is used in a post-Roe world seeing as abortion access will immediately be further restricted in at least 23 states.
But how is all of this information about me even available in the first place?
Each time anyone signs up for an account on a social media platform, streaming service, e-commerce site, financial service and more, they give those companies permission to collect the information shared on those services. Depending on how long a company stores that information, it can be easily accessible to law enforcement empowered with a subpoena from a judge. This is a big reason why privacy advocates encourage encrypted messaging: If a message is properly encrypted, not even the service provider is able to access those messages — keeping them out of reach of law enforcement (in most cases).
As for how much information data brokers have on people, that’s a mystery. The data broker industry has been opaque for years, making it difficult to know which companies sell customer data to whom — although plenty of journalists and researchers have been trying to bring transparency to the industry for years.
How can I safely search online for information about contraceptives, Plan B and abortion pills?
Of course, many people will still need to research ways to safely access abortions even in a world where access is further restricted. Digital surveillance experts have a few tips:
— Use a private browser like Tor to keep online searches anonymous. Some experts also recommend turning to a virtual private network — which reroutes an internet users’ searches through different networks to make it harder to track it back to them.
— Download a browser extension to block ads, cookies and other data trackers that follow us around online. Experts recommend services like the Electronic Frontier Foundation’s Privacy Badger to ensure that advertisers can’t track interest in information about pregnancies and other issues related to reproductive health.
— Only discuss abortion and pregnancies through encrypted services like Signal or Proton Mail. As mentioned earlier, using encrypted services means that tech companies are less likely to have access to the content in private one-on-one conversations. And while law enforcement has been known to work with third-party encryption-breaking services to read those messages, prosecutors and investigators are unlikely to do this for every single investigation because of how time-consuming those efforts can be.
— Consider using phone numbers from Google Voice or another Voice Over IP provider when making calls. Some advocates have raised concerns about phone providers also having access to information about which phone numbers call abortion clinics and hotlines and what content is in our text messages. To combat this, digital surveillance experts tend to recommend using a Voice Over IP service, like Google Voice, so the call logs are saved solely in one place where users can easily delete their call histories and voice mails.
— Even more tips: Many experts have also pointed to resources at the Digital Defense Fund, a group that works with abortion rights groups on ways to stay safe online, for more tips and information.
What’s Congress doing to protect my online data in the meantime?
Lawmakers have introduced a few proposals to regulate how much information companies collect and store about their customers and how much access law enforcement has to it, but many of those proposals are stalled in Congress. Top members of the Senate Commerce Committee have been trying for years to hash out the details of a federal comprehensive privacy bill, which would focus what data is actually collected, while Sen. Ron Wyden (D-Ore.) has been trying to get traction on his Fourth Amendment is Not For Sale Act, which limits what data law enforcement can purchase from data brokers and other outside sources.
But the states are where the real action is: California, Virginia, Colorado and Utah have their own laws regulating company data collection. Connecticut just passed a law that goes into effect next July. Vermont and California also have laws in place requiring data brokers to register with the state and be listed in a public directory in an effort to bring transparency to who all is involved in these third-party data sales. More states have also considered similar legislation.
Regulators at the Federal Trade Commission are also starting to catch onto the issue: Chair Lina Khan told lawmakers Wednesday that this issue is on the agency’s radar. “The fact that we have an entire sub economy on this incentivizing the endless collection of this data — even if the app or service doesn’t require your location — I think that invites us to think hard about whether we need to be setting clear limits on this type of thing,” Khan said during a House Appropriations hearing on May 18.