Searching for a family planning center on Google, chatting with a friend on Facebook… A week after the Roe vs. Wade ruling was overturned by the United States Supreme Court, many abortion advocates fear that personal data collected on the Internet does not become a tool for tracking down illegal abortions. One digital device is of particular concern: menstrual cycle tracking apps.
“Remove your period-tracking apps, immediately.” Since Friday, June 24, this instruction has been massively broadcast on social networks in the United States. For good reason, after the United States Supreme Court overturned the Roe vs. Wade decision, which guaranteed the right to abortion at the federal level, many people are concerned that the data communicated to these applications will not be used to track women who would abort in states where it would become illegal.
Right now, and I mean this instant, delete every digital trace of any menstrual tracking. Please.
— Prof. Gina Neff (@ginasue) June 24, 2022
In total, a third of American women use period monitoring applications, the best known of which are Flo, Clue or Stardust, according to a survey by the NGO Kaiser Family Foundation. They can enter the date of the beginning and the end of their periods, indicate the color of the blood, the flow, give information concerning pain or their sexual relations… Some seek to know the right moment to try to conceive a child , others know in advance the date of their next period. Sometimes it is also to follow a disease like endometriosis. Whatever the reason for its use, the application knows when the woman has her period, how long, if she is late and therefore, in some cases, if she is pregnant. So much very sensitive data in a country where half of the states could soon ban abortion, like Missouri and seven other states which hastened to legislate.
“The data collected on these applications is not protected by the HIPAA law which governs the processing of health data in the United States”, explains Suzanne Vergnolle, doctor of law and specialist in the protection of personal data in Europe and the United States. United. “In other words, these applications can sell or give access to this information to third parties, for targeted advertising, for example. And this information collected can also be communicated to the American justice as part of an investigation.”
The concern is all the more acute as these applications have already been fined for lack of transparency on these issues. In 2021, Flo, which has 43 million users, was convicted of selling sensitive information to private companies, including Facebook and Google, without the consent of subscribers.
But since the beginning of May, when the intention of the Supreme Court to revoke the right to abortion was revealed in the press, the applications show their credentials to reassure their users. Flo and Natural Cycles have thus claimed to be working on total anonymization of the data. Stardust, meanwhile, has announced that it will encrypt its subscriber data. On his side, Clue assured that she would not submit to the demands of American justiceits data being hosted in Europe.
“All data” concerned
If these applications appear as obvious snitches to those who want to fight against abortion, this is not the main source of concern for Suzanne Vergnolle. “Making the link between these applications and an abortion still seems relatively risky”, she nuances. “Many factors can explain disturbances in menstrual cycles. Other corroborating evidence would probably have to be brought forward in the context of legal proceedings.”
For the expert, the danger actually comes from the digital world as a whole. “Justice will need to build up a body of evidence to prosecute, then convict women who resort to illegal abortion and those who help them,” she explains. “The information shared on period-tracking apps can be that. But in reality, it’s all of our digital usage that could be contributing to that.”
When a person discovers an unwanted pregnancy, their first instinct will be, for example, to search on Google to find out what to do, such as finding an abortion pill, or even to find out how to induce a miscarriage. She may also seek to locate an establishment practicing abortion. When the time comes, in the clinic’s waiting room, she will certainly use her phone and perhaps keep busy by browsing a social network that uses geolocation. She may also have confided via messaging to friends or associations for the defense of abortion. However, each of these actions will leave digital traces that could be used by the judicial authorities.
Even before the revocation of Roe vs. Wade, digital data was used in court cases related to the death of a fetus. In 2017, a Mississippi woman was convicted of intentional homicide after giving birth to a stillborn child in her home. Indeed, after a search of her phone and looking at her Google browsing history, investigators had discovered research on how to cause a miscarriage. However, as his conviction caused an uproar, the case was eventually dismissed.
In another case, in Indiana, a woman was also convicted of killing her fetus. The evidence used to indict her: the messages she sent to a friend, where she explained to take abortion pills at the end of pregnancy.
“The difference between today and the last time abortion was banned in the United States is that we live in an unprecedented era of digital surveillance,” summarizes on Twitter Eva Galperin, director of cybersecurity at the Electronic Frontier. Foundation, an organization for the defense of digital freedoms in the United States. And to add: “If technology companies do not want their data to be weaponized against people seeking abortions and those who support them, they must stop collecting this data now. Do not put it on sale. . Not detaining them when a subpoena comes.”
The difference between now and the last time that abortion was illegal in the United States is that we live in an era of unprecedented digital surveillance.
— Eva (@evacide) June 24, 2022
Silence of the digital giants
But unlike menstrual tracking apps, the digital giants remain silent for the time being. Some, like Meta and Microsoft, have certainly announced that they would help their employees who need to travel for an abortion. Uber, for its part, has assured that it will pay the legal costs if one of its drivers is convicted of helping a woman get to an abortion clinic – some states, such as Texas, condemning any person helping someone to have an illegal abortion.
“Some digital giants make a living from the exploitation of our personal data and, even if they have very solid legal teams, they have little leeway if the courts ask them to communicate information”, explains Suzanne Vergnolle.
“Not to mention the risk posed by ‘data brokers’ [ou courtiers en données, NDLR]these companies that buy and collect information on Internet users and then resell it to companies or advertisers”, continues the expert. “Nothing in the law prohibits American justice from buying data from them and they have already done so.”
Draft law and good practice guide
Faced with this threat, abortion advocates are getting organized. On the political side, Sara Jacobs, a Democrat, member of Congress, thus proposed in early June a “My Body, My Data” law, aimed at better protecting Americans’ health data. However, the project is likely to come up against Republican opposition.
Others directly appeal to the digital giants. Several elected officials have written to the CEO of Google to call on him to take responsibility for the risks of this data collection.
Several associations and newspapers have published guides to good practice for women seeking information on abortion. “Use end-to-end encrypted messaging, like Signal, then delete messages; favor private browsing; remove geolocation,” lists The Washington Post.
“It is also essential that all services that help women have abortions – clinics, associations, companies providing abortion pills – strengthen their computer security”, concludes Suzanne Vergnolle. “Authorities will face several logistical obstacles if they seek to identify women who have had illegal abortions. But if the computer systems of these organizations were to be hacked and names were released, it would make their job much easier…” This threat is all the more serious as certain States, such as Texas, encourage the population to denounce.
.