In a Post-Roe world, the future of digital privacy looks even grimmer
In a Post-Roe world, the future of digital privacy looks even grimmer
Reproductive privacy has become so fraught that government officials and lawmakers are rushing to introduce new policies and bills to safeguard Americans' data
By Natasha Singer and Brian X. Chen
Published: Jul 14, 2022
The sheer amount of tech tools and knowledge required to discreetly seek an abortion underlines how wide open we are to surveillance. (Glenn Harvey/The New York Times)
Welcome to the post-Roe era of digital privacy, a moment that underscores how the use of technology has made it practically impossible for Americans to evade ubiquitous tracking.
In states that have banned abortion, some women seeking out-of-state options to terminate pregnancies might end up following a long list of steps to try to shirk surveillance — like connecting to the internet through an encrypted tunnel and using burner email addresses — and reduce the likelihood of prosecution.
Even so, they could still be tracked. Law enforcement agencies can obtain court orders for access to detailed information, including location data logged by phone networks. And many police departments have their own surveillance technologies, like license plate readers.
That makes privacy-enhancing tools for consumers seem about as effective as rearranging the furniture in a room with no window drapes.
“There’s no perfect solution,” said Sinan Eren, an executive at Barracuda, a security firm. “Your telecom network is your weakest link.”
In other words, the state of digital privacy is already so far gone that forgoing the use of digital tools altogether may be the only way to keep information secure, security researchers said. Leaving mobile phones at home would help evade the persistent location tracking deployed by wireless carriers. Payments for prescription drugs and health services would ideally be made in cash. For travel, public transportation like a bus or a train would be more discreet than ride-hailing apps.
Reproductive privacy has become so fraught that government officials and lawmakers are rushing to introduce new policies and bills to safeguard Americans’ data.
President Joe Biden issued an executive order last week to shore up patient privacy, partly by combating digital surveillance. Civil liberties groups said the burden should not be on individual women to protect themselves from reproductive health tracking, the kind of police snooping that Sen. Ron Wyden, D-Ore., has called “uterus surveillance.”
To be sure, it is too soon to tell how states that have banned abortion might try to prosecute residents for seeking medical treatments that are legal in other states. But some government officials are not waiting to find out.
The governors of Massachusetts and Colorado recently issued executive orders that prohibit local government agencies from assisting other states’ investigations into individuals receiving reproductive health services that are legal in their states, unless required by a court order.
“Everybody is waking up to the realization that privacy is central — central to human dignity and central to democracy,” said Kade Crockford, director of the Technology for Liberty Program at the American Civil Liberties Union of Massachusetts. “And unfortunately, it is now central to reproductive autonomy in half the states in the country.”
How much change might take place is unclear. The tech giants that control how our data is collected — the same ones that have professed for years in marketing campaigns that they care about privacy — have not made plans to substantially change the way they hoover up information.
Google said this month that it would delete entries to location data when people visited sensitive places like abortion clinics. But it declined to say whether detailed geodata — like GPS coordinates and routing information — would also be purged.
Some location data analytics companies, including Foursquare, recently announced that they were restricting the use, sharing and sale of data on consumers’ visits to sensitive locations like reproductive health clinics. But law enforcement agencies with warrants may still obtain such location records.
The phone carriers that operate the backbone of the wireless internet for smartphones have been mum about plans to modify data policies after the reversal of Roe v. Wade. AT&T, T-Mobile and CTIA, a trade group representing the carriers, declined to comment, and Frank Boulben, Verizon’s chief revenue officer, said the company had nothing new to announce.
For now, those seeking to obscure their digital tracks have limited options. Here’s what they are.
Several tools can be employed to combat surveillance, including virtual private networks, encrypted messaging apps, private web browsers and burner email accounts, civil liberties groups and privacy experts said.
Virtual private network
What it does: A VPN creates a virtual tunnel that shields browsing information from an internet service provider. When people use VPN software, their device connects to a VPN provider’s servers. All their web traffic passes through the VPN provider’s internet connection. So if their internet provider was trying to listen in on their web traffic while they were browsing Planned Parenthood’s website, the provider would see only the VPN server’s internet address connected to the VPN service.
What it doesn’t do: A VPN does not conceal a device’s location from a cellular network. That’s because a device has to register to a nearby cell tower before connecting to the VPN, which would reveal the device location to the phone carrier, Eren said.
What it does: When a message is encrypted through a chat service like Apple’s iMessage, Meta’s WhatsApp or Signal, it is scrambled when sent so that it becomes indecipherable to anyone but its intended recipient, and it remains so when it passes through the app’s server and reaches the recipient.
What it doesn’t do: Encryption makes it harder, but not impossible, for law enforcement to get access to the contents of messages. Agencies can, for example, use court orders to seek contents inside an Apple iMessage by requesting access to an iPhone user’s data backed up to iCloud. But Signal, an app funded by donations and grants, retains minimal data on its users, which makes it a must-have app in an anti-surveillance toolbox, researchers said.
What it does: Private web browsers like DuckDuckGo and Firefox Focus surf the web in private mode by default, which prevents a device from creating a record of web searches and visits.
What it doesn’t do: While a private web browser would prevent law enforcement agencies with physical access to a device from viewing a browsing history, it would not conceal browsing data from an internet provider. Also, it would not hide browsing activity from a website operator like Google or Facebook, so users would have to stay logged out of their internet accounts.
Anonymous email address
What it does: People can set up anonymous email addresses with services like ProtonMail, a free encrypted email service, to try to be unidentifiable.
What it doesn’t do: Prosecutors with court orders may compel email services to provide personal data, like a user’s IP address, the string of digits associated with a device, which could be used to identify the person.
Even if all of the above were followed, there would be no foolproof way to escape digital surveillance, and each piece of tech that’s used becomes a new vector for law enforcement to seek data.
There are more extreme techniques for hindering snooping — like using a cheap computer and drilling a hole in its hard drive before tossing it. But those are methods for spies and security professionals, not everyday people.
So leaving the personal tech at home wouldn’t be going overboard, security researchers said. It’s important, they said, that the phone stay powered on to remain connected to the nearby cell tower recording its location. That would cover up a digital trail by creating the illusion that a person never left home.