Abortion protest in Atlanta, May 14, 2022. Ross Williams/Georgia Recorder

Caption

Internet privacy activists say the end of Roe v. Wade could bring new scrutiny to issues of digital privacy.

Credit: Ross Williams/Georgia Recorder

“Are we starting it today?”

“We can if u want the one will stop the hormones”

“OK”

“Ya the 1 pill stops the hormones an rhen (sic) u gotta wait 24 HR 2 take the other”

“OK”

“Remember we burn the evidence”

“Yep”

Those Facebook messages are part of the evidence against a Nebraska mother and daughter in a case alleging the then-17-year-old received an illegal abortion.

According to the Lincoln Journal-Star, a detective began investigating the teen after receiving a tip that the mother and daughter illegally buried a stillborn child. After finding charred fetal remains, the detective served a search warrant on Facebook to obtain their chat history.

After receiving the messages, the district attorney charged the mother with two new felony charges for performing an abortion after 20 weeks and for performing an abortion without a license.

Facebook’s parent company, Meta, defended its cooperation with the lawful order:

“Nothing in the valid warrants we received from local law enforcement in early June, prior to the Supreme Court decision, mentioned abortion,” the company said. “The warrants concerned charges related to a criminal investigation and court documents indicate that police at the time were investigating the case of a stillborn baby who was burned and buried, not a decision to have an abortion.”

Earlier this month, in a statement that did not mention the Nebraska case, Meta announced an expansion to its end-to-end encrypted messaging with a goal of fully implementing it in 2023.

Had the system been in place, it would not have been able to decrypt the chat records police requested.

People should never assume that any digital conversations they have are fully private, said Michael Owens, a cybersecurity advisor and consultant who serves with the U.S. Marine Corps Cyber Auxiliary, but there are opportunities to improve security.

“That’s one area that people probably should focus on, one area that people should at least be able to investigate and understand that there are applications out there that allow you to have much more of a digital protected space to exchange information, particularly applications like Signal and others that fully do end-to-end encryption of your messages, that allow to revocation of information that has been sent, i.e., it can be deleted upon request,” said Owens, who also ran as a Democrat for Georgia secretary of state this year.

 

Data access

A June investigation by Reveal and the Markup using data on the websites of nearly 2,500 crisis pregnancy centers compiled by University of Georgia researchers found that at least 294 shared information with Facebook, including sensitive data like whether a person was considering getting an abortion, the report found. Facebook told the investigators that it has a policy against sharing sensitive data.

The researchers found that over a third of the websites sent data to Facebook when someone made an appointment for an abortion consultation or pre-termination screening, and at least 39 sites sent Facebook details such as the person’s name, email address or phone number.

Some pro-life marketing services advertise the ability to market directly to women who are searching for abortion services.

“This type of advertising can feel invasive, but it’s the norm for advertising and marketing in 2021,” reads an FAQ on the website for Choose Life Marketing under the frequently asked question, “isn’t it a little creepy?”

“People expect for ads to ‘follow’ them after they look at a website without making a purchase, for example. Ads for the product they didn’t buy will show up on social media and other websites to remind them to return and make the purchase.”

“Virtual geofencing allows you to offer messages of hope to women who visit abortion websites. In a sea of websites and advertisements pressuring women to get abortions, you can shine as a beacon of light offering another alternative.”

Anyone who uses the internet should expect for their data to be available for anyone who could use it, said Andrea Young, executive director of ACLU of Georgia

“It’s kind of the wild, wild west when it comes to digital privacy, and one of the most important factors is the growth of ‘free’ services. If you’re not paying for a service, then you’re the product. To the extent that we’re interacting with free services, the data scraping is what they’re selling.”

 

Geofencing and keyword warrants

In some states like Texas, anyone can file suit against someone who knowingly assists in an abortion, but Georgia requires a higher bar, said New Georgia Project director of legal affairs Tangi Bush.

“Someone in Georgia at this very moment, the way that the six-week abortion ban is written, could not just point to you or anyone else on the street and say, ‘I think you’ve had an abortion,’ and that immediately results in law enforcement trying to get your data, but there are several scenarios, a partner making accusations, other medical professionals making allegations, anyone with standing, they can make an allegation, file a suit.”

To get access to data from a person’s phone, whether it is chat records, location data or information collected by third-party apps, law enforcement typically must show probable cause and obtain a search warrant, just like if they wanted to search your house, but there are other ways for law enforcement to find data.

When the murder case of 31-year-old Mitchell Jones Jr. of Austell went cold, Cobb County Police executed their first-ever geofence warrant with Google.

A geofence warrant allows law enforcement to see which mobile devices were active in a particular area during a certain time. Georgia ranks No. 5 in the nation with 939 geofence warrants sent to Google between 2018 and 2020, according to the company’s data.

In Cobb PD’s case, the warrant helped them find Jones’ killer, but critics say the method casts too wide a net and violates Fourth Amendment protections against unreasonable search and seizure.

“These reverse warrants have serious implications for civil liberties,” wrote Matthew Guariglia, policy analyst for the Electronic Frontier Foundation, a digital civil liberties nonprofit. “Their increasingly common use means that anyone whose commute takes them (by) the scene of a crime might suddenly become vulnerable to suspicion, surveillance, and harassment by police.”

Similarly, digital privacy advocates say they are disturbed by the rising use of keyword warrants, in which they seek information on anyone who searched for a specific term.

In 2020, a search keyword warrant led to the arrest of Michael Williams of Valdosta, an associate of disgraced singer and convicted sex offender R. Kelly. Williams later pleaded guilty to setting fire to a vehicle outside the home of one of Kelly’s accusers.

Abortion rights advocates say geofencing and keyword warrants are among their top fears for the future of digital privacy after Roe v. Wade. In states where abortion is restricted, women could come under scrutiny for searching for abortion services or just being near a clinic, they worry.

“They (can) go back through your search history online and see if you were searching for abortion clinics,” said Owens, the cybersecurity advisor and consultant. “If you decide to take Uber or Lyft, obviously, that information is going to be embedded in that trip. All of these kind of day-to-day activities may not be directly surveilled as far as cameras or someone seeing you walk into a building. I think there’s enough information that can be gathered, just through these types of devices, that can make it pretty apparent about where you were planning on going, when, what time and, and just make it very, very dangerous to be able to keep some level of autonomy in a digital space.”

 

Apps

Soon after Roe v. Wade’s demise was leaked, social media posts exhorting women to delete their fertility tracking apps began to go viral.

The apps can contain sensitive data, including missed periods or miscarriages, which some worry could expose them to allegations of an illegal abortion.

Many of the companies that make these apps are based outside the U.S., and their privacy policies may not stay as they are, said Bush with the New Georgia Project.

“They have a decent amount of deference as to what information they are immediately able to refuse to turnover,” she said. “However, there’s been a large push concerning data privacy. I don’t know if that in turn means they’re going to lose a bit of that deference and other things will be required.”

Consumer Reports compared several popular period tracker apps and recommended three that they found store data locally on your phone or tablet and don’t allow third-party tracking.

Whether it’s a fertility tracking app or a new social media platform, Owens said he hopes more users will take a closer look at those long blocks of text that pop up every time they launch a new app.

“One component of this that we have to talk about is the terms and conditions that one agrees to whenever they install an app,” Owens said. “Rarely, very rarely, does anyone ever actually read through the terms and conditions when they go to the Google Play store to download an app or go to the Apple Store to download an application. Those terms and conditions are very important because they lay out what information is accessible, not only from what you’re interacting with, but in the background, the ability to be able to read your email, to scan through your contacts, to be able to send a text message on your behalf, sometimes to be able to upload information from your calendar and maybe from your Google tracking. It’s important for people to understand that level of sensitivity, because many times we give that information away.”

 

Looking ahead

New York state legislators have filed a bill that would prohibit geo fencing and keyword warrants, and the measure has earned the support of some tech giants — Reform Government Surveillance, a lobbying group consisting of eleven major tech firms including Amazon, Google, Meta and Twitter, gave its backing to the bill, calling it “the first of its kind to address the increasing use of law enforcement requests that, instead of relying on individual suspicion, request data pertaining to individuals who may have been in a specific vicinity or used a certain search term.”

Keyword search warrants are set to receive their first major legal challenge in a Colorado court in the case of a Denver teen who was arrested for starting a deadly house fire after police obtained a list of everyone who searched for the victims’ home address.

Owens said he’s hoping to see Georgia lawmakers adopt a digital privacy rule modeled after the California Consumer Privacy Act of 2018, which grants residents in the state the right to know about and delete personal information collected about them by businesses and to opt out of the sale of their personal information.

“Our tech sector here is booming, our cybersecurity community continues to grow,” Owens said. “I want to see Georgia be on the forefront of where we are with digital privacy and cybersecurity legislation. I think it’s possible. I think it’s very relevant to continue to attract businesses, continue to have a strong workforce.”

Young said she’s heartened by a recent poll commissioned by the ACLU that included a question asking whether Georgians have a general right to privacy when making decisions related to their bodies.

“87% said yes,” Young said. “Overall, Georgians do value privacy, and we’re certainly opposed to any additional authority for law enforcement now in doing digital searches and things like that. Georgians really value privacy, but it should not fall to individuals to protect their privacy.”