• United States




Mobile apps are a privacy nightmare. The Roe decision put them center stage.

Jul 14, 20226 mins
Data PrivacyMobile Security

Concerns about app data and location tracking put digital privacy rights in the cross hairs of abortion access debate

Mobile phone data privacy.
Credit: Thinkstock

When news broke on June 24th that the U.S. Supreme Court had officially reversed Roe v. Wade, declaring that the constitutional right to abortion no longer exists, privacy advocates almost immediately began to ring alarm bells.

The right to an abortion and a right to privacy may seem like disparate freedoms, but the right to abortion access, according to the original 1973 Roe ruling, is based on a right to privacy guaranteed by the Fourteenth Amendment’s due process clause, privacy advocates argue. The concern is that the decision could now have wider-reaching impacts for other kinds of privacy that Americans consider to be a basic right.

“If this reasoning were adopted, it would not only reverse a half century of abortion rights, but it would undermine the Constitution’s long-recognized right to privacy, which has played a role in protecting everything from the right to contraceptives to the right to same-sex marriage,” said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project, in an interview with Mashable.

One of the first infosec and privacy professionals to weigh in on Twitter was Eva Galperin (@evacide), Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and well-known digital privacy expert.

"I've spent my career helping activists and journalists in authoritarian countries, where it is often wise to think several steps ahead about digital privacy. Now tech workers must apply this mindset to people providing and seeking abortions," she tweeted.

One topic that immediately pushed to the front in the weeks following the June news was questions surrounding menstrual tracking apps, and whether or not the data could be used to determine a person's pregnancy and therefore used as evidence if a state wants to prosecute a person who obtains a termination.

But as the conversation unfolded, many noted that while the concerns about period trackers were not unfounded, it surfaces a larger discussion about how all kind of apps are using data that can be weaponized.

"Just because period-tracking apps could be a way to trawl for people who might have had abortions, it doesn’t follow that getting rid of your period-tracking app will make you safe. Giving up automated period-tracking imposes a high cost--and it’s a cost with very few benefits in terms of security from forced-birth law-enforcement attacks," argued Cory Doctorow (@doctorow), a privacy activist and journalist, in his blog, Pluralistic. "Why? Well, the data-leakage from some period apps might be ghastly, but it isn’t exceptional. Apps--sold as a tool for improving software quality and security by subjecting it to oversight from Google and Apple--are privacy nightmares."

Whitney Merrill (@wbm312), a privacy and infosec lawyer, agreed with the sentiment.

"Ha this is exactly the rant I went on yesterday on a podcast with the amazing

@privacypen," she tweeted. "We should care more about the privacy issues of all the apps, not just period trackers."

Emily Gorcenski (@EmilyGorcenski), a technologist, activist, and writer, said the conversation points to a much larger concern around the need to establish better laws that protect citizens' privacy in the United States.

"Fears around period tracker data are largely overwrought, but their existence shows how badly we need an American data privacy law," she said.

Google takes a position on health privacy

Google found its way into the privacy conversation a little over a week later, noting it will immediately delete location history when users visit certain types of sensitive medical facilities, including abortion clinics.

“Today, we're announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit," Jen Fitzpatrick, senior vice president of core systems and experiences at Google, wrote in a July 1 blog post.

Google also added it considers visits to fertility centers, addiction treatment facilities, domestic violence shelters, and weight loss clinics also to be personal and private and will implement a new feature soon that automatically deletes visits to these kinds of locations.

Digital rights activist Evan Greer (@evan_greer), director of the non-profit Fight for the Future, noted that while the move was positive, Google needs to further consider its collection practices given the amount of data it keeps on users daily.

"This is good in the sense it shows tech companies are feeling the heat to clean up the surveillance hellscape mess they’ve made. But Google is going to have to do a whole lot more than this if they want to prevent their data hoard from being weaponized against abortion access," Greer tweeted.

POTUS makes the next privacy move

The conversation about privacy evolved to another level last Friday as President Joe Biden announced plans to sign an executive order that seeks to protect reproductive rights in the wake of the Roe decision. In a fact sheet for the executive order, it addresses several points of concern, including worries about threats to individual digital privacy and the ability of law enforcement to use data as a way to restrict reproductive rights. The order also directs the Federal Trade Commission to examine other protections for those seeking information about and accessing an abortion.

"This is a BIG deal for privacy," tweeted Tonya Riley (@TonyaJoRiley), a writer with CyberScoop. "Biden goes deep on privacy on the fact sheet on his new Executive Order for protecting reproductive health care."

But some privacy experts, including Jules Polonetsky (@JulesPolonetsky), CEO of Future of Privacy Forum, thought the order did not go far enough.

"I guess I would have wanted a strong call for federal privacy legislation…and a call for industry to do more to restrict/protect/delete data it holds," she tweeted.