Here, from my colleagues at The 19th, is what abortion laws look like across the US right now. Many states have trigger laws on the books that will take effect as soon as federal abortion protections are eliminated. Notably, states like Texas make it illegal to help someone get an abortion, and allow anyone to sue someone for doing so. Abortion travel bans are also looming: untested laws that would prevent someone from traveling to another state to get an abortion.
It’s remarkable that these sorts of restrictions should be placed on a woman’s right to choose what she does with her body in a democracy. It’s more remarkable still to see vigilante laws go into effect, and to see states weigh up legislation that denies people the right to choose whether to travel to a different state where abortion is legal. (These restrictions don’t exist for assisted suicide, for example, after a Constitutional challenge.)
For most people on the internet, their information journey begins with a service like Google or Facebook. On these services, your search history and other activity can be subpoenaed, meaning that if you go to court, perhaps because someone sued you for trying to get an abortion, it can be used against you. Pro-life organizations are already using Facebook to learn more about potential abortion payments. Earlier this year, a data broker was found to be selling data about people who visited Planned Parenthood.
So what happens if you do need an abortion? What kind of security stance should people take?
The Electronic Frontier Foundation has a guide that sensibly describes compartmentalization, community agreements, and safe browsing. This is really important, smart advice, but it doesn’t go far enough in a world where your cellphone’s location data may reveal that you went to a clinic.
A lot of location data is derived from the apps you use, and it’s usually not obvious which apps send information where. A few years ago, it was discovered that a Muslim prayer app shared information with the US military. It’s not inconceivable that an app wouldn’t, or isn’t, sharing data with law enforcement: although the Supreme Court ruled that law enforcement needs a warrant to get wireless carrier location data, it can buy location data from brokers.
Abortion isn’t the last stop for this kind of legislation or approach: gender affirming care and even marriage equality may be on the docket. Even more broadly, we should all consider whether we want to live in a world where our every private action can be tracked and used against us. Miranda rights state that “anything you say can and will be used against you in a court of law”; we’ve built a reality where anything we do can, too, whether or not we’ve been made aware.
The most effective protection would be a legislature that is in favor of an individuals’s right to choose and to privacy. A group of Senators is seeking a ban on the sale of health location data, following a letter that was sent to Google CEO Sundar Pichai urging the same. But failing legislative protection, pro-choice advocates need to begin building grassroots infosec skills and tools if they want to prevent this data from being used against abortion-seekers. Today, there is very little out there to help.
A few days ago, I asked the question: Who is doing the best work on infosec for women who may be seeking an abortion? As of now, there are no good answers.