Werd I/O

Yesterday, the Supreme Court overturned Roe vs Wade, undoing fifty years of the right to an abortion in the United States. Here’s The 19th’s continually-updated list of what abortion laws look like across the country. And here’s what might happen next.

On a personal note, at the end of the day I also tested positive for Covid. It’s frustrating, because all I’ve been doing is clearing out a house to move out of it, and I’ve had little to no contact with other people. I have no idea where or who I got it from. It’s a good reminder that the pandemic is not over, and you should be careful, test often, and isolate yourself immediately if you test positive.

We know from a leaked draft decision that over the next few days, it’s likely that the US Supreme Court will issue a ruling in Dobbs vs Jackson that will eliminate federal abortion protections.

Here, from my colleagues at The 19th, is what abortion laws look like across the US right now. Many states have trigger laws on the books that will take effect as soon as federal abortion protections are eliminated. Notably, states like Texas make it illegal to help someone get an abortion, and allow anyone to sue someone for doing so. Abortion travel bans are also looming: untested laws that would prevent someone from traveling to another state to get an abortion.

It’s remarkable that these sorts of restrictions should be placed on a woman’s right to choose what she does with her body in a democracy. It’s more remarkable still to see vigilante laws go into effect, and to see states weigh up legislation that denies people the right to choose whether to travel to a different state where abortion is legal. (These restrictions don’t exist for assisted suicide, for example, after a Constitutional challenge.)

For most people on the internet, their information journey begins with a service like Google or Facebook. On these services, your search history and other activity can be subpoenaed, meaning that if you go to court, perhaps because someone sued you for trying to get an abortion, it can be used against you. Pro-life organizations are already using Facebook to learn more about potential abortion payments. Earlier this year, a data broker was found to be selling data about people who visited Planned Parenthood.

So what happens if you do need an abortion? What kind of security stance should people take?

The Electronic Frontier Foundation has a guide that sensibly describes compartmentalization, community agreements, and safe browsing. This is really important, smart advice, but it doesn’t go far enough in a world where your cellphone’s location data may reveal that you went to a clinic.

A lot of location data is derived from the apps you use, and it’s usually not obvious which apps send information where. A few years ago, it was discovered that a Muslim prayer app shared information with the US military. It’s not inconceivable that an app wouldn’t, or isn’t, sharing data with law enforcement: although the Supreme Court ruled that law enforcement needs a warrant to get wireless carrier location data, it can buy location data from brokers.

Abortion isn’t the last stop for this kind of legislation or approach: gender affirming care and even marriage equality may be on the docket. Even more broadly, we should all consider whether we want to live in a world where our every private action can be tracked and used against us. Miranda rights state that “anything you say can and will be used against you in a court of law”; we’ve built a reality where anything we do can, too, whether or not we’ve been made aware.

The most effective protection would be a legislature that is in favor of an individuals’s right to choose and to privacy. A group of Senators is seeking a ban on the sale of health location data, following a letter that was sent to Google CEO Sundar Pichai urging the same. But failing legislative protection, pro-choice advocates need to begin building grassroots infosec skills and tools if they want to prevent this data from being used against abortion-seekers. Today, there is very little out there to help.

A few days ago, I asked the question: Who is doing the best work on infosec for women who may be seeking an abortion? As of now, there are no good answers.

Photo by Manny Becerra on Unsplash

FIDO is a new authentication technology intended to supersede passwords. Here, passwords are replaced with a biometric input: for example, FaceID or TouchID on Apple devices. iOS, Android, macOS, and Windows are all getting this soon due to an alliance between Apple, Google, and Microsoft.

I think it’s unequivocally great: an open standard that provides better security for end users while simultaneously providing a better user experience. Yay!

But spare a thought for the fintech industry. It’s an open secret that the US financial industry widely uses screen scraping to enable data sharing integrations between entities. As a sector, it’s been incredibly slow to adopt open APIs and other mechanisms that would protect user safety.

Last year, Protocol wrote about screen scraping’s widespread use to integrate payroll systems:

Davis of Atomic said the company has used screen scraping "when user-permissioned APIs are not available." One example is when Atomic needs to connect with state unemployment systems, which typically don't have API connectivity. A Plaid spokesman said the company uses "a combination of API access and screen scraping at the direction of customers."

Technically, it’s not a great solution: by definition, screen scraping requires storing a user’s financial system passwords in clear text. Nonetheless, you can bet that every system that integrates with payroll systems, and almost every system that integrates with banks (at a minimum), uses the technique. The US has badly needed open banking style standards for years.

FIDO is likely to bring an end to this practice: when financial services use FIDO passkeys for authentication, screen scraping becomes impossible. Based on their historical precedent implementing new technologies, it may take years before financial services adopt the standard for authentication. But when they do, it will become impossible for third parties to access those systems without the service provider’s consent.

At this point, one of two things will happen: a set of open APIs for integration will appear and begin to reach adoption, or a whole generation of startups will die. It might be both!

If I was a fintech startup, I’d be establishing a set of open source APIs, forming an alliance with other fintech companies and financial institutions, and doing whatever I could to get traditional financial companies to adopt it before they transition away from password authentication. If I was a fintech investor, I’d be bankrolling this endeavor. If I was the government, I would be enacting strong legislation to force the industry forward (which may require lobbying from companies, investors, and consumers alike). Because otherwise, greater security and a better user experience for consumers looks a lot like an existential threat.

Juneteenth is not the commemoration of the Emancipation Proclamation, when President Lincoln declared that all slaves in the Confederacy were free. (Some Union slaves weren’t free until the passage of the 13th Amendment.) Instead, it celebrates the event, two and a half years later, when emancipation finally reached Galveston, Texas. Ending slavery in the US was a long and drawn-out process.

Arguably, though, not every form of slavery ended. The US still employs slave labor through its prison system, which disproportionately incarcerates people of color and forces them to work for rates as low as $0.23 to $1.15 an hour. Some states, like Texas, Georgia, and Florida, don’t pay prisoners at all.

As the End the Exception campaign by Worth Rises describes it:

Passed in 1865, the Thirteenth Amendment to the U.S. Constitution is celebrated for abolishing slavery and involuntary servitude. However, to the surprise of many, the Thirteenth Amendment includes an exception clause that has been understood throughout history to allow slavery and involuntary servitude to be used as punishment for crime. During Reconstruction, this understanding encouraged the criminalization, incarceration, and re-enslavement of Black people.

Worth Rises maintains a report of corporations that use slave labor, which was last updated in 2020. As part of the report, you can download a filterable Excel spreadsheet of over 4,100 corporations that take advantage of prison labor.

Here are companies I found in the dataset from the internet / telecoms industry which take advantage of this labor, whether through profit or direct use. While I am not responsible for the dataset, any omissions to this list as I filtered from the main dataset are mine and purely accidental. These are names that jumped out to me; I recommend reviewing the whole dataset. It would also be worth considering which of these companies have advocated for Black Lives Matter and similar racial equity movements that seek to dismantle systems of oppression while continuing to engage in these systems.

Some of these were a complete surprise to me: for example, Adobe, Snap, Zoom, ESRI, Rackspace, and Google. They might surprise you, too.

Accenture
Adobe Systems
Akamai
Amazon
AT&T
Blackberry
Blackstone Technology Group
Blue Tech
BMC
Capgemini
Chainalysis
Charter Communications (dba Spectrum)
Cincinnati Bell
Cisco Systems
Deutsche Telekom [which owns 48.4% of T-Mobile]
Dun & Bradstreet
ESRI
Frontier Communications (formerly Citizens Utilities Company)
Google
IBM
Konica Minolta
Kyocera Group
MTM Technologies
NetApp
Nexcom
NTT Data
Onix
Oracle
Palantir
Polycom
Rackspace Government Solutions
Salesforce
SAP Concur Technologies
Snap
Softlayer
Symantec
T-Mobile
Time Warner Cable (dba Spectrum)
TransUnion
UNICOM Global
Venture Netcomm
Verizon
VMware
Zoom Video Communications

Updated to note that these companies may profit from the prison complex rather than use slave labor directly. Photo by Hédi Benyounes on Unsplash.

The 19th, where I now work on technology, is putting on a three-day summit, and you’re invited!

50 Years of Title IX marks 50 years of advances in gender equity in higher education, athletics, the workforce and beyond. The speaker list is genuinely incredible, and includes Elizabeth Warren, Jennifer Doudna (who co-invented CRISPR), Kate Calvin (Chief Scientist and Senior Climate Advisor at NASA), major figures in women’s sports, and representatives across parties.

The whole event streams online, and there’s an in-person day in Washington DC on Friday, June 17 if you’re in the area.

Registration is free, and you should go take a look. It starts today.