Curated commentary; timely topics View web version

One of the first infosec and privacy professionals to weigh in on Twitter was Eva Galperin (@evacide), Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and well-known digital privacy expert.
“I’ve spent my career helping activists and journalists in authoritarian countries, where it is often wise to think several steps ahead about digital privacy. Now tech workers must apply this mindset to people providing and seeking abortions,” she tweeted.

One topic that immediately pushed to the front in the weeks following the June news was questions surrounding menstrual tracking apps, and whether or not the data could be used to determine a person’s pregnancy and therefore used as evidence if a state wants to prosecute a person who obtains a termination.

But as the conversation unfolded, many noted that while the concerns about period trackers were not unfounded, it surfaces a larger discussion about how all kind of apps are using data that can be weaponized.

“Just because period-tracking apps could be a way to trawl for people who might have had abortions, it doesn't follow that getting rid of your period-tracking app will make you safe. Giving up automated period-tracking imposes a high cost—and it's a cost with very few benefits in terms of security from forced-birth law-enforcement attacks,” argued Cory Doctorow (@doctorow), a privacy activist and journalist, in his blog, Pluralistic. “Why? Well, the data-leakage from some period apps might be ghastly, but it isn't exceptional. Apps—sold as a tool for improving software quality and security by subjecting it to oversight from Google and Apple—are privacy nightmares.”

Whitney Merrill (@wbm312), a privacy and infosec lawyer, agreed with the sentiment.

“Ha this is exactly the rant I went on yesterday on a podcast with the amazing
@privacypen,” she tweeted. “We should care more about the privacy issues of all the apps, not just period trackers.”

Emily Gorcenski (@EmilyGorcenski), a technologist, activist, and writer, said the conversation points to a much larger concern around the need to establish better laws that protect citizens’ privacy in the United States.

“Fears around period tracker data are largely overwrought, but their existence shows how badly we need an American data privacy law,” she said.

Google takes a position on health privacy

Google found its way into the privacy conversation a little over a week later, noting it will immediately delete location history when users visit certain types of sensitive medical facilities, including abortion clinics.

"Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit,” Jen Fitzpatrick, senior vice president of core systems and experiences at Google, wrote in a July 1 blog post

Google also added it considers visits to fertility centers, addiction treatment facilities, domestic violence shelters, and weight loss clinics also to be personal and private and will implement a new feature soon that automatically deletes visits to these kinds of locations.

Digital rights activist Evan Greer (@evan_greer), director of the non-profit Fight for the Future, noted that while the move was positive, Google needs to further consider its collection practices given the amount of data it keeps on users daily.

“This is good in the sense it shows tech companies are feeling the heat to clean up the surveillance hellscape mess they've made. But Google is going to have to do a whole lot more than this if they want to prevent their data hoard from being weaponized against abortion access,” Greer tweeted.


POTUS makes the next privacy move

The conversation about privacy evolved to another level last Friday as President Joe Biden announced plans to sign an executive order that seeks to protect reproductive rights in the wake of the Roe decision. In a fact sheet for the executive order, it addresses several points of concern, including worries about threats to individual digital privacy and the ability of law enforcement to use data as a way to restrict reproductive rights. The order also directs the Federal Trade Commission to examine other protections for those seeking information about and accessing an abortion.

“This is a BIG deal for privacy,” tweeted Tonya Riley (@TonyaJoRiley), a writer with CyberScoop. “Biden goes deep on privacy on the fact sheet on his new Executive Order for protecting reproductive health care.”

But some privacy experts, including Jules Polonetsky (@JulesPolonetsky), CEO of Future of Privacy Forum, thought the order did not go far enough.

“I guess I would have wanted a strong call for federal privacy legislation...and a call for industry to do more to restrict/protect/delete data it holds,” she tweeted.

How are we doing? We’d love to hear how you like this newsletter. Email us at idgnewsletters@idg.com

Related reading:

Location data poses risks to individuals, organizations

App-based location data has been used against individuals, and that presents real risks for those people and organizations. Read More.

 

5 riskiest mobile apps

Unsanctioned applications on corporate mobile devices is a security headache. Here are the five types of apps CISOs never want to find on corporate mobile devices, with strategies for mitigating the risks they pose. Read More.

 

U.S. data privacy and security solutions emerging at the federal level

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own. Read More.

 

About the Author
Joan Goodchild is a veteran writer and editor with 20+ years experience. She writes about information security and strategy and is the former editor in chief of CSO. 

Linkedin Facebook Twitter YouTube
Privacy Policy | Manage Your Subscriptions | Unsubscribe
Advertise with us! | More Newsletters | Our Brands
©2022 IDG Communications, Inc.
140 Kendrick Street
Building B
Needham, MA 02494