One of the first infosec and privacy professionals to weigh in on Twitter was Eva Galperin (@evacide), Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and well-known digital privacy expert. âIâve spent my career helping activists and journalists in authoritarian countries, where it is often wise to think several steps ahead about digital privacy. Now tech workers must apply this mindset to people providing and seeking abortions,â she tweeted.
One topic that immediately pushed to the front in the weeks following the June news was questions surrounding menstrual tracking apps, and whether or not the data could be used to determine a personâs pregnancy and therefore used as evidence if a state wants to prosecute a person who obtains a termination.
But as the conversation unfolded, many noted that while the concerns about period trackers were not unfounded, it surfaces a larger discussion about how all kind of apps are using data that can be weaponized.
âJust because period-tracking apps could be a way to trawl for people who might have had abortions, it doesn't follow that getting rid of your period-tracking app will make you safe. Giving up automated period-tracking imposes a high costâand it's a cost with very few benefits in terms of security from forced-birth law-enforcement attacks,â argued Cory Doctorow (@doctorow), a privacy activist and journalist, in his blog, Pluralistic. âWhy? Well, the data-leakage from some period apps might be ghastly, but it isn't exceptional. Appsâsold as a tool for improving software quality and security by subjecting it to oversight from Google and Appleâare privacy nightmares.â
Whitney Merrill (@wbm312), a privacy and infosec lawyer, agreed with the sentiment.
âHa this is exactly the rant I went on yesterday on a podcast with the amazing @privacypen,â she tweeted. âWe should care more about the privacy issues of all the apps, not just period trackers.â
Emily Gorcenski (@EmilyGorcenski), a technologist, activist, and writer, said the conversation points to a much larger concern around the need to establish better laws that protect citizensâ privacy in the United States.
âFears around period tracker data are largely overwrought, but their existence shows how badly we need an American data privacy law,â she said.
Google takes a position on health privacy
Google found its way into the privacy conversation a little over a week later, noting it will immediately delete location history when users visit certain types of sensitive medical facilities, including abortion clinics.
"Today, weâre announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit,â Jen Fitzpatrick, senior vice president of core systems and experiences at Google, wrote in a July 1 blog post.
Google also added it considers visits to fertility centers, addiction treatment facilities, domestic violence shelters, and weight loss clinics also to be personal and private and will implement a new feature soon that automatically deletes visits to these kinds of locations.
Digital rights activist Evan Greer (@evan_greer), director of the non-profit Fight for the Future, noted that while the move was positive, Google needs to further consider its collection practices given the amount of data it keeps on users daily.
âThis is good in the sense it shows tech companies are feeling the heat to clean up the surveillance hellscape mess they've made. But Google is going to have to do a whole lot more than this if they want to prevent their data hoard from being weaponized against abortion access,â Greer tweeted.
POTUS makes the next privacy move
The conversation about privacy evolved to another level last Friday as President Joe Biden announced plans to sign an executive order that seeks to protect reproductive rights in the wake of the Roe decision. In a fact sheet for the executive order, it addresses several points of concern, including worries about threats to individual digital privacy and the ability of law enforcement to use data as a way to restrict reproductive rights. The order also directs the Federal Trade Commission to examine other protections for those seeking information about and accessing an abortion.
âThis is a BIG deal for privacy,â tweeted Tonya Riley (@TonyaJoRiley), a writer with CyberScoop. âBiden goes deep on privacy on the fact sheet on his new Executive Order for protecting reproductive health care.â
But some privacy experts, including Jules Polonetsky (@JulesPolonetsky), CEO of Future of Privacy Forum, thought the order did not go far enough.
âI guess I would have wanted a strong call for federal privacy legislation...and a call for industry to do more to restrict/protect/delete data it holds,â she tweeted. |