By now, it’s common knowledge that a draft of a decision overturning Roe v. Wade has leaked out, which has caused a complete firestorm for activists on both sides of this incredibly controversial issue.
After confirming that the leaked draft opinion was legitimate, Chief Justice Roberts ordered the court’s law enforcement wing to investigate, but the possibility of an even deeper privacy breach may be on the horizon if the court strikes down the 49-year-old law. With the debate heavily focused on (for obvious reasons) the right of women to have total agency over their bodies, there is another important concern that few are talking about.
If Roe v. Wade is overturned, which seems incredibly likely given the recent leak and current political makeup of the Supreme Court, millions of women will also have to deal with data privacy concerns especially in states that are focused on banning the practice of abortion. About 21% of all women in the United States are using female-focused health apps that allow them to track things like ovulation, monthly cycles, and other deeply personal reproductive items. This burgeoning market, now commonly known as FemTech, is expected to grow into a roughly $50 billion enterprise by 2025.
As most people in general have a basic understanding that they are being data mined on social media platforms like Facebook or TikTok, there is a perception thanks to marketing efforts that health apps are safe, secure, and private. Sadly, they are anything but.
Outside of the Roe v. Wade issue, these apps already present a multifaceted problem for their female users. To begin, these apps have not historically fallen under the umbrella of the Health Insurance Portability and Accountability Act, commonly known as HIPAA. HIPAA is the U.S. law that ensures your personal health data cannot be used or given to third parties without your expressed consent. For example, if a woman is pregnant, her doctor cannot pass along this information to a marketing firm specializing in advertising pregnancy items.
Fertility and women’s health apps do not fall under HIPAA compliance and have been known to data data-mine their users typically without their knowledge as studies show that virtually no one reads the End User License Agreements that are often times convoluted and vague.
Further complicating the situation is that one of the largest FemTech apps, Flo, misled its users about their data mining policies and took “no action to limit what these companies could do with the users’ information.” That quote comes from a 2021 Federal Trade Commission complaint filed against Flo. Flo may be one of the most egregious data-miners when it comes to this specific type of app, but there is little doubt they are alone in these types of practices.
This is the backdrop that women face in states whose legislatures support total, or near total, abortion bans.
Consider the case of abortion under Texas law. Once Roe v. Wade is overturned, a 2021 “trigger law” will be revived that states both the woman having the abortion as well as the doctor performing the procedure could face criminal convictions and prison sentences. Outside of Texas, multiple states have trigger laws that would ban or severely restrict abortion statewide. Arkansas, Idaho, Kentucky, Louisiana, Mississippi, Missouri, North Dakota, Oklahoma, South Dakota, Tennessee, Texas, Utah and Wyoming will all enforce their trigger laws which could be tantamount to a slew of legal challenges all over the country.
Imagine a woman in Texas using an app like Flo to track the intimate details of her ovulation cycle and then she gets pregnant. She makes the decision to have an abortion, understanding the legal repercussions of her state. She stops using Flo and travels to a state where the procedure is legal and terminates her pregnancy. Upon her return to Texas, there is suspicion that she left the state for an abortion and the authorities are notified (given that Texas recently deputized their entire state to turn in women who have an abortion for cash, this isn’t farfetched).
This could be the reality if authorities attempt to subpoena these third-party FemTech companies that have been collecting data on their female users. Flo was caught sharing women’s intimate health data with two of the largest data miners in history, Google and Facebook, so turning over sensitive data to state or local prosecutors seems to be in their wheelhouse. They could also subpoena the social media platforms that have been receiving Flo data directly, which is why privacy advocates have been telling women in these vulnerable states to stop using FemTech apps.
Aside from the datamining concerns of these apps, the other issue is simply making a phone call as a pregnant woman, or even owning a cell phone for that matter. Law enforcement can issue geofence warrants, which means that all cell phones within a specific geographical location are given to law enforcement.
Imagine being pregnant and traveling to a state to visit a relative that lives a block away from a Planned Parenthood and your mobile phone location is now collected by Google or your cellular provider and turned over to law enforcement, along with many others. Alternatively, imagine making call to a Planned Parenthood just over the border of your state for non-abortion related health services, which is the majority of services they offer. If a natural miscarry occurs, but a neighbor or family member suspects an abortion occurred, now these items can be used as evidence against the woman.
In that vein, here is how to maintain better privacy as a woman living in a state with abortion restrictions:
-
Do not use apps to track anything reproductive-related. These can be data mined and subpoenaed by law enforcement. It’s best to simply not use these apps altogether.
-
If you have been using an app, then request the removal of your data from the platform. As the USA is lagging behind in data privacy laws, you may have to lie and claim to be either a citizen of the European Union or the state of California. While it’s not the most ethical stance to lie about citizenship, those two entities have laws that require these platforms to delete your information upon request and send you a verification of erasure afterward in a timely manner.
-
Use a personal VPN, or virtual private network, app on your mobile phone and computer. This will allow you to route your internet connection through a friendly state or even a foreign country. In this manner, your internet service provider will only be able to see VPN traffic and not know where you are going on the internet and thus it will be harder to obtain evidence on you.
-
Use a privacy-focused search engine like StartPage. This will return Google results but totally stripped of tracking. Combining this with a more privacy-centric web browser like Brave will help to ensure anonymity.
-
Do not share personal health details on social media platforms or their messenger services. These are data-mined heavily and can easily be subpoenaed in court.
-
When traveling somewhere for sensitive needs, leave your mobile device at home. This is a tough one but remember that all mobile phones are a sea of sensors, even if the GPS function is turned off. Simply turning off your mobile phone is no longer considered secure as they don’t fully turn themselves off when you power them and can be tracked. Cellular towers always know your location relative to theirs so tracking is ubiquitous.
I know the topic of abortion isn’t a fun issue. As a man, I recognize this doesn’t impact me nearly in the same way it does women. My expertise isn’t in healthcare (outside of HIPAA compliance), it’s in cybersecurity and privacy. Still, as we are the most data-mined humans in the history of our species, this aspect of the current situation cannot be overlooked. Privacy advocates, for years, have been sounding the alarm on problems like this but Roe v. Wade should be bringing this to the forefront of our consciousness. If Roe v. Wade is overturned, this goes way beyond the act of having an abortion. It can affect everyone’s privacy rather deeply and that is always cause for concern and assessment.
Think about it this way: there are now potential criminal ramifications attached to simply trying to innocently track your health status online and that should terrify us all.
Nick Espinosa
Nick is the founder and CEO of Security Fantatics, the Cybersecurity/Cyberwarfare division of BSSi2 dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations. As a member of the Board of Advisors for Roosevelt University’s College of Arts and Sciences as well as their Center for Cyber and Information Security, the Official Spokesperson for the COVID-19 Cyber Threat Coalition and a board member of Bits N’ Bytes Cybersecurity Education as well as Strategic Cybersecurity Advisor for the Private Directors Association, Nick helped to create an NSA certified curriculum that will help the Cybersecurity/Cyberwarfare community to keep defending our government, people and corporations from Cyber threats globally. In 2017 Nick was accepted into the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs and technology executives, and is a regular contributor of articles which are published on forbes.com as well as smerconish.com.
