“Delete Your Period-Tracking Apps” Is a Distraction From the Real Online Privacy Debate
In the days since the U.S. Supreme Court overturned Roe v. Wade, the landmark ruling that established a constitutional right to abortion, anti-tech groups like Fight for the Future and the Electronic Frontier Foundation, have stoked fears that law enforcement agencies could use health, search, and location data from mobile apps to prosecute women who illegally obtain abortions. They’ve spread the dubious advice (now rampant on social media) that users should delete menstrual-tracking apps, urged lawmakers to regulate the tech industry more heavily, and demanded that tech companies delete all potentially sensitive user data. But their proposals would do nothing to protect access to abortion in states where it is now illegal, and they distract from legitimate debates about how to improve online privacy for consumers.
While the best rumors contain elements of truth, the idea that authorities will leverage menstrual-tracking apps to crack down on women seeking abortions is misguided conjecture. While people who obtain abortions in states where it is illegal have reason to be concerned about the legal implications, there is no evidence to suggest that the risk of prosecution is substantially higher for someone using a period-tracking app than someone who is not. Based on past cases against pregnant women, it appears much more likely that prosecutors would use actual medical records, pharmacy purchases, or text messages to build cases instead of the mostly self-reported information from these apps.
That is not to say that law enforcement agencies would not potentially request other user data, such as search histories, electronic transactions, geolocation information, or messages. Indeed, law enforcement agencies routinely request this type of information to investigate crimes. Some digital activists argue that companies should not turn over this information to law enforcement. But companies cannot pick and choose which laws to follow. While they may challenge unlawful requests in court, or lobby for different laws, they ultimately are bound by the same rules as everyone else. It is ironic that anti-tech activists are calling for tech companies to openly flout laws in a democratic, rule-of-law nation, while at the same time complaining that these companies are too powerful and need to be kept on a tighter leash.
Indeed, the expectation should be that the private sector always cooperates with lawful requests from the U.S. government for data. While there should continue to be conditions on when and how government can access potentially sensitive consumer data, this information can be vital to solving crimes and obtaining justice. Attempting to paint lawful government access to digital data as unnecessary surveillance disregards the valuable role this information can play in achieving justice for victims of crimes.
And stronger consumer privacy laws would not change this basic principle. While some apps are marketing themselves to users as being more trustworthy after the Supreme Court’s ruling because they are subject to the European Union’s privacy laws, even European companies must respond to legitimate requests from law enforcement. Indeed, virtually every app has within its privacy policy a note informing users that it may disclose information to the government to comply with legal requests.
Calls to restrict companies from collecting data to make compliance with legal requests pointless are also misguided. The goal should not be to roll back digital progress to a pre-Internet era or create a world in which people can commit crimes without a digital trace. Instead, the goal should be to ensure businesses protect consumer data and government access to private data is reasonable. For example, there are many instances where it does not make sense for service providers to have access to sensitive consumer information. Instead, they should design their systems so that users maintain control of all encryption keys, such as providing end-to-end encryption on messaging apps, although these systems may still generate metadata, and service providers should turn over that information to lawful government requests. Indeed, one of the most compelling defenses in favor of consumers maintaining access to “warrant-proof” encryption is that law enforcement has other options to aid in criminal investigations, such as accessing unencrypted data and metadata.
There are many opportunities for Congress to strengthen consumer privacy and protections against unreasonable searches of digital data, but linking these changes to the highly partisan debate over reproductive rights is illogical in terms of both the policies and the politics. Privacy protections to strengthen civil liberties should not stop at data for reproductive rights. Moreover, if Congress had the votes to pass a law putting this data out of reach of law enforcement, thereby nullifying states’ ability to enforce their abortion laws, then it would also have the votes to uphold abortion rights. Politically, it is a pipedream.
By using the recent Supreme Court ruling as an opportunity to raise funds and elevate their profiles, anti-tech groups are distracting from real opportunities for bipartisan progress on privacy rights for Americans, such as passing a comprehensive federal privacy law, updating the Electronic Communications Privacy Act to ensure American receives Fourth Amendment protections for their data regardless of whether it is stored on a device or in the cloud, and modernizing mutual legal assistance treaties to facilitate lawful government investigations across borders.
