With Roe v. Wade Overturned, Your Abortion Searches Could Be Used to Prosecute You

The Supreme Court's decision to overturn Roe v. Wade comes with a host of privacy concerns for people seeking health care.

The US Supreme Court overturned on Friday the 1973 landmark decision Roe v. Wade, triggering near-immediate abortion bans and restrictions across at least 16 states. Already, the digital trails of abortion seekers can become criminal evidence against them in some states where abortion were previously prosecuted. And the legal dangers may extend to abortion seekers in even more states.

Third-party data brokers sell sensitive geolocation data -- culled through a vast web of personal tracking tech found in apps, browsers and devices -- to law enforcement without oversight. Democrats' last-ditch effort to pass an abortion-protection act in May failed in the Senate, with all Republicans and one Democrat voting against it. The bipartisan data privacy legislation now slowly inching through Congress is widely thought toothless. Meanwhile, the Federal Trade Commission's enforcement failures have historically allowed privacy-offending corporations to skirt penalties, and the White House hasn't yet offered an executive order on either privacy or abortion.

Oklahoma and Texas, which have so-called bounty hunter laws in place, are relying on civilian enforcement of abortion restrictions by promising $10,000 or more to would-be informants who successfully sue abortion providers and those who help abortion seekers. Given the inexpensive cost of readily available stores of personal data and how easily they can be de-anonymized, savvy informants could use the information to identify abortion seekers and turn a profit.

As some states have curtailed abortion access in the past few years, these data sets have become richer, with more precise, sensitive and personally identifiable information. Telemedicine abortions have been on the rise, along with the amount of abortion-related web browsing data surveilled by both commercial and law enforcement entities.

The result: Your phone's data, your social media accounts, your browsing and geolocation history, and your ISP's detailed records of your internet activity may all be used as evidence if you face state criminal or civil charges for a miscarriage.

This risk has grown now that the Supreme Court has overturned Roe v. Wade, breaking with five decades of legal precedent giving women the right to an abortion.

Though the right to an abortion is no longer constitutionally protected, abortion remains legal in several states. However, a number of Republican-led states have introduced or enacted legislation severely curtailing access to an abortion. And some have enacted near-total bans on abortion -- notably Texas, whose law the Supreme Court previously allowed to stand.

Some states had already moved to protect abortion rights in the event federal protections were overturned, but 26 states previously passed anti-abortion "trigger laws" that now go into effect immediately to restrict patients' rights. It's still a legal gray area in some cases, but most of those state laws include language that could be interpreted to include self-managed abortion. More than two dozen laws would allow police to arrest you for seeking an abortion -- or for simply failing to satisfy police investigations into your miscarriage.

It's not just abortion patients who are at risk of surveillance and arrest. Those who aid abortion seekers could be charged as accomplices in some cases.

Abortion medication is safe. But now that Roe is overturned, your data isn't.

When abortion is a crime, police surveil it like one
The risks aren't just hypothetical.

Latice Fischer spent two years in jail because she had a miscarriage in 2018 after Googling abortion pills, and Mississippi authorities used her search as evidence when they charged her with second-degree murder. Indiana resident Purvi Patel's text messages to her friend and her online abortion pill purchase were both used as evidence against her when she was jailed in 2015 for alleged feticide. She spent three years in prison before her conviction was overturned.

Meanwhile, Georgia police attempted to use federal DNA criminal databases in 2018 to track down the origin of a 20-week-old fetus. Government surveillance of period and pregnancy data came to light again in 2019, when the director of Missouri's health department was discovered tracking menstrual cycles of Planned Parenthood patients.

In Oklahoma, three new laws aren't explicitly aimed at abortion seekers or providers but nonetheless stand to sharply increase police access to geolocation data. One law requires wireless carriers to immediately provide call location data to police on request, and to work with the Oklahoma Bureau of Investigation. Another raises questions around mandatory reporting requirements as it formalizes 911 operators into "first responders." A third gives county officers, including sheriffs, the green light to hire more data processing and IT staff.

These kinds of laws, which allow police to access more data, are already cause for concern, and criminal defense lawyers had previously sounded the alarm about potential mass incarceration if Roe was overturned. Women are already the fastest growing demographic in US prisons, with Latina and Hispanic women 20% more likely to face incarceration than white women. The trend is driven overwhelmingly by state and local imprisonment rates, with the sharpest decade-over-decade increases found in Oklahoma.

US state legislatures passed 108 abortion restrictions in 2021 alone, according to the Guttmacher Institute. As of 2020, 38 states already had "fetal homicide" laws in place; 10 of those states have nothing exempting the pregnant person from prosecution. And even in states with prosecution exemptions, women have still been arrested for losing a pregnancy and, in some cases, for failing to notify the police quickly enough when miscarrying or surviving a stillbirth. Between 1973 and 2005, women were charged with crimes related to their own pregnancy in 68 cases nationally. And as of 2020, at least 20 states had opened investigations into women accused of self-managed abortions, indicating that the currently gray area in anti-abortion legislation may soon be clarified by local prosecutors' interpretations.

Between 2006 and 2015, Alabama led the nation in turning pregnant women into felons, prosecuting nearly 500 for allegedly exposing a fetus to controlled substances, even when they were prescribed. Alabama is just one of 45 states that have prosecuted pregnant women for drug use. In 2021, the American Bar Association estimated that nearly 1,200 women in the US had faced criminal charges based on pregnancy outcomes since 1973.

Notably, Texas law SB8, which bans abortion in the state from as early as six weeks, doesn't actually include a criminal penalty if someone obtains an abortion for themselves. But that didn't stop police in Rio Grande from arresting Lizelle Herrera and charging her with first-degree murder after she showed up a hospital presenting signs of pregnancy loss.

Whether or not abortion seekers face criminal penalties in their home state after terminating their own pregnancy, the patient's own private data may still become a liability to their safety as it flows from tech giants and health care providers into police hands.

Researchers have sounded privacy alarms for years
Law enforcement agencies' use of a digital surveillance arsenal -- and collected data -- continues to grow with little oversight, presenting a more legally threatening environment for abortion seekers than what the country knew pre-Roe, according to Salon's Amanda Marcotte.

But spending millions of dollars on database-building and the local use of high-powered mobile tracking tools may still be more cumbersome for law enforcement agencies than simply reusing data obtained under unrelated subpoenas. In 2021, a Wisconsin man's cellphone contents were collected by law enforcement in one county without a warrant and then -- after he was cleared of charges and the case was closed -- the same data was used by law enforcement in a different county for an unrelated case.

Easier than reusing evidence, law enforcement can simply request private data from ISPs and wireless carriers like AT&T. Verizon has been selling customer location data for years and already collates crowdsourced location data for its police partners -- boasting of its nearly real-time tracking capabilities. Both are among the six providers called out by the FTC in October for tracking and selling massive amounts of customer data. The GOP, FBI and police have repeatedly asked those same providers to track customer data.

Data giants like Google, Apple, Facebook and Twitter also readily hand over users' personally identifiable data to law enforcement when requested to. But the companies are now under investigation by federal authorities after being duped into fulfilling fake legal requests that were then used to target and sexually extort women and minors.

These surveillance tactics are among the reasons cybersecurity researchers are increasing calls to action around the privacy of abortion data, spotlighting not just general data vulnerabilities around the web, but geolocation-specific data gathered through mobile apps and made available for purchase by third-party data brokers.

Following the Supreme Court's Roe v. Wade draft opinion leak in May, sharp warnings from privacy experts swept across Twitter. The Electronic Frontier Foundation's cybersecurity director, Eva Galperin, pointed to the resurgence of data privacy concerns regarding apps that track menstrual cycles.

"If you are in the US and you are using a period tracking app, today is good day to delete it before you create a trove of data that will be used to prosecute you if you ever choose to have an abortion," Galperin tweeted.

As first noted by Kaiser Health News, a 2019 BMJ study found that 79% of the 24 health apps identified in the Google Play Store routinely share data. That number may seem small, but the apps collected 28 different types of data and shared it across an even larger net of entities.

"Fifty-five unique entities, owned by 46 parent companies, received or processed app user data ... suggesting heightened privacy risks," researchers said. "These apps claim to offer tailored and cost effective health promotion, but they pose unprecedented risk to consumers' privacy given their ability to collect user data."

Consumer Reports analyzed eight of the most popular period and fertility apps in 2022 and 2020, finding that only three -- Drip, Euki and Periodical -- stuck with privacy-protective, local-only data storage and were totally clean of third-party trackers.

The privacy alarms have been sounding for years. In a 2018 Defcon appearance, a security researcher who goes by the name of Pigeon detailed the extent of surveillance vulnerability among those who seek information on abortion and called on security researchers to help bolster health privacy efforts.

"We have the opportunity to lend our security skills to those disproportionately likely to experience surveillance: those seeking to self-induce abortions by ordering medication online," she wrote in her post.