Tech giants brace for legal mess of abortion data subpoenas

(Bloomberg) — Tech giants including Apple Inc., Microsoft Corp. and Google, facing questions about whether they will hand over users’ personal data to authorities seeking evidence about people seeking abortions, brace for quagmire. multi-state legal framework governing privacy in a post-Roe world.

Bloomberg’s Most Read

From map searches to private messages, a wealth of information stored in companies’ data centers could be used as a digital breadcrumb trail linking a patient to the termination of a pregnancy, a procedure that is restricted in several US states, after the Supreme Court overturned Roe v. Wade. The largest tech companies, which have filed high-profile legal opposition to law enforcement data requests in the past, have been silent about what they will do in these cases. Consider a hypothetical online search for abortion pills: A woman in Texas searches for “mifepristone” and purchases it from a New York pharmacy. Google may have a record of the web search and the receipt may arrive in a Microsoft Outlook inbox. Google is based in California and Microsoft is based in Washington, but the digital records of your queries and inbox may be stored in Google’s data center in New Albany, Ohio, or Microsoft’s in Des Moines, Iowa. law enforcement officials in Texas seek evidence from Google or Microsoft, a clash of four different sets of state laws and two companies may ensue. It’s a question that could be replicated across a host of different online services and data sources, and involve information that in many states could incriminate not only patients, but also their confidants and health care providers.

“The world has changed in many fundamental ways since 1972, from the pre-Roe world, but one of the biggest ways it’s changed that’s relevant here is that we have a digital surveillance apparatus that didn’t exist before,” Corynne said. McSherry, legal director of the Electronic Frontier Foundation, a San Francisco-based digital rights advocacy group. “It’s going to be very, very complicated, and a lot will depend on what companies decide to do in terms of pushback.”

The situation may put tech companies under the sharpest pressure on data-sharing practices since the backlash that followed Edward Snowden’s revelations about big corporations cooperating with US government surveillance. in 2013. Those revelations prompted some companies, like Microsoft, to issue specific public assurances to customers about how they would handle government data requests and how they would fight them in certain cases. Read More: Deadly abortion misinformation sounds alarm bells for doctors, TikTokTech companies already under pressure to similarly oppose abortion-related data requests. Still, because views on abortion in the US are so polarized, it’s almost certain that the companies will meet pushback no matter what they decide to do, which may be why they’re keeping quiet for now, waiting for specific requests to publicly communicate a broad policy.

Some are taking the first steps to reassure customers. Google said on July 1 that it will automatically remove location tracking logs from users’ visits to sensitive places, including abortion clinics, and make it easier to remove period logs from its Fitbit app. The Alphabet Inc.-owned search giant also underscored its history of fighting government requests for information the company deems inappropriate. broad or legally objectionable,” the company said in a blog post. Google declined to specify whether it would combat abortion-related data requests and made no mention of the changing legal landscape at all.

Apple said it builds privacy protections into its products and is particularly vigilant about software and devices related to health care. For example, if a user’s iPhone is locked with a passcode, fingerprint, or Face ID, health and fitness data is encrypted. In the latest version of the operating systems for the company’s watches and phones, if users opt in to two-factor authentication, Apple cannot view health and activity data, including information in period tracking features. the health app. Apple also imposes privacy requirements on developers who sell through its App Store. The company did not comment on how it might respond to an abortion-related arrest warrant or summons to obtain user data.

Microsoft, which runs big email and chat apps, also declined to say what it will do. So did Meta Platforms Inc., owner of Facebook, Instagram and WhatsApp. Amazon.com Inc., the largest cloud infrastructure company and owner of health care services such as Amazon Care and Amazon Pharmacy, also declined to comment.

Microsoft and Apple just a few years ago fiercely fought demands from the US government or law enforcement to hand over user data or unlock phones, and won the support of many other tech companies and antitrust advocates. privacy for your postures. Apple in 2016 refused to unlock the phone of one of the gunmen in a mass shooting in San Bernardino, California, even after the FBI sued it. Microsoft took the US Department of Justice all the way to the Supreme Court over the company’s refusal to hand over emails from a suspected drug trafficker that were stored in Ireland. It’s unclear whether the companies will fight to protect women and health care providers. facing possible prosecution for abortions. The situation is complicated by the patchwork of state laws on reproductive choice and an industry in which data is not always stored in the state where a patient resides or where a company is headquartered. Patients may have to travel elsewhere to seek care or pills, and it is not known which jurisdiction would prevail in a data dispute. Businesses will face arrest warrants and citations in both civil and criminal cases. Read more: Anti-abortion companies lure pregnant teens online, save their data

There are also various state laws that specifically protect the privacy of health care data, as well as the federal Health Insurance Portability and Accountability Act, or HIPAA. The rules are different based on how a company is classified and what kind of personal information it holds, said Iliana Peters, a shareholder in the Washington, DC, law firm Polsinelli. Because health plans and care providers that accept insurance from those insurers are covered by HIPAA, cloud computing providers that store data for them may also be covered.

At the same time, a court order signed by a judge or court order could allow a HIPAA entity to provide the data, Peters said, but “the entity could challenge the order if it has a strong intention not to disclose that information.”

Some companies have referred to previous statements and policies when asked how they would handle abortion-related requests for personal data. “We always examine every government request we receive to make sure it’s legally valid, no matter which government makes the request,” Meta said in May. “We comply with government requests for user information only when we believe in good faith that the law requires us to do so. Additionally, we assess whether a request is consistent with internationally recognized human rights standards.”

Most big tech companies post regular updates on the number of requests they receive from courts, governments, and law enforcement in the US and other countries. Still, those reports indicate that companies comply with the vast majority of requests. In its most recent roundup, Meta reported that it received around 215,000 requests globally during the last six months of 2021 and provided at least some data in nearly 73% of cases. In 70% of cases, the company was not allowed to notify affected users. For that same period, Microsoft received 25,182 applications and rejected a quarter of them. Google’s most recent data, for the first half of last year, showed the search company received just over 50,000 requests and provided some data in 82% of cases.

Tech workers are also lobbying employers to oppose data sharing. After Google released its updates on consumer privacy, the Alphabet Workers Union labor group called on the company to take “decisive action” in the face of legal challenges.

States where abortion remains legal have also been taking steps to bolster support for women living in areas with more severe restrictions. Washington Governor Jay Inslee has vowed to block hardline anti-abortion jurisdictions from accessing information about who travels to their state for the procedure, and Gavin Newsom of California has signed an order preventing state agencies or departments from share medical records and patient data as part of investigations. by states that limit access to abortion.

Meanwhile, some cases are testing the right of law enforcement agencies to access users’ search history as a network to find evidence. A 17-year-old accused of setting a deadly fire has filed a lawsuit in a Denver court challenging police use of something called reverse keyword search. A judge’s order had forced Google to scan its records of all queries for anyone searching for the address of the house that burned down in 2020, NBC News reported.

“It’s going to be years of litigation before we really get clarity on the data issue,” said EFF’s McSherry. “And also, of course, around whether you can process, whether it’s legitimate processing or not, whether it’s across state lines.”

Bloomberg Businessweek Most Read

©2022 Bloomberg LP

Leave a Reply

Your email address will not be published.