- Daly Barnettstaff technologist at the Electronic Frontier Foundation.
- Grace Oldhamreproductive rights reporter for Reveal.
Reproductive health advocates are urging Congress to pass the My Body, My Data Act, which will prevent consumer data that is related to reproductive health from being used as criminal evidence. Protecting how sensitive personal information is collected and stored online is critical to combating anti-abortion laws, says Daly Barnett, staff technologist at the Electronic Frontier Foundation. Barnett also shares practical advice for securing your online privacy now, such as utilizing encryption and creating a culture of consent. “Privacy should just be a default for people,” says Barnett. “It shouldn’t be something that the end users have to fight for, especially when the data is potentially dangerous, that could be used as criminal evidence.”
AMY GOODMAN: This is Democracy Now!, democracynow.org, The War and Peace Report. I’m Amy Goodman, with Juan González, as we continue our conversation around Facebook, anti-abortion clinics collecting highly sensitive information on would-be patients. That investigation is done by Grace Oldham, a reproductive rights reporter with Reveal. We are also joined by Daly Barnett, a staff technologist at the Electronic Frontier Foundation, who just published a set of digital privacy guidelines and guides for abortion providers and abortion seekers on how to protect their information.
Daly, thanks so much for joining us. Why don’t you walk us through some of these key measures that you think are key for people to protect their information and where you think we’re all more vulnerable?
DALY BARNETT: Sure. Well, first of all, thanks for having me.
I would say that the first step that abortion seekers, providers, abortion access activists ought to do is an exercise that we call threat modeling. Essentially, threat modeling just means identifying for themselves what pieces of information or data could potentially be used against them, and who might want to exploit that data. Asking themselves these types of questions helps to identify the areas of concern they may have, and then, from there, the types of measures that can be taken to protect themselves.
From there, I think it’s important to employ a combination of nontechnical and technical tactics. Starting with the nontechnical, because those are usually a bit easier, I think people can set some data-sharing standards with their communities. This means, essentially, making some rules about what types of information can and cannot be shared with the group or outside the group, etc. Basically, it’s just pushing a culture of consent when it comes to sharing any kinds of identifying information about reproductive health or activism or affiliation with other groups. People can also employ what we call linguistic steganography, which is just some fancy phrasing for, essentially, hiding a true meaning in plain sight or in inconspicuous language. If it’s done very consciously and carefully, it can be really effective in protecting oneself and one’s community.
But then, from there, the more technical measures people can take are, first, I would say, download an end-to-end encrypted messaging app, like Signal, turn on disappearing messages — super important. Also, just generally, I think it’s important that people compartmentalize the data around the more sensitive operations, like reproductive health or activism, away from the more casual ones. So, this can be done by using a separate browser with hardened privacy, we call it, so like a browser like Tor or Brave, that are built with privacy and security in mind, and using that especially for anything related to their reproductive health or their activism. I also highly recommend turning off location services on apps that don’t need it, or restricting them when you’re going to or from locations where that’s a concern; turning off the ad identifier on their phones, so that the apps can’t track their behavior from app to app to app. And there’s a bunch of other things people can do, but I would just recommend going to look at EFF.org for the guides that we have written.
JUAN GONZÁLEZ: And, Daly, what are some of the responsibilities of the technology companies in regard to this? Because, clearly, not just Facebook, but, for instance, with Google, the searches that people conduct on a daily basis and that Google stores, has there been — have there been any laws about particularly health-related or personal health-related matters, searches, that can be somehow or other protected in a stronger way from tracking than normal searches?
DALY BARNETT: Sure. Well, you know, I’m not a policy expert, but I am a technologist, so I’m happy to comment on what these technologies can do to protect the end users. I mean, the reality is that these platforms are the most popular or the largest platforms that exist, right? Like, the big ones. And they need to come to terms with the fact that they’re holding onto the largest and most potentially dangerous sets of data that can be used against people here.
So these platforms need to make their policies transparent to end users now, especially their policies or in regards to how they respond to law enforcement and how they’re responding to subpoena requests. They could also stop behavioral tracking on their platforms, because that behavioral tracking amounts to data that could be exploited and used against users. Just generally, they need to honor the privacy of every end user by default. It should not be something that users have to advocate for themselves. They can allow pseudonymous access to their services. Just more like just generally speaking, if the data isn’t being collected on end users there, it can’t be exploited.
AMY GOODMAN: If you could talk more, in lay terms, about behavioral tracking?
DALY BARNETT: Of course. So, behavioral tracking, these are mechanisms that platforms will put in place to uniquely identify users on their services and then track the behavior of, like, what they’re doing on these platforms, right? So, this can look like how long they’ve been on the site, what they’re doing there, the types of services or queries they’re making on the platforms. And then that data can be collected. And because it’s tied to a unique fingerprint to a user, it can then be associated with other behavioral tracking on different platforms. So, for instance, Google is the most prevalent tracker in the game, where they have trackers implanted on 75% of the top 1 million websites today.
AMY GOODMAN: And in terms of what people can do — and we also want to put this question to Grace Oldham — tell us about the My Body, My Data Act.
DALY BARNETT: Sure. So, the My Body, My Data Act is a bill that has been proposed to protect people’s data around their reproductive health. It protects the end users. So it restricts the type of data that can be collected by the services that have anything to do with this field, right? But it also allows users to meaningfully appeal to have their data deleted at their request.
AMY GOODMAN: And, Grace Oldham, if you can talk about your work in how people are organizing around the country and how people can protect themselves?
GRACE OLDHAM: Yeah, absolutely. So, you know, in the terms of our investigation, Facebook — you mentioned Google has prevalent ad trackers — Facebook is also a big player in the game. And so, you know, we found that Facebook received nearly 60,000 government requests for data from July to December 2021.
And so, creating public pressure and legislation for Facebook to answer how data from crisis pregnancy centers would be used, for example, is one way many of the privacy experts that we talked to said that this would be a public pressure policy issue, because Facebook’s revenue comes from advertising, so there’s little incentive to fix this on their own, although strengthening the current filters that they have in place, as well as evaluating potential risk of this data being collected, would be important, as well.
JUAN GONZÁLEZ: And I’m wondering, Daly: What legislation should we be focusing on, and should the public be focusing on, in terms of digital privacy laws?
DALY BARNETT: I think any privacy legislation that is a broad privacy protection for all end users. It shouldn’t necessarily always be focused on specific areas of concern that are timely. Privacy should just be a default for people. It shouldn’t be something that the end users have to fight for, because — you know, especially when the data is potentially dangerous, that could be used as criminal evidence. The reality is that if these companies aren’t collecting this personally identifiable data that can be exploited, the problem is solved in all of these cases. Privacy should not be an opt-in model or something that users have to advocate for for themselves; it should just be on by default.
AMY GOODMAN: I wanted to ask Grace Oldham about some other research you had done. You were just recently in Dallas, in Texas, talking to a Unitarian Church that was involved with helping people access abortion. Can you talk about what they’re doing and what’s happened, now that Roe has been overturned, and the history of their work?
GRACE OLDHAM: Yes, absolutely. So, I went to Dallas, which is where I’m from, and went to the First Unitarian Church of Dallas, which is actually the church that my family grew up in, as well, and had the opportunity to see some of the action happening at that church around helping people access abortion in New Mexico.
So, there’s a long history there. In the ’60s, the Unitarian Universalist Church stated their public support for access to abortion. This is before Roe v. Wade. And the ministers at that church were working with the Clergy Consultation Service, which was a network of mostly Protestant ministers and Jewish rabbis across the country who helped people find safe abortions. And so, they were working with the doctor named Dr. Curtis Boyd, who we talked about in this radio story that we published this weekend, who was performing safe abortions before they were legal in Texas. And eventually, Dr. Boyd moved from Texas to New Mexico, and the ministers at the church at the time helped coordinate flights from Dallas to New Mexico for people to access abortion pre-Roe.
Well, now, since S.B. 8 in Texas in September, again, the ministers at the First Unitarian Church and a network of volunteers within New Mexico, Religious Coalition for Reproductive Choice, as well as Dr. Boyd, who still owns clinics in Dallas and New Mexico, in Albuquerque, are making trips every few weeks to Albuquerque to bring a group of around 20 patients to access safe and legal abortions in Albuquerque. And so, the church will continue to support people who are needing access to abortion, despite how the laws change, and are currently working to figure out, like, what the parameters around that will be. But, yeah, there are flights every two weeks bringing 20 patients, organized by a network of volunteers. The funding and the logistics are taken care of by the New Mexico Religious Coalition for Reproductive Choice.
JUAN GONZÁLEZ: And, Grace, I wanted to ask you about something we discussed earlier, these crisis pregnancy centers. And you said that there are hundreds of them around the country. Who funds them? Because even if they’re volunteers, largely, that work in them, obviously the rents have to be paid. The organization, the network has to be sustained. Did your research delve at all into how these centers came to be established?
GRACE OLDHAM: Yeah, absolutely. So, a lot of the funding is from private funders. There’s large anti-abortion organization networks of crisis pregnancy centers, such as Heartbeat International, for example. In some cases, the funding comes from taxpayer dollars, public funding from states who fund alternative-to-abortion programs. And then, in some cases, the funding comes from funding diverted from federal funding, as well. So, the majority is from private donors, but there is some public funding and taxpayer dollars going toward crisis pregnancy centers, as well.
AMY GOODMAN: Crisis pregnancy centers, known as CPCs, and we’ll certainly be doing more on them. Grace Oldham, thanks so much for being with us, a fellow at Reveal. We are going to link to your recent investigation headlined “Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients.” And thanks to Daly Barnett, staff technologist at the Electronic Frontier Foundation, which just published a set of digital privacy guides for abortion providers and abortion seekers on how to protect their information. We’ll link to those, as well.
And just a reminder: It’s Primary Day in New York, Colorado, Illinois, Maryland, Oklahoma and Utah. Here in New York, Kathy Hochul is facing two challengers in the Democratic gubernatorial primary: New York City Public Advocate Jumaane Williams and Congressmember Tom Suozzi. Hochul became governor after Andrew Cuomo resigned last year. We’ll report on the results tomorrow across the country.
Today at 1 p.m. Eastern, we will live-stream the House committee investigating the January 6th Capitol insurrection with its surprise hearing. That’s 1 p.m. Eastern at democracynow.org. I’m Amy Goodman, with Juan González. Thanks so much for joining us.