In the Post-Roe Era, Concerns Rise About Privacy Threats Aided by AI
In the Post-Roe Era, Concerns Rise About Privacy Threats Aided by AI
With personal medical information for sale by data brokers, the pieces are in place for more sharp confrontations over AI and privacy.
By John P. Desmond, Editor, AI in Busines
The Supreme Court’s overturn of the Roe vs. Wade decision, making abortion illegal, has lit a fire under those seeking to extend privacy protections in the surveillance economy era.
Add the ability of AI techniques to make scanning and surveillance of personal medical information even more powerful, and the components are in place for more sharp confrontations over AI and privacy.
For example, a data broker/aggregator named SafeGuard had been selling location data that included visits by women to abortion clinics, according to a recent account in Vice. But after inquiries by Vice, the company announced it would no longer include such location data in their datasets. Vice had found that for $160, they would acquire data on how many people visited Planned Parenthood and similar family planning centers, where they came from, and where they went afterwards.
SafeGraph’s CEO Auren Hoffman stated in a blog post that the decision was made in response to “federal changes in family planning access,” and a concern for “potential misuse” of its data.
While the company does not sell any data on individuals, it does sell device-specific location data in some cases. Some observers see that AI data analytics could be applied to show patterns of subtle evidence, including location data and social interactions, to show someone had likely sought an abortion or had gone to a pharmacy known to dispense abortion pills.
“The potential for this US ruling to pave the way for AI-driven technologies to identify and track people seeking medical care, requires us to focus on building and deploying AI systems that protect the privacy of all individuals, including personal data such as search history and location,” stated Rebecca Finlay, the CEO of the non-profit advocacy group Partnership on AI, in a recent account in Fortune. Funded by several leading technology companies, PAI called on the international AI community “to double down on protecting user data privacy and human rights.
Some of the most invasive data is stored in apps that help women track their menstrual cycles. The Wall Street Journal reported in 2019 that the period-tracking app Flo was sending data to Facebook about when women were menstruating. The disclosure led to discussions between the company and the US Fair Trade Commission, which resulted in Flo agreeing to undergo an independent review of its privacy policies and obtain user permissions before sharing personal data.
Big Tech Companies Challenged to Protect Women’s Digital Privacy
The Center for Democracy and Technology, a Washington, DC-based nonprofit focused on the rights of individual users, called on tech companies to “play a crucial role in protecting women’s digital privacy.” The group advised companies to “carefully scrutinize and seek to limit the scope of surveillance demands issued in prosecutions to enforce anti-abortion laws,” stated the Fortune account.
Under a law passed last year in Texas, any citizen who successfully sues an abortion provider, a health center worker or anyone who helps someone access an abortion after six weeks can claim at least $10,000. "We are just a few steps away from digital dragnets for people who are providing access and possibly for people seeking abortions," stated Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, a non-profit digital rights group, in a recent account in The Register
While she sees fertility tracking apps as a digital surveillance issue, she has a bigger concern.
"The single greatest danger right now is the location data sale industry, location data brokers, and also the privacy of your web searches," Galperin stated. "One of the very first steps that people take when they are searching for abortion information is a web search."
Many apps are tracking location data, from weather to retail. Unless the user opts out, the trackers can pinpoint exactly where the user is; it’s a big business. One participant is Placer.ai, a location data company that claims its software is deployed on more than 20 million devices and over 500 mobile applications. The location data enables a retailer to target ads for nearby stores, and it enables health and reproductive information to be collected, bought and sold without the users’ knowledge.
"Companies gather this data, sell it to data brokers, and the data brokers sell it to third parties and sometimes fourth and fifth parties until they can no longer keep track of where that data is — and that is very concerning," Galperin stated.
In the wake of the Supreme Court decision to repeal Roe, she expects service providers to encounter ‘a raft of subpoenas and warrants seeking user data that could be employed to prosecute abortion seekers, providers and helpers.”
The Supreme Court decision puts big tech companies including Amazon, Microsoft, Google, Meta (Facebook) and Twitter in a difficult position. None responded to an initial query from The Register on what they are doing to ensure data they collect will not be used to build a case against women seeking abortions or those who support them. The companies generally comply with lawful requests for personal information in the course of criminal investigations. Now they may have to decide between handing over the information or overhauling the way they collect and process users’ data.
Fertility app suppliers were quicker to respond. "As the female co-CEOs of Clue, we promise you that we will never turn your private health data over to any authority that could use it against you," stated Carrie Walter and Audrey Tsang about their period-tracking app company, which is based in Berlin, Germany. "Your personally identifiable health data regarding pregnancies, pregnancy loss or abortion, is kept private and safe. We don't sell it, we don't share it for anyone else's use, we won't disclose it."
GP Apps, supplier of the Period Tracker app, responded to The Register that it would rather put themselves out of business rather than comply with a request for the menstruation data of its users. "We would rather close down the company than be an accomplice to this type of government overreach and privacy violation," the company stated.
New Urgency Seen for Digital Privacy Protections Being Considered by Congress
Efforts at digital privacy protection in the US Congress saw new urgency after the Supreme Court decision overturning Roe.
Those efforts include a bipartisan privacy bill from House Energy & Commerce Chairman Frank Pallone (D-N.J.), ranking member Cathy McMorris Rodgers (R-Wash.) and Senate Commerce ranking member Roger Wicker (R-Miss.) that would provide heightened protections for location and health data and allow people to opt out of sharing information with data brokers, according to a recent account in Axios.
Also, the "My Body My Data Act" from Rep. Sara Jacobs (D-Calif.) would limit the amount of data period-tracking apps can collect and require them to obtain permission from a user before sharing or selling that data.
And Sen. Elizabeth Warren (D-Mass.) and other Democrats recently introduced a bill that would ban data brokers from selling users' health data.
In the US Senate, the “My Body, My Data Act” was cosponsored by Hawaii's Mazie Hirono and Oregon's Ron Wyden, both Democrats. According to a recent account in ITProToday,
Hirono and Wyden said in a joint statement, "Congress needs to step up and offer real protections for people seeking reproductive healthcare, and lots of people seek that care online. It is just common sense that data brokers, tech companies, and advertisers shouldn’t be able to put personal, sensitive information on the public auction block for anyone with a credit card."
Read the source information and accounts in Vice, Fortune, The Register, Axios and in ITProToday.
(Write to the editor here.)