For millions of Americans, finding abortion services in the US just became a legal minefield. With the Supreme Court’s ruling on Friday, suddenly “how to find an abortion” is a lot more complicated than a simple Google search.
Abortion is now illegal or restricted in nine states, with many more planning to outlaw procedures in the coming weeks. People seeking abortions in those states may now be at risk of investigation or prosecution, and many privacy advocates are warning that those people’s search history, medical records, or other data could be used against them in court. In some notable cases, they’ve seen it happen already.
The Verge talked to experts about where they see the greatest privacy vulnerabilities for people seeking abortions in a post-Roe United States — and how people can protect their information.
How law enforcement will know if you had an abortion
Let’s start with how a person might get flagged for investigation in the first place. If you are on social media at all, you might think period trackers play a major role in prosecutions (more on those later). But many cases start at the doctor’s office. According to the National Advocates for Pregnant Women (NAPW), which provides legal defense for pregnant people targeted by abortion restrictions, one of the most common ways for a prosecution to begin is with healthcare providers.
“At NAPW, we have had many, many cases where people are criminalized because healthcare providers have reported them to the police,“ says Dana Sussman, acting executive director at NAPW. “In many of our cases, the site of care is also the site of criminalization, even in the pre-Dobbs reality.”
A doctor normally isn’t able to disclose personal health information because of the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA. But under HIPAA, doctors and medical organizations are allowed to report personal health information if they think that a crime has been committed at the institution or tell law enforcement if they think there’s criminal activity happening at the site of a medical emergency. In states where abortion is a crime, a doctor could report that they think one was performed — and police could use that report as grounds to begin a more serious investigation.
“People who aren’t terribly familiar with medical records tend to think HIPAA is much more protective than it actually is,” says Carly Zubrzycki, a health law professor at the University of Connecticut School of Law.
HIPAA also doesn’t apply to all groups that might seem to be providing medical care. The risk is particularly acute at crisis pregnancy centers: sites operated by anti-abortion activists that work to guide women to abortion alternatives in the guise of providing healthcare. These sites can collect information on the pregnancies of anyone who walks through the door and tie it to contact information and other data. Because these centers offer counseling rather than medical care, they are generally not subject to restrictions on health data — and because they’re run with the explicit goal of discouraging women from getting abortions, they may be eager to collaborate with investigations when they suspect a person has sought care elsewhere.
“They are dating pregnancies, they are confirming pregnancies, and they are operating in states that are extremely hostile to abortion rights,” says Sussman. “They can create all sorts of problems for people who are pregnant and having an abortion.”
The Crisis Pregnancy Center Map, an academic project from the University of Georgia, identifies more than 2,500 such centers across the US, more than triple the number of abortion clinics. Groups like NAPW and Digital Defense Fund recommend that pregnant people avoid them completely.
In other cases, police follow up on tips made by angry partners or just casual acquaintances, emphasizing the importance of keeping the medical details as private as possible. The reproductive rights group If/When/How deals with many of these cases through its legal helpline, and senior counsel Farah Diaz-Tello says cases usually begin with a personal report.
“The precipitating factor is always someone else reporting them to law enforcement, who then have the power to seize people’s devices,” Diaz-Tello told The Verge. “Understanding how to reduce one’s digital footprint is important, but the first line of defense is not sharing information unless absolutely necessary.”
After the investigation starts, the risk to personal data increases
Once a person comes under investigation, the picture becomes much more complex. It’s impossible to erase every digital trace investigators might find — there are simply too many — but simple precautions can go a long way toward minimizing the risk of a person’s data being used against them.
For the purposes of this piece, we’ve avoided more complex tracking systems like IP-based identification or the tracking pixels used in ad networks; neither has a track record of being used in law enforcement investigations of this kind, and there are few accessible tools for avoiding them. Instead, we’ve focused on the most urgent risks and most effective defenses.
Still, for anyone protecting patients or defending clients, the sheer volume of data is hard to ignore. “I think law enforcement is more tech-savvy than they’ve ever been in history and have more resources than they’ve ever had,” Jerome Greco, a public defender in the digital forensics unit of the Legal Aid Society in New York City, told The Verge. Once police start looking for data to confirm an abortion took place, there are lots of places to find it.
How to protect your search history from an abortion investigation
Search history played a role in a particularly prominent recent case, in which Latice Fisher, a Mississippi woman, was charged with second-degree murder after a failed pregnancy. The investigation began with a 911 call from her husband, who believed his wife had given birth only for paramedics to find the fetus unresponsive. Prosecutors later claimed that Fisher confessed to a nurse at a local hospital that she wanted to terminate her pregnancy and had investigated the best methods for doing so.
Once the case began, prosecutors drew heavily on Fisher’s search history, which contained searches like “buy Misoprostol abortion pill online.” Notably, local reporting claims the police found record of these searches from Fisher’s own phone rather than through Google itself.
But Google does provide data in response to valid court orders, so once an investigation has been launched, a valid court order is enough to get a person’s entire search history. None of that is enough to prove guilt, but it’s a liability for anyone researching abortion services in places where abortion is now illegal. It’s also easy enough to avoid. Signing out of Google or using a privacy-minded search engine like DuckDuckGo will prevent searches from showing up in a search history.
There is a more aggressive version of this warrant, called a “reverse keyword search warrant,” which would proactively identify users searching for a specific query. It’s a broad and alarming power and has given rise to a concern about dragnet surveillance around terms related to abortion. But, in practice, these warrants have only been issued for queries tied to specific incidents, like the name of a trafficking victim or the address of a building targeted by arson. As a result, it’s unlikely that a general term like “how to hide a body” or “how to obtain misoprostol” would be sufficient grounds for such a warrant, and Google has contested those requests in other contexts.
Are period-tracking apps really a threat?
Apps that collect and store health information, like period trackers, are notoriously leaky, and many have poor privacy protections. Digital health products aren’t covered by HIPAA, so companies behind them have flexibility around what they do with user data. That’s broadly the case for period and cycle tracking apps, which could theoretically be used to check if someone has been pregnant — or if that pregnancy ends.
Data from health apps like period trackers has not been a major part of the strategy to prosecute people seeking abortions so far. Again, one of the most common ways for an investigation to start is with healthcare providers. But even the apps that say they don’t sell user data have language in their privacy policies saying that they would share data with law enforcement in response to subpoenas or warrants. And experts think this sort of data could be used against people going forward.
Health records can be accessed by police
HIPAA doesn’t protect against court-issued warrants compelling doctors and health organizations to hand over health records about someone suspected of a crime. Those records can be used to make a case that a person had or tried to have an abortion.
A new law in Connecticut, where abortion is legal, tries to close some of those gaps around HIPAA for people from other states who might come to Connecticut for the procedure. The Reproductive Freedom Defense Act blocks other states from subpoenaing reproductive health-related information and says that state agencies can’t help with investigations criminalizing reproductive healthcare. The legislation could be a model for other states.
It’s still unclear, though, how useful that type of law could actually be, Zubrzycki says. Information-sharing rules around health data are set up to help doctors see the types of treatments and care their patients got from other physicians. “Imagine that you are in Alabama, and you come to Connecticut and get an abortion, and then you go see any other doctor in Alabama. We’re increasingly in a world where your medical record may just kind of follow you back to Alabama,” she says.
And people who seek out any type of healthcare in states that criminalize abortion will still risk their health records being used against them. In some cases, health records are very difficult for people to change or even access. Many individual patients don’t even own their health records; instead, the medical systems do.
Cash is good; gift cards are better
There’s also the question of how to pay for care without leaving a record, particularly for remote treatments like misoprostol, which can be safely and privately ordered online. The remote nature of the treatment means cash is not an option, and it’s difficult to make a digital transaction without leaving a record that could be unearthed by prosecutors later. In theory, cryptocurrencies like Bitcoin are ideal for this kind of private online purchase — but in practice, using cryptocurrency in a robustly anonymous way is so difficult that it would be dangerous for a layperson to attempt.
Instead, the pro-abortion Digital Defense Fund recommends using a pre-paid gift card if the convenience of a credit card is needed — either for portability or to make a purchase over the internet. This will also reduce digital footprint in other ways: many point of sale apps like Square will link a credit card with a person’s email address and / or phone number and automatically send a purchase receipt to an associated email account.
Don’t talk about your abortion over SMS or text
Cell phone network operators handle the routing of calls and SMS messages from our mobile devices, and as such, they have a lot of visibility into the contacts we make in our day-to-day activities. This means they are frequently subject to subpoenas and search warrants from law enforcement agencies investigating crimes.
If it can be shown to be relevant to a criminal or civil case, a subpoena request — which does not have to be approved by a judge — is enough for most cell phone network operators to hand over your name, address, and metadata about network use (i.e., other numbers you have called or texted but not the content of the messages).
With a search warrant, law enforcement agencies can get access to the contents of your SMS messages and other information like saved voicemail messages. In its 2020 transparency report, T-Mobile disclosed that the company received 340,995 subpoenas requesting information about network users, along with more than 80,000 search warrants and 50,000 court orders to provide more detailed user information.
All this means that regular SMS messages are not a secure way to communicate. In some cases, people wanting to avoid having their identity linked to cell phone records use burner phones. If that’s not possible, using encrypted messaging apps like Signal or even FaceTime calls gives an additional layer of security.
Signal also has a disappearing message function so that message history is automatically erased from both devices after a certain period of time.
A phone can place you at the scene
By default, most mobile devices collect detailed location data that is stored in a user’s history and associated with that online account. A large volume of this location data is available to be purchased from data brokers, including information on people who have visited abortion clinics.
As reporting from Vice discovered, one location data broker sold partially anonymized information on visitors to 600 Planned Parenthood centers across the US, complete with visit duration and a visitor’s origin point and final destination to a census block level. Though this information did not contain visitors’ names or exact addresses, many researchers have warned that it’s possible to de-anonymize users from aggregate data.
In criminal cases, cell phone location data can sometimes be made available to law enforcement through a controversial investigation technique known as a geofence warrant. These warrants request information on all devices that passed through a certain geographical area in a set period of time: in the past, they’ve been used to investigate crimes like arson attacks and protest violence but could theoretically be used to seek information on cell phones that have been in the vicinity of an illegal abortion clinic.
One of the simplest ways to avoid your location data being shared without your knowledge is to switch your phone off completely or leave it at home when undertaking any journey you would like to keep private. If this isn’t possible, Android devices and iPhones both give users the option to disable location data collection.
In a post-Roe world, lawmakers are also beginning to highlight the responsibility of tech companies to intervene upstream to prevent the collection of the type of data that could be used to criminalize abortion seekers. When the draft Roe decision was leaked, a group of more than 40 Democratic members of Congress called on Google to curb location data tracking, suggesting that the company should not collect or retain any more location data than was strictly necessary.
Despite all the immense risks personal data can pose, it’s possible to take steps to shore up personal privacy and limit risks. But, like always, those steps are most accessible to people who aren’t already targets under anti-abortion regimes. Restricting, banning, and criminalizing abortion has, like everything, a disproportionate effect on people who are already vulnerable: poor communities, communities of color, and communities with already limited access to healthcare.
That’s why it’s not just important to think about privacy protections at the individual level. There should be consistency in the way patients, doctors, and nurses are figuring out how to navigate the post-Roe landscape. As the political juggernaut that created the Dobbs ruling continues to roll forward, that challenge may prove too difficult for anyone to take on alone.