Aden Klein is an undergraduate and Joanne Kim is a recent graduate of Duke University. They worked on Duke’s data brokerage research project.
The Supreme Court’s decision in Dobbs v Jackson Women’s Health Organization has made more obvious the misuse and abuse of abortion and pregnancy data, raising greater concerns about how this data could be used to identify pregnant individuals and enforce abortion bans and other laws that criminalize reproductive healthcare. With some states passing strict legislation against abortions, including some that incentivize citizens to report on one another, individuals’ data privacy has become more critical than ever and involves many more players than recent discussions over just a few popular period tracking apps.
Key among these players are data brokers, many of whom have already been outed for selling data on pregnant women and abortion-relation information. Notably, the U.S. House Oversight Committee recently sent letters to Safegraph, Babel Street, Digital Envoy, Placer.ai, and Gravy Analytics. Safegraph and Placer.ai committed to halt the sale of location data on people seeking abortion services. While such commitments are a positive sign, there remain a number of data brokers that continue to sell information that can put the lives of millions of Americans at risk.
For example, one firm – Exact Data – advertises several “Ready-Made” lists such as “Abortion Clinic Mailing List,” “Pregnant Women,” “Baby’s on the Way – Expectant Parents,” “New Parents,” “New Parents – Young and Wealthy 18-25,” and “Expectant Parents by State,” (as of August 12, 2022); notably, since the authors visited the site on August 12th, some of the lists have been removed. These lists contained anywhere from around 300 to over 600,000 records on women, expecting families, and parents with newborns. Other data brokers, such as A Type Data and HealthVerity, also offer related data solutions. A Type Data houses a data set titled “New Parents and Families with Newborns.” A Type Data states that “a New Mother or Couple IS a New Consumer,” and “these parents will buy all types of products and services for their newborn babies.”
Another broker, HealthVerity, advertises a “Maternal Outcomes Masterset” which links “1.6 million pregnant women to their newborns.” While the aforementioned data sets are designed for marketing or research, respectively, the implications of selling such data sets are much larger as their sale constitutes a general invasion of privacy and could lead to many other harms if acquired by malicious actors. Concerningly, these data sets and surveillance systems may also be used to monitor minors. Given that abortion rates in 2019 were highest amongst adolescents in comparison to other age groups, the consequences of turning mass surveillance and precise data collection practices towards abortion data will have significant detrimental effects on the privacy of children and young people who get pregnant.
Considering the amount of information data brokers are able to collect and link to individuals, as well as the myth of “anonymization,” it becomes clear that various states could abuse this unregulated data economy for abortion surveillance purposes. Mass surveillance, specifically of abortion data, is not a novel concept in the U.S. In fact, the Centers for Disease Control and Prevention (CDC) currently maintains an Abortion Surveillance System, which has been in place since 1969. According to the CDC, “many states and reporting areas conduct abortion surveillance” of legal induced abortions. While reporting data to the CDC remains voluntary, most states already legally require providers to report all abortions, including aggregate data on age, race, marital status, residence, method of abortion, and abortion history. These same surveillance systems and processes could easily be used to enforce abortion bans.
Coupled with preexisting surveillance systems, the massive amount of information that data brokers can assemble on women and people who get pregnant, as well as expecting families broadly, illustrates a problem of terrifying scale. The almost entirely unrestricted access that police departments have to commercial data and surveillance tools is equally horrifying- a subject that was discussed in detail at a House Judiciary Committee hearing this summer titled Digital Dragnets: Examining the Government’s Access to Your Personal Data.
Police surveillance, via data brokers, is pervasive and demonstrates a complete disregard for Constitutional protections. When the Supreme Court ruled in Carpenter v United States that law enforcement required a warrant to access cell phone location data from wireless carriers, law enforcement immediately turned to data brokers as a convenient loophole. In the years since the Carpenter decision, police have continued to purchase geolocation data, communications data, license plate reader data, and more.
Police use of data brokers to spy on citizens is well documented. However, following the money provides additional evidence of such practices. We analyzed public data and prior reporting of states banning or imminently banning abortion to identify companies and tools that could be used to aid in enforcing abortion laws. Even a high-level overview of public documents in St. Louis County, the State of Missouri Department of Public Safety, the City of Dallas, and the City of Houston shed light on the access that police have to supposedly private information.
St. Louis County spent nearly $25,000 on LexisNexis products last year, including third-party geolocation and identity data through TraX. Both Dallas and Houston Police, as well as the Missouri Department of Public Safety, spent tens of thousands of dollars on undisclosed LexisNexis products, recorded in ledgers as “Internet Database Subscriptions.” These checkbooks also revealed purchases from companies advertising license plate tracking, social media monitoring, digital and social network forensics, and other services. Additionally, data from the Electronic Frontier Foundation indicates that police departments in 16 of 19 states with current or impending abortion bans purchased tools for geolocation, facial recognition, predictive policing, or other data-driven surveillance practices.
Ultimately, data brokers collect an uncomfortable amount of information about pregnant people and their families. They assemble these lists from a variety of online sources, going far beyond period tracker apps or any other, single source. In reality, it is virtually impossible to avoid leaving some form of digital footprint surrounding a pregnancy.
Furthermore, police already purchase and use data broker services, geolocation data, and other third-party surveillance tools as a convenient Fourth Amendment loophole, and it is only a matter of time before they turn to these strategies to prosecute abortions in jurisdictions that criminalize them. Regardless of state abortion laws, privacy is not for sale; it is past time for Congress and the courts to close the loopholes allowing police to conduct warrantless searches in our bedrooms.