Cybersecurity lessons for after Roe from the frontlines of bodily autonomy

uncloked-decrypt-encryption-lock

The leak of a Supreme Court opinion draft overturning Roe v. Wade earlier this month and a wave of state-level laws in the U.S. radically limiting abortion are forcing many Americans to re-examine the relationship between their digital privacy and the ability to make their own health decisions. 

But marginalized groups have already been navigating those challenges and learning hard fought lessons about cybersecurity — including sex workers whose labor is often criminalized; queer people also targeted by state-level laws pushed by conservative U.S. legislators; and reproductive rights activists overseas. 

“The decisions around one’s body should always be private, but when the right to reproductive health is blocked by civil and state initiatives, when people can even get chased, privacy becomes key not only to reproductive rights but to the integrity of that person,” said Angela Alarcón, a campaigner at international digital rights nonprofit Access Now. 

The right for people to control what happens to their own body, or bodily autonomy, is a key framework for understanding access to reproductive healthcare as a human right, as well as modern organizing movements for sex worker and queer rights. But bodily autonomy is now also intimately linked with information that is collected about people by the devices they carry around in their pockets as well as expanding networks of private-party and state surveillance.

“You do things in your body that are all trackable now, especially if you carry around your phone — those are all data points,“ Savannah Sly, a musician, dominatrix, and sex work organizer, told The Record. 

But in a post-Roe world, people seeking abortions and those that help them could be pit against a digital panopticon powered by vast troves of personal information for sale from databrokers and the extensive surveillance tools now available to law enforcement.

Sly, who advises on research with the Woodhull Freedom Foundation and The Global Lab for Research in Action at UCLA, is one of many activists who intuitively understand the overlap between marginalized communities and privacy rights advocacy. That experience will directly apply if Roe is overturned and security becomes more important for people seeking reproductive healthcare.

In the days after Politico’s report of the SCOTUS draft decision, the Electronic Frontier Foundation posted digital security guidance from staff technologist Daly Barnett for those involved in abortion access, such as tips on how to minimize and compartmentalize digital footprints as well as suggestions for tools such as encrypted messaging platform Signal

“There is a vast ecosystem of privacy advocates out there in the bodily autonomy movements and elsewhere — the lessons from there carry over to folks in the abortion access movement.” said Barnett, who is also affiliated with the sex worker and ally collective Hacking//Hustling, told The Record.

“We just need to work to build those connections and broaden that out,” she added. 

Those connections have already been made in other cases too — such as with the Digital Defense Fund, a group founded in 2017 that provides free digital security support and tools for nonprofits related to abortion access.

But civil liberties advocates warn that the looming data and privacy issues around Roe could also set a dangerous precedent that echoes beyond reproductive care. 

“A lot more people will be at risk for potential intrusions into their life and criminalization, or spill over, to other areas where they receive sensitive healthcare,” said Lydia X. Z. Brown, policy counsel at the Center for Democracy and Technology who focuses on disability rights and algorithmic justice issues.

Living (online) outside the law

Navigating modern life often means being online, but being part of a marginalized community can mean learning how to navigate the digital world differently. 

When communities are criminalized, their members are left more vulnerable to exploitation—including by law enforcement. That’s one reason why some international humanitarian groups, including Human Rights Watch, support decriminalization of sex work as does a majority of Americans. Many in the sex economy also organize for decriminalization and legalization. But in the U.S., many forms of sex work are criminalized, often leaving people in the industry marginalized. 

Queer lives were also long criminalized in the U.S., with state-level sodomy laws only being invalidated by the Supreme Court in 2003’s Lawrence v. Texas and gay marriage becoming legal in all states in 2015. And queer rights are now facing a backlash — including a wave of state-level laws targeting trans people’s access to gender affirming healthcare; rhetoric from conservative lawmakers accusing gay people are sexually grooming children; and Florida’s “Don’t Say Gay” bill, which prevents teachers from discussing gender identity or sexual orientation in classrooms.

Isolated queer people quickly found community in digital worlds when facing repression in their physical worlds — from early internet chatrooms to blogging sites like LiveJournal, and now today with platforms like TikTok. 

But even before the internet, they often had to take steps to maintain security.

“LGBT folks have a much deeper history of using social privacy tactics to keep ourselves safe, such as linguistic steganography — using codewords for language to cloak our meaning or advocacy for each other,” explained Barnett. Queer communities also have sophisticated informal whispernetworks to vet the safety of people and situations, more so than their straight counterparts might realize, she said. 

In EFF’s guidance, the organization recommends people involved in abortion access “use special code words with trusted people to hide information in plain sight” and create internal community agreements limiting information sharing — thus also potentially limiting risk.  

Coded language also played a role in illicit access to reproductive healthcare in the U.S., including euphemisms in postings in 19th century periodicals and underground newspaper ads in the years running up to the Roe decision that urged pregnant people who needed help to “call Jane.” 

The latter connected callers with an underground network of people, the Jane Collective, who facilitated abortion access despite the legal risks — seven of whom were arrested, with criminal charges against them only being dropped after the Roe decision. 

We may see similar movements emerge if Roe is overturned — and they could likely benefit from tactics used by sex workers to limit exposure, according to Sly.

Law enforcement’s ability to map human networks through metadata related to communications is much more sophisticated now than was available when Jane Collective members were arrested in 1972, for example. And it’s an issue the sex worker community is already navigating.

Law enforcement investigating sex workers often “are trying to go after the ‘ring,’ which means a group of people engaged in something, but they try to make it more formal than it actually is — these are informal networks normally, which has terrible implications for communities,” Sly said.

There are tactics that can be used to reduce the risks of personal compromise, including compartmentalizing with separate identities, using  “burner” phones and laptops, as well as tools like virtual private networks (VPNs) or the Tor web browser, Sly said. 

Leaving devices at home entirely when involved in illegal behavior or going through areas where you might be vulnerable to search by law enforcement, such as border crossings, is also a good idea, she added. 

But ultimately Sly considers most of these practices to be harm reduction strategies, not a comprehensive solution to protecting her privacy.

“It feels increasingly impossible to protect yourself in all the ways you need,” she said. 

Encryption as a reproductive health issue

Protecting themselves became more difficult for many sex workers in the U.S. after the 2018 passage of a pair of laws known as FOSTA-SESTA. 

The laws are nominally aimed at combatting sex trafficking, but the way Congress went about it — creating new liabilities on websites that host ads for sex work — grouped consensual sex work and victims of sex trafficking together while leaving the former at greater physical risk with less agency over their work and while facing greater discrimination on online platforms. 

But the unsuccessful fight against the laws also forged organizing bonds between sex workers and the digital rights community who warned the laws could threaten online freedom of expression. 

The Earn IT act currently being considered by Congress takes similar approach to SESTA-FOSTA, piercing the liability shield for user-generated content much of the internet relies on to operate, while ostensibly targeting something awful: child sexual abuse material (CSAM). 

But privacy experts and opponents have warned the bill may lead to companies failing to offer or dropping the strongest possible security measures, such as end-to-end encryption where only a sender and recipient have access to the content of messages, to reduce their legal liability. 

In a Post-Roe world, the proposal would effectively mean that information could be requested by law enforcement to investigate those they suspect of abortions, according Riana Pfefferkorn — a research scholar focused on encryption policy at the Stanford Internet Observatory In fact, people’s online trails have already been sought by law enforcement investigating people who have lost pregnancies under fetal welfare laws. 

Lawmakers and companies may be forced to re-evaluate their positions on encryption if Roe is overturned, in part because our current online ecosystem developed while abortion was considered a legal private act, rather than a crime, according to Pfefferkorn. 

“You cannot be both pro-choice and anti-encryption anymore,” she said. 

The leaked SCOTUS draft overturning Roe represents the culmination of decades of organizing, largely by conservative Christian groups, although a majority of Americans believe abortion should be legal in all or most cases, according to recent polling from Pew Research

The conservative campaign against abortion access included decades of advocating for state laws that make it harder to terminate a pregnancy by requiring patients go through waiting periods and ultrasounds, or that target clinics to make them harder to operate. Restrictions have only escalated as the Court grew more conservative with additions during the Trump administration. 

Fears about Roe’s fate and a shift toward medication-induced abortions in the U.S. and abroad in recent years have also led to more resources about how to terminate a pregnancy alone. For example, Self-Managed Abortion; Safe and Supported (SASS), a project of international nonprofit Women Help Women, also started in 2017 — offers information about how to end a pregnancy with medication, specifically misoprostol alone or in combination with mifepristone.

Self-directed medicinal abortions are already the standard in many parts of South America where abortion access is restricted. But people terminating their pregnancies often rely on people they connect with online for help or to get access to the medications. 

That’s another reason strong security measures are important. 

“The violation of the privacy of those chats can have a serious impact on both the person requesting support and the supporter,” explained Alarcón.

Serious risks legal may also face those helping people seek abortions in parts of the United States. 

Thirteen states have passed so-called “trigger laws” that would ban the medical procedure if Roe v. Wade is overturned. Last year, SCOTUS declined to block a Texas law that criminalizes abortion after six weeks — before most people know they are pregnant — and includes a civil enforcement mechanism that allows private lawsuits to be brought against healthcare providers or even friends and family who helped someone terminate a pregnancy beyond then. 

Oklahoma signed a similar law this past week relying on the same type of private enforcement measure, but banning nearly all abortions after fertlization. 

These laws effectively create bounty systems where data collected about people’s online activities and locations could be weaponized against them. 

Already, as Vice’s Motherboard reported, researchers have been able to purchase information from data brokers about people who visited abortion provider locations and some are now rushing to dump fitness or period-tracking apps over fears the reproductive health related information they contain might be wielded against them. 

Others are turning directly to companies to take action. 

Dozens of Democratic lawmakers led by Sen. Ron Wyden (D-Ore.) this week urged Google to change its location data collection and retention policies to prevent such information from being used to target people seeking abortions. 

“If abortion is made illegal by the far-right Supreme Court and Republican lawmakers,” the legislators wrote in a letter to company CEO Sundar Pichai, “it is inevitable that right-wing prosecutors will obtain legal warrants to hunt down, prosecute and jail women for obtaining critical reproductive health care.”

The post Cybersecurity lessons for after Roe from the frontlines of bodily autonomy appeared first on The Record by Recorded Future.

Article Link: Cybersecurity lessons for after Roe from the frontlines of bodily autonomy - The Record by Recorded Future