In 2015, Indiana prosecutors arrested a woman on infanticide charges after she performed an abortion on her own. Among their evidence were her text messages with a friend about obtaining drugs for an abortion.
In 2017, Mississippi prosecutors obtained access to a woman’s browser search history — she was searching for words abortion pills – charge her with murder for “killing her young child.”
In January, prosecutors in Texas arrested a woman after she was hospitalized due to complications from a self-induced abortion. The hospital reported her to the authorities.
These examples, though isolated, illustrate why abortion rights activists are sounding the alarm about privacy concerns after the US Supreme Court’s June ruling that struck down a national right to the procedure. And now a group of researchers, including two from the University of Pennsylvania, have issued a new warning.
In a paper published in the Journal of the American Medical Association, researchers used the software to survey the websites of more than 200 abortion providers nationwide, representing the majority of clinics that perform more than 850,000 abortions in the United States each year. They found that 91% of websites installed so-called third-party trackers to collect information about visitors and pass it on to marketing and web analytics companies. Almost 70% also placed cookies on users’ home computers to help collect data, the study found.
Some even have dozens of trackers on their sites.
A key concern, said Penn researcher Matthew S. McCoy, is that these third parties “may not have the same commitment to privacy as the service provider.” The concern is that prosecutors and police, even if resisted or denied by clinics, may request and receive personal customer information from the clinics’ data processing partners.
Such third-party trackers are ubiquitous on the Internet. They are key to helping all kinds of sites collect important information about the users who visit them. Both commercial and non-commercial sites can use trackers to find out which outreach is working and which isn’t. Trackers are the reason that people searching for a product online often find ads for that product appearing on their screens.
“It’s not that people don’t have a reason to install these things,” McCoy said. “But they don’t realize the downsides.”
As Ari B. Friedman, another Pennsylvania-based author of the report, noted, “one of the problems with regulating this is that billions of dollars in advertising revenue are at stake.”
He added: “We as a society have allowed ourselves to relax our vigilance about the amount of data that is being collected.”
According to McCoy and Friedman, clinics can improve privacy simply by using fewer trackers or by developing agreements with third parties whereby information is anonymized, de-identified or destroyed after it has been used for analysis or marketing.
McCoy and Friedman are senior fellows at the Leonard Davis Institute for Health Economics in Pennsylvania, a health policy think tank. McCoy is an expert on health policy and ethics. Friedman is also an emergency physician. Other authors of the September paper were Rachel Gonzalez, a research coordinator at the Pennsylvania Department of Emergency Medicine, and Lujo Bauer, a computer expert at Carnegie Mellon University.
In a statement Thursday, Kevin Williams, Planned Parenthood Federation of America’s vice president of digital products, said it increased privacy to address “the growing fear that people’s sexual and reproductive health decisions are being monitored.” He said the company has cut back on marketing software and is in talks with technology companies such as Google and Meta about ways to improve security.
In June, the Washington Post cited an analysis of Planned Parenthood’s website by Lockdown Privacy, a San Francisco-based company that develops software that blocks online tracking. Johnny Lin, founder of Lockdown Privacy, said a technical audit found that Planned Parenthood had indeed reduced the number of trackers over the past few months.
“They’ve improved dramatically because what they were doing before was so bad,” Lin said last week.
Lin said clinics need to keep their privacy practices in step with the more complex political and law enforcement climate. Too often, he said, they “didn’t think about how the state of the world has changed, so these tools have become dangerous for these clinics.”
Planned Parenthood also said that any data it provides to lead firm Google Analytics is being anonymized. And he said he runs regular “probes,” or penetration tests, to make sure his sites can’t be hacked.
In July, Google released a statement saying it would adjust its software so that it does not store the location information of visitors to certain types of websites. The giant firm mentioned abortion clinics, as well as counseling centers, domestic violence shelters, infertility centers, addiction treatment facilities, weight loss clinics and cosmetic surgery clinics. Management also said that the latest version of the analytics tool Google Analytics 4 allows users to delete data at any time. It also resets IP addresses automatically.
Ken Weary, chief operating officer of Hotjar, another tracking company, said his Malta-based firm adheres to strict European privacy laws. Like Google Analytics, his firm can create analytics about users without storing their IP addresses, he said.
“We’re taking a privacy-focused approach,” he said, adding, “Many of our customers are asking for it.”