Stalkerware Could Incriminate People Violating Abortion Bans

970

Stalkerware—surveillance apps that secretly record and upload cellphone activities—could become a significant legal threat to people seeking abortions, according to a pair of articles published in the wake of the US Supreme Court’s decision to overturn the constitutional right to abortion. Writing for the tech news site CNET just two days after the Dobbs decision, Rae Hodge reported in June 2022 that “already, the digital trails of abortion seekers can become criminal evidence against them in some states where abortion[s] were previously prosecuted. And the legal dangers may extend to abortion seekers in even more states.” In her July 2022 article for Slate, University of Virginia law professor Danielle Keats Citron observed that “surveillance accomplished by individual privacy invaders will be a gold mine for prosecutors targeting both medical workers and pregnant people seeking abortions.”

Citron explained that cyberstalking software provides users with “real-time access to everything that we do and say with our phones. To do this, they only need our phones (and passwords) for a few minutes. Once installed, cyberstalking apps silently record and upload phones’ activities to their servers. They enable privacy invaders to see our photos, videos, texts, calls, voice mails, searches, social media activities, locations—nothing is out of reach. From anywhere, individuals can activate a phone’s mic to listen to conversations within 15 feet of the phone.”

This could even “include conversations that pregnant people have with their health care providers—nurses, doctors, and insurance company employees,” Citron warned. Hodge concurred, “It’s not just abortion patients who are at risk of surveillance and arrest. Those who aid abortion seekers could be charged as accomplices in some cases,” depending on state law.

Often marketed as a tool to monitor children’s online safety or as device trackers, stalkerware is technically illegal to sell for the purpose of monitoring adults but nonetheless is readily available. Citron discovered “more than 200 apps and services that charge subscribers a monthly fee in exchange for providing secret access to people’s phones.” Stalkerware and other forms of electronic surveillance have been closely associated with domestic violence and sexual assault, according to the National Network to End Domestic Violence, Citron noted. [See also: Jason Koebler, “‘I See You’: A Domestic Violence Survivor Talks About Being Surveilled by Her Ex,” Vice, March 17, 2017].

Stalkerware phone apps are not the only cause for concern. Hodge explained that “third-party data brokers sell sensitive geolocation data—culled through a vast web of personal tracking tech found in apps, browsers and devices—to law enforcement without oversight.” Furthermore, the so-called “abortion bounty hunter” provisions adopted by some states, including Texas and Oklahoma, might financially incentivize civilians to use such data to enforce abortion restrictions. “Given the inexpensive cost of readily available stores of personal data and how easily they can be de-anonymized, savvy informants could use the information to identify abortion seekers and turn a profit,” Hodge noted.

Even before the Dobbs decision, US law has not kept up with the ability of technology to breach individual privacy. Citron explained that “the law’s response to intimate privacy violations is inadequate, lacking a clear conception of what intimate privacy is, why its violation is wrongful, and how it inflicts serious harm upon individuals, groups, and society.” The bipartisan American Data Privacy and Protection Act is still “slowly inching through Congress” and “is widely thought toothless,” according to Hodge.

In July 2022, Emma Woollacott reported for Cybernews that “there are now serious fears that data from period-tracking apps, online searches, text message, and location, for example, could be subpoenaed” in the pursuit of abortion prosecutions. In light of this, two additional bills—the My Body, My Data Act and the Health and Location Data Protection Act of 2022—that would limit the use of reproductive and sexual health data and prevent data brokers from selling health and location data have been introduced in Congress. It is unclear how this legislation would impact law enforcement.

STAT reported in May 2023 on a new rule proposed by the Biden administration to protect “certain health data from being used to prosecute both clinicians and patients. But in the current draft, the rulemaking is designed to reinforce the privacy of reproductive health in states where abortion is legal and does little for those seeking abortion in states where it is illegal.”

Corporate news outlets have paid some attention to the use of digital data in abortion-related prosecutions. Several major outlets have published pieces about digital privacy in a post-Roe world, but none have focused specifically on how stalkerware could potentially be used in criminal investigations of suspected abortions [Note also: Natasha Singer and Brian X. Chen, “In a Post-Roe World, the Future of Digital Privacy Looks Even Grimmer,” New York Times, July 13, 2022, updated July 20, 2022; “How US Police Use Digital Data to Prosecute Abortions,” Financial Press, January 28, 2023].

Rae Hodge, “With Roe v. Wade Overturned, Your Abortion Searches Could Be Used to Prosecute You,” CNET, June 26, 2022.

Danielle Keats Citron, “Abortion Bans Are Going to Make Stalkerware Even More Dangerous,” Slate, July 5, 2022.

Student Researcher: David Laskowski (Drew University)

Faculty Evaluator: Lisa Lynch (Drew University)

970

Stalkerware—surveillance apps that secretly record and upload cellphone activities—could become a significant legal threat to people seeking abortions, according to a pair of articles published in the wake of the US Supreme Court’s decision to overturn the constitutional right to abortion. Writing for the tech news site CNET just two days after the Dobbs decision, Rae Hodge reported in June 2022 that “already, the digital trails of abortion seekers can become criminal evidence against them in some states where abortion[s] were previously prosecuted. And the legal dangers may extend to abortion seekers in even more states.” In her July 2022 article for Slate, University of Virginia law professor Danielle Keats Citron observed that “surveillance accomplished by individual privacy invaders will be a gold mine for prosecutors targeting both medical workers and pregnant people seeking abortions.”

Citron explained that cyberstalking software provides users with “real-time access to everything that we do and say with our phones. To do this, they only need our phones (and passwords) for a few minutes. Once installed, cyberstalking apps silently record and upload phones’ activities to their servers. They enable privacy invaders to see our photos, videos, texts, calls, voice mails, searches, social media activities, locations—nothing is out of reach. From anywhere, individuals can activate a phone’s mic to listen to conversations within 15 feet of the phone.”

This could even “include conversations that pregnant people have with their health care providers—nurses, doctors, and insurance company employees,” Citron warned. Hodge concurred, “It’s not just abortion patients who are at risk of surveillance and arrest. Those who aid abortion seekers could be charged as accomplices in some cases,” depending on state law.

Often marketed as a tool to monitor children’s online safety or as device trackers, stalkerware is technically illegal to sell for the purpose of monitoring adults but nonetheless is readily available. Citron discovered “more than 200 apps and services that charge subscribers a monthly fee in exchange for providing secret access to people’s phones.” Stalkerware and other forms of electronic surveillance have been closely associated with domestic violence and sexual assault, according to the National Network to End Domestic Violence, Citron noted. [See also: Jason Koebler, “‘I See You’: A Domestic Violence Survivor Talks About Being Surveilled by Her Ex,” Vice, March 17, 2017].

Stalkerware phone apps are not the only cause for concern. Hodge explained that “third-party data brokers sell sensitive geolocation data—culled through a vast web of personal tracking tech found in apps, browsers and devices—to law enforcement without oversight.” Furthermore, the so-called “abortion bounty hunter” provisions adopted by some states, including Texas and Oklahoma, might financially incentivize civilians to use such data to enforce abortion restrictions. “Given the inexpensive cost of readily available stores of personal data and how easily they can be de-anonymized, savvy informants could use the information to identify abortion seekers and turn a profit,” Hodge noted.

Even before the Dobbs decision, US law has not kept up with the ability of technology to breach individual privacy. Citron explained that “the law’s response to intimate privacy violations is inadequate, lacking a clear conception of what intimate privacy is, why its violation is wrongful, and how it inflicts serious harm upon individuals, groups, and society.” The bipartisan American Data Privacy and Protection Act is still “slowly inching through Congress” and “is widely thought toothless,” according to Hodge.

In July 2022, Emma Woollacott reported for Cybernews that “there are now serious fears that data from period-tracking apps, online searches, text message, and location, for example, could be subpoenaed” in the pursuit of abortion prosecutions. In light of this, two additional bills—the My Body, My Data Act and the Health and Location Data Protection Act of 2022—that would limit the use of reproductive and sexual health data and prevent data brokers from selling health and location data have been introduced in Congress. It is unclear how this legislation would impact law enforcement.

STAT reported in May 2023 on a new rule proposed by the Biden administration to protect “certain health data from being used to prosecute both clinicians and patients. But in the current draft, the rulemaking is designed to reinforce the privacy of reproductive health in states where abortion is legal and does little for those seeking abortion in states where it is illegal.”

Corporate news outlets have paid some attention to the use of digital data in abortion-related prosecutions. Several major outlets have published pieces about digital privacy in a post-Roe world, but none have focused specifically on how stalkerware could potentially be used in criminal investigations of suspected abortions [Note also: Natasha Singer and Brian X. Chen, “In a Post-Roe World, the Future of Digital Privacy Looks Even Grimmer,” New York Times, July 13, 2022, updated July 20, 2022; “How US Police Use Digital Data to Prosecute Abortions,” Financial Press, January 28, 2023].

Rae Hodge, “With Roe v. Wade Overturned, Your Abortion Searches Could Be Used to Prosecute You,” CNET, June 26, 2022.

Danielle Keats Citron, “Abortion Bans Are Going to Make Stalkerware Even More Dangerous,” Slate, July 5, 2022.

Student Researcher: David Laskowski (Drew University)

Faculty Evaluator: Lisa Lynch (Drew University)