Published by The Lawfare Institute
in Cooperation With
Editor’s Note: Abortion rights and the law surrounding reproductive freedoms are beyond the scope of Lawfare’s remit. The surveillance architecture that will govern investigations of abortion-related crimes and civil liability for reproductive decisions in a post-Roe world is not.
The year is 2023. It’s been one year since the Supreme Court handed down its decision in Dobbs v. Jackson Women’s Health Organization, in which the court overturned Roe v. Wade.
The state in which Jessica lives prohibits and criminalizes abortion for any reason, defining a fertilized egg as a person. Jessica tells her friends and family that she had a miscarriage at 11 weeks of pregnancy. One of her roommates doesn’t believe her and reports her to the local police for having had an abortion.
The local police investigate Jessica for what they believe is a possible violation of the state’s law criminalizing abortion. Based on the initial investigation, police officers determine that Jessica wanted to terminate her pregnancy and was trying to find the “abortion drug.” They obtain a warrant to search her phone. On her phone, they discover evidence that she searched for information about abortion and purchased mifepristone and misoprostol. These drugs can cause an abortion, but they are also used to help women complete the process of miscarriage. They also find evidence of when she had her last period on a period-tracking app, which further substantiates that she was pregnant for 11 weeks. The evidence obtained from Jessica’s phone is used to prosecute her for violating the state’s law criminalizing abortion.
This is the type of surveillance and investigation of women’s private health and reproductive decisions we can expect if Roe is, in fact, overturned.
On May 24, 42 Democratic members of Congress sent a letter to Sundar Pichai, the CEO of Google, requesting that the company stop “unnecessarily retaining location data” to prevent law enforcement from using the data to identify people who obtain abortions. The letter is a response to Justice Samuel Alito’s draft opinion in Dobbs, which foreshadows the overturning of Roe and the subsequent banning and criminalization of abortion by many states. Several states already have “trigger laws” in place that would ban abortion if and when Roe is overturned.
People disagree about the merits of the Dobbs draft and whether a right to privacy encompasses a woman’s right to determine whether or not to have a child. It is important to understand, however, that if Roe is overturned, criminal investigations into women’s reproductive decisions enabled by modern technologies and the sensitive, intimate data these technologies capture would constitute an unique extension of the state’s powers of observation and coercion. This new data-driven era in which the Court stands poised to reempower politicians to criminalize both women’s reproductive decision-making and the provision of medical care does not represent a return to a way of life reminiscent of the 1960s; today’s communications technologies and services will enable government surveillance of the details of women’s lives to a degree never before seen. And the explicit protections of the Fourth Amendment offer little or no meaningful protection against this surveillance.
Privacy, Surveillance, and Information Security in a Post-Roe Environment
Among the many realities and lived experiences of women that the Dobbs draft fails to acknowledge is how conspicuously 21st century technology will privilege the interests of the state over the protection of privacy interests should law enforcement be empowered to investigate the crime of seeking, obtaining, or providing an abortion—and how insubstantial Fourth Amendment protections would be against the privacy intrusions inherent in the investigation of crimes premised on a woman’s reproductive decisions.
Looking back at Griswold v. Connecticut, the case recognizing a married couple’s right to use contraceptives, Justice William O. Douglas offered a stark assessment of the surveillance that the criminalization of contraception invites: “Would we allow the police to search the sacred precincts of marital bedrooms for telltale signs of the use of contraceptives? The very idea is repulsive to notions of privacy surrounding the marital relationship.”
The Griswold Court found that the prohibition of contraception was an unwarranted invasion into “a relationship lying within the zone of privacy created by several fundamental constitutional guarantees.” Moreover, the Court noted that a law “forbidding the use of contraceptives, rather than regulating their manufacture or sale,” would “achieve its goals by means having a maximum destructive impact upon that relationship.” The reference to searching marital bedrooms, which in most instances would occur after the police obtained a warrant, implies that even the necessity of a warrant cannot provide sufficient protection against governmental intrusions into our personal spaces and relationships when the investigation concerns the crime of using contraception. The idea seemed to be that some things were so very private—like the act of having sex in the context of a marital relationship and the decision to use contraception—that laws exposing those acts and decisions to searches by the government impermissibly infringed upon constitutional interests. In other words, Griswold suggests that the criminalization of contraception is unacceptable because the investigation of the supposed crime would be unacceptably invasive.
Only a few short years after Griswold, the Supreme Court extended the right to use contraception to unmarried women, explaining that “[i]f the right to privacy means anything, it is the right of the individual, married or single, to be free from unwarranted governmental intrusion into matters so fundamentally affecting a person as the decision whether to bear or beget a child.” Roe followed the next year, with an acknowledgement that the right to privacy encompasses a woman’s decision to terminate a pregnancy. Notably, Alito’s rationale in Dobbs, which he is confident will usher in a return to the halcyon past of a more legitimate and historically supported reading of the Constitution that preceded Roe, actually jeopardizes Griswold as well.
With the Court poised to overturn Roe, it is worth spending a little time thinking about what, realistically, investigations of abortion crimes would look like today. We no longer live in 1965 or 1973—it is now 2022. Today, thanks to modern-day communications technologies, should law enforcement be empowered to investigate the crimes of seeking, obtaining, or providing an abortion, as well as anyone who might facilitate those crimes, the physical invasion of the home and the marital bedroom will not be necessary. Rather, the investigations that are likely to attend the banning and criminalization of abortion will be invasive of privacy in far more substantial and consequential ways.
In 2022, our lives are inextricably intertwined with our devices, and our public and private acts are captured and can thus be laid bare by the data our acts leave behind—data that are continually collected and analyzed by algorithms without our consent. Women are already being warned not to use period-tracking apps; these, one consumer watchdog warns, can divulge information related to “how often you have sex, if you are trying to have a baby[,] ... have experienced a miscarriage, or are approaching menopause,” as well as the first day of a person’s last menstrual period, a date pertinent to the gestational age of a fetus.
Those who search for information about abortion on the internet—looking, say, for facts about medication that can induce an abortion—must also be cognizant that their search history can place them under suspicion. Purchasing mifepristone and misoprostol online would also create digital evidence. Indeed, just paying for an abortion in anything but cash—whether by Venmo, Apple Pay, credit card, check, or using health insurance—leaves a digital trail. As sociologist Zeynep Tufekci explains, it is difficult for most people to live their lives and fully withdraw from the use of digital communications technologies, services, and platforms generating the data that will provide leads and telltale signs (what prosecutors call evidence) about women seeking or obtaining abortions and those providing abortion services.
In response to these risks, the Electronic Frontier Foundation (EFF) has released a guide with digital privacy and security tips for those involved in abortion access. These tips include using Virtual Private Networks, using more privacy-protective browsers (like Tor, DuckDuckGo, Brave, and Firefox) and different browsers for different use cases, as well as more privacy-protective email services (like Protonmail and Tutanota), password-protecting your phone, and using encrypted messaging apps like Signal, which also has a disappearing message function, to communicate. Some have suggested that that those involved in abortion access should also use burner phones. Security experts have, however, cautioned against relying on burner phones for anonymity. Security researcher and cryptographer Matt Blaze has described the challenges:
Mostly as an exercise, I maintain a couple burner phones in a way that gives me moderately high confidence can’t be linked to me. It’s extremely difficult, expensive, fragile, and inconvenient. And requires using almost everything I know about communications systems and security.
While the EFF guide acknowledges there is “no one-size fits all digital security solution,” the recommended measures are some (certainly not all) of the tips and tools that those fearing surveillance by authoritarian governments employ to escape scrutiny. Some of these measures are just good cybersecurity practices, but none, even when used in combination with others, provides a protective panacea.
It is worth noting that the digital security measures described above will not be equally accessible to all individuals. Digital literacy, discriminatory surveillance by law enforcement, and poverty will all make privacy and security harder to come by. The complexity of the suggested self-help measures highlights the role that digital literacy will play in privacy and security protection post-Roe. Those without such literacy will be unable to access even the limited privacy and security protections offered by these tools.
Minority communities are already subject to a greater degree of suspicion and surveillance, and such discriminatory surveillance will compromise the ability of members of these communities to protect themselves when seeking reproductive health care. Poverty also makes evading surveillance and obtaining services more challenging. Moreover, even when there have been significant prohibitions on abortion in the past, white, socioeconomically advantaged women have always had better access to safe abortions, and there is no doubt these disparities will persist. But with the outright criminalization of abortion, a new population of people, regardless of their financial resources, will experience a significantly heightened threat model. The modern digital age readily enables investigations of all those who use its communications products and services—essentially anyone who is connected. The more connected you are, the more vulnerable you may be.
The ubiquity of cellphones, which are essentially tracking devices, and the data collection, merging, and analytic processes that we as a country have chosen not to regulate, will make women, people who can become pregnant, and health care providers vulnerable to suspicion and investigation when abortion is criminalized. Anti-abortion coalitions and individual vigilantes could even purchase and analyze data sets from data brokers, which the law does not prohibit, in order to identify and place women under suspicion as a result of changes in their habits, the products they purchase, or the places they have traveled.
The recent Texas law, S.B. 8, actually incentivizes such private surveillance efforts by authorizing ordinary citizens, including those residing outside of Texas, to sue clinics or others who enable a woman to obtain an abortion after a fetal heartbeat is detected, usually around the sixth week of pregnancy. Oklahoma has passed a law along similar lines. As states deputize citizens to extend their reach, they will enable citizens to scrutinize their neighbors’ behavior or data for any telltale signs of abortion, bring suit, and use discovery to find out if they are correct or not.
The Limited Efficacy of the Fourth Amendment in a Post-Roe world
The data generated from modern communications technologies and platforms are readily available to law enforcement without significant hurdles, in part because Congress has failed to pass comprehensive privacy legislation that regulates what data companies can collect, share, and sell. Congress has also failed to update the Electronic Communications Privacy Act of 1986 (ECPA), the primary statute governing law enforcement access to electronic communications data. The ECPA both embodies the now-anachronistic distinction between content and noncontent data in an IP-based communications environment and fails to provide adequate protection for the latter, which can be as or more revelatory than communications content itself.
But what about the Fourth Amendment and its warrant requirement? Historically, warrants based on a probable cause showing have served the important privacy-protective function of preventing unreasonable searches and seizures. In two fairly recent cases, the Supreme Court has recognized the ways in which modern technologies and services can capture and reveal our public and private acts, requiring police officers to obtain warrants before accessing data produced by or stored in these technologies. In 2014, in Riley v. California, the Supreme Court recognized that “[w]ith all they contain and all they may reveal, [cell phones] hold for many Americans ‘the privacies of life’” and that “a cell phone search would typically expose to the government far more than the most exhaustive search of a house.” Acknowledging that its decision would have “an impact on the ability of law enforcement to combat crime,” the Riley Court held that a police officer must obtain a warrant before searching a cell phone seized incident to a lawful arrest. In 2018, in Carpenter v. United States, a case about law enforcement access to cell-site location information (CSLI) without a warrant, the Supreme Court rejected a blanket application of the third-party doctrine to data shared with a mobile carrier, providing Fourth Amendment protections to at least seven days’ worth of CSLI.
The warrant requirements imposed by Riley and Carpenter will not, however, adequately prevent governmental intrusions into the privacy and liberty interests of women who seek or obtain abortions. Because a warrant protects only against unreasonable searches and seizures, law enforcement’s ability to acquire the information it seeks will, for the most part, be constrained only by its ability to demonstrate probable cause. While it may be possible to limit the scope of the warrant when the demand for information is overly broad, if the government can establish that there is probable cause to believe that what it seeks is evidence of a crime, the government can compel production of that evidence or search a device where there is probable cause to believe that evidence resides.
Law enforcement can build probable cause in a number of ways including, as authorized by the ECPA, compelling certain kinds of noncontent data from providers and platforms through the use of subpoenas and 2703(d) orders, neither of which requires a probable cause showing. Moreover, when building probable cause in an abortion investigation, a woman’s purchase of common items like mason jars, aquarium tubing and syringes, which could be used to construct a device for “at home” abortions not involving pharmaceuticals, may be considered relevant pieces of information.
In the context of reproductive crimes, simply requiring warrants will not be sufficient to “secure the ‘privacies of life’ against ‘arbitrary power’ and ‘place obstacles in the way of a too permeating police surveillance.’” Think back to the case of Jessica, the fictitious woman prosecuted for obtaining an abortion after claiming she had suffered a miscarriage. Examining the details of someone’s menstrual cycle and record of intimate, sexual activity is an invasive inquiry into the way in which a pregnancy ended. The fact that the officers were required to get a warrant to search her phone in order to obtain information related to her reproductive and health care decisions does not begin to mitigate the extent to which the criminalization of abortion foments governmental intrusions into women’s privacy and liberty interests. Moreover, the fact that even warrants won’t prevent law enforcement access to highly personal and intimate data will have additional chilling effects; people who can become pregnant will change or limit their online behavior, restrict communications, be aware of where they go and whether they bring their phone with them, and avoid using the internet to acquire information about their health and well-being.
While Carpenter was a watershed case for privacy law insofar as it was the first case to extend Fourth Amendment protections to noncontent data, its ability to prevent governmental intrusions into the lives of women who seek or obtain abortions is limited. In the post-Roe environment, law enforcement will have access not only to the data available on a subject’s phone but also to the extensive personal data available about her from third parties—particularly location data.
Consider the example of a woman who lives in a state that criminalizes abortion for any reason and goes to a building in her state to receive an abortion from an underground network of abortion providers. This woman uses an Android smartphone, which collects and transmits location information to Google, regardless of whether the phone is being used or which app the user has open. (Although Google requires that users opt in to Google’s collection and retention of data, the Android operating system is designed in such a way that consumers can enable third-party apps to access location data only if they also allow access to Google.) Location data that is collected and retained—by Google or mobile apps—will place this woman and the provider in danger of being investigated and prosecuted for a reproductive crime. The May 24 letter from 42 of the Democratic members of Congress draws particular attention to so-called geofence orders that allow law enforcement to compel from Google the production of information about everyone who was near a particular location at a given time, because these orders will readily and efficiently enable investigations of people seeking, obtaining, and providing abortions.
Although Google insists that law enforcement obtain a warrant before it will disclose information pursuant to a geofence order, it is unclear whether this kind of compelled production would actually constitute a search under Carpenter and thus require a warrant to comply with the Fourth Amendment. While lower courts are beginning to apply Carpenter’s reasoning to facts and circumstances outside of CSLI, it will take time before a full body of law develops and reveals the extent to which Carpenter is interpreted to provide Fourth Amendment protections to other kinds of data and the processes that analyze these data.
Because Carpenter’s reach remains unclear, those involved in any illegal abortion access should assume that law enforcement can obtain access to the data generated through the use of communications technologies and services without a warrant. This assumption is also justified by what is known as the good-faith exception to the exclusionary rule, which prevents the suppression of illegally obtained evidence (for example, evidence obtained in violation of the Fourth Amendment) when the government relies either on a statute that is not clearly unconstitutional or on a binding legal precedent. So even if a court extends Carpenter’s reasoning to data beyond CSLI, the evidence will not be suppressed in particular cases where the government relied, in good faith, on earlier precedent.
Law enforcement also has another route to obtain this sort of information: It can simply buy data from data brokers and other non-ECPA covered entities, circumventing whatever protections may be offered by a warrant. Various government agencies have reportedly been buying location data from data brokers. The ECPA does not prevent law enforcement from making such purchases, and scholars disagree over whether the Fourth Amendment prohibits the purchase of data where a warrant would otherwise be required to compel the same data.
If the Court issues a Dobbs opinion along the lines of the Alito draft, it will become a fundamental problem for women all over the country that their location data are captured and retained—data that, warrant or not, constitute too efficient a tool to identify, incriminate, and prosecute those who seek or obtain an abortion. In a data-driven era in which constitutional protections for abortion no longer exist, a large segment of the population will be at risk of being placed under suspicion, subject to surveillance, and investigated or prosecuted for seeking, obtaining, or providing abortions. Appealing to companies to limit the amount of location data that is collected and retained—as the signatories to the Democratic letter to Google have done—is an effort, however imperfectly, to mitigate this risk. But this effort does not begin to address the broader privacy harms and liberty interests at stake. A data-driven, post-Roe world is a future much darker than the one that Justice Douglas considered unthinkable, in which officers might search for contraceptives under the marital bed. It is one against which the Fourth Amendment offers little effective protection.