Post-Roe v. Wade, are tech companies actually doing anything to protect users’ data?

Two weeks ago, Motherboard asked major US tech companies, telcos, and financial companies whether they would hand over customer records to the police if asked to in connection with the overturn of Roe v. Wade.

Think about your own data now when you read this list of companies. Think of your browsing history, your email, your transportation around town, your home security system (which tracks your family, too), and your online purchases.

The companies included Facebook, Twitter, Snapchat, TikTok, Google, Amazon, Discord, Verizon, AT&T and T-Mobile. The financial companies included Venmo, CashApp, Binance, Kraken and Coinbase. They also contacted Uber and Lyft.

“None answered,” tweeted reporter Joseph Cox.

None of these companies were prepared to respond to this crucial but predictable press inquiry, even though the Supreme Court has been signaling for months that they would overturn Roe v. Wade.

What will these companies do? History has shown that while some, like Google and Twitter, will fight for their users’ privacy in court, others will not. Facebook and Instagram have already begun taking down posts about abortion pills.

Under pressure from its employees and advocates to take action, a few days ago Google said that it would delete abortion clinic visits from the location history of its users, a response to pressure that does little to help users who may have left hundreds of other digital traces connecting them to an abortion.  Yet even these giant companies are not the only ones to worry about.

Yes, taxi companies’ apps are tracking you. (Image by Mohamed Hassan, Creative Commons)

Small companies are tracking your data, too

Our data is also collected by companies users may barely notice — the buggy taxi app we are trying to support. The government transport card that tracks us across the city. CVS.

With their massive wealth (Google made $257 billion last year) and political clout, Google or Facebook can at least defend themselves and their users in court, if they choose to. For small companies, the stakes are different.

What about small tech companies that do care about their users? I hope they are holding emergency meetings, banding together, and sharing resources. I hope they are consulting their lawyers and privacy officers and moving their servers to Germany or finding other ways to put their customers’ data out of reach of the US government. If they are approached by law enforcement, they should speak about it loudly and publicly. Do they need to delete customer data? What are their priorities? If the organization doesn’t exist that can help them, they should build it.

What about privacy laws?

Unlike European Union countries and the General Data Protection Regulation, aka GDPR, no national privacy law protects Americans. Now (well, earlier than now) would be the time to speak up in support of such a law. Sign those sign-on letters. Learn how to lobby (more fun than it sounds, and you can visit the Smithsonian afterward). Many tech companies don’t see themselves as political, but they may feel differently if a US court asks for their logs.

A few days after the court decision, one period tracking company stated that it would hand over user data to law enforcement with or without a warrant. In response, the hacktivist group Anonymous began taking matters into their own hands by deleting user data from such companies.

Data from menstrual tracking apps have been hacked and deleted to avoid identifying possible abortion in states where abortion is now banned. #Anonymous #OpJane

— Anonymous (@YourAnonOne) June 30, 2022

As Juan Benet, founder of the computer network IPFS once put it, when companies collect user data irresponsibly, “the keys are on the table” for a government to pick up. Because of the US Supreme Court decisions, what is considered irresponsible collection of user data may have to change in ways that are not yet clear. Yet now, even retaining a user’s browsing history for six months could incriminate some users.

To be sure, the US government regularly asks for data from tech companies for a wide range of law enforcement matters. But now, on many levels, it’s personal.

And here we are. Lacking a national privacy law and with thousands of companies surveilling Americans’ every move, the keys are on the table.

Will a tiny company that tracks taxi trips be able to hold out against a government subpoena? Will Facebook?

What if they don’t?