Facebook faced political scrutiny this week after it was revealed the company had handed over private messages between a young woman and her mother to Nebraska authorities investigating the death and disposal of a fetus.
Search warrants for abortion data leave tech companies few options
Facebook might have had a good reason to stay silent on that question. Legal experts said that even if the nature of the case had been spelled out, the company wouldn’t have had any alternative but to comply.
Prosecutors and local law enforcement have strict rules they must follow to obtain individuals’ private communications or location data to bolster a legal cases. Once a judge grants a request for users’ data, tech companies can do little to avoid complying with the demands.
That’s why, advocates say, social media platforms, telecom companies and other internet data brokers will have to limit what data they collect if they want to avoid helping the prosecution of women seeking abortions in states where the procedure is illegal.
“If the order is valid and targets an individual, the tech companies will have relatively few options when it comes to challenging it,” said Corynne McSherry, legal director at the privacy advocacy group Electronic Frontier Foundation. “That’s why it’s very important for companies to be careful about what they are collecting because if you don’t build it, they won’t come.”
How tech companies handle user data has come under growing scrutiny from privacy advocates, politicians and their own employees since the Supreme Court overturned Roe v. Wade in June, making abortion illegal for millions of Americans. Privacy advocates have worried that tech companies’ massive collection of user data, from private messages to real-time location information to search results, could be used to prosecute those getting or facilitating abortions.
Despite repeated attempts in Congress, there is no comprehensive federal law protecting data privacy in the United States. On Thursday, the government’s top tech watchdog, the Federal Trade Commission, announced that it was exploring whether to create new federal rules to address privacy concerns surrounding health and location data.
“Some of the discussion around the recent Dobbs decision just underscores what many people have been saying for a long time: Consumer privacy is not just an abstract issue,” said Sam Levine, director of the FTC’s Bureau of Consumer Protection.
In the Nebraska case, Celeste Burgess, now 18, and her mother, Jessica Burgess, were charged in June with concealing the death of a person, among other charges, after authorities alleged they tried to improperly bury the body of a stillborn fetus. Jessica Burgess was also charged with performing an abortion on a fetus older than 20 weeks. Abortion is legal in Nebraska up to the 20th week of pregnancy; a court affidavit cited medical records estimating Celeste Burgess was more than 23 weeks along when her fetus was aborted sometime between April 22 and April 29.
To bolster the case, a law enforcement officer asked a court to order Facebook to turn over private messages between the women. In his application, the officer said the women had told investigators that they had texted back and forth on Messenger about Celeste’s pregnancy. In the messages, the two women discussed how to take pills and get the “thing” out of Celeste’s body, according to court records.
For a court to issue a warrant for such conversations, the request must meet two conditions, experts said: evidence that a crime has been committed, and a narrowly tailored request giving such details as when the exchange took place and who was involved.
“On the basis of that warrant, they can go to the phone company and say, ‘Give me what I am asking for,’ ” Columbia Law School professor Daniel Richman said.
A similar bar exists for government requests for location data, Richman said.
Once tech companies are handed a court-ordered demand for information, they have few options. They can either comply with the legal request or be in contempt of court and face a fine.
Companies are much more likely to succeed in challenging a court order if the requested data comes from a large group of people rather than from individuals, McSherry said.
In March, a federal judge said authorities in Virginia had violated the constitution when they used Google location data to find people who were near the scene of a 2019 bank robbery. The ruling found that a widely used police tactic known as geo-fencing, where an agency asks a company for the identifying information of anyone whose phone was detected in a given area at a certain time, breached the Fourth Amendment’s protections against unreasonable searches because it gave police information about the location of many innocent people who were not suspects in the crime.
Many privacy activists say the abortion issue simply reinforces what they’ve been saying for years: Tech companies should collect less data that might be used in an abortion prosecution. Or messaging apps and device makers could implement end-to-end encryption, which means the data is scrambled so that outsiders, and even the company, cannot read it.
“This is obviously good for users of these devices because they don’t have to worry about who has access to what they assume are private conversations,” said Caitlin Seeley George, the campaign director of the privacy advocacy group Fight for the Future.
“It’s also good for the companies, because then they aren’t caught in this position where they have to try and defend themselves for their actions. They can just say, ‘We didn’t have an ability to share that information.’ ”
Cat Zakrzewski contributed to this report.