15 Million Downloaded Pregnancy Trackers That May Give Data To Cops Without A Warrant—Should You Worry?

A Forbes analysis of two pregnancy and ovulation trackers owned by a $ 3.6 billion media conglomerate shows they reserve the right to share law enforcement data at their discretion. Privacy activists want such companies to do more to protect users in a post-Roe v. Wade United States.

Efar since the leak of the Dobbs v. Jackson court ruling in early May, fears have grown about how police could try to obtain data from period and pregnancy detection programs while trying to track down illegal abortions in a post-Roe v. To explore Wade America. An analysis of two popular pregnancy tracking programs shows that there is good cause for concern, as privacy policies tend to give technology companies a lot of discretion when it comes to sharing user data.

Among the most highly regarded and downloaded pregnancy and ovulation trackers are BabyCenter and What To Expect, both owned by $ 3.6 billion market capitalization media and internet giant Ziff Davis, perhaps best known as the owner of technology blog Mashable. Both BabyCenter and What To Expect — with more than 15 million downloads on Google’s Android alone — have the same privacy policies. In a section on how the applications handle law enforcement requests, there is no explicit requirement for the police to have a signed warrant or subpoena before user data will be shared. Indeed, the language suggests that if the companies suspect a user of illegal conduct, or merely a violation of their terms of service, they will share it with relevant authorities.

“We reserve the right to release information about any user of services when we have grounds to believe that the user violates or engages in our Terms of Use or other published guidelines (or we have grounds to believe that he is involved in). ) any illegal activities, ”reads the shared privacy policy. Similar concerns about the increasingly popular period tracker Stardust were raised on Vice earlier this week.

The application manufacturers also reserve the right to share data with “legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation.” They also reserve the right to share information with “any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights.”

It may seem like a boilerplate language designed to protect the company from any liability, but some of the Ziff Davis’s competitors have stronger privacy policies. Another popular pregnancy tracker, Ovia Health, for example, says he will only share such data with governments “if required by law, subpoena, order from a regulatory authority or otherwise required to comply with legal requirements” or to “the security of users of the applications or others.” Ovia also has a dedicated page on law enforcement requests, stating that it actively seeks to restrict the disclosure of data and will “reject any invalid requests.”

Despite urgent concerns about such applications and how they protect data, privacy experts say it is not the most pressing concern for women seeking an abortion. What really matters is that technology companies provide more factual information on how people can safely access legal abortions and not completely remove material from its platforms for fear that abortions are illegal in some states, says Eva Galperin, director of cyber security at the Electronic Frontier Foundation (EFF).

But if Forbes repeatedly documented in recent months, police will visit every opportunity to gather data on a suspect and are happy to attack large and small technology companies. If the police in states where abortion is illegal start actively investigating the future, it should be expected that all kinds of companies will be raided for data, the EFF’s Galperin adds.

“I do not think these policies will affect users tomorrow, but I think there is a strong risk that it will be relatively soon. And it is important to hold these companies accountable for what they do with user data before the abuse actually takes place, ”says Galperin. “Given the variety of period tracking applications out there, I do not see why users should stick to any application that does not make a strong and public commitment to protecting their personal data and taking steps to limit what the company can transfer to. third parties. ”

Ziff Davis’ subsidiaries said they were looking into any changes to their privacy policies in light of Roe v. Wade overturned by the Supreme Court. “We evaluate the developing situation as it relates to our policy. We do not currently have more information to provide, ”said a spokesperson for What to Expect and BabyCenter.

‘Ad networks know more about you than you do’

Forbes analysis of the applications also revealed how they share basic user information, such as in which state a user lives and their IP address (which can also be used to deduce in which town or city a person lives) with a series of third parties. Such parties include Facebook and several ad trackers, such as Nasdaq-listed Taboola, Comscore subsidiary ScorecardResearch, $ 1.3 billion market capitalization company Magnite, as well as lesser-known vendors Adjust and Upland Software, among a handful of others. No medical information or in-depth user data was shared at the time of Forbes‘research.

Sharing metadata with third-party ad networks is common in many mobile applications, especially for free. But there is now a unique threat when it comes to pregnancy tracers. Although the data does not include content such as the user’s deadline or any changes to the pregnancy, all those third parties have a strong indication that a person is pregnant or planning to be. (Retailers in particular have made headlines for serving expectant mothers with ads for baby-related products before the fathers first knew about the pregnancy.) “Advertising networks know a lot more about you than you do,” says Gabi Cirlig, a cyber security and privacy researcher who helped has to verify Forbes‘findings.

Simply put: it’s not just the application manufacturers and their partners at technology giants like Google and Facebook, but also a network of numerous ad networks that know a lot about who’s pregnant and when. It leaves law enforcers with all sorts of ways in terms of collecting data for investigations into individuals trying to get abortions in states where it is illegal.

Privacy activists are now not only calling for more detailed and protective privacy policies, but also greater transparency of application manufacturers. “As states begin to investigate and prosecute people for their pregnancy outcomes after-Roe, these companies should stand up for their users and fight back hand and tooth against government demands for user data, ”says Riana Pfefferkorn, research scientist at the Stanford Internet Observatory. “But they must also be committed to doing what they say they will do. Do not tell me you will push back against extensive legal requests unless you are actually going to do so and are willing to publish a transparency report that proves it.

“Your users are scared. If you respect them, you will prosper. If you sell them out, you will fail. ”

Related Posts