Digital Security - In a Post-Roe World

 

If you watch true crime shows like 20/20, Dateline, Cold Justice, etc. You know all those investigative techniques that detectives use to track down murderers? That will now be used against you.

So what can you do to protect yourself and others?

First of all, realize you need to realize that your smart phone and computer habits will be used against you. Unlike Europe, we do not have data privacy laws. 

Twitter Thread on Data Security as a reply to Biden asking the FTC to protect women's security.

If you are planning to go camping with some friends you need to be aware of how you can get caught camping.

While period trackers seem like an obvious source of information about reproductive health decisions, experts say other digital information is more likely to put women at risk. Cynthia Conti-Cook, a civil rights lawyer and technology fellow at the Ford Foundation, researched prosecutions of pregnant people accused of feticide or endangering their fetuses, cataloging the digital evidence used against them in an academic paper she published in 2020.

“We should start with the types of data that have already been used to criminalize people,” said Ms. Conti-Cook, who previously worked in a public defenders’ office in New York. “The text to your sister that says, ‘Expletive, I’m pregnant.’ The search history for abortion pills or the visitation of websites that have information about abortion.”

One of the cases Ms. Conti-Cook highlighted was that of Latice Fisher, a Mississippi woman who was charged with second-degree murder after a stillbirth at home in 2017. According to a local report, investigators downloaded the contents of her phone, including her internet search history, and she “admitted to conducting internet searches, including how to induce a miscarriage” and how to buy pregnancy-terminating medicine like mifepristone and misoprostol online. After significant public attention, the case against Ms. Fisher was dropped.

In another case, in Indiana, text messages to a friend about taking abortion pills late in a pregnancy were used to convict Purvi Patel, who successfully appealed and reduced a 20-year sentence for feticide and neglect of a dependent.

“Those text messages, those websites visited, those Google searches are the exact type of intent evidence that prosecutors want to fill their bag of evidence,” Ms. Conti-Cook said.

Investigators could also potentially use smartphone location data if states pass laws forbidding women to travel to areas where abortion is legal. Information about people’s movements, collected via apps on their phones, is regularly sold by data brokers.

 

When The New York Times investigated the supposedly anonymized data on the market in 2018, it was able to identify a woman who had spent an hour at a Planned Parenthood in Newark. In May, a journalist at Vice was able to buy information from a data broker about phones that had been carried to Planned Parenthoods over the course of a week for just $160. (After Vice’s report, the data broker said it planned to cease selling data about visits to the health provider.)

In the past, anti-abortion activists have “geofenced” Planned Parenthoods, creating a digital border around them and targeting phones that enter the area with ads directing owners to a website meant to dissuade women from ending their pregnancies.

 

There are similar attempts to capture the attention of people who go online to seek help with abortions. “Pregnancy crisis centers” aim to be at the top of Google search results when people seek information about how to end a pregnancy. When someone clicks through to such a website, it will sometimes try to collect information about the person.

Given the many ways in which people’s movements, communications and internet searches are digitally tracked, the bigger question may be just how zealous law enforcement will be in states with abortion bans. Those advising against the use of period trackers appear to fear the worst: dragnet-style searches for anyone who was pregnant and then ceased to be.

“It’s hard to say what will happen where and how and when, but the possibilities are pretty perilous,” Ms. Conti-Cook said. “It can be very easy to be overwhelmed by all the possibilities, which is why I try to emphasize focusing on what we have seen used against people.”

She added: “Google searches, websites visited, email receipts. That’s what we’ve seen.”

So what can you do if you need to go camping?

First: Get serious about your digital privacy and security. Your life depends on it. Eff.org is your friend. Know Your Rights!

Use end-to-end encrypted messengers with disappearing messages turned on whenever possible. This functionality is available on both WhatsApp and Signal, and we have step-by-step guides for how to turn it on for Signal on iOS and Android. Refer to our security tips for people seeking an abortion and Surveillance Self-Defense guides for the abortion movement for information about other privacy considerations and steps.

- Eff.org

Eff.org has a bunch of articles on digital security. Read them: 

  • Eff.org Tools (software to protect your browsing)

Digital Defense Fund has a guide that covers several concerns you may have:

In addition to encrypted messengers on your phone you also need to add the following to your phone and computer and yes paying for the yearly/multi-year subscription for the additional features will be worth it. But you can supplement those with other programs.

Antivirus programs are very invasive for a reason and they erase cookies as best as they can. They now offer VPNs in order to protect you from malicious actors. Take advantage of that. Or get a different VPN. Nord VPN is good.

Don't forget about nuking the cookies on your smart phone and computer by downloading and using CCleaner and Malwarebytes.

The following is from Eff.org with additional information provided.

1: Compartmentalization

In essence, this is doing your best to keep more sensitive activities separate from your day-to-day ones. Compartmentalizing your digital footprint can include developing the habit of never reusing passwords, having separate browsers for different purposes, and backing up sensitive data onto external drives.

Recommendations:

  • Use different browsers for different use cases. More private browsers like DuckDuckGo, Brave, and Firefox are better for more sensitive activities. Keeping separate browsers can protect against accidental data spillover from one aspect of your life into another. (Top 10 Secure Browsers That Protect Your Privacy in 2022) (Ecosia isn't a bad browser/search engine for regular searches, they plant trees)

  • Use a secondary email address and/or phone number to register sensitive accounts or give to contacts with whom you don’t want to associate too closely. Google Voice is a free secondary phone number. Protonmail and Tutanota are free email services that offer many privacy protections that more common providers like Gmail do not, such as end-to-end encryption when emailing others also on Protonmail and Tutanota, and fewer embedded tracking mechanisms on the service itself. (11 Best Private and Secure Email Services for 2022) (You can still use Gmail etc for regular stuff)

  • If you're going to/from a location that's more likely to have increased surveillance, or if you're particularly worried about who might know you're there, turning off your devices or their location services can help keep your location private.

2: Community Agreements

It’s likely that others in your community share your digital privacy concerns. Deciding for yourself what information is safer to share with your community, then coming together to decide what kind of information cannot be shared outside the group, is a great nontechnical way to address many information security problems. Think of it in three levels: what information should you share with nobody? What information is OK to share with a smaller, more trusted group? And what information is fine to share publicly?

 

Recommendations:

  • Come up with special phrases to mask sensitive communications. For instance, be sure to have everything ready before you go camping in another state with some friends.

  • Push a culture of consent when it comes to sharing data about one another, be it pictures, personal information, and so on. Asking for permission first is a good way to establish trust and communication with each other.

Phone Calls and Text Messages versus Encrypted Internet Messages

 

When you make a call from a landline or a mobile phone, your call is not end-to-end encrypted. When you send a text message (also known as SMS) on a phone, the text is not encrypted at all. Both allow governments or anyone else with power over the phone company to read your messages or record your calls. If your risk assessment includes government interception, you may prefer to use encrypted alternatives that operate over the Internet. As a bonus, many of these encrypted alternatives also offer video.

Some examples of services or software that offer end-to-end encrypted texting and voice and video calls include:

 

Some examples of services that do not offer end-to-end encryption by default include:

  • Google Hangouts

  • Kakao Talk

  • Line

  • Snapchat

  • WeChat

  • QQ

  • Yahoo Messenger

 

And some services, like Facebook Messenger and Telegram, only offer end-to-end encryption if you deliberately turn it on. Others, like iMessage, only offer end-to-end encryption when both users are using a particular device (in the case of iMessage, both users need to be using an iPhone).

How Much Can You Trust Your Messaging Service?

 

End-to-end encryption can defend you against surveillance by governments, hackers, and the messaging service itself. But all of those groups might be able to make secret changes in the software you use so that even if it claims to use end-to-end encryption, it is really sending your data unencrypted or with weakened encryption.

 

Many groups, including EFF, spend time watching well-known providers (like WhatsApp, which is owned by Facebook, or Signal) to make sure they really are providing the end-to-end encryption they promise. But if you are concerned about these risks, you can use tools that use publicly known and reviewed encryption techniques and are designed to be independent of the transport systems they use. OTR and PGP are two examples. These systems rely on user expertise to operate, are often less user-friendly, and are older protocols that don’t use all of the modern best encryption techniques.

 

Off-the-Record (OTR) is an end-to-end encryption protocol for real-time text conversations that can be used on top of a variety of instant messaging services. Some tools that incorporate OTR include:

 

PGP (or Pretty Good Privacy) is the standard for end-to-end encryption of email. For detailed instructions on how to install and use PGP encryption for your email, see:

As for combating metadata...get a burner. But be aware it's not perfect. You need to forget your other phone at home and be careful when/where you go to get the burner.

There are different types of burner phones. If you have a gmail account you can create a google voice burner number on your smart phone for free. You can send and receive phone calls and text messages. It also has voice mail. But it's not protected.

There are other burner phone apps as well with various security features.

So get a pre-paid cheap mobile phone you can buy with cash (Walmart, etc). Use it to set up your appointments and contact those with whom you need to in order to go camping in another state. When you are done camping and before returning home, get rid of it. After that, you can turn your regular phone back on or just return home to pick it up since you forgot it and it won't track your movements to go camping and return. 

As always, be sure location tracking is turned off before you leave for camping, while you are gone camping, and when you return.

3: Safe Browsing

There are many ways that data on your browser can undermine your privacy and security, or be weaponized against you. Limiting unwanted tracking and reducing the likelihood that data from different aspects of your life spills into one another is a great way to layer on more protection.

Recommendations:

  • Install privacy-preserving browser extensions on any browsers you use. Privacy Badger, uBlock Origin, and DuckDuckGo are great options.

.

 

Carefully look at the privacy settings on each app and account you use. Turn off location services on phone apps that don’t need them. Raise the bar on privacy settings for most, if not all, your online accounts.

4:  Security Checklists

Make a to-do list of tools, techniques, and practices to use when you are doing anything that requires a bit more care when it comes to digital privacy and security. This is not only good to have so that you don’t forget anything, but is extremely helpful when you find yourself in a more high-stress situation, where trying to remember these things is far from the top of your mind.

 

Recommendations:

  • Tools: VPNs for hiding your location and circumventing local internet censorship, encrypted messaging apps for avoiding surveillance, and anonymized credit cards for keeping financial transactions separate from your day-to-day persona.

  • Strategies: use special code words with trusted people to hide information in plain sight; check in with someone via encrypted chat when you are about to do something sensitive; turn off location services on your cell phone before going somewhere, and back up and remove sensitive data from your main device.

 

Second: You do not have to delete your period app. Just use one that is NOT based in the United States and thus cannot be subpoena for your information.

What Period Tracking Apps Collect and How It Can Be Abused

Besides the information around your reproductive health that you would expect your period tracking app to collect, there is a wide array of other types of data it may be picking up on: your phone’s device identifier, the location you are using the app from, the Ad ID that your phone uses as a nametag to communicate with advertisers across all your apps, your contact list, photos, and more. Individually, some of these pieces of data may seem relatively harmless, but they can also be combined and shared across the huge industry of web tracking and advertising. Anyone, not just advertisers, may be able to buy the resulting datasets. It isn’t a far reach to imagine dire consequences from this data collection and sharing—but again, this is not the primary strategy being used to criminalize abortion seekers right now.

Also remember that, just because you may delete an app from your phone, the data you’ve generated with it can live on in that app's product servers and anywhere else they’ve shared the data they’ve collected. From there, it’s very difficult to delete and confirm it’s actually deleted.

This is why it’s important to be especially careful in choosing a period tracker app that is mindful of user privacy.

Choosing the Right Period Tracking App

If you’re using a period tracker already, consider switching to a more privacy-focused app. Consumer Reports, for instance, analyzed a number of period trackers and found Euki, Drip, and Periodical to be on the side of users when it comes to data retention policies and practices as well as avoiding third-party trackers.

Regardless of the app you choose, carefully examine its privacy settings and privacy policy statements. The privacy settings page is where you are able to configure different controls based on your preferences for how the app ought to collect and share your data. In fact, some apps don’t even have a privacy settings page—if yours doesn’t, consider it a red flag.

The privacy policy statement is where the app will describe the ways in which it manages, collects, and stores your data. These statements are often confusing and full of inaccessible legalese, so just do your best and don’t be discouraged if making sense of it is a challenge. Look for specific sections with phrases like “Data Collection” and “Sharing.” These paragraphs are often where you’ll find how the app plans on collecting your data and sharing it with others (often for a profit). A keyword search for phrases like “legal process” or “subpoena” will usually point to the section on how the provider will respond to police demands. For example, searching for these terms on Flo’s privacy policy reveals that Flo will share your info with police “to the extent permitted and as restricted by law” (emphasis added), which means Flo reserves the right to voluntarily comply with a police data demand so long as it is not specifically illegal to do so.

- Eff.org

Clue is Berlin-based and made a vow to not cooperate with authorities in the U.S. so has Stardust an astrology based period tracker.

Third: Do not despair.

 

If Latin America can get abortion rights then we can regain our rights!

Get trained, get organized; go on Mobilize.us and find like minded people who are ready to get shit done.