“Remove your period-tracking apps today.” Since the removal of Roe v. Wade in the United States, Internet users are launching a mutiny against these health applications. For good reason, companies such as Flo, Clue or Stardust have sensitive data in a country where the right to abortion – which has existed since 1973 – now depends on the sole decision of the States.
To fully understand, we must go back to what we find on these applications used by the vast majority of women to follow their menstrual cycles, some of which were created by anti-abortion groups like Femm, which offers women to favor more natural contraceptive methods. In general, in addition to the start and end date of the period or the ovulation period, the platforms can also indicate when a pregnancy begins, for example. Information more than dangerous when several American states could decide to make abortion illegal, in the wake of Missouri, the first to take the plunge.
Data not so protected
In order to prevent risks in terms of data protection, several Internet users have taken up the subject on Twitter. This is the case of Tara Costello, author of Red Moon Gang: An Inclusive Guide to Rules who published a series of advice aimed at women who use these applications. “This has been a growing concern for some time. I’ve seen accounts raising awareness of this issue before, but I think the reversal of Roe v. Wade has allowed for greater questioning of the use of applications,” she explains to 20 minutes.
But can these applications really deliver this kind of data to the government? According to a published survey by Techcrunch media, Stardust, one of the most used applications, would sell certain data such as the telephone numbers of its users to an outside company called Mixpanel. If for the moment, it does not concern any health data, this third party company could very well communicate the numbers to the prosecutors, explains Techcrunch.
Stardust in the sights of users
The Stardust company provides the opposite. “If the government issues a subpoena asking for your menstrual tracking data, we won’t be able to produce anything for them. We are also working on an option for users to completely opt out of providing personally identifiable information and use the app completely anonymously,” replied the American company on Twitter.
Except that according to Stardust’s privacy policy, the app isn’t as secure as it claims. “We may disclose your anonymized information to third parties to protect legal rights, safety and security […] and to comply with or respond to law enforcement or legal process or a request for cooperation from a government or other entity, when required by law,” the policy outlines. If the data is guaranteed to be anonymized, it could however be used for an investigation, for example after an illegal abortion.
The need for transparent enforcement
According to Tar Costello, the encryption announced for the next few days could still have some flaws. According to the author, the application would still be able to link data to its user and, as its privacy policy indicates, could still deliver information to the authorities, if necessary.
Thus, like many other Internet users, Tara Costello is determined not to let the security breach pass. “For those using Stardust, I recommend deleting the app and your data. It is necessary to move to a transparent application on its position on data privacy”, recommends the author.
Towards an anonymous mode?
But which application to turn to when other companies are also affected by these flaws? The Flo company, downloaded by 43 million users worldwide, could also ignore the confidentiality of intimate data. “We may be obliged to process some of your personal data to comply with applicable laws and regulations”, can we read on the site of the application.
Faced with the fear expressed by the Americans, the Flo application announced a week ago the arrival of an “anonymous mode” allowing to erase any indication allowing to link the account to a user. “We will do everything in our power to protect our users’ data and privacy and understand the deep responsibility we have to provide a safe and secure platform for you to use,” the company said. , without however announcing the official arrival of this anonymous mode on its application.
Some, like Tara Costello, have more confidence in their European competitor, the Clue application, which would have the advantage over the others of having to comply with the stricter rules of the GDPR. Clue explains, for example, that it holds certain data, but not that of the location of its users.. Information that would identify the movements of a woman who would go to another state where abortion is still legal.
But according to lawyers interviewed by The Guardian, if the Clue company is less obliged to respond to American justice, it could still have to do so to respect “different legal frameworks and cross-border agreements”. Faced with this uncertainty, former users of these applications prefer to return to a more traditional method: paper and pen.
fake users
Still others seek to cover their tracks, like those men who call for menstrual tracking apps to be downloaded “in order to create chaos”. “The main idea is to create useless data so that any law enforcement agency that buys a database to try to locate women who may have had abortions will be forced to waste resources,” tells us Santiago, who followed this trend.
A choice that is not necessarily relevant according to some users. “Data analysts will be able to easily and quickly create an algorithm to spot your fake account. Then, you don’t sabotage the period tracking company, you increase their value and give them more money by giving them a bigger user base and more data to sell,” alert Christie on his Twitter account.
Beyond the single problem of menstrual tracking applications, health data represents a gold mine for the authorities. On Google, user searches can, for example, be scrutinized. In 2017, for example, a Mississippi resident was accused of researching medical abortion during an investigation into the death of her fetus. The charges against her were eventually dropped.
After the revocation of the right to abortion, theElectronic Frontier Foundation – an NGO ensuring the protection of freedoms on the Internet – thus alerted: “Those who seek, offer or facilitate access to abortion must, from now on, start from the principle that all the data that they and they leave on Internet or elsewhere can be searched by the authorities”.