Anita Rao
Ignorance is bliss, until it isn't. For most of my digital life, I've had a pretty laissez-faire attitude toward online privacy. I don't have a secret Swiss bank account or intel the CIA cares about, so if someone out there is watching me, it's no big deal, right? Not so much.
As I've learned in the past few years, just because I don't have anything to hide, doesn't mean I have nothing to lose. If a quick Google search can give you all of my past addresses, it may be easier to make your way into my bank account. If I use the same password for everything, you can take over all my social media accounts in one fell swoop. In the past few months since the overturn of Roe v. Wade, I've been reading a lot about what's at stake when our personal health information is easy to access. And if I wasn't already convinced that the hassle of two factor authentication is worth it, I am now.
This is Embodied. I'm Anita Rao.
Think pieces and in-depth reporting about protecting and managing health information have been flooding my news feeds. While some of it has been helpful, I'm also a little confused and could use some guidance about where to focus and how to not panic. So, I called in an expert.
Amanda Bennett
So, we can actually use data about what digital evidence has been used to criminalize abortion in the past to help us understand where we need to prioritize our efforts now.
Anita Rao
That's Amanda Bennett. She's a project manager with the Digital Defense Fund, an organization providing digital security and technology support to the abortion access movement. The Digital Defense Fund has been at this work since 2017 and has put in a lot of research to understand what personal information we need to protect in digital spaces and when it could be used against us.
Amanda Bennett
So there's some great research. There's a report called "Self-care, Criminalized" by If/When/How, and a paper called "Surveilling the [Digital] Abortion Diary" by Cynthia Conti-Cook. And what they have found is that, in the past cases where people have been criminalized for pregnancy loss, the pregnancy loss is reported to the state — usually by a healthcare provider, or an acquaintance who finds that pregnancy loss suspicious, so that suspicion is often rooted in racial and class bias. And then after the pregnancy loss has been reported, an investigation begins, and digital evidence is used as part of that investigation. And so far, what we've seen being used is things like: Google searches, browser history, text messages, emails. Police often get this evidence via so-called consent search of a phone. Whether someone can truly consent when they're in a tense situation with a police officer is questionable, but once the police get that phone, they use forensic evidence tools to extract all the data. And then, they can search for keywords that would help prove intent. So, they're trying to prove that the pregnancy loss was an induced abortion.
Anita Rao
The first big lesson in digital security actually has less to do with your devices. It's be careful who you share your personal information with. Law enforcement — at least at this point — isn't regularly trying to access your DMs to search for wrongdoing, someone has to tip them off. So Amanda says make sure you keep your circle small when it comes to sharing sensitive information, and ensure that you trust the folks who are on the receiving end — whether it's an acquaintance or a healthcare provider.
Amanda Bennett
If healthcare providers suspect that a crime has occurred, then HIPAA doesn't protect information that could be evidenced in a court case. For example, if a provider suspects that that person is using drugs, they can report that to social services. And we're seeing the same thing with abortion. So far, no state requires healthcare professionals to report a suspected abortion, but we're living in this extreme environment of fear where healthcare providers are potentially worried about losing their jobs. They think that they have to report, or they're also are healthcare providers who are anti-abortion, and want to take advantage of the environment to punish people for potentially having an abortion.
Anita Rao
According to the report Amanda has been talking about from the legal advocacy group If/When/How, between 2000-2020, 61 people were criminally investigated or arrested for self managing an abortion or helping someone else. Those investigations ostracize folks from their communities, and sometimes cost them their jobs — even if they didn't end in a trial or jail time. The majority of the cases involved abortion medication: that two-pill regimen you've been hearing about a lot. It's safe and effective in cases of pregnancy up to 11 weeks, and accounts for more than half of all abortions done in this country. In the wake of the overturn of Roe v. Wade, the legality of using these pills if you're in a state where abortion is restricted has gotten complicated. The Digital Defense Fund has some safety recommendations.
Amanda Bennett
The first thing that folks should think about and be aware of is, what are the laws in their state. And then digital security tactics, like securing your communications. That looks like using an end-to-end encrypted messaging app like Signal with disappearing messages turned on. Securing your device, so that means having a pin or a passcode on your phone, and encrypting your device, and then, securing your browsing. So that could be reactive things like deleting your browser history, or proactive things like using a privacy-focused browser called Tor, or even just using something like Firefox Focus. And in addition to digital security tactics, it's important to keep in mind operational security tactics. So things like learning about your rights when interacting with police and how to assert your right to remain silent. And being careful about who you invite into your abortion experience with you.
Anita Rao
If you're listening and starting to get overwhelmed, don't worry. I was right there with you in getting ready for the show. And after opening one million private browsing tabs, I decided to step away from the computer and take a pause. When I came back to it, I did what Amanda and the Digital Defense Fund call "threat modeling." It's putting your individual risk into perspective and looking at patterns in the past that could inform what your experience might be in the future.
Amanda Bennett
The digital security and privacy world is so big, there's so many things that can be really overwhelming. And so it helps us think about what is most likely to happen in our situation, and where we can choose tools to protect ourselves based on that. And so a lot of threat modeling is based on looking at what has happened before. So that's why I've been talking so much about this report about past cases of abortion criminalization, because what predicts the future the best is what has already happened in the past. And then there's other things to take into account like people's identity. So we know that the carceral state affects people differently in the United States — Black and brown communities are disproportionately affected. And so different aspects of people's identity that affect how they interact with the state and with state surveillance can also affect how they might be affected by abortion criminalization as well.
Anita Rao
So one of the things that I haven't heard you mention is period and fertility tracking apps and the importance of being really careful about how you use those. Tell me about your thoughts on those, and maybe why you aren't as concerned with how this factors into the conversation.
Amanda Bennett
In all the cases we've seen so far, the pregnancy itself hasn't been the legal issue. So there isn't a need for data that proves that someone was pregnant, right. And period app data, or a credit card receipt from buying a pregnancy test — that would help establish that someone was pregnant. But that hasn't been the legal question in the cases so far. The technical, kind of, medical term for miscarriages is actually spontaneous abortion. And so spontaneous abortion or miscarriage and induced abortion can present the same. And so that's how someone can show up with a pregnancy loss, and people can be suspicious about whether it was induced or spontaneous. So menstrual tracking is actually more important than ever, I think. Fertility awareness is a really powerful tool in your reproductive autonomy. So if tracking your period is useful to you, you definitely don't have to stop using your period app. But as a privacy person, I would encourage people to look into the privacy policies of the app they're using. Not necessarily because of criminalization, but just to protect their period data from, you know, the exploitative data mining economy. And so a couple of apps that store data locally, are Euki, it's spelled E-U-K-I, and Drip — but I'm recommending those, you know, as just a general advocate for privacy.
Anita Rao
I want to note here that it's not just abortion seekers who benefit from an online safety plan. Those who assist others in finding and receiving abortions are also vulnerable online. You may have heard about the case involving a mother and daughter in Nebraska. Last month, the mom was charged with two felonies related to helping her teenage daughter abort a pregnancy after 20 weeks, which is illegal in Nebraska. A key piece of evidence: her Facebook messages.
Kestrel
We're in an era where increasingly more and more of our data is being mined by these large companies, and it's being used in legal cases against us. So I've definitely, personally, increased my vigilance around the kind of tools I'm using to communicate — both with clients and with other reproductive justice activists.
Anita Rao
That's Kestrel, an abortion doula and member of the Mountain Area Abortion Doula Collective in Western North Carolina. They're using a pseudonym in this conversation for their safety, which is just one of the precautions they've taken since getting trained as a doula.
Kestrel
The trainings themselves that I attended required a level of vouching to participate in. Which I think is a really important piece of security culture that, maybe, transcends simply, like, utilizing different technological steps to protect our information, but actually using the strength of our relationships.
Anita Rao
Establishing trust got Kestrel in the door and laid the foundation for their security. But from there, Kestrel and the doula collective they're a part of had to take many of those technological steps we started to talk about earlier.
Kestrel
You know, I've personally been fairly vigilant about only using Signal for a long time to communicate — just in general, even when I'm nothing I'm communicating is necessarily information that will be criminalized. I think it's a good practice and habit. One thing that I've started doing, and we started doing as a collective, is starting to use phones that are specifically for communicating amongst the collective that folks pay for in cash and are not associated with anyone's name or address. And we don't turn on in the presence of their other phones, because that's really one of the most secure ways to maintain communication with each other.
Anita Rao
So Amanda, I mean, we have been discussing individual privacy, but Kestrel is bringing up these notes about what organizations are doing at an organizational level. And I'm curious about some of the work that you have done with organizations — abortion access organizations, abortion funds — and what the primary technology needs are that you've identified for these groups.
Amanda Bennett
Yeah so all individuals, small businesses and nonprofits are vulnerable to financially-motivated cybercrime. So that's something we talk about with all the groups we work with — it's not just ideologically-motivated online attacks. It's also the same kind of scams and phishing and hacking that any person or business online might deal with. And then in addition to that, abortion advocates have high rates of online harassment, so online privacy is a big issue that we talk about. And then, like Kestrel mentioned, this risk of state surveillance that calls for other tactics like, compartmentalization and using end-to-end encrypted technology. Ultimately, we try to help our clients understand the basics of technology, privacy and security, so they can navigate a rapidly changing landscape of both abortion access and online cybercrime.
So we tend to focus on account security — I think we've all had a friend whose Instagram or Facebook or email has been hacked. This is often because of using the same password on more than one website, and cybercriminals are always working really hard to breach websites and steal their list of usernames and passwords, so they can try to use those same usernames and passwords on other sites. So to protect against that, we recommend that folks use long unique passwords for every account, and use secure end-to-end encrypted password managers to manage those. Turning on two-factor authentication, and then, of course, being aware of phishing and scams — which is really challenging because the people who develop scams are constantly innovating. Searching yourself on Google to see what someone might find if they start looking for you. Just being aware of what someone sees if they look at your social media accounts, and what a photo can give away. And then also, things like compartmentalization encryption, so choosing to use end-to-end encryption, things like the Signal messaging app.
And what end-to-end encryption means is that, even when your messages are on Signal servers, Signal can't decrypt them. So, every company has to respond to valid legal requests, but when you use a company like Signal that has end-to-end encryption, they don't have anything that they're able to turn over.
Anita Rao
So you mentioned, kind of, searching yourself online to figure out kind of how much information is out there. And I saw that as one of the things on you all's resource guide. And I did it, and I was floored by the amount of information that was out there about me. The fact that, you know, any address that I had ever lived was relatively accessible. So I mean, I encourage everyone to go through this process and just, kind of, become aware, but I'm also curious about, kind of, the most important things to try to keep private if you're worried about that online harassment or that doxxing piece. Which may be a concern for people who are abortion storytellers who talk openly about their abortion story, or people who are working as volunteers or supporters like Kestrel.
Amanda Bennett
Yeah, so the goal is going to be making it as hard as possible to find your personal address and your phone number. So the top thing we recommend first is submitting opt out requests to all of the data broker sites. So when you Google yourself and those websites come up that have lists of your addresses, you can actually opt out of all of those websites. It's just really tedious because every site has a different opt out link. So we have on our website links to a couple of workbooks that, kind of, put together all of those opt out requests. In our trainings, we suggest that people host super fun privacy opt out parties, where you can get people together and just go through those workbooks while you're all hanging out, because it is a very tedious process. But doing that can make it so that when you Google your name, your address doesn't pop up right away. And that'll make it a lot harder for someone to, you know, find that personal information. And then also, really just being aware of what the settings are on your social media accounts. And if you do have a public account or professional presence, making sure you have rules for yourself about what you don't post. So for example, not posting a picture of your house, because people who are skilled at open source intelligence can take a photo of a house and use tools like, Google Streetview to figure out where it is.
Anita Rao
That is very helpful. Kestrel, I'm curious about what of what Amanda saying resonates with you. I mean, obviously, you're using a pseudonym in this conversation, but what are some of the other practices that you do regularly to protect yourself from doxing and digital harassment?
Kestrel
Absolutely, yeah, I mean, I think trying to keep a secure media presence is really vital to our survival organizationally, and to our own personal security from state surveillance and state repression. What can be really difficult though, and I think in our work, there's this constant tension between maintaining secure methods of communication with clients, encouraging clients to use the same encryption that we're using, encouraging them to use ProtonMail, and the realities of needing to reach people who often don't have general access to digital technology, or even generally have access to phones all the time. You know, we're doing work in a very rural area where folks' resources are inconsistent. And there's a level at which we need to assume a minor level of risk, just so that people know that we exist and that we're a resource in the community. But I — something that I definitely do is like, I don't have any public social media associated with my legal name, I don't use unencrypted text messaging for anything ever. And when I'm communicating specifically about criminalized abortion support, I use a separate phone that's not ever been associated with my name.
And I think another piece of this too, is like how we actually actively form networks of care and support, which are essential to the craft of doulaing. If and when we do become targets of the state, because this is just a — it's an inevitability for a lot of us, especially when we're doing intimate work in these small communities where it becomes very difficult to not be known publicly after certain period of time. So how are we showing up for each other? How are we protecting each other?
Anita Rao
I love that Kestrel and their team are thinking and talking about the community care piece of digital security. Because, it's something I think about a lot when I hear other femme folks in journalism talking about their experiences getting doxxed, trolled or harassed online. It can be brutal out there — and lonely. We've been talking a lot about how to take care of yourself and manage your own digital privacy, but how about government protections? While there is no comprehensive federal law about privacy, laws dictating rights of companies to share, store and use your data are different state by state. In June, U.S. Senators introduced the My Body, My Data Act to Congress. It's a bill designed to protect reproductive and sexual health information with some limitations. Where this will go and what state leaders are going to do about it is still very much up in the air. For abortion access organizations, the shifting landscape of restrictions and protections is a lot to keep track of.
Kestrel
Yeah, and it is really overwhelming. And I think what we're trying to do is, you know, because North Carolina is a destination state for abortion right now, we've been really focused on figuring out how we can support folks living across these false colonial state borders. In Tennessee across the mountains from us especially, where — from my understanding — there's a lot of legislation being proposed to deeply criminalize accessing abortion pills by mail right now. An abortion is — a total ban is in effect. And we are, we do have someone in our collective who is currently in law school and keeps abreast of a lot of these shifts in legislation. One ethos that is really central to me in this work and in the justice work I engage in in general is that, any right the state can give, the state can take away. And so I think, trying to operate from a standpoint that we need to be prepared for whatever legal consequences might happen, and offering solutions that exist outside of legal frameworks is really central to this work.
Anita Rao
As we're, kind of, moving into an uncertain future where the things could change and there are ongoing unknowns, how are you balancing precaution and preparedness with paranoia, and not wanting to live in that state of fear?
Kestrel
Yeah, I mean, I think that that's an essential question for organizers. And I think part of it — some of the intentions of this kind of surveillance and this criminalization of our data, or records, is to sow seeds of distrust and paranoia in community. That's successfully what the U.S. government has a history of doing with — particularly with Black-led radical formations in the U.S. And so I think what I seek to do personally — and I think what our collective seeks to do — is invest as much time in building trusting relationships and community and focus as much time and energy on building those networks of deep mutual commitment to shared struggle for body sovereignty, as we do spend on protecting ourselves and — and securing our communications, we want to spend on developing and nourishing those relationships. Because those relationships are also ultimately what protect us. That's sort of the attitude that I've — I've tried to use. And also, you know, a lot of it is, like, the Serenity Prayer. Like, we have to accept what we can't control at a certain point. And I try as much as I can to remove digital communications from how I'm connecting with people at all. And I think that that's something that's given me a lot of serenity is just trying to create as many spaces for face-to-face phoneless communication, which actually, I think does build up deeper trust. And in the realm of doula work, allows for some of that, like, really essential moments of vulnerability that we need to do this work well. So I've appreciated trying to focus more energy on — on in-person connections.
Anita Rao
If you're listening and wondering how we got here — to a moment in which concerns abound about the surveillance of personal health data and abortion information — it's a good time to listen to the stories of sex workers. Laws intended to curb sex trafficking put many sex workers in the crosshairs of digital surveillance and push them out of platforms and online spheres they relied on for their work and safety. Dr. Olivia Snow is a writer, dominatrix and professor. And someone who's written about the parallels between online safety for sex work and abortion access. She published a piece right after the overturn of Roe v. Wade in which she called sex workers the canaries in the coal mine for digital surveillance.
Dr. Olivia Snow
Tech companies pretty consistent — well, and the state — pretty consistently use sex workers as a test population for novel technologies. And the reason that we are excellent guinea pigs is because nobody cares what happens to us on the whole. You know, people don't listen to us. People are not invested in protecting us, so big tech is then able to fine tune various technologies that it can then roll out to other populations, and especially other marginalized demographics.
Anita Rao
Like abortion, the legality of different types of sex work varies by state and even by city. But since 2018, the internet, apps and digital spaces have become especially restricted for anyone engaging in sex work because of a series of laws known as FOSTA-SESTA. I'll throw it back to Amanda Bennett to explain.
Amanda Bennett
How to explain it briefly. It's a complicated bill just like abortion access bills can get really complicated, but because of FOSTA-SESTA, it became really hard for sex workers to communicate online. Corporate tech platforms like Facebook and Tumblr and Craigslist, they all started removing access to just, like, talking about sex on their platforms. And so learning how sex workers have really taken control of their online presence in the face of something like FOSTA-SESTA is really informative about how you can, kind of, cultivate your own audience in your own network and using the Internet to connect with other people, while keeping those connections, kind of, under your own control rather than relying on an app like Facebook or Instagram.
Anita Rao
Organizations like Amanda's learn from the activism and actions of sex workers because they've been big targets online for a while. Olivia said while FOSTA-SESTA made her more of a target online, she experienced a lot of harassment and challenges long before the bill was introduced. So she's had a lot of time to figure out some strategies for being a part of online social communities. Though, it's complicated.
Dr. Olivia Snow
I mean, I started doing sex work over 15 years ago, and I had experiences in, like, in the mid 2000s where I was getting outed online. I feel like I've kind of worked backwards to identify things that doxxers might use to find us. Things that I don't share — or that before I got doxxed I didn't share — would be location, in that I would say I was in the United States, I would not say what city what state, I wouldn't say what time zone. If I uploaded a photo, I would remove all of the timestamps. You know, I didn't say whether I taught at a public or a private university, I didn't say where I grew up. I didn't say my ethnicity. I never showed my natural hair. Trans women especially have taught me a lot of what I can and cannot share. Because they too have faced a similar level — not so much of tech surveillance, but of just public antipathy. But someone with endless time and resources is still going to be able to find you.
Anita Rao
So what keeps you, I mean, this sounds like so much psychological labor and emotional labor.
Dr. Olivia Snow
Oh, sucks like it takes such a big toll.
Anita Rao
Yeah, and I'm curious about, I guess, what makes you continue to do it and want to talk publicly about it as well.
Dr. Olivia Snow
Well, so on one hand, some of these precautions I take are just second nature at this point. Like, I have to stop myself from not redacting timestamps from screenshots now, I'm just, you know, it's — it's just autopilot. But with sex workers specifically, you know, there really is no other community — at least online, like there — to stop speaking or to stop engaging in this would be a form of social death, almost. And, you know, I am in a very privileged position, you know, I'm a white cisgendered woman with a doctorate. If anyone's going to put their neck on the line, might as well be someone with, you know, really thick skin. And, you know, the privilege to protect me from some of the violence that, you know, say my trans women colleagues might not be able to avoid. So that's, you know, one of the, really, the primary reasons that I keep it up.
But also, you know, like, sex work isn't going away anytime soon. That's another misconception, I suppose, about laws like FOSTA-SESTA that, you know, purport to end the sex industry. Like that's not going to — it's not going to happen. Ditto with abortions, abortions aren't going anywhere. So you know, it's work that, while taxing, has very immediate material impacts on the most marginalized around us. And that, you know, that really eclipses what, what might be the, you know, extra $300 I spent in therapy per month.
Anita Rao
I'd love to close with you about that question of, kind of, balancing privacy with paranoia that I asked Kestrel earlier on, and how you are navigating that in this moment.
Dr. Olivia Snow
So I have found — especially as someone who already took major precautions and still got doxxed anyway — it's not paranoia. It isn't. I think that rather than equivocating over whether it makes sense to do all this, or if it's actually helping, I think it's more important to make sure you just don't become consumed with that fear. There are practices that you can take, but you know, ruminating on them isn't going to make them any safer. It's just going to freak you. So the psychological labor — I think, is how you put it — minimizing that as much as possible. Not trying to theorize like, oh, did this work? Am I still safe? Like, I don't know, we don't know. But, you know, keep moving forward. It's like, not safe work to do, but we need to do it anyway.
Anita Rao
Embodied is a production of North Carolina Public Radio-WUNC, a listener-supported station. If you want to lend your support to this podcast and WUNC's other shows on demand, consider a contribution at wunc.org now. Incredible storytelling like you hear on Embodied is only possible because of listeners like you.
This episode was produced by Kaia Findlay and edited by Amanda Magnus. Jenni Lawson is our sound engineer, and Quilla wrote our theme music.
If you enjoyed this episode, share about it on social media and tag us with the handle @embodiedwunc. Hearing about your responses to the show means so much to us, and it really helps new folks find the content as well.
Until next time, I'm Anita Rao, taking on the taboo with you.