Security
Headlines
HeadlinesLatestCVEs

Headline

Google failing to scrub abortion access in location history, study claims

A nonprofit study claims that Google is failing to delete location history that reveals users’ physical trips to abortion clinics.

Malwarebytes
#web#android#google#git

Nearly 16 months after Google announced a policy change to remove location data that could reveal users’ physical trips to abortion clinics and other potentially sensitive medical centers, a nonprofit has alleged in a new report that the company is failing to do just that.

The findings, which were immediately disputed by Google, could impact whether Americans feel they can privately search for and access abortion care in several states across the US, should their digital activity be requested by law enforcement as evidence of a crime. In June 2022, the US Supreme Court overruled its 1973 decision of Roe v. Wade, which had, for decades, conferred the public’s constitutional right to choose to have an abortion; many states have now banned the procedure.

In a press release issued by Accountable Tech, which conducted the study, executive director and cofounder Nicole Gill lambasted Google for its alleged failure to keep users safe from the weaponization of their location data.

“Knowing they are complicit in the criminalization of essential care, Google has made promises to improve their privacy policies,” Gill said in a press release. “But proof that they continue to fall short makes it clear that they cannot be trusted to protect the millions of users who rely on their products everyday.”

But in responding to a report from The Guardian, which claimed to have exclusively reviewed Accountable Tech’s research, Google pushed back.

“We are upholding our promise to delete particularly personal places from Location History if these places are identified by our systems—any claims that we’re not doing so are patently false or misguided,” said Marlo McGriff, director of product for Google Maps.

At heart is whether Google is doing as it said it would in July 2022—auto-deleting location history entries for users who visit “medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others,” so long as Google’s internal systems detect such a visit.

According to Accountable Tech’s study, which ran eight experiments in seven different states, “Google retained Location History data about 50% of the time.” For its research, the nonprofit purchased new Android phones and set up default privacy settings before physically traveling to Planned Parenthood locations. In four of the eight visits to Planned Parenthood clinics, Google deleted the name of the clinic in the user’s location history, but the route that was traveled remained.

The study also claimed that location searches were not deleted, sharing a screenshot from a user’s “Web & App activity timeline” that showed the text:

“Directions to Planned Parenthood – Locust Street Surgical Center, 1144 Locust St, Philadelphia, PA 19107.”

In responding to examples from Accountable Tech’s study that The Guardian shared, Google Maps director of product McGriff explained that Google’s systems did not detect that a user had visited a Planned Parenthood, and so the route to and from that Planned Parenthood was not deleted.

Google’s 2022 policy change was a direct response to the US Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, which placed the legality of abortion access in the control of individual states.

As of early this year, 14 states, including Louisiana, Alabama, Idaho, and Indiana, have banned abortion in nearly all circumstances, according to The New York Times. An additional seven states have placed additional restrictions. The changes have pushed countless residents to leave their homes or violate state laws to seek healthcare.

When the Lock and Code podcast spoke with two experts in digital privacy and law from Electronic Frontier Foundation, both agreed on how the public could more safely navigate a post-Roe America: Say less.

Less than one month after recording that podcast, Facebook reportedly delivered messages to law enforcement that were between a mother and daughter who were under investigation for allegedly aborting a pregnancy.

Accountable Tech’s CEO Gill said this is the new landscape that Americans face.

“In post-Roe America, prosecutors are looking to Big Tech to help them build cases against abortion seekers by providing the data to track their every movement,” Gill said. “We deserve to have power over our own data, and we must fight to prevent a handful of powerful Big Tech companies from weaponizing our private information against us.”

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Malwarebytes: Latest News

8 security tips for small businesses