Security
Headlines
HeadlinesLatestCVEs

Headline

The Shaky Future of a Post-Roe Federal Privacy Law

The American Data Privacy and Protection Act could protect people across the country. But first, it has to get past Nancy Pelosi.

Wired
#git

In this new post-Roe world, where millions are waking up to how vulnerable virtually unfettered access to their health and location data has made them, congressional Democrats face increased pressure to protect the data of people forced to travel out of state for abortion services. Still, that’s not persuading House Speaker Nancy Pelosi and other members of California’s congressional delegation who continue to oppose a broadly bipartisan privacy bill because it would supersede their own robust state privacy law.

The House of Representatives returned to Washington this week after taking a month off. But with this fall’s midterm elections rapidly approaching, the window for congressional action on federal privacy legislation is shrinking daily. Beyond the California delegation, the potential for a national privacy law also faces challenges from some Republicans, as well as Democrats who want something better than the current frontrunner legislation has to offer, particularly when it comes to Americans’ reproductive data.

Roe has changed everything on privacy and tech,” says Senator Elizabeth Warren of Massachusetts. “The pressure is on for immediate action for a whole lot of reasons, including there are people who are pregnant today who are deeply frightened by the idea that some bounty hunter out of Texas could buy their location information and track them down.”

The House Energy and Commerce Committee seems to have gotten the memo. Before leaving town for the summer, chair Frank Pallone of New Jersey ushered the American Data Privacy and Protection Act (ADPPA) through his committee by the wildly lopsided margin of 53-2. The only two “No” votes were cast by California Democrats.

1 vs. 49

The California Consumer Privacy Act (CCPA) empowers citizens to review what personal data a company has on them, to track who their data is sold to, and to sue tech companies for violating their privacy rights. But it only empowers Californians. That does little for people in the other 49 states—a potent imbalance now that the Supreme Court has effectively eradicated the right to reproductive privacy, leaving a void that’s rapidly filling with myriad creepy Big Brothers.

Are Speaker Pelosi and her California allies willing to risk harm to women nationwide in order to protect their own state law?

“No, no, no, no. It’s, ‘How do we ensure that all Americans enjoy the same modicum of protections that Californians do?’” says Senator Alex Padilla, California’s junior Democratic senator. “I wouldn’t want to go backward.”

Many longtime abortion rights advocates in Congress were caught flatfooted by the Supreme Court’s ruling, including Democratic Party leaders who have yet to lay out a blueprint for how they plan to reinstate Roe’s reproductive protections, even as they fundraise and organize off that idea. The stakes keep rising as new cases pop up nationwide—from a 10-year-old Ohio rape victim traveling to Indiana for treatment to Facebook handing the private chats of a teen and her mother to Nebraska law enforcement—and these cases have changed the conversation in Congress.

“There’s a lot of incoming fire. That’s for sure. There’s a lot of incoming fire, and a reexamination of what some of the concerns were previous to the court’s decision,” says Representative Anna Eshoo.

The Democrat was one of those two Californians—53-2—on the Energy Committee who voted against ADPPA. “We really have to be precise and focused and direct our efforts very clearly to where these concerns are, because this walks right into people’s lives,” Eshoo says.

It’s not just California Democrats. One of the main gatekeepers of all things privacy-related in the US Senate is Commerce Committee Chair Maria Cantwell of Washington state. ADPPA is “not strong enough. You can’t weaken California and then try to pass a bill,” Cantwell says. “You can’t pass a weak federal standard.”

Cantwell’s opposition—of course, she introduced her own measure, the Comprehensive Online Privacy Rights Act (COPRA), which is closer to California’s privacy law than other proposals floating around Capitol Hill—empowers Pelosi’s continued blockade of a federal privacy measure. But earlier this summer, the Washington state Democrat told WIRED she sensed a change afoot for data privacy.

“We’ve had a breakthrough on the fact that there are people in the private sector who are stepping up and saying, ‘we want a strong privacy bill,’ that they’re willing to be regulated and create a bright line for the bad actors within the sector,” Cantwell said in June. “So that’s been a big breakthrough.”

That breakthrough—along with privacy measures like ADPPA—all predated Roe’s fall.

Adapting to a Post-Roe Reality

Once the Supreme Court issued its opinion overturning Roe, Pelosi’s veteran Democratic allies led a march from the Capitol to the purposefully intimidating eight-foot-tall fence then encasing the court; picked up their landline phones; and fired off physical letters emblazoned with congressional seals and signatures, asking data brokers questions that were first raised ages ago. Old-school Democrats waited and watched as the full scope of the Supreme Court decision took root across America, but younger members of Congress stepped up with actionable (if disagreeable) solutions.

“As a millennial—as someone who’s lived my entire adult life online—I’m glad that many of my colleagues are now seeing the importance of these issues,” says California Democrat Sara Jacobs. “I think many in my generation have been thinking about this for a long time.”

Jacobs isn’t on the House Energy and Commerce Committee, which passed ADPPA in July, but once Roe was ripped away, she introduced the My Body, My Data Act.

“The post-Roe world is not going to look like the pre-Roe world, and we now have a digital surveillance architecture that can be used to go against people who are seeking abortions and people who are helping those who are seeking abortions,” Jacobs says. “It needs special protections that you wouldn’t necessarily need for all other kinds of data.”

Jacobs’ measure explicitly prohibits the collection and sharing of reproductive health information, including info related to contraceptives, pregnancies and terminations, surgeries, menstruation, and even basal body temperatures. Over in the Senate, one of the main sponsors of that chamber’s companion bill is Finance Committee Chair Ron Wyden of Oregon. He says the Supreme Court went further than people realize by directly challenging the notion of a right to privacy.

“If you look at how sweeping the Alito opinion is with respect to privacy, I believe it’s uterus surveillance,” Wyden says. “It is women having their personal data weaponized against them.”

While ADPPA has the most momentum on Capitol Hill at the moment, it doesn’t go far enough for critics like Jacobs—even as she desperately wants Congress to pass privacy legislation. She says it’s not targeted enough at the issues now plaguing women coast to coast.

“We do need a big federal approach around data privacy and protection,” Jacobs says. “There’s an urgency to do protections now that are very specific to the kinds of things you would need for this kind of data.”

O HIPAA, Where Art Thou?

The Department of Health and Human Services issued new HIPAA guidelines this June intended to safeguard women’s reproductive data, and those were reinforced by an executive order President Biden signed in July. While appreciated, those efforts are not nearly enough for many Democrats, let alone people who are pregnant and in need of reproductive care.

“At the end of the day, this is not HIPAA-protected,” Congresswoman Raja Krishnamoorthi of Illinois says of the health-related data collected by many apps.

The Democrat serves on the Oversight Committee and is a part of an investigation looking into what health apps do with women’s data. This May, a study by JMIR Mhealth Uhealth examined the 23 most popular women’s mHealth apps and found 61 percent relied on geolocators, while only 52 percent even asked for users’ consent. A full 87 percent—20 of 23 tested—“shared user data with third parties.” The other three apps didn’t provide any information on data-sharing.

Krishnamoorthi finds that unacceptable.

“Women whose data is being shared widely for various reasons—often having to do with money in the pre-Roe world—never consented to having that data shared by the companies to which they entrusted the information,” Krishnamoorthi says. “So you have a lot more apps sharing data with third parties than the number of apps, or the percentage of apps, that are actually asking for consent, and that’s disquieting.”

As women nationwide continue getting digitally groped in this conundrum of an era, Democrats want a rethinking of the ever-so-intimate relationships with our phones, tablets, watches, and laptops.

For the past few years, New York’s Kirsten Gillibrand has called for the creation of a new Data Protection Agency. The Democratic senator says it’s no longer a novelty—it’s a necessity.

“The whole theory behind the Data Protection Agency is we wanted to actually create a privacy harm—a definition of a privacy harm—and then create an agency that was going to oversee different platforms to make sure they weren’t undermining people’s privacy or stealing their data without their permission,” Gillibrand says. “It takes that out of Congress—which is slow and less informed—and creates an overseeing body that can do the thoughtful and nuanced work of, ‘How do you create oversight and accountability over different platforms?’”

Republicans Have Bedrooms Too

Gillibrand’s question raises another: How do you convince anti-abortion Republicans to help your party protect reproductive rights? The key seems to be avoiding abortion politics while focusing on the sweeping implications of the Supreme Court’s ruling.

“I think people can understand the right to privacy as a meta issue that they care deeply about, whether you’re a libertarian, whether you’re conservative, or whether you’re a liberal,” Gillibrand says.

New York’s junior senator says Republicans aren’t “connecting all the dots about what it means for them.”

“It is so expansive and so harmful, I don’t think people have fully understood what this could impact,” Gillibrand says. “I think for many people, they’re just putting their heads in the sand and saying, ‘Oh, this doesn’t relate to me.’ Unfortunately, that’s not what the language of the decision says.”

With Pelosi and Senate Majority Leader Chuck Schumer fully embracing the status quo they inherited via an apathetic congressional fiat, it’s still unclear which, if any, of these competing privacy measures could attract the necessary bipartisan support. But some in the GOP say they’re all in. In fact, even as more libertarian-leaning Republicans opposed Roe v. Wade, they also oppose some of the fallout sparked by its absence.

“I hate the idea of these apps tracking us and selling the data and doing any of that without consumers’ permission for any reason at all,” says Senator Josh Hawley of Missouri.

Unlike Democrats, Hawley agrees with the Supreme Court ruling that there’s no constitutional right to privacy for abortions. That’s a separate question altogether for Hawley.

“There are rights to privacy in the Constitution—Fourth Amendment, Fifth Amendment—but they’re the ones that actually exist in the Constitution and are spelled out there, and they’re long protected under case law,” says Hawley, a member of the Judiciary Committee.

Those underlying privacy rights, Hawley argues, are what Congress now must explicitly apply to the repositories of personal information most people never intended to be seen by anyone. Hawley says the debate goes well beyond reproductive data.

“And this is why—and I’m a former prosecutor—but a lot of prosecutors, they don’t like encrypted anything because it does make it harder to prosecute crimes, and I understand that,” Hawley says. “But I’m a pretty big fan of encryption because otherwise you don’t have any ability to control your own data.”

Madam Speaker

In this dystopian post-Roe reality—one where the most intimate reproductive details of millions of Americans are being sold to brokers for portions of pennies or being passed from Mark Zuckerberg’s lawyers to local cops—Democratic leaders, from Pelosi and Schumer to Senate Commerce Chair Maria Cantwell, continue imperiling the chances of this Congress passing even basic data privacy protections. And, unlike recent sessions of Congress, failure isn’t an option for the Democratic rank and file.

“Many people were not aware exactly how much information is collected about their movements, and, frankly, they’re a little freaked out when they hear about it in the context of overturning Roe,” says Senator Warren. “If companies can make money by trading in your health information, your economic information, or your social preference information, then the implications of that echo throughout everything that’s happening in our lives.”

Schumer seems to have outsourced his opinion to Cantwell and Pelosi, who won’t back any measure that infringes on California’s privacy law. With California voters taken care of, in terms of access to Roe v. Wade-era reproductive health, the pleading eyes of millions of Americans are now fixed on Pelosi.

“Well, she certainly schedules things on the floor,” Mississippi senator Roger Wicker—the top Republican on Cantwell’s Commerce Committee—told reporters as he boarded a streetcar at the Capitol last week. “She’s capable of blowing up the whole deal if she chooses to.”

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist