Even with abortion technically legal in the United States, those who terminate their pregnancies outside the inconsistent and often medically unnecessary governmental parameters can find themselves facing time in jail. As more states add more barriers—or end legal abortion altogether—that rate of prosecution will only increase.
In an age of endless information on the Internet and social media channels that can reach across state lines and around the globe, it is easier than ever to find information, medication, and other forms of medical assistance if you want to end a pregnancy or help someone who needs an abortion. But that’s a double-edged sword, too, since it’s also much easier to find evidence to prosecute someone who is working outside the officially sanctioned rules for termination.
This chapter is all about how to stay secure when it comes to finding abortion information, self-managing abortion care, or assisting someone else in terminating a pregnancy. It also includes safety tips for those who may be setting up new activist organizations in underserved areas of the US, or for those who may want to donate or be involved with organizations but don’t want to be identified as supporters.
Not leaving an electronic trail when researching or obtaining an abortion isn’t just something for a person to consider once abortion is illegal. For a significant number of pregnant people, even obtaining a legal abortion is something they would like to keep as private as possible, and they may prefer not to have a partner, friends, or family members know about the pregnancy or procedure.
In January 2017, the Cut’s Lisa Ryan wrote a very detailed article called “How to Plan an Abortion in the Surveillance State,” that offers a number of best practices that could be used regardless of a person’s reason for wanting to keep their abortion a secret.
Ryan suggests simple steps like “Don’t send private messages on your work computer” or “Get a disposable phone” and recommends using encrypted texting apps like Signal—which you can set to wipe your text messages after a certain period of time so they cannot be used as evidence later on. You can also create a separate, secret e-mail that will only be used for arranging the abortion, or even better, do everything offline to be sure that there is no electronic trail at all. She also advises using a completely private browser like Tor, which passes your search through multiple servers, making it far more difficult for someone to track your search engine history or browsing activity.46
Of course, if it comes to seeking an abortion or organizing to help others do so, it would be almost impossible to do absolutely everything offline. In that case, it may work best to use your phone as your sole tool—from secure texting and phone calls via Signal to web browsing only on your smartphone (and on public Wi-Fi) and creating separate e-mail addresses that all can be accessed via mobile. There is some benefit to keeping everything all in one place—especially if you keep your phone secure and clear your cache frequently in case of anyone searching your phone or, even worse, police seizing it.
Here are some tips on good phone security practices taken from both the ACLU’s “Freedom of the Press Foundation”47 and a cybersecurity specialist who works in abortion access spaces. These tips offer good advice for anyone who needs extra security from potential government surveillance.
Encrypt your phone. Having an encrypted phone means that your data will not be readable to anyone when your phone is powered down, and even if a copy is made of your phone data, it won’t be readable without your code. This requires using a pin or pass phrase to unlock your device, which might seem like a lot of work at first, but it’s worth it, and you will get used to it. iPhones and other Apple mobile devices are encrypted by default. For Androids and other devices, go to the “privacy and security” sections of their settings. Note that encrypting your phone may put it out of commission for ten to thirty minutes during setup.
Lock your phone with a complex pass code. Change your settings so your phone locks immediately after sleep, and immediately after you press the power button. While this doesn’t encrypt your phone (it’s always unencrypted while it’s on, especially on Android), it will prevent anyone from accessing and using your apps. It’s not recommended that you use fingerprint, face ID, or anything biometric to lock your phone—facial recognition can be tricked with some photos, fingerprints hacked remotely, and police don’t need permission to unlock a phone using biometrics.48
Prevent your SMS apps from showing the full text of a message while the phone is locked. No one should be able to read your communications with friends, or two-factor authentication codes, without opening the app first. These can be found in the “notifications” section of most phones’ settings.
Lock your SIM card. Set a PIN to control access to your SIM data and cellular network use. A SIM card may still be unlocked by your carrier, but locking it locally protects against people who grab your card from you.
Practice good login hygiene. Use strong pass phrases, two-factor authentication, and different passwords for different accounts with the help of a password manager.
Protect your mobile service account. Take the time to properly lock down the account you have with your mobile carrier. Some people think of it as an afterthought, but it’s alarmingly easy for anyone to take over your phone number, SIM card, and eventually, all mobile communications if such accounts aren’t secured. Visit your provider’s website to create a strong pass phrase and/or backup PIN for your account. Then call your provider and have a representative put a “security notice” on your account, saying something to the effect of “No one can make any changes to my account unless they give you the pass phrase/PIN first.”
Limit porting requests on your phone number. Call your phone carrier and ask them to limit or lock out porting requests on your number, preventing someone else from putting in a request that would forward your messages to their phone.
Keep a list of all the accounts that are important to you. Having a list of accounts that need to be addressed in the event of compromise will save you time and worry.
Burst the cloud! Frequently delete your browsing history from your web browsing apps via their settings. If you’re a Google services user, prune (or better yet, disable) your “web and web activity.” iPhone users must prevent messaging apps from syncing data to iCloud. We know it might seem scary, but unlinking your phone and mac computers from iCloud is the best way to protect your data from prying eyes. Journalists, activists, and concerned citizens usually want to sync photos and videos to the cloud as soon as they take them, and that’s okay! However, consider using another cloud-based service that gives you more control over how, when, and where you sync your data—something better than iCloud.
Use good device hygiene. Be careful using accounts that are logged in on multiple devices, like the unlocked family iPad on the coffee table that has your iMessage logged in. Are your iMessage or WhatsApp accounts logged in on a computer that someone else has access to? Ensuring you log out of shared devices can help prevent any issues.
Use “two-factor” on your accounts, especially critical accounts like e-mail that hold the keys to most other services you use. This means that after you log in to a service, it will request either via a text message, app message, or physical token a second form of confirmation that this is indeed you. This can be turned on in your privacy settings and is one of the most important things you can do to thwart entry to your accounts if someone gets ahold of your password.
Not everyone is going to go out and buy burner phones so they can organize or find an abortion in a post-Roe America, and sometimes you just have to work with the phone options you have. That’s fine, as long as you are working with end-to-end encrypted calls.
This matters because of something called “third-party doctrine,” which is the basis of legal authority for institutions to request information from your phone company or any other third party to whom you have given your data. Phone companies typically respond to subpoena requests and give a variety of rich and unfortunately detailed information about the calls, texts, and location information given to their service. This is why, when possible, we opt for communication methods and technologies that do not keep this kind of enriched information.
The Electronic Frontier Foundation offers many tips regarding making secure encrypted voice calls in their Surveillance Self-Defense tool kit, which can be accessed at https://ssd.eff.org. The most important advice they offer is a reminder that most of our most common calls aren’t nearly as private as we think they are. After all, these companies will be obligated to respond to government requests like wiretaps or subpoena.
Beware! Most popular VoIP [voice over Internet protocol] providers, such as Skype and Google Hangouts, offer transport encryption so that eavesdroppers cannot listen in, but the providers themselves are still potentially able to listen in. Depending on your threat model, this may or may not be a problem.
Some services that offer end-to-end encrypted VoIP calls include:
In order to have end-to-end encrypted VoIP conversations, both parties must be using the same (or compatible) software.49
According to one abortion cybersecurity specialist, services like Signal keep vastly less information than your phone company that could potentially be requested by law enforcement or other parties. For example, Signal only keeps the time two numbers first made contact (not the cadence, content, or time of any messages) and the last time the user logged in. WhatsApp uses Signal protocol, and both apps can be set up to have messages evaporate after a set amount of time, and can be used for voice calls.
Abortion is still legal in this country in every state, yet we still have multiple examples of people being investigated for potential illegal abortion whenever a pregnant person shows up in an emergency room with excessive bleeding, or a discarded fetus is found. Because of the current anti–abortion rights climate, district attorneys and prosecutors have excessive discretion to decide whether or not to pursue an investigation over a poor birth outcome, and local police are going to greater extents to find the person who gave birth whenever a miscarried fetus is discovered.
Already just in 2018 we have seen two extremely disturbing examples of law enforcement going to new lengths when it comes to investigating miscarriage. In Augusta, Georgia, a city coroner claimed he would be using a DNA database in an attempt to locate the parent of an approximately twenty-week-gestation fetus found in the city’s sewer system—allegedly just to “unite” the deceased fetus with its family, but critics suspected his motives were to search out a possible crime.50 And just months later medical examiners combed the flight records of a plane that landed in New York to determine who miscarried in the airplane bathroom, leaving behind an approximately five-month-gestation fetus in the toilet—an incident first investigated as a “potential botched abortion.”51
When miscarriages are investigated, the first thing that police do is check the text messages, e-mails, web browser history, search engine caches, and any other electronic communication they believe may hold a hint as to whether it was indeed a medical accident, or if the pregnant person may have sought a way to end the pregnancy—or was even just unhappy about being pregnant. This is especially dangerous for those who may lack prenatal care, the poor, those who are younger, and those who may have substance abuse or mental health issues or physical health issues, since they are at higher risk for poor pregnancy outcomes. Even if the miscarriage is completely natural, investigators could consider a visit to an abortion clinic website, a text from weeks prior showing ambivalence to the pregnancy, or an e-mail to an online drug site suspicious enough to press charges.
Whether online, over the phone, or in person, when it comes to protecting yourself, limit all of your discussions about your medical decisions and your pregnancy status in general only to those you are completely sure are trustworthy and supportive. Of those who have been arrested for allegedly inducing their own miscarriages, it is often someone they know—a family member, a neighbor, or someone related to those people—who initiates an investigation by informing law enforcement about a suspicious birth outcome.
Securing your own electronic footprint and communications is one thing. But what if you want to work with others, either across state lines or international lines? That means making sure everyone follows the same security protocols, and only working with people you are certain are doing it, and who have similar goals as you do.
At A Womb of One’s Own, the writer refers to this secure and vetted group as a “network of trust.” She says:
What is a “network of trust”? Put simply, this is a group of women who want to help each other to ensure that people in their group of friends will be able to make reproductive decisions regardless of legal restrictions.
If you already know your friends to be pro-choice, you may believe it would be easy to build these networks. However, even pro-choice people can sometimes be hesitant to break the law in order to support the cause . . . It is important to only allow people into your networks of trust that you believe will keep your secrets safe. While the vast majority of what you will be doing is legal, allowing people into your networks of trust who are not, themselves, trustworthy can create a host of problems.52
A “network of trust” isn’t just for activities around self-managed abortion care or the medical side of abortion, but it is also imperative if you plan to do any sort of organizing around abortion access post-Roe. Being positive that you can trust everyone in your network is just as important when it comes to actions that are completely legal, since allowing someone into your network who isn’t trustworthy doesn’t just add to the potential legal consequences but can create a dangerous and volatile activist environment too.
Perhaps the most well-known recent incident of letting someone into a network of trust, only to have it abused, is the multiyear infiltration of David Daleiden, the anti-abortion activist who pretended to be a “tissue procurement” professional in order to get access to meetings and events with abortion providers across the country. His edited videos obtained while secretly recording conversations with medical providers—conversations in which Daleiden himself often asked leading questions in an effort to try to egg providers into potentially breaking laws—are a more egregious example of how abortion opponents can infiltrate even the most secure environments.
But for every Daleiden there are many other activists trying to make other inroads into your network of trust—from sending e-mails asking questions in the hopes you might offer advice that is illegal to interacting with you on social media in order to move further into your group of activists. As abortion becomes more restricted, vetting the people you let into your network will become even more vital.
This should be a given, but always be extremely careful of anything you say in e-mail, even if the person sending the e-mail is someone you know. E-mail accounts can be hacked, or someone could even create an e-mail almost identical to—but not quite—the address of the friend in question. We often see what we expect to see, so always play it safe. This is especially important if you or others in your network have public e-mail addresses associated with your work as activists. You can absolutely never be too cautious online.
It is just as important to be vigilant on social media sites. If you plan on posting any information about your activities on Facebook, be absolutely certain that you know every person you allow to be your friend. It is not uncommon for people to set up fake accounts in order to infiltrate a friend circle of people they may see as political enemies, and far too often people will accept friend requests of strangers simply because they have a number of friends in common already. If you have not physically met the person, consider checking in with one of your common friends to ensure they know the person in real life. If it turns out none of your mutual friends know where the person came from, either, there is a pretty good chance you are dealing with a fake account trying to get access to your network.
If you have decided to start a new organization—a practical support group for those seeking terminations, a new political action group, or an escorting team at a new clinic or an EC delivery service—you are going to need other volunteers to help you. Here are a few tips for making sure the people you bring on aren’t actually trying to sabotage your efforts.
First, the easiest way to make sure your network is safe is to use people you already know and trust. Next, get word-of-mouth recommendations. Expand your current network to a friends-of-friends basis. Again, these should be people that your first volunteers already trust and are prepared to vouch for. Finally,if you do end up expanding to new volunteers who aren’t firsthand acquaintances, be sure to vet their Internet presence. A person willing to work in reproductive rights or justice is highly unlikely to have no history whatsoever. Do a Google search, ask if they have social media accounts you can examine. And yes, if necessary, say no to them. It is always better to have too few volunteers doing the work than to have someone in your organization who may be trying to bring it down from the inside.
Let’s be honest—try as hard as you might, bad stuff still happens. Maybe despite all of your security and all of your vetting, you did end up with an abortion opponent in your personal network. It could have been that coworker from your last job that you stayed in touch with but never talked politics with, or maybe that one cousin who always sends you chain e-mails about angel prayers. Whatever happened, now you’ve realized that the protesters outside the clinic you are defending are now calling you by your first and last name, or maybe your new boss is getting harassing phone calls demanding you be fired. How do you cope?
Hopefully, before it gets to this point, you have already put some precautions in place to protect your personal information. If you have registered websites, consider paying additional fees to block your name and contact information from being published. If you do register without privacy, considering using a PO Box and setting up a Google voice number for registration in order to avoid giving away your home address.
Your home address and phone number are often stored online and can come up in search engines, too. To remove them, you can go to websites like Spokeo (http://www.spokeo.com/opt_out/new) or Whitepages (https://support.whitepages.com/hc/en-us/articles/115010106908-How-do-I-edit-or -remove-a-personal-listing-) and follow their instructions for opting out. There are also services that can do this for a fee, like DeleteMe or PrivacyDuck.
When it comes to keeping your address private, the most important thing to do is pay attention to your social media. Don’t take photos of your home, especially if it shows an address, and be careful about how much identifying information is out there on Facebook, Instagram, or Twitter that could give away your neighborhood simply based on local restaurants or businesses you frequent. Always turn off geotagging to eliminate extra metadata on your photos or check-ins, and be cognizant about putting up things like routes from runs on Runkeeper or other fitness apps that could easily give away your home address.
Also make sure that your employer information is hidden. As more people are networking professionally using LinkedIn, that can be an easy way for someone to find out your current employer, so consider that when thinking about what information you want online. Consider removing your employer information from your Facebook profile, too.
Of course none of this matters if your employer info can be easily accessed though a news search. If there are professional press releases in trade publications or elsewhere, removing your Internet footprint may be far more work than you can accomplish on your own. Take the precautions you can, but don’t beat yourself up if you can’t do it all.
Finally, sometimes it isn’t just you getting attacked, it’s your entire organization. Abortion opponents have allegedly already executed cyberattacks on large reproductive rights organizations. In 2015 an anti-abortion hacker claimed responsibility for a security breech on the Planned Parenthood website, obtaining e-mail addresses and other Planned Parenthood databases.53 The National Network of Abortion Funds was attacked a year later, with a distributed denial of service attack (DDOS) that shut down its abortion Bowl-a-Thon fund-raiser after attempting to create billions of dollars in fake donations. The hackers also accessed donor e-mails, sending spoofed anti-abortion e-mails with racist language to the real abortion fund donors.54
So what should you do to prepare for a potential cyberattack? Most “attacks” result from credentials, or log-in information to the services you use, being disclosed in public breaches of other services. This is why it’s important to use long passwords, passwords that differ from each other in case one service you use is compromised, and a two-factor method to ensure that even your password is not enough to access your information.
The first thing to do for any web presence is have an emergency plan that includes a backup of your website, in case you need to revert because hackers put up their own site or inserted inappropriate images into yours. Make sure to back up any information in your databases frequently as well, so a potential wipe won’t be as devastating.
Be sure to have all of the information you need to contact your web host immediately in order to get the site fixed—whether it requires taking it offline until it can be restored or even longer to see how intense any breach might be. It’s also highly recommended to use an online protection service that can help filter the fake traffic meant to crash your site by overwhelming it with “users” (i.e., a distributed denial of service attack). Many of these services are available for cheap or free for nonprofits or individual users. Some of the ones available for nonprofits include Cloudflare and Google Shield.
If everyone in your organization uses e-mail addresses hosted on the domain, be sure that they have alternate addresses they can use until it can be determined that the original addresses weren’t compromised. Also, have a game plan for how to connect with each other to alert all of the volunteers about the hack, especially if you are worried that your electronic communication may no longer be safe.
Finally, remember to keep physical copies of information that you will use on a regular basis, rather than relying solely on the Internet, your computer, or your phone. Viruses can wipe out hard drives. Your phone could get confiscated. Websites can get hacked. If you have procedures, resource lists, maps and addresses, or other info you use regularly, consider making hard copies and keeping them somewhere safe. Or even take notes here, in this book.
Less than a hundred years ago, it was a crime in the United States to publicize information about abortion or birth control. In Ireland, it was illegal until 2018 to offer public information about abortion services outside the country—only doctors could do so, and only to their patients.
Will the US make publishing and accessing abortion information a crime if abortion itself becomes illegal? The idea seems very unlikely. But that doesn’t mean that an anti-abortion administration couldn’t find ways to make that information less available through financial coercion of Internet providers or restrictions on content allowed in publicly funded institutions like libraries, public university computer labs, or wireless networks in nonprofit agencies. And even if the government does keep its hands off abortion information access, we can’t be certain that anti-abortion tech activists won’t continue their cyberattacks on websites with abortion content.