Boston Globe | Abortion alarm spurs push for Mass. cellphone data privacy law
A proposed measure would prevent tech companies from selling the location data that’s collected every day by your cellphone
By Hiawatha Bray
Story Originally Appeared in Boston Globe
A lot has changed in the year since the US Supreme Court’s Dobbs ruling declared there’s no constitutional right to get an abortion. But here’s something that hasn’t changed — the US still doesn’t have a comprehensive national data privacy law.
Massachusetts Senate Majority Leader Cynthia Stone Creem is tired of waiting. She’s pushing for a state law that would ban tech companies from selling the vast troves of location data they collect from millions of wireless phones. Such data could be used by states that strictly regulate abortion to prosecute women seeking abortions or doctors who provide them, even across state lines.
Creem says that women who travel to Massachusetts for an abortion shouldn’t have to fear that their movements could be monitored just because they own a wireless phone.
“What we’re doing here in Massachusetts is legal,” she said. “I don’t believe that the location of someone who comes here for a legal service ought to be for sale.”
All cellphones are location trackers. The phone network must know where you are in order to route your calls. But they’re not the only ones paying attention. All Apple iPhones and Google Android phones are capable of sharing your location data with their parent companies. You can switch off this feature, but few people do because it’s essential for valuable features like GPS navigation.
Many third-party phone apps, too, collect location data. Again, people can refuse to provide it but we often give in. What good is a weather app unless it knows where you are?
Many of these apps are “free” to use, but their creators have to make money somehow. So they sell their users’ location data to companies that maintain vast storehouses of such information. There are many such “data brokers,” including Experian, Equifax, and Acxiom, who will then sell this location data to pretty much anybody.
The brokers insist that they “anonymize” the data, making it difficult to figure out the identity of specific persons. But it’s simple to figure out who someone is if you know where he spends his days and nights.
“Location data really is everything,” said Kade Crockford, director for the Technology for Liberty project at the American Civil Liberties Union of Massachusetts. “It shows pretty much everything about our lives.”
A monsignor of the US Conference of Catholic Bishops found this out the hard way in 2021. A Catholic online newsletter purchased information from a data broker about users of the gay dating app Grindr. Researchers hired by the newsletter used the data to confirm the identity of the monsignor and prove that he frequented gay bars. The cleric subsequently resigned but last year returned to active ministry as a priest.
Law enforcement agencies can use similar tactics. In March, FBI Director Christopher Wray said that in the past, his agency purchased location data from brokers, as part of a “specific national security pilot project.” Wray said that the practice has been halted. The US Supreme Court has ruled that law enforcement agencies need a warrant to get access to an individual’s cellphone location data.
However, some data brokers may be seeking out ways to sidestep this limitation. Last year, the Associated Press and the Electronic Frontier Foundation, a digital civil liberties group, revealed the activities of Fog Data Science, a Virginia company that collected location data from millions of phones across the US and offered it for sale to police. According to the AP, nearly two dozen law enforcement agencies signed up for the service.
A subscriber to Fog’s service could, for example, set up a “geofence” to detect any cellphone that gets within a few feet of a given spot — an abortion clinic, for instance. Police could continue to track those phones, pin down the users’ home addresses, and thus obtain their names.
Fog Data Science spokeswoman Jessica Tocco said her company simply aggregates location data on large numbers of phones. ”It does not tell you whose phone it is,” she said. “No one has been prosecuted or arrested based just on our data.”
Tocco also said that law enforcement agencies use Fog’s information to track down missing children and abused women. “I think it would be taking away a tool in their toolbox” if the practice were outlawed, she said.
Creem’s bill and an identical measure filed in the House of Representatives by Democrat Kate Lipper-Garabedian would set strict limits on the use of location data collected from mobile devices. A company would need your explicit consent to track you. It must use your location to deliver a service, like predicting the weather or providing driving directions. It could also use your location to show you advertisements. In addition, companies could provide location data for specific persons to law enforcement agents armed with warrants.
But it would be illegal for the company to sell this information to a third party for any other purpose. This would prevent police departments or political activists from engaging in “fishing expeditions” in an effort to identify abortion seekers or doctors. “We want to protect our providers,” said Creem, “and to protect the Uber drivers who might bring somebody from the airport.”
In addition, your consent would expire after one year. At that point, the company would have to ask your permission once again, or it would have to delete your stored location data.
“Ideally, we would have a strong federal privacy law,” said Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center. But in the absence of such a law, she said, “states need to act to protect their constituents.”
You don’t have to be an abortion rights supporter to be alarmed by nonstop location tracking.
“This is an issue that a lot of different people care about for a lot of different reasons,” said the ACLU’s Crockford. She said a survey run by her organization found that 92 percent of Massachusetts residents would back a ban on the sale of location data.
The location privacy bill is set for a hearing on Monday before the Legislature’sJoint Committee on Consumer Protection and Professional Licensure. If the law is enacted, said Crockford, anybody who buys personal location data will find “a big blank spot where Massachusetts should be.”