Written by Jasmine Mitani, No. 19
This article was published on the 19th.
A study in November revealed that How easy it is for foreign governments to use companies known as data brokers to purchase the personal information of U.S. military personnel. In some cases, researchers paid less than a quarter of the amount per case for information that included home addresses, mobile phone numbers, and sensitive health data.
Congress reacted quickly. The House of Representatives passed a bill this year that would restrict the sale of “sensitive personally identifiable data” of U.S. residents to North Korea, China, Russia, Iran, or companies or individuals from those countries. The Data Protection of Americans from Foreign Enemies Act of 2024 is currently before the Senate Commerce, Science, and Transportation Committee.
Data brokers are analytics companies that look at thousands of sources, including the DMV, licensing agencies, and social media to create a dossier about all of us. They then sell it to police, immigration authorities, and insurance companies. (If you have been contacted about a class action lawsuit, your information is Provided by data broker. )
For abortion providers and many people working in the reproductive health field, the problem is not that foreign governments buy their information. Their fellow Americans who oppose abortion target them and often try to threaten them directly. And national laws to protect digital privacy have stagnated for years.
One of the most insidious forms of violence that has occurred over the past decade is identity theft, or the release of personal contact information to facilitate harassment. One reason identity breaches occur so frequently is the ease of access to this information granted by data brokers. Data brokers often charge only a small fee.
Jessica Ensley first learned about data brokers in 2017 when she joined ReproAction, an organization focused on increasing access to abortion and advancing reproductive justice. During her training, she was advised to search herself online and remove as much information as possible.
“When I did it for the first time, I was really surprised at how easy it was to find all the addresses I had lived at. You can very clearly show where you went to school and where you live now,” Ensley said. “I thought that was very disturbing.”
Ensley currently serves as Reproaction's senior vice president of outreach, and part of her responsibilities include leading staff security. She constantly monitors potential threats, frequently leads her privacy training, and always seeks outside expertise on how best to keep her employees safe.
“I think everyone in general should be worried about their digital information, their digital security, their digital footprint. But it’s reproduction workers who are the targets of a lot of the harassment and threats of personal information. ” Ensley said.
On the 19th, I spoke with several Reproductive Health and Justice workers, some of whom declined to speak on the record due to concerns about having their personal information obtained or worsening ongoing abuse.
post-Dobbs reality
When Sarah Phillips started organizing around abortion access at a Texas university eight years ago, an older abortion fund leader told her to start being careful about her personal information online. I have been told. The leader paid Phillips to access her DeleteMe, a subscription service that monitors and automatically requests deletion of her broker's data.
“If she hadn't said that, I wouldn't have even known this was a big deal,” Phillips said. Her experience led her to work for Fight for the Future, a nonprofit organization focused on protecting digital privacy and freedom of expression.
Reproductive health and justice advocates have become more visible online, especially in the wake of the Supreme Court's decision that struck down the federal right to abortion, Phillips said. “You're raising money online, you're doing fundraisers online, you're educating people about the Supreme Court case, you're talking to the media. Because right now we have a difficult time accessing reproduction and abortion. must do all these things.”
A digital presence is necessary to raise awareness about services and current legislation, which can be costly. After Eugenia Schauerman, administrator and financial manager of the Northwest Abortion Access Fund (NWAAF), was interviewed by a national newspaper, the clinic received a threatening email addressed to her.
When Schauerman first started working with abortion funds, she used her home address on her business application. Now she is much more careful. She keeps a separate phone number to catch the harassing callers.
Some remain silent, avoiding media appearances for fear of harassment or violence.
“What's so difficult is for clients that their story has the potential to make a difference in the world, right? Their story may be very compelling, but it's hard to share that story publicly. It's very dangerous for them to do that, and it's really hard to understand,” said Sarah Ainsworth, senior legal policy director at If/When/How: Lawyering for Reproduction Justice. We provide legal services through. Repro Legal Helpline.
Some of the clients the organization represents have had their personal information identified or swatted. This is when someone makes a false threatening call to someone's home, which results in a SWAT team raid. Ainsworth noted that this type of harassment is extremely dangerous for people of color and those already targeted by the criminal legal system.
Mr Ainsworth said he had observed an “increasing audacity” of those seeking to harass customers and an “increasing belief that state powers were behind those targeting them”.
The anti-abortion movement is becoming more aggressive, said Melissa Ryan, CEO of Card Strategies, a consulting firm that helps nonprofits combat targeted harassment, extremism and disinformation. He said that it has become.
“When someone's personal information is published online, that person is immediately exposed to the threat of a movement that is known to be violent and dangerous,” she said.
Perpetrators also know that there will be no serious consequences.
Deleting information is time consuming and costly
The most common way to prevent data leaks is to periodically delete information from individual data broker sites.organizations like The Digital Defense Fund, which provides cybersecurity training and grants to the abortion rights movement and was cited by many of the people interviewed for this article, has put together a guide on how to submit takedown requests. Masu.
One resource shared by DDF recommends that 24 data brokers audit personal information. Another list lists 220.More than twice that number registered in california By 2023, it will triple in Vermont.
One of the most challenging aspects is that data brokers are constantly scanning public information. Ensley said his colleagues are shocked at having to go through the information removal process so many times. She recommends reviewing your data broker's personal information on a quarterly basis. However, this process is not easy and is often intentionally difficult to complete.
“There are no set standards among data broker sites for how personal information is removed,” Ensley said. “It's often very difficult to find.”
Ensley said he has even seen some data brokers requiring someone to watch an ad as part of the process of requesting information removal.
An alternative to this complex and time-consuming process is to pay for the service. One of the most popular is DeleteMe, which costs $129 per person for a one-year subscription. As new data brokers emerge all the time and more established data brokers recompile their personal information, those concerned about their personal information being compromised should subscribe indefinitely.
This expense can be difficult for both individuals and employers. Some organizations pay for personal information deletion services, but even then, protections do not follow if an employee leaves the company.
Lower-level workers may be more susceptible to harassment.
“People who are higher up in an organization will almost always naturally have more protection because organizations are designed to protect those in power.Associate Level compared to someone who was a staff member or an intern,” Ryan said.
The threat against Schauerman was a turning point for NWAAF employees and increased pressure on the board to strengthen employee safety protections, said Jade Paffefrin Bounds, a former volunteer and training coordinator. Staff sent a list of demands regarding pay equity and safety concerns to the board in 2022, less than a month after the resolution. Dobbs decision.
When the Abortion Fund decided to pay for identity deletion services for its employees, it felt like a comprehensive solution to a complex problem. Pfaefflin Bounds has had a lot of questions about how the service works and what kind of information needs to be scrubbed. He wasn't sure how to cover himself as a transgender man who had changed his name. Should he have bought a subscription for his husband as well in case the two could be linked?
This confusion about data brokers is common. Sara Ramdan, a professor at the New York State School of Law and author of “Data Cartels: The Companies That Control and Monopolize Our Information,” says that even though there is more data on data brokers, The general public has never heard of most data brokers, and lawmakers said they don't know much about them. more us than ever before.
Signing up to your data privacy rights is a common condition of many apps, including: grinder and door dash and Companies like Meta track People who haven't even registered an account.
“There are a lot of places where you don't have a lot of choice when it comes to sending data. It's not like choosing between keeping social media on or off, or having a public web page for your business,” Ramdan said. said.
Cell phones, ID cards, and marriage licenses are all potential sources of personal information that are inevitable in today's world.
Attempts to regulate data brokers have faced intense lobbying. Ramdan said law enforcement is a large user of data brokers, and the industry is using that connection to capitalize on the backlash and emphasize the importance of data brokers to national security.
California, Oregon, Texas, and Vermont have all passed laws requiring data brokers to register with their states. Oregon, Texas, and Vermont require companies to state whether people can opt out of data collection and explain the process as part of their public registry.
A 2018 law passed in California requires data brokers to allow residents to opt out of collection. Last year, an amendment was passed that would require the central portal for Californians to remove information from all data brokers, and is expected to go live by January 1, 2026.
of The Takedown Act, the second in this Congress, would create a central repository for Americans to remove information from data brokers. “Fight for the Future'', organized by Phillips and Feflin Bounds; announced a national petition Last month, it urged the creation of a centralized opt-out system.
Early this month, The senators shared the draft American Privacy Rights Act of 2024, the first high-profile bipartisan federal data privacy law in recent years. However, its current form lacks the central opt-out authority envisioned by the DELETE Act.
More comprehensive privacy laws could help prevent information collection in the first place, but digital security advocates say permanent data broker opt-outs like the one proposed in the DELETE Act could have an impact. states that it is most likely.
Phillips has been vocal about multiple issues, including the liberation of Palestine and human rights abuses in India, which have made her a target for disclosures. When she posts about these topics or publishes her op-eds on abortion, she usually receives a round of harassment or people try to blackmail her by sharing her personal information. .
If possible, Phillips will also pay for removal services for her family, because she doesn't want them to be targeted because of her career. But covering just her immediate family would cost hundreds of dollars a year.
“I feel really guilty about the work that I do, because the risk could extend to other people,” Phillips said.
campaign action