This is not a drill.
The nightmare scenario for personal privacy in a world where women are stripped of their reproductive rights is coming to pass:
Meta, Google, other tech companies are providing police with evidence to help prosecute women who seek or perform abortions
@mimsical This is not a great article and the headline is egregious. The need to make every article boil down to "tech companies bad" obfuscates the core issue and therefore the potential responses..
The real, but less clickworthy headline would be "Prosecutors and judges are using the law to go after women getting abortions".
Tech companies can't just "turn over" data, they have to comply with ECPA/SCA, which requires a signed warrant* for content.
*Offer does not apply to FAA702
@mimsical All of these examples seem to be utilizing targeted search warrants aimed at individual women and signed by a judge. State search warrants often do not have affidavits or potentially charged crimes attached, so to the companies there is no good way to tell if this is an abortion-related investigation.
The companies are bound by state and federal law to respond to search warrants. They can fight and give notice, but in the end that is the law.
@mimsical If the companies declined to answer a search warrant, the judge could issue an arrest warrant for the tech co lawyer or another corporate officer.
The article implies that tech companies can just decide to not turn over data, and that is incorrect. What can be done?
1) The companies can be more aggressive with notification, although it's pretty standard for warrants to come with gag orders in lots of cases.
2) They can try to fight more warrants, but which ones is the hard part.
@mimsical 3) We could amend ECPA/SCA to set standards for interstate warrants to require affidavits or a citation of the law the target is presumed to have violated. That would, at least, give the companies more to work on.
4) California could try to create a conflict of laws and promise to not enforce abortion-related search and arrest warrants on behalf of other states. This seems like a serious full-faith-and-credit issue and I think we know what SCOTUS would do.
@mimsical 5) The companies can continue to roll out E2EE as widely as possible. This is the only realistic tech response.
I know a bunch of civil liberties lawyers are looking into other options, but they aren't great.
In the end, if the law criminalizes fundamental reproductive rights then the massive power of the criminal justice system can be perverted to go after innocent women. That's the problem.
@alex Makes perfect sense. But also illustrates, as you say, that E2EE is the primary "good" solution, for now.
From my perspective, it sure makes Tim Cook's priorities of late (the imessage encryption, not a commentary on ATT) look like the right ones.
@joshsternberg @mimsical @alex
@brooklynmarie
"what if these tech companies just didn't collect that kind of very specific data in the first place? no data collection, nothing to turn over, yeah?"
Please, Josh. Now you're just talking crazy talk. Tech companies not slurping every bit of private data they can for maximum resale and state benefit? What will you crazy kids think of next?
@mimsical iMessage has been (mostly) E2EE for a while, but encryption for iCloud backups is definitely a good response to this threat. Those backups are extremely rich hunting grounds for LE.
Unfortunately, the process is so complicated that I expect usage of that feature is <1%.
Christopher Mims
Alex Stamos
Josh Sternberg
Robin Berjon
brooklynmarie
Kim Scheinberg