Attorneys general in nine states and the District of Columbia are urging Apple this week to introduce new App Store requirements designed to safeguard sensitive health data linked to reproductive care.
In a letter to Apple CEO Tim Cook, the dozen chief law enforcement officials accused the company of leaving open a “gap” in its data protection policies that, they said, “threatens the privacy and safety of App Store consumers, and runs directly counter to Apple’s publicly expressed commitment to protect user data.”
The officials are asking Cook to implement new rules on app developers requiring the deletion of non-essential data, including the location and search histories of users “seeking, accessing, or helping to provide reproductive health care.”
Additionally, the officials urged Apple to demand app makers certify they’d only disclose reproductive health data in response to a “valid subpoena, search warrant, or court order.” App makers should be required, the officials said, to provide “clear and conspicuous notices” to consumers whenever there’s a potential for such health data to be disclosed to third parties.
“Third-party apps available on the App Store collect consumers’ private reproductive health data, which can be weaponized against consumers by law enforcement, private entities, or individuals,” the officials said.
The letter proclaims Apple customers have made their concerns about the way mobile apps are handling reproductive data clear in the wake of Dobbs v. Jackson, the Supreme Court case that eliminated the constitutional right to an abortion after almost 50 years. And while Apple frequently touts that privacy is among its “core values,” the company has “not done enough” in this particular regard, the letter says.
“Consumers cannot trust Apple’s privacy promises if applications on the App Store are not required to take active measures to protect this sensitive health data,” the officials added.
The letter is signed by New Jersey Attorney General Matt Platkin, who led the effort to approach Cook, as well as the attorneys general for California, Connecticut, the District of Columbia, Illinois, Massachusetts, North Carolina, Oregon, Vermont and Washington state.
At time of writing, the repeal of the 1973 Roe v. Wade decision has triggered state laws banning most abortions in 13 states, including nine state where no exceptions are being made for victims of rape or incest. (Mississippi law includes an exception for rape, but not incest.)
Republican legislators in eight other states have attempted to pass bans but have been blocked by courts either indefinitely or temporarily while legal challenges are underway.
The criminalization of abortion has ignited a wave of concern over the digital surveillance practices of state and local law enforcement agencies, particularly in states such as Texas where people face potential criminal prosecution even if only helping another person travel out of state to get an abortion.
In Texas, there are also concerns that judges could order internet companies to surrender data in civil cases arising from the state’s abortion bounty system. The system effectively deputizes ordinary citizens to sue anyone involved in performing an abortion. The vigilante claimants stand to collect cash payments of $10,000 in each case won.
Of equal concern is that law enforcement agencies may be sidestepping the courts and using a Fourth Amendment loophole to purchase people’s location data. While the Supreme Court has held that it’s unconstitutional to demand access to location data without a warrant, the U.S. Justice Department and other government agencies have determined they’re not prohibited from buying it.
State and local police agencies are already known to purchase software using mobile app data to track people’s movements. And such tools could be used, ostensibly, to track activity around women’s health clinics, or to help prosecutors develop evidence against people traveling out of state to obtain a procedure.
In their letter to Apple, the nine attorneys general highlighted specific concerns around period trackers, pregnancy and fertility apps, and health and fitness wearable devices. Citing a recent survey by the nonprofit Mozilla Foundation, they noted that many apps had failed to meet minimum security standards, and that some lacked “even basic privacy policies, let alone policies that addressed the use of sensitive information.”
“We acknowledge Apple’s commitment to privacy and security across its products, as evidenced by its use of encryption to protect user health data as well as its transparency into law enforcement requests for user data,” the officials wrote. “But that alone is insufficient if third-party apps on the App Store fail to respect and adhere to Apple’s privacy ethos.”