When law enforcement wants your content on social media, do data privacy laws hold up? : NPR
Nebraska law enforcement has requested the Facebook posts of two women being investigated for a suspected illegal abortion. NPR’s Michel Martin talks to Upturn’s Logan Koepke about data privacy.
MICHEL MARTIN, HOST:
Even before the Supreme Court reversed Roe v. Wade, as states moved aggressively to make abortions harder to access, abortion rights advocates began warning that private activity online could be used to target, discourage or punish those who seek abortion services. Now, critics have said that’s over the top, but those concerns are already showing up in court. According to recent reports, a Nebraska mother and daughter are facing criminal charges for allegedly performing a self-medicated abortion after 20 weeks of pregnancy. It’s illegal in this state. Some of the law enforcement evidence against the two women came from online posts collected by Meta, Facebook’s parent company, from conversations allegedly referring to abortive drugs. This has privacy advocates reiterating their concerns about data privacy, or lack thereof, on sites like Facebook.
So we decided to ask what privacy controls different platforms offer and how you as a user can protect your data online. For this, we called on Logan Koepke. He is project director for Upturn. It’s a nonprofit that says it’s exploring ways in which technology can reinforce inequality and advocating for ways to change the status quo. And he is with us now. Welcome. Thanks for joining us.
LOGAN KOEPKE: Thank you very much for inviting me.
MARTIN: This is where I have to say that Facebook’s parent company, Meta, pays NPR to license NPR content. Now, that disclosure being said, in response to this matter, a spokesperson for Meta tweeted that the law enforcement request did not mention abortion. And one can imagine that there are other data requests that might not use the word but relate to reproductive rights and abortion care. Do you think that has–is it? I mean, do you think it’s common, I guess that would be the question?
KOEPKE: So that statement would seem to imply that if the search warrants mentioned abortion, there would be a different result. But I really don’t think that’s true. Unless Meta announces a new policy that they will always oppose search warrants to obtain information in abortion-related investigations, which I don’t think they are, that kind of he assertion that this mandate does not mention anything related to abortion really means nothing. When we see companies resisting legal process or search warrants for user data, it generally falls into two different categories. The first category is when there is too much demand. That’s when law enforcement gets a search warrant that either asks for too much data or data from too many people. And the other type of request that these companies will frequently struggle with is if a request asks the company to damage or alter a product feature in some way.
MARTIN: So in response – is it in response to this that earlier this week Meta announced that it was extending end-to-end encryption to its Messenger app? For those who don’t know, can you tell us what end-to-end encryption is? And is it a decision that you consider appropriate?
KOEPKE: Yes. Thus, end-to-end encryption adds extra security and protection to your messages. Each device in an end-to-end encrypted conversation has a special key which is basically used to protect the conversation of the two people in that conversation. When you send a message in an end-to-end encrypted conversation – imagine you and I are sending messages – your device basically locks the message while it’s being sent. And then this message can only be unlocked by a device that has one of the special keys for this conversation. So, in this case, on Facebook Messenger, even Facebook would not have the ability to read the messages if end-to-end encrypted messaging was enabled.
MARTIN: It’s one of those situations where your position depends on where you sit, in a way. But there are, I think, people who would also look at this and say that these platforms are being used for, you know, definitely – you know, conspirators in – say, the January 6 mob attack on the Capitole, to name one example, use these applications to communicate with each other. And I think other people might say, well, in situations like that, I want law enforcement to have access to these messages to build a conspiracy case. How do you reconcile these concerns – these competing concerns?
KOEPKE: So what I would say is, yeah, if end-to-end encrypted messaging on Facebook’s messaging services was enabled by default, you know, the detectives in this case wouldn’t have been able to access to the Facebook posts in question. Even if these messages were encrypted, law enforcement would just get a search warrant to search the mother or daughter’s cell phone in this case, right? Chances are they have the Messenger app on their phone, and law enforcement could just access Facebook Messenger conversation content that way.
And that’s actually something we spend a lot of time researching at Upturn, that over 2,000 law enforcement agencies across the United States have these tools called device forensic tools. mobiles. And these tools are cell phone scraping tools which are powerful technology that allows the police to extract a complete copy of your cell phone data – so imagine all your emails, all your texts, all your photos , all your locations, app data and more – which can then be searched by law enforcement. So I would say to somebody who’s worried that law enforcement can’t access it just because Facebook says we’re going to roll out end-to-end encrypted messaging on our platform is that that don’t close the door on access to law enforcement, period. The sad reality is that so many of us today have kept so much private information on our phones, and it may still be subject to a search warrant by law enforcement.
MARTIN: And so I think what I’m hearing you say is, ultimately, your individual responsibility to protect the privacy of your data. I think that’s what I hear you saying right now. And so if so, then how do you do that?
KOEPKE: There are definitely things companies can do to help protect their users. So it’s certainly true that Facebook rolling out end-to-end encryption for Messenger is a positive step and has its own merits on its own terms. There are also policy-based solutions that they can pursue, which is to say, as a platform, we’re not going to retain location data after, you know, say 30 days.
If a person is trying to ensure that they can protect themselves and engage in secure communications, there are end-to-end encrypted messaging platforms. A popular one is Signal. You can also set on this app a kind of disappearing messages. What if law enforcement requested a search warrant and sent that warrant to Signal, for example, there would be very little data that Signal would be able to provide, would there? They could not provide the content of the messages. They could only provide high-level metadata about when the user account was created, etc. So this type of messaging platform is probably what I would recommend to someone trying to engage in private and secure communications online.
MARTIN: It’s Logan Koepke. He is project director for Upturn. It is a nonprofit organization that advances social justice in technology, governance, and design. Logan Koepke, thank you so much for being with us.
KOEPKE: Thank you.
(SOUND EXTRACTION OF JOHN BUTLER TRIO SONG, “BULLET GIRL”)
NPR transcripts are created in peak time by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative recording of NPR’s programming is the audio recording.