Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

When law enforcement wants your social media content, do data privacy laws hold up?

MICHEL MARTIN, HOST:

Even before the Supreme Court overturned Roe v. Wade, as states took aggressive steps to make abortions more difficult to access, abortion-rights advocates started to warn that private online activity could be used to target, discourage or punish those seeking abortion services. Now, critics said that was far-fetched, but those concerns are already playing out in court. According to recent reports, a mother and daughter in Nebraska are facing criminal charges for allegedly performing a self-medicated abortion after 20 weeks of pregnancy. That's illegal in that state. Part of law enforcement's evidence against the two women came from online messages collected by Meta, Facebook's parent company, of conversations allegedly referencing abortion medication. This has privacy advocates reiterating their concerns about data privacy, or the lack thereof, on sites like Facebook.

So we decided to ask just what privacy controls various platforms offer and how you, a user, can protect your online data. For that, we called Logan Koepke. He is a project director for Upturn. That's a nonprofit that says it investigates ways that technology can reinforce inequities, and it advocates ways to change the status quo. And he is with us now. Welcome. Thank you for joining us.

LOGAN KOEPKE: Thanks so much for having me.

MARTIN: Here is where I am required to say that Facebook's parent company, Meta, pays NPR to license NPR content. Now, with that disclosure being said, in response to this case, a spokesperson from Meta tweeted that the request from law enforcement didn't mention abortion. And one can imagine that there are other requests for data that might not use the word but which are about reproductive rights and abortion care. Do you think that that has - is the case? I mean, do you think that that is common, I guess would be the question?

KOEPKE: So that statement would seem to imply that if the search warrants had mentioned abortion, there would be a different result. But I really do not think that that's true. Unless Meta is going to announce a new policy that they are going to always object to search warrants seeking information in abortion-related investigations, which I don't think they are, that sort of claim that this warrant did not mention anything abortion-related really means nothing. When we see companies resisting legal process or search warrants for user data, usually that's in two different categories. The first category is when there's an overbroad request. That's when law enforcement are obtaining a search warrant that either asks for too much data or data from too many people. And the other kind of request that these companies will frequently fight is if a request seeks the company to either damage or change a product feature in some way.

MARTIN: So in response - is it in response to this that earlier this week, Meta announced it was expanding its Messenger app's end-to-end encryption? For people who don't know, can you tell us what end-to-end encryption is? And is this a move that you think is appropriate?

KOEPKE: Yeah. So end-to-end encryption adds extra security and protection to your messages. Every device in an end-to-end encrypted conversation has a special key that's basically used to protect the conversation of the two people in that conversation. When you send a message in an end-to-end encrypted conversation - imagine you and I were sending messages - your device locks the message as it's sending, basically. And then that message could only be unlocked by a device that owns one of the special keys for that conversation. So in this instance, on Facebook Messenger, not even Facebook would have the ability to read the messages if end-to-end encrypted messaging was enabled.

MARTIN: This is one of those situations where where you stand depends on where you sit in, in a way. But there are, I think, people who would also look at this and say that these platforms are used for, you know, certainly - you know, conspirators in the - say, the January 6 mob attack on the Capitol, just to name one example, are using these apps to communicate with each other. And I think other people might say, well, gee, in situations like that, I do want law enforcement to have access to these messages in building a conspiracy case. How do you balance those concerns - those competing concerns?

KOEPKE: So what I would say is that, yes, were end-to-end encrypted messaging on Facebook's messaging services enabled by default, you know, the detectives in this case would not have been able to access the Facebook messages at issue. Even if those messages were encrypted, law enforcement would simply obtain a search warrant to search the cellphone of the mother or daughter in this case, right? Be highly likely that they have the Messenger app on their phone, and law enforcement could simply access the contents of the Facebook Messenger conversation that way.

And this is actually something we spend a great deal of time at Upturn researching, which is that more than 2,000 law enforcement agencies across the United States have these tools that are called mobile device forensic tools. And these tools are cellphone extraction tools that are a powerful technology that allow police to extract a full copy of data from your cellphone - so imagine all of your emails, all of your texts, all your photos, all of your locations, app data and more - which can then be searched by law enforcement. So I'd say to someone who's worried that law enforcement won't be able to get access just because Facebook says we're going to deploy end-to-end encrypted messaging across our platform, is that that does not shut the door on law enforcement access, period. The unfortunate reality is that so many of us today have retained so much private information on our phone, and that can still be the subject of a search warrant by law enforcement.

MARTIN: And so I think what I hear you saying is, at the end of the day - your individual responsibility to protect your data privacy. I think that's what I hear you saying right now. And so if that's the case, then how do you do that?

KOEPKE: There are certainly things companies can do to help protect their users. So it is certainly the case that Facebook deploying end-to-end encryption for Messenger is a positive step and has its own merits on its own terms. There are also policy-based solutions they can pursue, which is saying, hey, we as a platform are not going to retain location data after, you know, let's say 30 days.

If an individual is trying to make sure that they can protect themselves and engage in secure communications, there are end-to-end encrypted messaging platforms out there. A popular one is Signal. You can also establish on that application sort of disappearing messages. And if law enforcement apply for a search warrant and sent that search warrant to Signal, for example, there'd be very little data that Signal would be able to provide, right? They could not provide the contents of the messages. They could only provide some high-level metadata about when the user account was created and so on. So that kind of messaging platform is probably what I would recommend for someone who is trying to engage in private and secure communications online.

MARTIN: That's Logan Koepke. He's project director for Upturn. That is a nonprofit that advances social justice in technology, governance and design. Logan Koepke, thanks so much for being with us.

KOEPKE: Thank you.

(SOUNDBITE OF JOHN BUTLER TRIO SONG, "BULLET GIRL") Transcript provided by NPR, Copyright NPR.