Payment data could become evidence of abortion, now illegal in some states

Digital payments are the default for millions of women of childbearing age. So what will your credit and debit card issuers and financial app providers do when prosecutors search your transaction data during abortion investigations?

It is a hypothetical question that is almost certainly unavoidable after the annulment of Roe v. Wade last week. Now that abortion is illegal in several states, criminal investigators will soon begin their search for evidence to prosecute those they say have broken the law.

Medical records are likely the most definitive proof of what is now a crime, but officials unable to obtain them may look elsewhere for evidence. Payment tracking is likely to be a high priority.

For banks and other payment companies receiving criminal investigations, this appears to be fairly new territory. Card issuers have become accustomed to requests for user data in investigations of terrorism, money laundering and illegal trafficking. None of them have provoked the kind of political, legal, and emotional backlash that abortion investigations are likely to provoke.

The Fourth Amendment provides people with protection from government intrusion. But those protections weaken once people voluntarily share information with a third party, legal experts said. That means law enforcement officials can usually ask financial institutions to hand over customer data with a simple subpoena.

Even sensitive health and medical details can be fair game. The Health Insurance Portability and Accountability Act, known as HIPAA, which governs the privacy of a patient’s health records, allows medical and billing records to be released in response to a court order or subpoena.

“There is a very broad exception to HIPAA protections for law enforcement,” said Marcy Wilder, partner and co-head of the global privacy and cybersecurity practice at Hogan Lovells, a law firm. But Ms. Wilder added that the information shared with law enforcement officials cannot be too broad or unrelated to the request. “That’s why it’s important how companies and health plans interpret this.”

Card issuers and networks like Visa and Mastercard generally don’t have detailed lists of everything people pay when they buy prescription drugs or other medications online, or when they buy services from health care providers. But evidence of sponsorship from, say, a pharmacy that sells only abortion pills could give someone away.

At the same time, according to attorneys and privacy experts, if an investigator has collected other data about a person’s travels, then a charge at, say, an out-of-state Planned Parenthood for an amount much higher than a standard check . it would be useful evidence, depending on the laws at play and how they evolve in the coming months. The same goes for a patient who lives in a state where abortion pills are illegal and seeks them out through a telehealth visit with a doctor out of state.

Some financial institutions are preparing to reject requests for this data.

Amalgamated Bank, based in New York, is one.

“Amalgamated Bank will carefully review any subpoenas for information related to the prosecution of women for exercising their right to choose and object to the fullest extent possible,” the bank said in a statement. He plans to notify customers of these subpoenas, unless investigators can force the bank not to disclose the existence of the subpoena.

Law enforcement officials may also request subpoenas from companies that issue debit cards loaded with dollars from flexible spending accounts. Many employers provide such health care spending accounts.

HealthEquity, one of the main administrators of these accounts, said it was reluctant to release transaction data. The company “does not honor requests for medical expense data, including from law enforcement and other government entities, unless we are specifically required to do so by law,” Jon Kessler, its chief executive officer, said in an email. “We seek to apply the narrowest possible interpretation of what is required and strongly oppose any request for a broad search of member data.”

The New York Times contacted about two dozen large financial firms, including several that have announced plans to reimburse employees for abortion-related expenses, to ask how they would address data privacy around abortion.

American Express, Citigroup, Coinbase, Frost Bank, JPMorgan, Mastercard, 1199 SEIU Federal Credit Union, Visa and USAA declined to comment.

“I can’t speculate on the situations you describe,” said Bill Day, a spokesman for Frost, which is based in San Antonio and is among the 50 largest banking companies in the United States. “They’re all hypothetical right now.”

USAA also declined to discuss how, or if, it is instructing bank employees to handle customer conversations. It is based in Texas, where a new state law authorizes residents to file lawsuits against anyone who has helped facilitate an abortion.

“Given that the ruling was issued late last week, it is premature to understand the full impact at the state level,” Brad Russell, a USAA spokesman, said by email. “However, USAA will always comply with all applicable laws.”

American Airlines Credit Union, Bank of America, Capital One, Discover, Goldman Sachs, Prosperity Bank USA, Navy Federal Credit Union, US Bank, University of Wisconsin Credit Union, Wells Fargo and Western Union did not respond to at least two messages seeking comment. .

American Express, Bank of America, Goldman Sachs, JPMorgan Chase and Wells Fargo have announced their intentions to reimburse employees for expenses if they travel to other states for abortions. So far, neither has commented on how they would respond to a subpoena seeking the transaction records of the very employees who would be eligible for reimbursement from the employer.

The fact that so many financial services companies remain silent is not surprising. Like almost everyone else, they struggle to navigate a landscape that has completely changed. The American Bankers Association also declined to comment.

Then there are the digital payment services that straddle the line between technology and finance: Apple Pay; PayPal and its Venmo offer; and Square and its Cash app.

Neither company responded to at least two messages seeking comment.

Alejandra Caraballo, a clinical instructor at Harvard Law School’s Cyber ​​Law Clinic, read these companies’ user agreements with her students for a recent course. “We realized that essentially all of them are bad,” she said. “They have all said they will comply with legal process and serve documents either through court orders or subpoenas.”

Tech companies have more experience deliberating whether to deal with subpoenas for users’ private data.

By comparison, financial services firms have generally not faced as much complexity, because new forms of payment do not appear as frequently as new forms of communication, many of which present novel legal issues and the potential for customer outrage. consumers and others. .

Abortion rights and privacy activists are gearing up for the fight.

“I think everyone, including these companies, is trying to figure out what, if anything, can be done,” said Dana Sussman, interim executive director of National Advocates for Pregnant Women. “One thing we hope to do is put public pressure to fight these citations. If they do, it will be much more difficult for these prosecutors, who have limited resources and a lot of work to do in their communities with other issues.”

Amie Stepanovich, vice president of US policy at the Future of Privacy Forum, a nonprofit organization focused on privacy and data protection, said warrants and citations can be accompanied by gag orders, which which can prevent companies from even alerting their customers that they are being investigated. “They can choose to fight the use of gag orders in court,” she said. “Sometimes they win, sometimes they don’t.”

In other cases, prosecutors may not say exactly what they are investigating when they request transaction records. In that case, it’s up to the financial institution to ask for more information or try to figure it out on their own.

Paying for abortion services in cash is a possible way to avoid detection, even if it is not possible for people ordering pills online. Many abortion funds pay on behalf of people who need financial help.

But cash and electronic money transfers are not entirely foolproof.

“Even if you pay cash, the amount of residual information that can be used to reveal health status and pregnancy status is quite significant,” Ms Stepanovich said, referring to potential breadcrumbs such as use of the program. loyalty card from a retailer or location tracking on a mobile phone when making a cash purchase.

In some cases, users may inadvertently provide sensitive information through apps that track and share their financial behavior.

“Purchasing a pregnancy test on an app where financial history is public is probably the biggest red flag,” Ms. Stepanovich said.

Other advocates mentioned the possibility of using prepaid cards in fixed amounts, like the ones people can buy off the shelf at a pharmacy. Cryptocurrency, they added, typically leaves enough of a trail to make achieving anonymity a challenge.

One thing that all the experts emphasized is the lack of certainty. But there is an emerging gut feeling that corporations will be in the spotlight at least as much as judges.

“Now, these payment companies are going to be front and center in the fight,” Ms. Caraballo said.

Leave a Comment

Your email address will not be published.