Period Tracking Apps Imperil Women

The recent US Supreme Court decision on abortion didn’t just set back women’s rights by half a century. It also restored the rhythm method of birth control, and imperils a women’s privacy rights.

It is relatively difficult for women to get pregnant. There are only a few days in a month when conception is possible so, theoretically, a woman who keeps track of their cycle should know what days they can get pregnant and what days they can’t. The Catholic Church has, for decades, indicated that using this knowledge is the only acceptable form of birth control.

Cycles are not regular

However, only 37 percent of women can rely on their period occurring every 27-29 days. The majority of women experience irregular periods, so they cannot be tracked on a calendar. That’s one of the arguments against banning abortions after 6 weeks since most women won’t miss a period in that time.

Technology companies offer period and ovulation tracking apps that can help women find some semblance of regularity and they are quite popular. Millions of women use them to track menstrual cycles and ovulation windows, and plan or prevent pregnancies. The problem is that, according to the Mozilla Foundation, this data is largely insecure.

Many of the companies selling these apps make their money selling the data to third-party organizations and businesses. Some of them don’t even have privacy policies. And when a law enforcement agency comes forward with an emergency warrant to collect data on certain users, they have to give that information up. States where abortion is criminalized are already using that data against women who seen abortions, even if it wasn’t in the state where it is outlawed.

“Overnight, apps and devices that millions of people trust have the potential to be used to prosecute people seeking abortions”, said Ashley Boyd, Mozilla’s vice president of advocacy. “Users should think twice before using most reproductive health apps; their privacy policies are riddled with loopholes and they fail to properly secure intimate data.”

Privacy not included

Mozilla reviewed 10 popular apps, including Flo, Glow, Ovia, Period Calendar Period Tracker, and My Calendar Period Tracker. It also reviewed five health and fitness wearable devices that track fertility. Eight of the apps failed to meet Mozilla’s Minimum Security Standards. Euki is the only app that earned a “Best Of” category. None of the wearable devices reviewed avoided the dreaded “privacy not included” label.

Related:   Ransomware: The Worst is Yet to Come

A major problem with any app is that the sale of data is what makes the app free. Even anonymized data has security issues if combined with location tracking. Users rarely, if ever, know where that data is, especially if the app maker’s servers are compromised.

However, at DEF CON 2022, a private company, Virtru introduced a period tracking app that overcomes the security problem. SecureCycle alerts users when the data is being shared, allowing them to revoke access if necessary.

“Data needs to be freely shared but people have to either lock down data and sacrifice shareability or set it free while sacrificing control,” said Rob McDonald, senior vice president for product strategy at Virtru.

The company based the technology on an open standard, Trusted Data Format (TDF) developed by the company co-founder Will Ackerly. U.S. federal government agencies, including the U.S. Intelligence Community, uses TDF to secure information between agencies and ensure data privacy.

In preparation for DEF CON, the company held a hackathon to come up with a consumer-level application of TDF. One team, led by Cassandra Bailey, senior technology product manager, came up with SecureCycle.

The app is not going to be developed for consumers but the technology behind it is freely available.

Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *