Keep Your Medical and Other Info Private
Legal ways to keep your information out of the hands of the government
Recently, people in the US have become concerned with protecting their medical data and several of you have asked us to cover the risks and how to protect your privacy. There are multiple examples where the government may attempt to access your data without your permission, so these tips apply to anyone who wants to legally protect their own privacy from government surveillance.
The Verge has a guide up on how to protect your medical data in particular which is worth a read.
Medical Info
Since so many people asked us about medical data let's start there. In the US, the Health Insurance Portability and Accountability Act, or HIPPA does not protect against all non-consensual disclosures of your medical information.
Medical personnel may disclose personal medical information if they think a crime has been committed or if they believe criminal activity is happening at the site of a medical emergency. And all health organizations must also give access to health records in response to a court order. One exception is Connecticut where a law blocks other states from subpoenaing reproductive health-related information.
Also HIPPA does not apply to organizations not offering actual medical care. Pregnancy counseling organizations that do not offer medical care may collect data not protected from disclosure. Apps that store your health information also may not fall under HIPPA rules depending on what information they collect. These include exercise apps, smartwatch fitness apps, period trackers and more. While these kinds of apps have not figured in many cases, they all must comply with valid court orders to turn over information.
Ad Tracking
Some people worry about ad-tracking (like IP addresses, or pixel tracking) but the Verge points out that these are not known to be used in law enforcement investigations. Despite the hype, ad tracking is not nearly as personal as we think, and while personal information can be decoded, it takes work. Law enforcement has easier ways of getting more useful data. However, blocking cookies and using privacy protective browsers like Firefox or Brave can reduce that small risk even further.
Search History
A more common target for investigators is search history.
And the most common way to find search history is on the person's own unlocked phone. However, search engines must comply with valid court orders to report search histories they might have. But in either case your search history can't be handed over if it's not there. You can sign out of search engines use a search engine that does not store any history, like DuckDuckGo or Brave Search.
Purchases
Another way to protect your privacy is at the time of purchase. If you are purchasing legal items you want to keep private, including medical supplies or medicines you may want to consider using a gift card so the purchase doesn't show up in your credit card records or associated with your personal info in a point-of-sale app like Square.
Calls and Texts
Calls and text messages may also be accessible to investigators. Cell phone network providers may be compelled to provide which numbers you have called or texted, and a court can order a search warrant for the contents of text messages and saved voicemails. Using encrypted apps like Signal preserve your privacy.
Location Data
Investigators might also look for location data.
Mobile devices can collect location data based on which cell towers and WiFi access points you connect to, as well as some apps logging GPS. You can avoid this last by denying an app permission to log location. But location data from apps and cell phone use or web browsing is often obtained and sold in bulk by data brokers. The data is anonymized though, and while de-anonymization can be done, it takes effort, so it's more common in intelligence agencies than state or local police efforts.
Cell phone providers can be asked to provide location through a geofence warrant that asks for info on all devices that passed through a certain are linked to a crime. These are controversial and not extremely common yet.
The easiest way to avoid collection of location data is leave a phone at home or turn it completely off. iPhones have a low power mode when off to help locate the phone if lost, but that can only be accessed by the account holder of the phone and historical data is not stored. If a phone must be left on, you can disable location data collection in the settings for Android and iOS.