Digital payments are the default for millions of women of childbearing age. So what will credit and debit card issuers and financial application providers do when prosecutors look for details of their transactions during abortion investigations?
This is a hypothetical question that is almost inevitable after Rowe’s cancellation against Wade last week. Now that abortion is illegal in several states, criminal investigators will soon begin looking for evidence to prosecute those they believe have broken the law.
Medical records will probably be the clearest evidence of what is now a crime, but officials who cannot obtain them can look for evidence elsewhere. Tracking your payment is likely to be a high priority.
For banks and other paying companies receiving criminal investigations, this seems to be relatively new territory. Card issuers are accustomed to requests for user data in investigations of terrorism, money laundering and illegal trafficking. None of them provoked the political, legal and emotional repulsions that abortion investigations are likely to provoke.
The Fourth Amendment provides people with protection against government interference. But those protections weaken after people voluntarily share information with a third party, legal experts said. This means that law enforcement officials can usually ask financial institutions to provide customer data with a simple subpoena.
Even sensitive health and medical details can be fair play. The Health Insurance Portability and Accountability Act, known as HIPAA – which governs the confidentiality of a patient’s health records – allows medical records and invoicing records to be issued in response to an order or summons.
“There is a very broad exception to HIPAA’s enforcement of law enforcement,” said Marcy Wilder, partner and co-head of global privacy and cybersecurity practices at Hogan Lovells, a law firm. But Ms Wilder added that the information shared with law enforcement officials could not be too extensive or unrelated to the request. “That’s why it matters how companies and health plans interpret that.”
Card and network issuers such as Visa and Mastercard usually do not have detailed lists of everything people pay for when shopping for prescription or other medicines online or when buying services from healthcare providers. But proof of the patronage of, say, a pharmacy that sells only abortion pills can give someone.
At the same time, according to lawyers and privacy experts, if an investigator has collected other data on a person’s travel, then a fee for planned parenting outside the state, for example, for an amount much higher than the standard check would be useful evidence, depending of the laws in force and how they develop in the coming months. The same goes for a patient living in a state where abortion pills are illegal who seeks them through a telehealth visit with a doctor outside the state.
Some financial institutions are preparing to reject requests for this data.
Amalgamated Bank, based in New York, is one.
“An amalgam bank will carefully check all summonses for information related to the prosecution of women for exercising their right to choose and object as fully as possible,” the bank said in a statement. It plans to notify customers of these subpoenas unless investigators fail to force the bank not to disclose the existence of the subpoena.
Law enforcement officials could also pursue subpoenas from companies that issue debit cards that top up dollars from flexible expense accounts. Many employers provide such bills for health care costs.
HealthEquity, the lead administrator of those accounts, said it was reluctant to give up transaction data. The company “does not comply with medical data requests – including from law enforcement and other government agencies – unless we are specifically required by law to do so,” John Kessler, its chief executive, said in an email. “We strive to apply the broadest possible interpretation of what is required, and we would vigorously oppose any request for a broad search for members’ data.”
The New York Times contacted approximately two dozen large financial firms – including several that announced plans to reimburse their employees for abortion costs – to ask how they would approach the confidentiality of abortion data.
American Express, Citigroup, Coinbase, Frost Bank, JPMorgan Chase, Mastercard, 1199 SEIU Federal Credit Union, Visa and USAA declined to comment.
“I can’t speculate on the situations you’re describing,” said Bill Day, a spokesman for Frost, which is based in San Antonio and is among the 50 largest banking companies in the United States. “They’re all hypothetical at the moment.”
Updated
June 29, 2022, 2:55 PM ET
The USAA also declined to discuss how or whether it instructed bank employees to talk to customers. It is based in Texas, where a new state law allows residents to file lawsuits against anyone who helped facilitate an abortion.
“Since the decision came out only at the end of last week, it is premature to understand the full impact at the state level,” said Brad Russell, a USAA spokesman. “However, the USAA will always comply with all applicable laws.”
American Airlines Credit Union, Bank of America, Capital One, Discover, Goldman Sachs, Prosperity Bank USA, Navy Federal Credit Union, US Bank, University of Wisconsin Credit Union, Wells Fargo and Western Union did not return at least two messages seeking comment.
American Express, Bank of America, Goldman Sachs, JPMorgan and Wells Fargo have announced plans to reimburse employees if they travel to other states for abortion. So far, no one has commented on how they would respond to a subpoena to search for records of the employees’ transactions themselves, which would qualify for reimbursement by the employer.
The fact that so many financial services companies are silent is not surprising. Like almost everyone else, they are trying to orient themselves in a landscape that has changed completely. The Association of American Bankers also declined to comment.
Then there are digital payment services that cross the line between technology and finance: Apple Pay; PayPal and its Venmo offer; and Square and its Cash app.
None of the companies responded to at least two messages seeking comment.
Alejandra Carabalo, a clinical instructor at Harvard’s cyber law clinic, read the consumer agreements of these companies with her students for a recent course. “We have come to realize that they are all essentially bad,” she said. “They all said they would comply with the legal process and hand over documents either by orders or by subpoena.
Technology companies have more experience in discussing whether to oppose calls for users’ personal data. By comparison, financial services companies have not usually encountered such complexity, as new forms of payment are not as common as new forms of communication, many of which introduce new legal issues and the possibility of outrage from consumers and others.
Abortion and privacy activists are preparing to fight.
“I think everyone, including these companies, is trying to figure out what, if anything, can be done,” said Dana Sussman, executive director of the National Advocates for Pregnant Women. “One thing we hope to do is apply public pressure to combat these summonses. If they do, it will make it much harder for those prosecutors who have limited resources and a lot of work to do in their communities on other issues. “
Amy Stepanovic, vice president of US policy at the Forum on the Future of Privacy, a non-profit organization focused on confidentiality and data protection, said orders and subpoenas could be accompanied by closure orders, which could prevent companies from even to warn their customers that they are under investigation.
“They can choose to fight against the use of obstruction orders in court,” she said. “Sometimes they win, sometimes they don’t.”
In other cases, prosecutors may not say exactly what they are investigating when they want transaction records. In this case, the financial institution must request more information or try to understand it on its own.
Paying for cash abortion services is one possible way to avoid detection, even if it is not possible for people who order pills online. Many abortion funds pay on behalf of people in need of financial assistance.
But money and electronic money transfers are not completely secure.
“Even if you pay in cash, the amount of residual information that can be used to disclose health and pregnancy status is quite significant,” Ms Stepanovic said, referring to potential bread crumbs, such as the use of a bread program. loyalty of a retailer or tracking the location of a mobile phone when buying in cash.
In some cases, users may inadvertently opt out of sensitive information themselves through applications that track and share their financial behavior.
“Buying a pregnancy test in an application where the financial history is public is perhaps the biggest red flag,” Ms Stepanovic said.
Other advocates mentioned the possibility of using prepaid cards in fixed amounts, such as the types that people can buy from a shelf at a pharmacy. The cryptocurrency, they added, usually leaves enough evidence that achieving anonymity is a challenge.
One thing that every expert emphasizes is the lack of security. But there is a feeling that corporations will be in the spotlight at least as much as judges.
“Now these payment companies will be at the forefront and at the center of the battle,” Ms. Carabalo said.
Add Comment