This report was supported in part by a grant from the John D. and Catherine T. MacArthur Foundation .

We extend a special thanks to our external reviewers: Edward Hasbrouck, The Identity Project (PapersPlease.org).

Executive Summary


  • Healthcare seekers are traveling far from home to obtain abortions and gender-affirming care due to new state laws that penalize evidence-based medicine.

  • Prosecutors and state officials can use countless surveillance tools, from automated license plate readers to street cameras, to identify and track those seeking, facilitating, or assisting out- of-state care.

  • They can also weaponize commercially available surveillance data. S.T.O.P. used one data broker’s platform to place the homes of visitors to an Illinois abortion clinic across the river in Missouri, where abortion is banned.[1]

  • Several strategies can mitigate tracking risks for those traveling for care in the U.S.

 

 

I.     Introduction

 

In June 2022, the U.S. Supreme Court struck down constitutional protections for abortion. One year later, 15 states enacted abortion bans,[2] and half of states have tried.[3] Gender-affirming care restrictions also exploded in the same period: 142 bills were introduced across the U.S. in 2023,[4] 20 states have already banned gender-affirming care for youth,[5] and seven have banned it for people of all ages.[6] These restrictions force healthcare providers to turn away patients in vast regions of the U.S., from Texas to Florida[7] and across much of the American heartland. In turn, healthcare seekers and their families have foregone vital care or traveled far from their homes and across state lines in search of the care they need.

State legislators opposed to abortion and gender-affirming care have these healthcare travelers in their crosshairs. They’ve reached beyond their states’ jurisdictional bounds to punish residents for seeking care that is perfectly legal where it’s administered. In April 2023, Idaho legislators banned the in-state leg of travel to neighboring states to obtain certain abortions[8]–and other states are trying to follow suit.[9] These laws have been countered by “safe harbor”[10] legislation in states like Massachusetts (abortion care),[11] California,[12] New York,[13] New Jersey,[14] Minnesota and Washington state (gender- affirming care).[15] But while dubious laws like Idaho’s stand, they put healthcare seekers, their helpers and healthcare providers at serious risk of investigation or prosecution.

Healthcare seekers’ very need to travel can be used against them. Prosecutors bringing criminalized healthcare charges have relied on digital surveillance data in healthcare prosecutions. Typically, the data comes from smartphones: a person’s texts,[16] their internet search history,[17] or their online purchase records.[18] The Federal Trade Commission[19] and tech companies like Google[20] have rushed to prevent prosecutors and state officials from using phones’ geolocation data to place individuals at healthcare clinics. But even when smartphone data is out of reach, travel data can be used to corroborate accusations against known healthcare travelers and to identify yet unknown healthcare seekers. License plate data, Uber and Lyft data, and even bikeshare data can be used to reveal that someone traveled to a reproductive or gender-affirming healthcare clinic.

Not all forms of travel and accommodations pose the same surveillance risk, especially for individuals who are not on state officials’ or prosecutors’ radar. But it’s nearly impossible to travel anonymously in the U.S. and to avoid leaving a digital trail of one’s travels.

“License plate data, Uber and Lyft data, and even bikeshare data can be used to reveal that someone traveled to a reproductive or gender-affirming healthcare clinic.”

II.   What We Tracked

 

We investigated two key questions for each common form of transportation that a person might use on their trip to a healthcare clinic:

How much confirmatory data does this form of travel create? As documented below, it’s difficult to travel without leaving a digital trace. If police or anti-healthcare activists receive a tip that someone sought criminalized care, different types of travel provide different amounts of data to connect the traveler to their healthcare clinic destination.

How vulnerable is this travel mode to profiling? While it’s nearly impossible to avoid surveillance while traveling, some forms of travel are more acutely at risk of being profiled by police even where the traveler wasn’t previously a suspect. Travel data’s ripeness for profiling depends on several factors: whether the data includes or can be linked to both destination data and personally identifying information; whether the data is relatively consolidated; whether it is retained for a while; and whether it is accessible to prosecutors and officials in a state other than the state where care is provided. Some forms of transportation check fewer of these boxes and are relatively safer ways to travel.

Our findings are summarized in the table below and explained in the following sections.

III.  Car Travel: Most Common, but Heavily Surveilled with a Relatively High Risk of Profiling

 

Most healthcare travelers will drive or be driven to clinics, but it isn’t a safe way to go. Car travel is especially susceptible to surveillance. Worse yet, car data lends itself to profiling yet unknown healthcare seekers.

Anti-abortion groups know this well. They’ve exploited car data to threaten abortion seekers for decades. Since at least the 1990s, anti-abortion extremists have collected license plate data on cars parked at reproductive healthcare clinics, identified the owners of those cars, and used this information to harass clinic visitors and staffers with threatening phone calls[21] and mail.[22] Historically, extremists have relied on inherently limited human resources—human surveillance and hand-populated spreadsheets—to track abortion seekers and providers using car data.[23] Those limits are now a thing of the past.

Automated surveillance of cars is now pervasive, making it nearly impossible to travel untracked in a car. Automated license plate readers (“ALPRs”) blanket U.S. streets and highways,[24] where they photograph vehicles and use optical character recognition to extract license plate numbers.[25] Plate numbers are stored with cameras’ locations and date/time information[26]—sometimes even photos of drivers and passengers.[27] When an ALPR is located near a clinic, its data can be used to track each car that traveled there. (Even without ALPRs, out-of-state license plates can be a conspicuous identifier of interstate abortion travelers and can be used as a trigger for more targeted investigative and surveillance tactics. It’s safer to show up at a clinic in a locally registered vehicle.) And while ALPR datasets themselves do not contain owner information, law enforcement has easy access to databases that link car owners to their license plate numbers.[28]

This means that ALPR data can substantiate the accusation that a person is a healthcare traveler, their travel companion or healthcare provider. The person who drives their own car implicates themself. The person who gets a ride implicates their driver. ALPR add-on services also make profiling easy for law enforcement. Motorola Solutions’ Vigilant PlateSearch, for example, offers a “Stakeout” feature that tracks visitors to particular addresses.[29] Efforts to provide geolocation services that exclude sensitive locations like abortion clinics have had dangerously subpar results: Google’s location services recently tracked a reporter’s visits to several abortion clinics despite Google’s express efforts to exclude them from its location data.[30]

ALPR data even meets key criteria for efficient profiling. It’s easily linked to data that identifies car owners. It is consolidated and easily accessed: ALPR vendor Flock collects data from over 1,500 cities across 42 states and sells access to that data;[31] Motorola’s Vigilant reported 120 million new scans per month as early as 2016.[32] And because most states don’t have strong protections around ALPR data, it can be stored for a long time (e.g., up to three years in Colorado[33]) and shared across state lines. ALPR data gets around even when laws restrict its sharing: some of California’s largest police departments collected and shared license plate data “with entities around the country—without having necessary security policies in place, in violation of state law.”[34]

ALPR data is the tip of the car data iceberg. It can be supplemented with data from license plate readers at parking garages and parking lots, which can be used to track known healthcare travelers or to identify unknown ones.[35] It can be supplemented by data generated by cars themselves. A driver who uses a car’s built-in navigation program shares their whole trip with the company that provided directions—whether a telematics company like GM OnStar or an infotainment system like Apple CarPlay or Google Android Auto.[36] This data checks all boxes for efficient profiling: it includes personally identifying data and destination data, is consolidated in the hands of a few companies, retained a long while and accessible without a warrant according to companies’ business policies.[37] Prosecutors and state officials might also turn to street camera footage collected at and near clinics, which can be scanned for license plates on hot lists or scanned for cars with license plates from care-criminalizing states.[38] Street cameras near clinics could even provide footage of clinic visitors’ faces, which could be scanned using facial recognition tools for individuals targeted as healthcare travelers.[39]

Prosecutors and state officials can also tap data generated by cars to replace missing smartphone data. To date, abortion prosecutions relying on digital data have relied on texts and internet search histories—data that can be harvested from both smart phones and recent-model cars. 98% of new cars include an infotainment interface—the ubiquitous screen where car radios used to go.[40] A person who plugs their smartphone into an infotainment-equipped car’s USB port (even just to charge) syncs with that system.[41] While phone data has relatively strong protections against law enforcement searches while the data is on the phone, those protections disappear once the phone’s data is drained into a car.[42] A person who uses a car’s infotainment interface to text, browse the web, make a call or send email loses all of those protections when they use the infotainment system,[43] where their data is stored, often indefinitely, and shared with vehicle manufacturers, rental companies, infotainment providers, and app companies.[44] From there, the data is available for sale to third parties, including law enforcement.[45]

To date, abortion prosecutions relying on digital data have relied on texts and internet search histories—data that can be harvested from both smart phones and recent-model cars.”


IV. Other Ways to Go (and Where to Go)


Healthcare travelers in the U.S. may be most likely to drive to clinics, but there are alternatives. Short of driving the whole way, individuals can fly to a city and take a taxi to a healthcare clinic; take a train and walk from the station; drive to a friend’s house and take a bus from there, or mix and match any number of long distance and last-mile forms of travel.


Last-Mile Travel: Cars for Hire

Private cars are heavily surveilled—but so are Ubers and Lyfts, which generate data that can be used to target known healthcare seekers and to profile unknown ones. Rideshare companies like Uber and Lyft collect personally identifying rider data including account holder’s names, email addresses, phone numbers, payment information and destination data, and say they retain this data “for as long as necessary.”[46] (In practice, it’s a long time: Lyft keeps transactional data for seven years or more.[47]) In- vehicle cameras installed in many for-hire vehicles are available to law enforcement with less than a warrant,[48] and Uber agrees to the majority of law enforcement requests.[49] Uber’ and Lyft’s apps track the location of the mobile devices they’re installed on whenever the app is open.[50] In other words, getting out ofan Uber a few blocks from your destination isn’t sufficient to mask where you’re going.[51]

With careful measures, taking a taxi ride instead could lower a person’s profiling risk—except cities increasingly engage in data collection similar to rideshare companies. Chicago, Los Angeles, and St. Louis, for example, collect ridership data for city taxis that can connect individual riders to their routes.[52] New York City’s Taxi and Limousine Commission maintains a database of all taxi rides including destination data that can be publicly accessed through freedom of information requests.[53] Although this database is anonymized, taxi trip data can be combined with street camera footage to track an individual passenger, mitigating the anonymizing effects of paying for a taxi using cash.[54] Cities like Los Angeles and NYC also offer mobile apps (comparable to Uber’s) for hailing and paying for city taxis, introducing the same profiling risks that Ubers introduce.[55] This data appears to be available to prosecutors and state officials: NYC’s app vendor says it will disclose personal information regarding riders and their destinations to “any competent law enforcement body, regulatory, governmental agency, court or other third party where [it] believe[s] disclosure is necessary.”[56] Making matters worse, many taxis also surveil travelers with in-vehicle cameras. Cities like San Francisco even share in-vehicle camera footage with law enforcement agencies of other states.[57] States with safe haven laws aim to prevent such data from reaching officials in care-criminalizing states, but it is unclear that they can effectively stop “leaking” data given the extraordinary level of data sharing between cities, states, and the federal government, and between municipalities and commercial data brokers.[58]

In short: a person who avoids reserving a taxi with personally identifying information, who pays with cash and walks the last few blocks to their destination will likely avoid profiling. But there’s no guarantee that they won’t be tracked to a clinic if they are already known to prosecutors or state officials.


Last Mile Travel: Municipal Buses and Subways (Preferable)

Mass public transportation is intuitively safer—a person who gets off at a bus stop or subway station masks their ultimate destination. Prosecutors and state officials are unlikely to be able to leverage knowledge that someone got off at a particular subway or bus stop to prove that they visited a healthcare clinic. But while we recommend mass transport compared to alternatives, it still presents surveillance concerns. Cities increasingly track individuals’ travel on public buses and subways. Nationwide, municipalities have slashed riders’ ability to pay for bus and subway rides in cash—that is, anonymously. New York, for example, pushes riders to pay fares with their phone or credit card, which ties an individual rider’s identity to their route and, when combined with street camera footage, can place a person at their destination.[59] Systems like OMNY collect each rider’s name, age, photograph, email address, mailing address and payment information[60]—and OMNY doesn’t require a warrant to share this data with law enforcement.[61] Similar payment systems exist or are being introduced in other cities that welcome healthcare travelers, such as Chicago, San Francisco, Boston, and Los Angeles.[62] If prosecutors or state officials really want to prove that someone was on a particular subway or bus, they can even turn to surveillance cameras: many municipal buses and subways are equipped with video surveillance systems[63] whose footage can be fed through facial recognition tools to identify riders.[64]


Last Mile Travel: Scooter and Bikeshare Programs

Roadside scooter rentals[65] and public bikeshare programs[66] are now ubiquitous in U.S. cities. Given the surveillance risks associated with many other forms of city travel, a person could ostensibly attempt to complete their trip on a rideshare scooter or bicycle. But even these vehicles are heavily surveilled due to common city practices. To unlock a bike in Los Angeles, an individual must provide their cell phone number,[67] and is then prompted to provide additional personal information which, along with payment and ride data, may be shared with third parties.[68] (The city also collects real-time location data for all rental scooters on its streets.[69]) Other cities, like New York and Minneapolis, provide bikeshare programs through Lyft, introducing all of the surveillance risks associated with the company.[70] GPS-equipped bikes are “now the standard for bike share programs across the world”[71]— but these bikes continually emit location data[72] that would place a healthcare refugee at any clinic that they ride to. While it seems unlikely that prosecutors and state officials will access municipal scooter and bike data to pursue healthcare travelers, the level of surveillance they receive underscores the fact that travel surveillance is ubiquitous. No matter how a person arrives at a healthcare clinic, they’re likely to be tracked.

Long Distance Travel: Airplanes

An abortion clinic in Las Vegas puts the drive from Dallas at 17 hours and at 20 hours from Houston —before describing airline options as low as $50-70 and as short as two hours.[73] Many healthcare seekers cannot receive extended time off from school or work to obtain an abortion or gender- affirming care. If they can afford the fare, air travel is a viable option—but it is heavily surveilled. For individuals who have already been targeted by prosecutors or state officials, their airplane reservations, seat assignments, airport surveillance camera footage and more can confirm their travel and identify their travel companions. Airline data may even help profile some healthcare travelers. Thankfully, there are many unrelated reasons why a person might fly to a big city like Las Vegas, Chicago, or New York: choosing a clinic with this in mind may be enough to make the flight-related data described below mostly useless to prosecutors and state officials.

When someone books an airplane ticket, the airline generates a Passenger Name Record (PNR) containing a vast amount of information on the person flying. PNR data typically contains a passenger’s name, phone number, address, gender, credit card information, IP addresses—even hotel and car reservations if the booking is made through a third-party site like Expedia.[74] A traveler’s PNR is a rich source of associational data: it tells you who a person is traveling with[75] and who booked their ticket (concerning if someone’s ticket is booked by a fund specifically for abortions or gender-affirming care). Because a PNR is so detailed, it may be possible to use this data to generate profiles of individuals traveling to receive abortions or gender-affirming care. Prosecutors and state officials can tap demographic data, travel group composition, origin and destination data, and purchase data (e.g., ticket purchased last minute, in cash, or by certain organizations) to identify possible healthcare travelers. This practice wouldn’t be new: federal law enforcement agencies already flag young men traveling alone between certain locations using tickets paid in cash as possible drug couriers.[76]

If past precedent holds, prosecutors and state officials should have easy access to individuals’ PNR data. Most is stored by one of three Computerized Reserve System (CRS) companies. CRS companies have a history of collaborating with law enforcement.[77][78] Two of the three largest CRS companies are located in Texas and Georgia, states that restrict abortion and gender-affirming care.[79] PNR data is also accessible online on certain websites: reservations made by airlines that use Sabre or Worldspan (two main CRS companies) and reservations made on sites like Expedia and Orbitz are retrievable online with basic information such as a passenger’s surname.[80] If prosecutors and state officials can’t get access to PNR data, or want to confirm that someone took their trip, they may also be able to tap the Transportation Security Administration (“TSA”) and Department of Homeland Security’s Secure Flight data.[81] Used to check travelers’ identities against the TSA’s no-fly watchlists,[82] the Secure Flight program is the reason that passengers must typically present identification at airports’ TSA checkpoints—and why it’s virtually impossible to fly anonymously.

If this weren’t enough, prosecutors and state officials can also tap ubiquitous CCTV camera footage in airports. Airports are owned by state and local governments.[83] That means that state and local governments in care-restricting states can access video footage to verify (using facial recognition technology) that someone traveled out of state to receive criminalized care. This isn’t a theoretical possibility: already, the TSA is using facial recognition to do routine ID checks of passengers at airports, with plans to make this technology a permanent, mandatory fixture of the air travel nationwide.[84]

“Prosecutors and state officials can tap demographic data, travel group composition, origin and destination data, and purchase data (e.g., ticket purchased last minute, in cash, or by certain organizations) to identify possible healthcare travelers.”

Long Distance Travel: Long Haul Buses

For healthcare seekers who don’t drive or can’t fly, long-distance buses can be an affordable and viable option. Bus travel isn’t anonymous: bus companies generate passenger manifests; some Greyhound terminals are video surveilled.[85] But bus travelers can significantly reduce their surveillance by not buying their tickets online. A traveler who buys their ticket online with Greyhound (the biggest and only carrier serving many locations) registers the same data that an airplane passenger does: name, address, payment information, travel companions, and so on—plus “demographic data” that Greyhound collects or receives from third parties.[86] The company retains this data for ten years,[87] and it is ostensibly available to prosecutors and state officials: Greyhound historically cooperates with law enforcement.[88] But healthcare travelers can buy tickets in person with cash,[89] or tap another person to purchase a “prepaid” Greyhound ticket for them.[90] In both cases, Greyhound notes travelers’ names in its passenger manifest—but it doesn’t necessarily collect much more data, and it doesn’t require ID to board.[91] Provided a passenger doesn’t buy their ticket online and doesn’t get off the bus across the street from the clinic that they are visiting, their long-haul bus data should be relatively useless to prosecutors and state officials.

Long Distance Travel: Amtrak

Something similar can be said for riding on Amtrak. To be sure, the company surveils its customers heavily: a traveler who books a train ticket using the company’s website registers their name, address, payment information, travel companions, and so on.[92] If it can, Amtrak even collects passengers’ social media handles.[93] The company has also shown a special interest in profiling travelers (though not healthcare seekers in particular): it analyzes passengers’ social media to target advertisements to them,[94] and provided passenger information to the TSA specifically to screen and profile passengers.[95] But as with Greyhound, a traveler can purchase an Amtrak ticket in person, with cash[96] and register far less information—though their name will still make Amtrak’s passenger manifest. If a healthcare refugee pays cash, it seems improbable that evidence that they rode a train to say, Chicago, will be sufficient to be used against them.


V. Accommodations

By definition, healthcare travelers are a long way from home. Individuals seeking abortions also routinely book two appointments: twenty-seven states require two appointments, typically spaced 24 hours apart, and fifteen states require both appointments to be in person.[97] This means that once healthcare travelers reach their destination, many will need a safe place to stay.

Hotels and Motels

In 2022, a reproductive healthcare clinic opened in Carbondale, IL in anticipation of Tennessee’s abortion ban.[98] Less than a mile down the road, S.T.O.P. found a Wyndham-owned motel. But this is the kind of convenient accommodation choice puts healthcare travelers at risk of dangerous surveillance.

Hotels compile detailed guest profiles, consolidate that data, and often volunteer it (or sell it indirectly) to law enforcement. The Wyndham Hotel conglomerate, one of the largest franchises in the United States, collects guests’ names, mailing addresses, phone numbers, email addresses, credit card numbers, social media accounts, government-issued ID, geolocation information, demographic information, and more.[99] It is typically impossible to check in anonymously, even by paying cash: municipal laws routinely prevent hotels from renting rooms for cash unless a person presents their ID or a housing voucher.[100] And because only a few major franchises own the vast majority of U.S. hotels and motels,[101] their data is consolidated in the hands of just a few companies. Critically, local laws often mandate that they keep guest registries on hand for years.[102] Law enforcement has been barred from forcing hotels to disclose this guest information without a warrant since 2015.[103] But courts have decreed that hotels can freely disclose personal guest information, even without the consent or knowledge of guests.[104] And they do, in response to police pressure (and bribes) to “voluntarily” turn over their guest registries.[105] Prosecutors and state officials can also purchase hotel data that they cannot obtain through persuasion.[106] Evidence Wyndham Hotel’s terms and conditions: “we may license, sell, or otherwise share your personal Information with selected third parties for compensation.”[107] Law enforcement routinely does business with third-party data brokers.[108]

Motels are no better than hotels, and the evidence suggests that they may be worse. Motel 6 is arguably one of the worst and largest perpetrators. Across multiple states, Motel 6 employees testified that it was standard practice to share guest information with immigration authorities, with one stating that they “send a report every morning to ICE—all the names of everybody that comes in.”[109] In Arizona, Motel 6 shared 80,000 guests’ data with law enforcement over two years.[110] In Washington State, a separate lawsuit revealed that seven Motel 6’s shared nearly 10,000 guests’ driver’s licenses, license plate numbers and other personal data with law enforcement in violation of the company’s privacy policy.[111]

In short: appropriately chosen, a hotel or motel’s location won’t reveal a person’s healthcare destination—but the hotel or motel may volunteer everything it does know about a guest to prosecutors or state officials.

“Courts have decreed that hotels can freely disclose personal guest information, even without the consent or knowledge of guests. And they do, in response to police pressure (and bribes) to ‘voluntarily’ turn over their guest registries.”


Short-Term Rentals

Healthcare travelers can defang, though not avoid, hotels’ and motels’ extraordinary surveillance by traveling to a big city or by not staying too close to the clinic that they will be visiting. Alternatively, they can choose a short-term rental. The U.S. Civil Code bars law enforcement from accessing short-term rental data (“name, address, phone records, usage dates, and means of payment”) without an administrative subpoena.[112] Guest communication is even harder to access, requiring a criminal search warrant. Airbnb, the country’s largest short-term rental platform,[113] says as much in its privacy policy: the company doesn’t give up sensitive customer information without a judge’s order.[114] (S.T.O.P. confirmed this in correspondence with an Airbnb privacy officer, who wrote that the company “cannot release information about user accounts without a subpoena or search warrant.”[115]) That said, Airbnb has come under fire for sharing host information with law enforcement.[116] Given that laws criminalizing healthcare frequently target people who help others obtain care, such data sharing puts short-term rental hosts at risk of prosecution or investigation.

Private Accommodations

Staying at the home of a trusted person is another safe option: friends, family, and “aunties”[117] don’t keep guest registries. But there is one important caveat. Residents of public housing effectively lack the right to a private domestic sphere.[118] Police can use “location characteristics” and extremely minor housing rule infractions (even tall grass) as bases for searches.[119] Combined with the widespread use of police-installed facial recognition technologies in low-income neighborhoods,[120] residents of public housing live under constant surveillance. Healthcare travelers should bear this in mind when staying with friends and family.

“Residents of public housing effectively lack the right to a private domestic sphere.”

VI. Who Pays if Prosecutors and State Officials Profile Healthcare Seekers

Digital surveillance data makes profiling easy and suggests that travel data will be weaponized to identify new targets for healthcare prosecutions and investigations. Location data brokers already offer maps indicating where visitors to particular clinics live.[121] S.T.O.P. used one such platform to place the homes of some visitors to an Illinois abortion clinic across the river in Missouri, where abortion is banned.[122]

Politically motivated profiling is likely to impact members of privileged communities that have been traditionally immune to the practice.[123] But the history of police profiling suggests that members of marginalized communities will continue to pay disproportionately. Law enforcement has used profiling over and over again to scrutinize these communities. Until 1975, appearing to be Latinx and traveling near the border was sufficient pretext for a traffic stop.[124] Since then, Immigration and Customs Enforcement has gone high tech with travel data: in 2020, it purchased and used geolocation data from millions of smartphones to profile undocumented individuals based on their travel.[125] The Drug Enforcement Agency (“DEA”) conducts mass surveillance of travel with its “drug courier profile,” which flags travel characteristics like flying from a major city, paying for one’s ticket in cash, and not checking luggage.[126] DEA agents also stop travelers based on hunches, a practice that the Department of Justice characterizes as racial profiling.[127] In one case, 22-year-old Joseph Rivers boarded an Amtrak train to LA to start a career as a music video producer—only to have $16,000 in cash that he and his mother had saved for his new life seized by DEA agents.[128] Rivers was the only Black passenger in his section, and the only passenger searched.[129]

Since 9/11, Muslim Americans’ travel data has also been weaponized to profile them as supposed threats to national security.[130] Post-9/11, Muslim Americans and those perceived to be Muslim have been subject to dehumanizing scrutiny when they travel, including extra security checks, tedious airport searches, and extensive questioning unrelated to their travel.[131] Previous visits to Muslim- majority countries are a pretext for profiling. With no common characteristic other than previous travel, air passengers can be subject to scrutiny for dozens of future trips.[132] This scrutiny increases even more if a traveler purchases one-way tickets, pays in cash, has an unusual itinerary, or flies from flagged destinations.[133] As with other profiling, the consequences have been dire: ordinary citizens not under investigation by any agency[134] have been added to the TSA’s suspected terrorist watch lists.[135]

All of this is to say that travel-related profiling is not new—and should this technique be turned on healthcare travelers, law enforcement is likely to follow a well-worn path of penalizing marginalized Americans disproportionately and without cause.


Conclusion

State bans on vital healthcare are creating a crisis right here in the U.S.. State laws that counter these bans by creating healthcare sanctuaries help travelers. But as long as states, private companies, and federal agencies continue to restrict or prohibit anonymous travel and cash payment, and collect and leak healthcare seekers’ personal data—travel data, healthcare data, smartphone data, payment data— they will not effectively shield healthcare seekers from investigation and prosecution.



  • [1] “Advan Home Page,” Advan Research, accessed June 16, 2023, https://advanresearch.com/.

    [2] “Tracking the States Where Abortion Is Now Banned,” The New York Times, May 24, 2022, updated June 5, 2023, sec. U.S., https://www.nytimes.com/interactive/2022/us/abortion-laws-roe-v-wade.html.

    [3] This figure includes states with preexisting abortion bans. Elizabeth Nash and Isabel Guarnieri, “Six Months Post-Roe, 24 US States Have Banned Abortion or Are Likely to Do So: A Roundup,” Guttmacher Institute, January 10, 2023, https://www.guttmacher.org/2023/01/six-months-post-roe-24-us-states-have-banned-abortion-or-are-likely-do-so-roundup.

    [4] Annette Choi, “Record Number of Anti-LGBTQ Bills Have Been Introduced This Year,” CNN, April 6, 2023, https://www.cnn.com/2023/04/06/politics/anti-lgbtq-plus-state-bill-rights-dg/index.html.

    [5] “Map: Attacks on Gender Affirming Care by State,” Human Rights Campaign, last modified June 1, 2023, https://www.hrc.org/resources/attacks-on-gender-affirming-care-by-state-map.

    [6] Azeen Ghorayshi, “Many States Are Trying to Restrict Gender Treatments for Adults, Too,” The New York Times, April 22, 2023, sec. Health, https://www.nytimes.com/2023/04/22/health/transgender-adults-treatment-bans.html.

    [7] Louisiana is an exception in that it allows gender-affirming care for youth. It does have an abortion ban in place.

    [8] H.B. 242, Sess. of 2023 (Ida. 2023), https://legislature.idaho.gov/sessioninfo/2023/legislation/H0242.

    [9] Sarah Fentem, “Missouri Lawmaker Wants to Make it a Crime to Help People Get Abortions Out of State,” KCUR 89.3 St. Louis Public Radio, March 14, 2022, https://www.kcur. org/politics-elections-and-government/2022-03-14/missouri-lawmaker- wants-to-make-it-a-crime-to-help-people-get-abortions-out-of-state; Caroline Kitchener and Devlin Barrett, “Antiabortion Lawmakers Want to Block Patients from Crossing State Lines,” Washington Post, June 30, 2022, https://www.washingtonpost.com/ politics/2022/06/29/abortion-state-lines/.

    [10] Simmone Shah, “What Abortion Safe Haven States Can Do,” Time, June 27, 2022, https://time.com/6191581/abortion-safe- haven-states/.

    [11] Alison Kuznitz, “Massachusetts Abortion Protections Bill, Shielding Providers and Patients, Signed Into Law by Gov. Charlie Baker,” MassLive, July 29, 2022, https://www.masslive.com/politics/2022/07/massachusetts-abortion-protections-bill- shielding-providers-and-patients-signed-into-law-by-gov-charlie-baker.html.

    [12] “Senator Wiener’s Historic Bill to Provide Refuge for Trans Kids and Their Families Signed Into Law,” Scott Wiener Senate District 11, accessed June 16, 2015, https://sd11.senate.ca.gov/news/20220930-senator-wiener%E2%80%99s-historic-bill- provide-refuge-trans-kids-and-their-families-signed-law.

    [13] S.2475B, 2023-2024 Senate, Reg Sess, (N.Y. 2023), https://www.nysenate.gov/legislation/bills/2023/S2475/amendment/B.

    [14] Christopher Wiggins, “New Jersey Governor Declares State a ‘Safe Haven’ for Gender-Affirming Care,” Advocate, April 5, 2013, https://www.advocate.com/politics/gender-affirming-care-nj-haven.

    [15] Lisa Baumann and Steve Karnowski, “Washington, Minnesota Become Transgender and Abortion Sanctuaries,” PBS News Hour, April 27, 2023, https://www.pbs.org/newshour/politics/washington-minnesota-become-transgender-and-abortion- sanctuaries.

    [16] Emily Bazelon, “Purvi Patel Could Be Just the Beginning,” The New York Times, April 1, 2015, sec. Magazine, https://www.nytimes.com/2015/04/01/magazine/purvi-patel-could-be-just-the-beginning.html.

    See also Albert Fox Cahn and Eleni Manis, “Pregnancy Panopticon: Abortion Surveillance After Roe,” Surveillance Technology Oversight Project, May 24, 2022, https://www.stopspying.org/pregnancy-panopticon.

    [17] Cynthia Conti-Cook and Kate Bertash, “Digital Surveillance Presents New Threats to Reproductive Freedoms,” Washington Post, December 15, 2021, https://www.washingtonpost.com/outlook/2021/12/15/digital-surveillance- reproductive-freedom/.

    [18] Emily Bazelon, “A Mother in Jail for Helping Her Daughter Have an Abortion,” The New York Times, September 22, 2014, sec. Magazine, https://www.nytimes.com/2014/09/22/magazine/a-mother-in-jail-for-helping-her-daughter-have- an-abortion.html.

    [19] In May 2022, the Federal Trade Commission sued location data broker Kochava on the grounds that its sale of geolocation data from millions of smartphones could expose individuals visiting abortion clinics, worship places, domestic abuse shelters, and other sensitive locations. Complaint for Permanent Injunction and Other Relief, Fed. Trade Comm'n v. Kochava Inc., No. 2:22-CV-00377-BLW, 2023 WL 3249809 (D. Idaho May 4, 2023), available at https://www.ftc.gov/system/files/ftc_gov/pdf/1. Complaint.pdf.

    [20] Anticipating that prosecutors would tap its vast trove of location data for abortion-related prosecutions, Google enacted a sensitive locations policy in July 2022 to delete users’ location data when they visit abortion clinics and certain other medical facilities. Jen Fitzpatrick, “Protecting People’s Privacy on Health Topics,” Google: The Keyword, May 12, 2023, https://blog.google/technology/safety-security/protecting-peoples-privacy-on-health-topics/.

    [21] Abby Ohlheiser, “Anti-Abortion Activists are Collecting the Data They’ll Need for Prosecutions Post-Roe,” MIT Technology Review, May 31, 2022, https://www.technologyreview.com/2022/05/31/1052901/anti-abortion-activists-are-collecting-the- data-theyll-need-for-prosecutions-post-roe/.

    [22] Ohlheiser, “Anti-Abortion Activists.”

    [23] Ohlheiser, “Anti-Abortion Activists.”

    [24] “Automated License Plate Readers,” Atlas of Surveillance, Electronic Frontier Foundation, accessed June 13, 2013, https://atlasofsurveillance.org/search?utf8=%E2%9C%93&location=&technologies%5B85%5D=on.

    [25] Shan Du, Mahmoud Ibrahim, Mohamed Shehata, and Wael Badawy, Automatic License Plate Recognition (ALPR): A State-of- the-Art Review, IEEE Transactions on Circuits and Systems for Video Technology 23, no. 2 (February 2016): 311-325, https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6213519.

    [26] David J. Roberts and Meghann Casanova, “Automated License Plate Recognition (ALPR) Use by Law Enforcement: Policy and Operational Guide, Summary,” International Association of Chiefs of Police Technology Center, August 2012, https://www.ojp.gov/pdffiles1/nij/grants/239605.pdf.

    [27] “Automated License Plate Readers (ALPRs),” Street-Level Surveillance, Electronic Frontier Foundation, last modified August 28, 2017, https://www.eff.org/pages/automated-license-plate-readers-alpr.

    [28] “ALPRs,” Electronic Frontier Foundation.

    [29] Dave Maass, “Automated License Plate Readers Threaten Abortion Access. Here's How Policymakers Can Mitigate the Risk,” Electronic Frontier Foundation, September 28, 2022, https://www.eff.org/deeplinks/2022/09/automated-license-plate-readers- threaten-abortion-access-heres-how-policymakers.

    [30] Geoffrey A. Fowler, “Google Promised to Delete Sensitive Data. It Logged My Abortion Clinic Visit.,” Washington Post, May 9, 2023, https://www.washingtonpost.com/technology/2023/05/09/google-privacy-abortion-data/.

    [31] Thor Benson, “The Danger of License Plate Readers in Post-Roe America,” Wired, July 7, 2022, https://www.wired.com/story/license-plate-reader-alpr-surveillance-abortion/.

    [32] Kaveh Waddell, “How License-Plate Readers Have Helped Police and Lenders Target the Poor,” The Atlantic, April 22, 2016, https://www.theatlantic.com/technology/archive/2016/04/how-license-plate-readers-have-helped-police-and-lenders-target- the-poor/479436/.

    [33] “Automated License Plate Readers: State Statutes,” National Conference of State Legislatures, last updated February 3, 2022.

    [34] Todd Feathers, “California Police Have Been Illegally Sharing License Plate Reader Data,” Vice, February 13, 2020, https://www.vice.com/en/article/y3mb8b/california-police-have-been-illegally-sharing-license-plate-reader-data.

    [35] License plate readers are increasingly installed in parking garages and municipal and university parking lots.

    [36] Evan Enzer, Anna Sipek, Mahima Arya, Nina Loshkajian, David Siffert, and Eleni Manis, “Wiretaps on Wheels: The Acceleration of Automotive Surveillance,” Surveillance Technology Oversight Project, November 1, 2022, https://www.stopspying.org/wiretaps-on-wheels.

    [37] Enzer, “Wiretaps On Wheels.”

    [38] Maass, “Automated License Plate Readers Threaten Abortion Access.”                                  

    [39] Like ALPRs, street camera surveillance is ubiquitous in U.S. cities. Paul Bischoff, “CCTV Surveillance in the Most Populated Cities in the United States,” Comparitech, February 3, 2021, https://www.comparitech.com/blog/vpn-privacy/us-surveillance- camera-statistics.

    [40] Keith Barry, “Screen Stars: Which Infotainment System Deserves a Leading Role in Your Next Car?,” Consumer Reports, August 5, 2020, https://www.consumerreports.org/infotainment-systems/screen-stars-in-car-infotainment-systems/.

    [41] Robert S. Kinder “Infotainment Systems: What’s in Your Car & How Is It Used?” DJS Associates, October 9, 2017. https://www.forensicdjs.com/blog/infotainment-systems-whats-car-used/.

    [42] Enzer, “Wiretaps On Wheels.”

    [43] Barry, “Infotainment Systems.” See also Olivia Solon, “Insecure Wheels: Police Turn to Car Data to Destroy Suspects’ Alibis,” NBC News, December 28, 2020, https://www.nbcnews.com/tech/tech-news/snitches-wheels-police-turn-car-data-destroy- suspects-alibis-n1251939.

    [44] “Connected Cars: What Happens to Our Data on Rental Cars?,” Privacy International, December 2017, https://www.privacyinternational.org/sites/default/files/2017-12/cars_briefing.pdf.

    [45] “Big Data Market in the Automotive Industry Size & Share Analysis - Growth Trends & Forecasts (2023 - 2028),” Mordor Intelligence, accessed April 15, 2022, https://www.mordorintelligence.com/industry-reports/big-data-market-in-the- automotive-industry. See also Jeff Plungis, “Who Owns the Data Your Car Collects?,” Consumer Reports, May 2, 2018, https://www.consumerreports.org/automotive-technology/who-owns-the-data-your-car-collects/.

    [46] “Uber Privacy Notice,” Uber, last modified December 23, 2022, https://www.uber.com/legal/da/document/?country=united- states&lang=en&name=privacy-notice. “Lyft Privacy Policy,” Lyft, last updated December 12, 2022, https://www.lyft.com/privacy.

    [47] Lyft, “Privacy Notice.”

    [48] Bloomberg, “Dashboard Cameras on Uber Taxis Raise Privacy Concerns,” The National, November, 23, 2019, https://www.thenationalnews.com/business/dashboard-cameras-on-uber-taxis-raise-privacy-concerns-1.941261 .

    [49] “Law Enforcement Requests,” Uber, accessed on March 23, 2023, https://www.uber.com/us/en/about/reports/transparency/law-enforcement/.

    [50] “How Ridesharing Services Can Take Your Privacy for a Ride,” Norton, August 8, 2018, https://us.norton.com/blog/privacy/ridesharing-privacy-ride#.

    [51] Kelley Travers, “3 Questions: The Price of Privacy in Ride-Sharing App Performance,” MIT Energy Initiative, October 14, 2020, https://news.mit.edu/2020/3-questions-price-privacy-ride-sharing-app-performance-1014.

    [52] See, for example, Christopher Carey, “LA to Expand Data-Sharing Rules to Taxi Sector,” Cities Today, March 17, 2021, https://cities-today.com/la-to-expand-data-sharing-rules-to-taxi-sector/; “Privacy Policy / Terms & Conditions,” St. Louis County Cab Company, Inc. Privacy Policy, St. Louis County & Yellow Taxi, accessed March 7, 2023, https://countycab.com/privacypolicy/; see also Open Data Portal Team, “How Chicago Protects Privacy in TNP and Taxi Open Data,” City of Chicago Developers, April 12, 2019, http://dev.cityofchicago.org/open%20data/data%20portal/2019/04/12/tnp- taxi-privacy.html (explaining that taxi ridership data collected by city agencies, even when aggregated and anonymized, can be reverse engineered to establish a “fingerprint” allowing for re-identification of an individual rider when combined with other data sets).

    [53] J.K. Trotter, “Public NYC Taxicab Database Lets You See How Celebrities Tip,” Gawker, October 23, 2014, https://www.gawker.com/the-public-nyc-taxicab-database-that-accidentally-track-1646724546.

    [54] Trotter, “Celebrities Tip.”

    [55] Christopher Carey, “LA to Expand Data-Sharing Rules to Taxi Sector,” Cities Today, March 17, 2021, https://cities- today.com/la-to-expand-data-sharing-rules-to-taxi-sector/. See also Alex Samuely, “Taxi Apps Join Forces to Provide Improved Payment Experience for Users,” RetailDive, Industry Dive, accessed March 7, 2023, https://www.retaildive.com/ex/mobilecommercedaily/taxi-apps-join-forces-to-provide-improved-payment-experience-for- users.

    [56] “Privacy Policy,” Verifone, last modified Nov. 29, 2021, https://www.verifone.com/en/privacy#:~:text=We%20take%20data%20protection%20and,%2C%20access%2C%20disclosure% 20or%20use.

    [57] “Surveillance Technology Policy,” City of San Francisco Municipal Transportation Agency, accessed March 7, 2023, https://sf.gov/sites/default/files/2022-04/MTA%20Taxi%20Cab%20Dashboard%20Camera%20STP_0.pdf .

    [58] Consider, for example, the role of fusion centers in sharing data between municipal, state and federal agencies and private sector parties.

    [59] Aram Zucker-Scharff, “The MTA’s Switch to OMNY Machines is a Privacy Nightmare,” Fast Company, Sept. 11, 2022, https://www.fastcompany.com/90788367/the-mtas-switch-to-omny-machines-is-a-privacy-nightmare.

    [60] “OMNY Privacy Policy,” OMNY, June 7, 2022, https://omny.info/privacy-policy.

    [61] Ali Winston, “The NYC Subway’s New Tap-to-Pay System Has a Hidden Cost—Rider Data,” The Verge, March 16, 2020, https://www.theverge.com/2020/3/16/21175699/mta-omny-privacy-security-smartphone-identifier-location-nyc.

    [62] “Do Not Track: A Guide to Data Privacy For New Transit Fare Media,” TransitCenter, March 22, 2021, https://transitcenter.org/publication/do-not-track-a-guide-to-data-privacy-for-new-transit-fare-media/. See also “How Open Tap-to-Ride Payments Improve the Passenger Experience,” U.S. Bank, Government Technology, June 1, 2022, https://www.govtech.com/sponsored/how-open-tap-to-ride-payments-improve-the-passenger-experience. See also “Where You Can Ride Transit Using Apple Pay,” Apple, Feb. 3, 2023, https://support.apple.com/en-us/HT207958. See also “Just Cities Toolkit: Transit Technology,” Surveillance Technology Oversight Project, March 8, 2022, https://static1.squarespace.com/static/61e97b77bece8a66e53139cc/t/62151d88e2545265fa755965/1645550989645/2022.2.2 2_Just+Cities_Transit_FINAL.pdf.

    [63] Larry W. Thomas, “Legal Implications of Video Surveillance on Transit Systems,” Legal Research Digest 52 (March 2018): 42, https://nap.nationalacademies.org/read/25055/chapter/14. Skylar Woodhouse, “NYC Subways Now Have Almost 400 Cameras Watching Train Cars,” Bloomberg, December 12, 2022, https://www.bloomberg.com/news/articles/2022-12-12/nyc-subways- now-have-almost-400-cameras-watching-train-cars.

    [64] Thomas, “Legal Implications,” 42.

    [65] See, for example, “Find Lime Cities and Region,” Lime Micromobility, accessed June 15, 2023, https://www.li.me/locations.

    [66] Dan Malouff, “All 119 US Bikeshare Systems, Ranked by Size,” Greater Greater Washington, January 26, 2017, https://ggwash.org/view/62137/all-119-us-bikeshare-systems-ranked-by-size.

    [67] “Sign-Up,” Metro Bike Share, accessed June 13, 2023, https://bikeshare.metro.net/signup/#/.

    [68] “Privacy Policy,” Metro Bike Share, accessed June 13, 2013, https://bikeshare.metro.net/privacy-policy/.

    [69] Ryan Fonseca, “LA’s Scooter Data Collection Does Not Violate Fourth Amendment, Federal Court Says,” LAist, March 1, 2021, https://laist.com/news/ladot-aclu-lawsuit-scooter-data-collection.

    [70] “Homepage,” NiceRide MN, accessed June 13, 2023, https://niceridemn.com/; “Membership Plans,” CitiBike, accessed June 13, 2023, https://citibikenyc.com/.

    [71] Matthew Brown, “Processing Millions of Bikeshare GPS Points with ArcGIS,” ECCE, Esri Canada, April 4, 2019, https://ecce.esri.ca/mac-blog/2019/04/04/processing-millions-of-bikeshare-gps-points-with-arcgis/.

    [72] Elizabeth Woyke, “The Secret Data Collected by Dockless Bikes is Helping Cities Map Your Movement,” MIT Technology Review, September 28, 2018, https://www.technologyreview.com/2018/09/28/139983/the-secret-data-collected-by-dockless- bikes-is-helping-cities-map-your-movement/.

    [73] “Traveling To Nevada For Out-Of-State Abortion Services,” Birth Control Care Center, accessed June 13, 2023, https://birthcontrolcarecenter.com/traveling-to-nevada-for-out-of-state-abortion-services/.

    [74] Edward Hasbrouck, “What's in a Passenger Name Record (PNR)?” The Practical Nomad: Edward Hasbrouck’s Blog, accessed June 13, 2023, https://hasbrouck.org/articles/PNR.html#CRS.

    [75] Hasbrouck, “What's in a Passenger Name Record (PNR)?.”

    [76] Edward Hasbrouck, “Freedom to Travel to Get an Abortion,” The Identity Project, September 22, 2022, https://papersplease.org/wp/2022/09/22/freedom-to-travel-to-get-an-abortion.

    [77] Thomas Brewster, “The FBI Is Secretly Using A $2 Billion Travel Company As A Global Surveillance Tool,” Forbes, July 16, 2020, https://www.forbes.com/sites/thomasbrewster/2020/07/16/the-fbi-is-secretly-using-a-2-billion-company-for-global-travel- surveillance--the-us-could-do-the-same-to-track-covid-19/?sh=aee30ce57eb1.

    [78] Thomas Brewster, “U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week,” Forbes, June 8, 2022, https://www.forbes.com/sites/thomasbrewster/2022/06/08/exclusive-us- government-ordered-travel-companies-to-spy-on-russian-hacker-for-years-and-report-his-whereabouts-every- week/?sh=564c18755339.

    [79] There are no federal protections for PNR data housed by CRS companies. Edward Hasbrouck, “Who’s Watching You While You Travel?,” The Practical Nomad: Edward Hasbrouck’s Blog, April 18, 2002, https://hasbrouck.org/articles/watching.html

    [80] Hasbrouck, “What's in a Passenger Name Record (PNR)?.”

    [81] Privacy Impact Assessment Update for Secure Flight Silent Partner and Quiet Skies DHS/TSA/PIA-018(i). (2019), https://www.dhs.gov/sites/default/files/publications/pia-tsa-spqs018i-april2019_1.pdf.

    [82] Privacy Impact Assessment Update.

    [83] “Airport Infrastructure Funding,” Airports Council International - North America, 2018, https://airportscouncil.org/advocacy/airport-infrastructure-funding.

    [84] “TSA Myth Busters: Biometrics,” Transportation Security Administration, accessed February 13, 2023, https://www.tsa.gov/sites/default/files/biometricsmythvsfacts_6_7_22.pdf.

    [85] “Greyhound Takes New Security Measures,” United Press International, October 24, 2001, https://www.upi.com/Top_News/2001/10/24/Greyhound-takes-new-security-measures/18611003959737/.

    [86] “Privacy Policy,” Greyhound, last modified February 22, 2023, https://www.greyhound.com/privacy-policy

    [87] Greyhound, “Privacy Policy.”

    [88] Amy Martyn, “Some Passengers Learn Too Late that Greyhound Gives Easy Access to Law Enforcement,” Consumer Affairs, June 28, 2018, https://www.consumeraffairs.com/news/some-passengers-learn-too-late-that-greyhound-gives-easy-access-to- law-enforcement-062818.html.

    [89] For example, Greyhound allows customers to purchase tickets using cash.“Payment and Ticket Options,” Greyhound, accessed March 7, 2023, https://www.greyhound.com/help-and-info/payments-and-tickets.

    [90] Kimberlee Johnson, “How To Avoid Greyhound Gift Ticket Fee: Explained (2023),” Howkapow, last modified February 15, 2023, https://howkapow.com/how-to-avoid-greyhound-gift-ticket-fee/.

    [91] “Passenger Fare Tariff and Sales Manual,” Greyhound Lines Inc, last modified May 27, 2022, http://extranet.greyhound.com/Revsup/pfsm/pdf/sec01rr.pdf#page=10.

    [92] “Privacy Policy,” Amtrak, last modified May 27, 2022, https://www.amtrak.com/privacy-policy.

    [93] Amtrak, “Privacy Policy.”

    [94] Amtrak, “Privacy Policy.”

    [95] Edward Hasbrouck, “A Blacklist is Not a Basis for Search or Seizure,” Papers, Please!, February 4, 2023, https://papersplease.org/wp/category/buses-trains/. See also Mark Albert, “Amtrak Ask TSA to Start Screening Rail Passengers Against Terrorist Watchlist for First Time,” WVTM 13, last modified Apr. 6, 2022, https://www.wvtm13.com/article/amtrak-tsa- rail-passengers-screened/39639320#; Mark Albert, “TSA Confirms Controversial Amtrak Passenger Screening Program Underway,” WDSU6, last modified Apr. 8, 2022, https://www.wdsu.com/article/tsa-amtrak-passenger-screening-program- underway/39677630#.

    [96] “How to Purchase Tickets - Online, Mobile and More,” Amtrak, accessed June 13, 2023, https://www.amtrak.com/purchase- train-tickets.

    [97] “Counseling and Waiting Periods for Abortion,” Guttmacher Institute, last updated June 1, 2023,

    https://www.guttmacher.org/state-policy/explore/counseling-and-waiting-periods-abortion.

    [98] “Expansion Announcement,” CHOICES Center for Reproductive Health, May 5, 2022, https://yourchoices.org/expansion-

    announcement/.

    [99] Wyndham Hotels, “Privacy Policy,” accessed December 25, 2022. https://www.wyndhamhotels.com/ramada/about-us/privacy-notice#:~:text=Disclosure%20Permitted%20by%20Law%3A%20We,permitted%20to%20do%20so%20by.”

    [100] See, for example, Los Angeles Municipal Code, Ordinance No. 179533, http://clkrep.lacity.org/onlinedocs/2006/06-0125-s1_ord_179533.pdf.

    [101] Franchise Direct. “Major Hotel Franchise Conglomerates and the Brands They Own,” accessed December 25, 2022,

    https://www.franchisedirect.com/information/major-hotel-franchise-conglomerates-and-the-brands-they-own.

    [102] See, for example, this local ordinance from Greenfield, CA: “Such register shall be kept on the hotel site for a period of not

    less than four (4) years by the operator or business providing the accommodations.” Greenfield, Cal. Chapter 5.26 “Hotel Rates and Registration Requirement,” 5.26§060, (2022).

    [103] Patel v. City of Los Angeles (Patel I), 686 F. 3d 1085, 1086 (9th Cir. 2012).

    [104] See United States v. Sesay, No. 18-1071 (8th Cir. 2019), State of Washington v. Motel 6 Operating L.P., et al., and State v. Winslow, 55 So. 3d 910.

    [105] Eli Rosenberg, “Motel 6 Will Pay $12 Million to Guests Whose Personal Data Was Shared with ICE,” Washington Post, April 8, 2019, https://www.washingtonpost.com/nation/2019/04/06/motel-leaked-personal-data-guests-ice-officials-say-now-it-owes- them-million/.

    [106] Sharon Bradford Franklin, Greg Nojeim, and Dhanaraj Thakur, “Report - Legal Loopholes and Data for Dollars: How Law Enforcement and Intelligence Agencies Are Buying Your Data from Brokers,” Center for Democracy & Technology, December 9, 2021, https://cdt.org/press/new-cdt-report-how-law-enforcement-intel-agencies-are-evading-the-law-and-buying-your-data- from-brokers/.

    [107] “Privacy Notice,” Wyndham Hotels, last updated January 1, 2023, https://www.wyndhamhotels.com/content/whg-ecomm- responsive/en-us/whg/about-us/privacy-notice-more-info.display.html.

    [108] Franklin, Nojeim, and Thakur, “Legal Loopholes and Data for Dollars.”

    [109] Joe Patrice, “At Motel 6, We’ll Keep The Light On For You (And Then Maybe We’ll Call The Cops On You),” Above the Law, September 14, 2017, https://abovethelaw.com/2017/09/at-motel-6-well-keep-the-light-on-for-you-and-then-maybe-well-call- the-cops-on-you/.

    [110] Rosenberg, “Motel 6 Will Pay $12 Million to Guests.”

    [111] “AG Sues Motel 6 for Violating Privacy of, Discriminating Against Thousands of Washingtonians,” Office of the Attorney General, Washington State, January 3, 2018, https://www.atg.wa.gov/news/news-releases/ag-sues-motel-6-violating-privacy- discriminating-against-thousands-washingtonians.

    [112] “18 U.S. Code § 2703 - Required Disclosure of Customer Communications or Records,” Legal Information Institute, accessed June 16, 2023, https://www.law.cornell.edu/uscode/text/18/2703.

    [113] “The Most Used Booking Platforms for Short-Term Rentals and What Makes Them Attractive,” PhocusWire Research, March 2, 2022, https://www.phocuswire.com/Most-used-booking-platforms-short-term-rentals.

    [114] “How Does Airbnb Respond to Data Requests from Law Enforcement?,” Airbnb Help Center, Airbnb, accessed June 16, 2023, https://www.airbnb.com/help/article/960.

    [115] Private Email Communication with Airbnb Communication Service, Rakhi Moharil, October 19, 2022.

    [116] Airbnb, Inc. v. City of New York, 373 F. Supp. 3d 467 (Local Law 146 prompted one of the greatest privacy concerns regarding short term rentals, wherein Airbnb and its peers were forced to disclose all personal guest identifying information to law enforcement or face a $1500 fine per listing each month.)

    [117] Pranshu Verma, “Meet the Reddit ‘Aunties’ Covertly Helping People Get Abortions,” Washington Post, May 5, 2022, https://www.washingtonpost.com/technology/2022/05/04/reddit-auntie-network-abortion/.

    [118] Wyman v. James, 400 US 309 (1971).

    [119] Alexis Karteron, “When Stop and Frisk Comes Home: Policing Public and Patrolled Housing,” Case Western Reserve Law Review 69, no. 3 (2019), https://doi.org/10.2139/ssrn.3417793.

    [120] “Podcast: Facial Recognition is Quietly Being Used to Control Access to Housing and Social Services,” Project Greenlight; MIT Technology Review, December 2, 2020, https://www.technologyreview.com/2020/12/02/1012901/no-face-no-service/.

    [121] Joseph Cox, “Location Data Firm Provides Heat Maps of Where Abortion Clinic Visitors Live,” Vice, May 5, 2022, https://www.vice.com/en/article/g5qaq3/location-data-firm-heat-maps-planned-parenthood-abortion-clinics-placer-ai.

    [122] “Advan Home Page,” Advan Research, accessed June 16, 2023, https://advanresearch.com/.

    [123] Emily Wagster Pettus and Leah Willingham, “Black and Hispanic People Have the Most to Lose If Roe Is Overturned,” PBS NewsHour, May 4, 2022, https://www.pbs.org/newshour/nation/black-and-hispanic-people-have-the-most-to-lose-if-roe-is- overturned.

    [124] Denise Michaux, “Drug Courier Profiles and the Infringement of Fourth Amendment Rights." NYL Sch. J. Hum. Rts. 9 (1992): 435, https://digitalcommons.nyls.edu/cgi/viewcontent.cgi?article=1209&context=journal_of_human_rights. See also U.S. v. Brignoni-Ponce, 422 U.S. 873 (1975), https://supreme.justia.com/cases/federal/us/422/873/.

    [125] Carly Page, “New Documents Reveal ‘Huge’ Scale of US Government’s Cell Phone Location Data Tracking,” TechCrunch, July 18, 2022, https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking/; Byron Tau and Michelle Hackman, “Federal Agencies Use Cellphone Location Data for Immigration Enforcement,” Wall Street Journal, February 7, 2020, https://www.wsj.com/articles/federal-agencies-use-cellphone-location-data-for-immigration-enforcement-11581078600.

    [126] Larissa Cespedes-Yaffar, Shayona Dhanak, and Amy Stephenson, “U.S. V. Mendenhall, U.S. V. Sokolow, and the Drug Courier Profile Evidence Controversy,” Cornell University Law School Social Science and Law, 2010, https://courses2.cit.cornell.edu/sociallaw/student_projects/drugcourier.htm.

    [127] Hugh Handeyside, “The DEA’s ‘Cold Consent’ Encounters: Definitely Cold, Not So Consensual,” ACLU News & Commentary, January 30, 2015, https://www.aclu.org/news/criminal-law-reform/deas-cold-consent-encounters-definitely-cold-not.

    [128] Conor Friedersdorf, “The Injustice of Civil Asset Forfeiture,” Atlantic, May 12, 2015, https://www.theatlantic.com/politics/archive/2015/05/the-glaring-injustice-of-civil-asset-forfeiture/392999/.

    [129] Friedersdorf, “The Injustice of Civil Asset Forfeiture.”

    [130] Ellen Khater, “‘Flying While Arab’: The Experiences of Arab Americans in the Wake of 9/11,” Journal of American Ethnic History 31, no. 4 (2012): 74, https://doi.org/10.5406/jamerethnhist.31.4.0074.

    [131] Khater, “‘Flying While Arab’.” Council on American Islamic Relations, “Twenty Years Too Many: A Call to Stop the FBI’s Secret Watchlist”, June 12, 2023, https://www.cair.com/wp-content/uploads/2023/06/watchlistreport-1.pdf (estimating that 98% of the names on the FBI’s “watchlists” are Muslim).

    [132] Bill Fink, “The Dreaded SSSS Boarding Pass: What You Need to Know about TSA’s Enhanced Screening Tag,” Points Guy, May 26, 2022, https://thepointsguy.com/news/ssss-on-boarding-pass/.

    [133] Fink, “The Dreaded SSSS Boarding Pass.”

    [134] Jana Winter, “In ‘Quiet Skies’ Program, TSA Is Tracking Regular Travelers like Terrorists in Secret Surveillance,” Boston Globe, July 28, 2018, https://apps.bostonglobe.com/news/nation/graphics/2018/07/tsa-quiet- skies/?s_campaign=breakingnews:newsletter.

    [135] Winter, “‘Quiet Skies’ Program.”

Social Media Graphics