A Texas anti-abortion tip site collects sensitive information on people seeking and providing healthcare. Experts warn that data could be dangerous in the wrong hands.

• An anti-abortion advocacy group created an anonymous tip site encouraging Texans to rat out people getting abortions.
• Texas Right To Life's main website had leaked the resumes of more than 100 job applicants in early September, TechCrunch reported.
• Cybersecurity experts told Insider the group's lack of transparency about their data storage presents security and privacy concerns.

A website built to report on people seeking abortions in Texas may put their and their health providers' personal data and physical safety at risk, cybersecurity experts and abortion rights advocates say.

Texas Right to Life, an anti-abortion advocacy group, created a website that solicits anonymous tips about people getting abortions. Under the state's new law restricting abortions after six weeks of pregnancy, private citizens can enforce the law by suing the doctor performing an abortion, the person who drove someone seeking an abortion to a clinic, or anyone else who "aids and abets" an abortion.

The website asks tipsters to describe how they believe the law was violated, name specific doctors and clinics, and provide the county and zip code where they believe a violation occurred.

By soliciting identifying details about people seeking or providing healthcare, Texas Right to Life is compiling sensitive data that abortion rights advocates and cybersecurity experts are concerned the organization is ill-equipped to protect.

Insider asked Texas Right to Life for more clarity on their data security protocols, as well as what it plans to do with the data it collects through the tip site. Kimberlyn Schwartz, a spokesperson for the group, said it was implementing security protocols but would not elaborate on the organization's use of the data, describing it as "classified."

Dr. Richard Forno, the assistant director for the University of Maryland, Baltimore County's Center for Cybersecurity, told Insider that Texas Right to Life's lack of transparency is concerning.

"If the group is unwilling to be forthcoming about the process they're using to analyze and vet this information, that definitely should raise suspicions about their motivations if not also their competency," Forno said.

Hundreds of job applicants' information exposed

Concerns over Texas Right to Life's ability to secure sensitive information contained in whistleblower complaints from the tip site are not unwarranted: The organization has inadvertently leaked identifying details about prospective employees in the past.

According to TechCrunch, a website bug on Texas Right to Life's site leaked hundreds of job applicants' resumes exposing names, phone numbers, home addresses and employment histories. Texas Right to Life only found and repaired the security failure after the leak was flagged on social media.

Forno said the organization's inability to protect prospective employees "certainly raises questions" about its ability to protect user data from the tip site, which solicits considerably more sensitive data: the names of physicians and clinics performing abortions, their locations, and any other detailed "evidence" users can gather about abortion patients or providers.

Federal and state data compliance laws are rigid when it comes to protecting medical data, and in particular information about a patient's procedure, diagnosis, or test results. Considering the amount of detail the tip site solicits about a medical procedure, Texas Right to Life may not be doing enough to protect the information it gathers, argues Daly Barnett, a staff technologist at the Electronic Frontier Foundation, a privacy and digital civil liberties advocacy organization.

"Seems like they're more concerned with craven opportunism, rather than data hygiene and security compliance," Barnett said.

"They are positioning themselves to be safekeepers of all this sensitive data, but they can't even find proper web hosting," she continued, referencing the massive data security breach of Epik, a web platform that temporarily hosted the whistleblower website's domain.

The tip site has been removed from its web host and remains offline, after protesters flooded the site with memes and false reports. Texas Right to Life told Insider it is currently working on increasing the tip site's security measures before going back online.

Dangerous consequences for people seeking abortions and their health providers

The data from the tip site is at particular risk, according to Barnett, because it's valuable not only to governments, advertisers, and software companies, but also to individual users seeking creative ways to exploit the information.

If the whistleblower complaint data is improperly secured, cybersecurity experts and abortion rights advocates fear a breach would expose the personally identifying information of patients who have sought abortions and their doctors. Such a leak would not only be a gross invasion of privacy, they say, but could potentially put those identified in physical danger.

"I shudder even to consider the implications of an extremist anti-choice group having a database of Texans who are known to support reproductive freedom," Dina Montemarano, the research director of NARAL Pro-Choice America, told Insider in an email. "This is a major privacy issue that could have dangerous consequences."

Violence and harassment against abortion patients and providers are well-documented.

Anti-abortion extremists have killed at least 11 people, bombed 17 clinics, and committed 125 arson attacks since 1990, according to the most recently available statistics from the National Abortion Federation, a professional association of abortion providers. In 2019, abortion clinics reported tens of thousands of instances of harassment, dozens of specific death threats, at least 8 bomb threats, and 24 assaults on providers and staff, the statistics show.

Montemarano told Insider that she doesn't think Texas legislators ever fully understood the ramifications of empowering private citizens to report on people seeking abortions.

"Republicans in Texas may not have thought through the potential consequences of this cruelty, such as anti-choice extremists posting other people's private information online where it could be leaked," Montemarano said.

John Seago, the legislative director of Texas Right to Life, confirmed to Insider that no actionable complaints had been reported through the whistleblower website by the time it went offline.

The tip site is a tool to enforce the law, Seago said, and when it goes back online ultimately doesn't matter to him as long as the number of abortions in Texas drops.

"We're looking at 15 days out of the strongest pro-life bill in the country being followed," Seago said. "And that is unmitigated success."

Michelle Mark contributed reporting.