For grassroots pro-choice organizations, visibility is a double-edged sword. This was especially clear during the National Abortion Access Bowl-a-Thon cyberattack two years ago. For the National Network of Abortion Funds (NNAF), which led the event, more visibility meant the potential to raise more money to help those in need of abortion access. It also made them a target of vitriolic anti-choice trolls.
During the 2016 Bowl-a-Thon, trolls pledged $66 billion in fraudulent donations, took down the fundraiser website with a DDoS attack, and created fake donor pages to phish for supporters’ personal information. Fake fundraising accounts included names like “qwerty,” “adolph hitler,” and “holifuk.” Forensics reports also indicate that ahead of the cyberattack, hackers placed malicious code on the fundraising website which allowed them to gather donors’ personal information and credit card details from a payment page, according to a complaint filed by NNAF.
What’s more, the trolls sent fake emails to donors. One, from a spoofed NNAF email address, included a photo of a fetus with the message, “I hope I grow up big enough to go bowling someday.” Another, sent from “Adolph Hitler,” thanked the NNAF for funding abortions for “Negroes and the Jews.”
Alice Aguilar, who is on NNAF’s Security Task Force, told Gizmodo that she knew it was an intentional attack based on the number of things happening in a short amount of time—the DDoS attacks, the hacking, the fraudulent donations, the phishing. Aguilar noted that these attacks were likely intended to negatively impact the amount of money the organization could raise—which is what happened. NNAF had to switch fundraising platforms, build a new site, and implement extra security measures. The additional time put in by the staff as well as expenses attributed to these efforts cost more than $50,000, according to the court document provided to Gizmodo. And the cost of a crisis security firm and legal counsel following the attack cost more than $200,000. It also cost the abortion provider organizations the trust of their members and donors.
“These are grassroots folks trying to raise money,” Aguilar said. “It is an attack on folks trying to offer abortion access. It’s an attack on our work. The folks seeking abortions are left with really little.”
Abortion access varies nationwide. There are currently six states that only have one abortion provider, and they continue to fight back against legislation attacks on abortions. The average distance a woman had to travel to get an abortion in 2014 was 11 miles, but in more remote rural areas that distance can be a lot longer. For instance, in certain areas of South Dakota, women had to travel more than 330 miles to have an abortion. The purpose of NNAF is to help eliminate financial and logistical barriers by connecting individuals seeking abortions with organizations fit for their needs. These needs can include services like helping with payment for the procedure, transportation, childcare, translation, or lodging. NNAF has about 70 member organizations in its network, covering culturally and politically diverse regions, both urban and rural.
NNAF is a grassroots organization, relying largely on volunteer staff, with many abortion funds having no paid staff at all. Jenni Kotting, NNAF’s Communications Director & Chief Technology Officer, said the median number of volunteers for an abortion fund is 15, with a max of 3,400. She also said that it’s “rare” to have the resources needed to hire data security professionals, given they often have a higher average salary range than nonprofit positions.
“We have found it to be so important to have allied technologists who are willing to support nonprofits in small ways, or even technologists who are willing to work full and part time at smaller organizations and seek out those opportunities,” Kotting said. “It’s a labor of love, and we are grateful for those who do work with smaller organizations.”
While grassroots organizations may not have all the resources and infrastructure—such as a dedicated paid security team—at their disposal to protect themselves against the trolls, they have legal recourse; a way to communicate to anti-choice vigilantes hiding behind their computers that they’ll fight back. That is why the NNAF, along with five of its member organizations, filed a lawsuit against the Bowl-a-Thon hackers in March. The complaint lists John Doe #1, who is believed to possibly go by the name of Matthew James Davis and controlled the Twitter account @matthewjames. Davis is listed as the president and lead developer for Foursails Technology Group in Japan, and is believed to reside in Florida or Japan. There are fourteen other John Doe’s listed in the complaint who are believed to have directly or indirectly helped Davis carry out the cyberattack.
As victims’ rights attorney Carrie Goldberg—whose firm is representing the organizations—pointed out in an email, the case is unique because it was filed in the first place. For abortion access organizations, harassment is often just an accepted part of the work. The lawsuit is also an unprecedented use of the Freedom of Access to Clinic Entrances Act (FACE). Goldberg said that this law has historically “been used almost exclusively by the government in criminal prosecutions.” She added that this law, along with the Computer Fraud and Abuse Act, are seldom used to protect abortion care providers.
The FACE Act “prohibits the use or threat of force and physical obstruction that injures, intimidates, or interferes with a person seeking to obtain or provide reproductive health services or to exercise the First Amendment right of religious freedom at a place of religious worship,” according to the Department of Justice. It also “prohibits intentional property damage of a facility providing reproductive health services or a place of religious worship.”
It’s indicative of the times to see such legislation used to deal with an attack that was carried out exclusively on the internet. The law effectively ensures a barrier between anti-abortion protestors and clinics to physically protect individuals seeking or providing abortions. By using the FACE Act in a lawsuit involving a cyberattack, the plaintiffs are redefining what constitutes as access and property.
“The definition of what an entrance is, or what property is, needs to be recognized in this digital age,” Goldberg told CNN. “We’re seeing all sorts of different vicious ways that abortion providers are being attacked.”
At a time when people are turning to the internet to find abortion access, resources, and support, these online harassment campaigns aren’t just deeply offensive—they prevent individuals from getting the timely care they need. Renee Bracey Sherman, who founded the We Testify program at NNAF, told Gizmodo that by shutting down websites raising funds for abortion care, these hackers are “taking away another avenue for someone to have access to constitutionally protected healthcare.” Rather than being able to offer someone $150 or $200 toward a $500 abortion, Bracey Sherman noted, the organization may now only be able to offer someone $50 or $100 because of all the money and resources lost to dealing with trolls and hackers. And the procedure isn’t the only financial burden—for individuals in areas with limited abortion centers, there is also the cost of travel.
Pro-choice websites are especially vulnerable to online harassment—anti-abortion groups have been deploying digital attacks for years, such as launching DDoS attacks on abortion care center websites, and gaming Google Maps and Search results to redirect individuals to crisis pregnancy centers. And smaller organizations like NNAF don’t necessarily have the infrastructure and funding needed to preemptively protect themselves against these types of online threats.
“We are doing pro-choice work. We will be attacked. We expect that,” Aguilar told Gizmodo. She said that these organizations need internal support, network support, and a strategy in place to deal with these types of attacks, but that grassroots organizations like NNAF often don’t have the time, resources, or capacity to optimally plan for these types of things.
Marginalized communities seeking abortions or speaking up about reproductive justice often bear the brunt of the anti-choice harassment. Kotting said that one thing that stood out to them during the 2016 hack was the white supremacist and racist elements. “I think we’re learning that white supremacy and anti-abortion extremism can be really closely tied,” Kotting said, adding that that is particularly concerning to them because a majority of their network seeking funds are people of color. NNAF also has several leaders of color in its network.
Bracey Sherman said that the abortion storytellers—which she characterized as people who publicly share the story of their abortion in order to destigmatize the need for them—most likely to experience harassment are people of color, storytellers that identify as queer or trans, and storytellers who talk about their disabilities or mental health. The implication here is that a nerve-wracking and rewarding experience for some is compounded when people are trolling both their choice to have an abortion and also their marginalized identity. Coming forward—being transparent online—is riskier for some.
Bracey Sherman noted that as part of her Bowl-a-Thon fundraising efforts this year, she suggested that people donate in honor of Kevin Williamson. In response, Twitchy—a conservative Twitter news aggregation site—put Bracey Sherman’s tweets on blast and urged people to harass her. “The number of racist messages I got were horrific,” she said. And it’s not just hateful tweets—Bracey Sherman said anti-abortion extremists have tried to reset her social media and email passwords as well as posted what they believed to be her address on Reddit and 4chan threads. “And it has shown up offline,” she added, referring to the online harassment, “and that’s what I think is most terrifying about it.” Bracey Sherman added that anti-abortion activists and white supremacists have recognized her at abortion rights events, prompting them to shout at her with a bullhorn as well as record her.
NNAF’s lawsuit is emblematic of more than just serving justice to merciless trolls online. It challenges what we define as access. It’s not just limited to physically interfering the means of entry to reproductive health services. This lawsuit is signaling that vicious anti-abortion vigilantes hiding behind their computers are just as guilty of threatening someone’s access as someone obstructing the entrance of an abortion center. “The hacking and attacks our clients faced in this case illustrates the modern ways abortion providers are attacked—online and with an eye toward alienating their funding sources,” Goldberg said.
She added, “In this political climate, though, we can’t expect Jeff Sessions’ DOJ to prosecute those who attack abortion funders and providers, which is why our clients decided to take matters into their own hands and instigate this civil lawsuit.”
Meanwhile, Kotting said that this year’s Bowl-a-Thon raised nearly $2 million. What happens next could have a crucial impact on abortion access, and on those hateful few bent on sabotage online.