Government Surveillance, Privacy & Data, Reproductive Rights
Momentum Builds Against Abortion Surveillance as New States Enact Shield Laws
Washington and New York states recently became the second and third places respectively to enact shield laws that seek to prevent in-state companies from complying with out-of-state warrants in connection with abortion investigations. These laws follow the model set by California last year when it passed the nation’s first shield law focused on blocking data demands for abortion investigations. While many pro-choice states have enacted laws to protect reproductive health activities in their state (and guard data indicating such activities in-state), these shield laws are unique in protecting communications and data that focus entirely on out-of-state activities.
The growth of shield laws is an important trend that will help individuals throughout the country minimize the risk of their communications and data being seized to investigate and prosecute reproductive health choices. However, the breadth and effectiveness of these laws’ protections depend significantly on the details of the text.
Washington’s Shield Law:
The Washington shield law, HB 1469, was enacted on April 27. The law is a significant measure for reproductive rights and data protection, as some of the nation’s largest electronic communications services—notably Microsoft and Amazon—are based in Washington. While largely similar to California’s shield law, HB 1469 also makes several improvements to it.
Overall, the law prohibits certain Washington companies from complying with legal process demanding records or assistance, if that legal process stems from an investigation or prosecution of “protected health care services.” The law defines protected health care services to cover any reproductive health care services as well as gender-affirming treatments that are legal in Washington state. This is one area where the Washington law provides stronger protections than the California law that preceded it: California’s law does not protect gender-affirming care.
Specifically, HB 1469 applies to companies that provide electronic communication services (“ECS”) that are incorporated or have their principal place of business in Washington. Section 13(d)(i)(A) of the law bars these companies from providing “records, information, facilities, or assistance” in response to any “subpoena, warrant, court order, or other civil or criminal legal process” that relates to protected health care services. This language is different from the California law in an important respect: While the California law refers to “records, information, facilities, or assistance” in California, the Washington law makes no distinction on where this aid is located, meaning its protections apply even if data is stored and assistance is provided out of state, so long as the company is incorporated or based in Washington.
In addition to the strict prohibition for ESC companies, the Washington law also offers a less powerful shield for a broader set of entities. Section 12 of the law states that any “Washington recipient … shall not be required to comply” with court orders being used to investigate or prosecute protected health care services. The text of this provision appears to broadly apply to all Washington-based companies and individuals. And while it does not outright prohibit compliance as Section 13 does for ECS companies, it provides an option for doing so. This is a novel feature: the California shield law offers no comparable option for non-ECS entities to refuse legal process related to abortion investigations.
Because this provision applies to all Washington entities, not enacting a hard prohibition and penalties could provide leeway to small businesses that might not have the legal resources to track HB 1469 and build in compliance measures (as large companies like Microsoft do). At the same time, because this rule gives Washington entities an option rather than strictly prohibiting compliance, the impact of this measure is less certain, and it is also less likely to succeed in a conflict of laws dispute with the state issuing the legal process, as potential penalties from a state that blocks compliance can serve as a reason for following that state’s law. Going forward, Washington may wish to strengthen the impact of HB 1469 by moving other important categories of companies—such as those that maintain health, medical, and financial records—into the strict prohibition category that Section 13 provides.
Much like California, Washington’s shield law relies on an attestation rule. Sec 13(d)(i)(B) provides that ECS companies can comply with legal process only if it includes an attestation that the demand “does not seek documents, information, or testimony” that is being used to create criminal or civil liability for protected health care services. The fact that this attestation rule is centered on whether protected health care services are impacted in general, rather than focusing on whether the crime being investigated explicitly bars reproductive health services or gender-affirming care, is critical. Facially neutral laws, such as child endangerment, are often used to prosecute reproductive health and gender-affirming activities.
HB 1469’s attestation requirement also includes another important improvement over the California shield law: The attestation must be made “under penalty of perjury,” with “a statutory penalty of $10,000 per violation.” This requirement should deter out-of-state law enforcement and prosecutors from circumventing the shield law by lying in attestations. Even if these actors were not concerned with the $10,000 fine and potential prosecution in Washington, any information obtained from a demand built on a false attestation would be the fruits of a criminal action, giving defendants a strong legal claim to suppress evidence. California should consider adding this type of penalty of perjury rule as well.
The Washington law empowers the state attorney general to pursue legal action to “enjoin any person from violating any provision” (Section 16). However, the law is silent as to what—if any—penalties a company could face for violations of the law. Clearly defined and stringent penalties would strengthen Washington’s hand in any future conflict-of-laws dispute over HB 1469.
HB 1469 also restricts Washington courts from domesticating out-of-state legal demands. Section 11 of the law states that “the issuance of criminal process is prohibited if such process is related to criminal liability” for protected health care services. This provision effectively bars Washington judicial officers from domesticating any warrants, subpoenas, or other legal demands that relate to investigating or prosecuting protected health care services.
While this domestication restriction is unlikely to be important to companies like Microsoft and Amazon with a nationwide presence—as they can be served directly in states enforcing abortion bans—it could prove immensely beneficial to smaller companies. Because HB 1469 restricts domestication of legal process, companies whose offices and employees are exclusively in Washington state will be shielded from even being lawfully served with a warrant or subpoena for investigations related to protected health care services. Therefore, even if a large company refusing to comply with a warrant based on HB 1469 was eventually forced to do so after conflict-of-laws litigation, these smaller, Washington-state-exclusive companies could still be shielded.
New York’s Shield Law:
New York also enacted a shield law by adding a new provision, Section 394-f, to New York’s general business law as part of a state budget bill that passed on May 2. While this shield law’s protections are unfortunately far less comprehensive than either the California or Washington laws, it nonetheless represents a positive step.
Like the other states’ shield laws, Section 394-f generally prohibits companies incorporated or headquartered in New York that provide ECS services from complying with legal demands related to a “prohibited violation.” That term encompasses any criminal or civil offense that restricts reproductive health care activities (this follows the same model as California, but does not additionally protect gender-affirming care as Washington’s law does). And like the Washington law, Sec. 394-f empowers the state attorney general to compel compliance with the shield law, but is silent as to whether companies may face penalties for incidents of noncompliance.
Sec. 394-f falls short of its peer shield laws in two major areas. First, while the California law applies to various types of legal process, and the Washington law applies to virtually all forms of criminal and civil legal process, the New York law only restricts compliance with warrants. This means that an array of sensitive data—such as communications metadata and transaction records—are unprotected from being seized with a subpoena or other types of demands.
Another key area where the New York shield law falls short is in the absence of an attestation requirement. Sec. 394-f prohibits New York-based ESC companies from complying with warrants when the company “knows that the warrant relates to” a prohibited violation (emphasis added). With other shield laws, by forcing legal demands to be accompanied by an attestation, companies would have a clear idea whether the demand relates to reproductive health care activities. However, Sec. 394-f does not include an attestation requirement. It merely states that “if the warrant is accompanied by an attestation,” companies are permitted to comply with it.
This creates significant loopholes. ESC companies could take a “see no evil, hear no evil” approach, and request no clarifying information or attestation when they receive an out-of-state warrant. In the absence of such information, the company could make a strong argument that they are in compliance with Sec. 394-f, because they do not know that any given warrant is being used for an abortion-related investigation. Further, even if companies wish to avail themselves of the shield law and request attestations with warrants, out-of-state prosecutors might simply refuse, and argue that since Sec. 394-f doesn’t make compliance with warrants contingent on receiving an attestation, the company is legally obligated to obey the warrant even if they don’t receive any information about whether the investigation relates to abortion.
Earlier this year, New York Assemblymember Linda Rosenthal introduced a bill that would have been a more effective shield law, notably by requiring that companies only comply with warrants that include an attestation that the investigation does not relate to a prohibited violation. The NY legislature should amend Sec. 394-f to include this requirement and also follow the Washington state model of building a penalty of perjury for lying in attestations. The legislature should also broaden its shield law to apply to all legal process for criminal and civil procedures that relate to a prohibited violation, as well as broaden the definition of prohibited violation to also protect gender-affirming care.