With the Supreme Court deciding not to block Texas' effective ban on abortion this week, fears have been rightly focused on the people in Texas who will be almost entirely barred from receiving an abortion in the state and the providers who will face grave legal consequences for continuing to provide services there.
But the law's construction creates a far broader surface area of risk than even that, enabling anyone to be sued for — knowingly or unknowingly — aiding and abetting the "performance or inducement" of an abortion. As some have pointed out, that tie could be as indirect as an Uber driver giving a woman a ride to a clinic.
Uber is not alone among tech companies in having to figure out a response to this bill. Because now, the tech sector's many social media platforms, messaging platforms, fundraising platforms and more will also have to decide what they will do if, in the process of one of these lawsuits, they receive a legal request for user data.
How will Facebook respond to a subpoena requesting the IP address of an abortion rights group administrator who's been fundraising on the platform? What will Google do if they receive a demand for information on the name and email address of an advertiser targeting Texas women with information on how to obtain an abortion?
Tech platforms such as Facebook or Google have legal protection under Section 230 for content they host. But that doesn't mean they won't face excruciating decisions about whether to comply with subpoenas for user data — the sort of orders they comply with in lots of other legal cases today.
"This law could lead to an explosion of court requests for user data from tech companies that hold troves of it," said Evan Greer, director of the digital rights group Fight for the Future. "I could see it being abused by anti-abortion groups who could potentially use the discovery process in a civil lawsuit to demand sensitive information about people and organizations providing reproductive justice services and information."
There are broader questions of corporate responsibility for tech companies to answer, too. When Indiana passed a law allowing businesses to deny service to same-sex couples, Marc Benioff canceled all of Salesforce's business in the state. When North Carolina passed its infamous "bathroom bill," PayPal canceled plans to hire 400 people at a new facility in Charlotte. Will the industry's calculus be the same now that rights of women are being curbed not in Indiana or North Carolina, but in the country's second-largest state, home to what some have hailed as the next Silicon Valley?
So far, Elon Musk, who made a big show of moving Tesla to Texas this year, summed up his thoughts in a tweet: "In general, I believe government should rarely impose its will upon the people, and, when doing so, should aspire to maximize their cumulative happiness. That said, I would prefer to stay out of politics."
And what about Uber and Lyft? Would they pay for drivers' legal fees if they're sued for giving women a ride? For now at least, tech companies aren't answering any of these questions.
Protocol reached out to tech platforms (Facebook, Google, Twitter and Reddit), rideshare companies (Uber and Lyft), companies with big offices in Texas (Apple, Palantir, Dell and HPE), companies that have boycotted other states (Salesforce and PayPal), telecom companies and organizations (Verizon, AT&T and USTelecom) and the tech lobbying group TechNet. None responded to direct questions about how they would answer court orders requesting user data or how they're managing the impact on their workers.
Two outliers in the industry were Shar Dubey, the CEO of Match Group, which is based in Texas, and Bumble, the dating app founded by Whitney Wolfe Herd. In a statement Thursday, Dubey said: "I immigrated to America from India over 25 years ago and I have to say, as a Texas resident, I am shocked that I now live in a state where women's reproductive laws are more regressive than most of the world, including India."
She added that she is setting up a fund for Texas-based employees and dependents who "find themselves impacted by this legislation and need to seek care outside of Texas." Doing so, of course, puts her at legal risk under the Texas law.
Bumble also said it would launch a relief fund. "Bumble is women-founded and women-led, and from day one we've stood up for the most vulnerable. We'll keep fighting against regressive laws like #SB8," the company said in a tweet.
'You can't really do this in secret and at scale'
While it may take other companies and their leaders more than a day to process the impact of such an unprecedented law, they won't be able to ignore these questions forever, particularly as they pertain to user data. Whether to respond to requests for this type of data may be a hypothetical now, but it won't be for long.
"Anyone who fundraises for abortion patients, providers or tells someone how to get to a clinic, etc., could be at risk," said Priscilla Smith, a resident fellow at Yale Law School's Program for the Study of Reproductive Justice. "Short answer is they could probably get a subpoena to get Google to turn over information about who bought Google Ads."
Tech platforms and telecom giants routinely respond to requests for data from both government bodies and civil litigants when those requests comply with the law. In the second half of 2020 alone, Facebook received government requests for data on more than 300,000 users and complied with more than 70% of those requests. Google received government requests for user information on more than 235,000 accounts last year, 76% of which it complied with. Google also receives thousands of so-called geofence warrants every quarter, which demand data on phones that were located in a certain place at a certain time. Telecom companies including Verizon and AT&T also field hundreds of thousands of criminal and civil demands every year in the U.S. alone.
Federal law limits the breadth of what, exactly, either government bodies or civil litigants can obtain through a subpoena. The law, for instance, would prevent a company like Facebook or Google from sharing the contents of communications, including private messages or emails, in response to a subpoena in a civil suit unless they had the user's consent. But they can share so-called metadata that includes other identifying details, like names, email addresses and IP addresses.
"If there's an identifiable defendant who's being sued, then the usual rules of civil discovery apply here, just as they would in any other case brought under a law that gives people a private right of action," said Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory. "If the identity of the defendant who's being sued for their online speech is unknown — say, a pseudonymous social media account — then there are legal processes for plaintiffs to attempt to obtain identifying information about a user from Google, Facebook, etc."
Pfefferkorn said it's likely that these cases would get tied up in courts, given the tangled knot of free speech issues involved in suing people over something like a Facebook post. "I bet we'll see private plaintiffs sue people for sharing information on abortion access and then fight it out later in the courts as to whether that's 'aiding and abetting' or protected free speech," Pfefferkorn said.
Even so, all of this could wind up having a chilling effect on basic communications regarding abortions in Texas — which is, of course, at least part of the point. There are encrypted platforms where advocates and providers can continue to communicate with people seeking abortions without leaving a paper trail. But relegating these discussions to those platforms also limits their reach. "You can't really do this in secret and at scale," said Nikolas Guggenberger, executive director of the Information Society Project at Yale Law School.
Tech platforms on the receiving end of these subpoenas could fight back too. And it's possible they will. These same companies have always insisted that the only thing that would make them share data is a subpoena, court order, warrant or other valid legal mechanism. They tout that policy as if to say, "Your data is safe with us, except in extreme circumstances." But the Texas bill presents a different kind of extreme circumstance — one in which the law is so broad and so sweeping that yesterday's advocacy could be tomorrow's lawsuit.
