Google provided Immigration and Customs Enforcement with a wide array of personal data on a student activist and journalist, including his credit card and bank account numbers, according to a copy of an ICE subpoena obtained by The Intercept.
Amandla Thomas-Johnson had attended a protest targeting companies that supplied weapons to Israel at a Cornell University job fair in 2024 for all of five minutes, but the action got him banned from campus. When President Donald Trump assumed office and issued a series of executive orders targeting students who protested in support of Palestinians, Thomas-Johnson and his friend Momodou Taal went into hiding.
Google informed Thomas-Johnson via a brief email in April that it had already shared his metadata with the Department of Homeland Security, as The Intercept previously reported. But the full extent of the information the tech giant provided — including usernames, addresses, itemized list of services, including any IP masking services, telephone or instrument numbers, subscriber numbers or identities, and credit card and bank account numbers — was not previously known.
“I’d already seen the subpoena request that Google and Meta had sent to Momodou [Taal], and I knew that he had gotten in touch with a lawyer and the lawyer successfully challenged that,” Thomas-Johnson said. “I was quite surprised to see that I didn’t have that opportunity.”
The subpoena provides no justification for why ICE is asking for this information, except that it’s required “in connection with an investigation or inquiry relating to the enforcement of U.S. immigration laws.” In the subpoena, ICE requests that Google not “disclose the existence of this summons for indefinite period of time.”
Thomas-Johnson, who is British, believes that ICE requested that information to track and eventually detain him — but he had already fled to Geneva, Switzerland, and is now in Dakar, Senegal.
The Electronic Frontier Foundation, which is representing Thomas-Johnson, and the ACLU of Northern California sent a letter to Google, Amazon, Apple, Discord, Meta, Microsoft, and Reddit last week calling on tech companies to resist similar subpoenas in the future from DHS without court intervention. The letter asks the companies to provide users with as much notice as possible before complying with a subpoena to give them the opportunity to fight it, and to resist gag orders that would prevent the tech companies from informing targets that a subpoena was issued.
“Your promises to protect the privacy of users are being tested right now. As part of the federal government’s unprecedented campaign to target critics of its conduct and policies, agencies like DHS have repeatedly demanded access to the identities and information of people on your services,” the letter reads. “Based on our own contact with targeted users, we are deeply concerned your companies are failing to challenge unlawful surveillance and defend user privacy and speech.”
In addition to Thomas-Johnson’s case, the letter refers to other instances in which technology companies provided user data to DHS, including a subpoena sent to Meta to “unmask” the identities of users who documented immigration raids in California. Unlike Thomas-Johnson, users in that case were given the chance to fight the subpoena because they were made aware of it before Meta complied.
Lindsay Nash, a professor at Cardozo Law and a former staff attorney with ACLU Immigrants’ Rights Project, said that by not giving prior notice, Google deprived Thomas-Johnson of his ability to protect his information.
“Your promises to protect the privacy of users are being tested right now.”
“The problem is that it doesn’t allow the person whose personal information is on the line and whose privacy may be being invaded to raise challenges to the disclosure of that potentially private information,” Nash said. “And I think that’s important to protect rights that they may have to their own information.”
Google did not respond to a request for comment.
Tech companies’ data sharing practices are primarily governed by two federal laws, the Stored Communications Act, which protects the privacy of digital communications, including emails, and Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive trade practices.
“Under both federal law and the law of every state, you cannot deceive consumers,” said Neil Richards, a law professor at Washington University St. Louis who specializes in privacy, the internet, and civil liberties. “And if you make a material misrepresentation about your data practices, that’s a deceptive trade practice.”
Whether or not corporations are clear enough with consumers about how they collect and share their data has been litigated for decades, Richards said, referencing the infamous Cambridge Analytica lawsuit brought by the Federal Trade Commission, alleging that the company misled Facebook users about data collection and sharing.
Google’s public privacy policy acknowledges that it will share personal information in response to an “enforceable governmental request,” adding that its legal team will “frequently push back when a request appears to be overly broad or doesn’t follow the correct process.”
According to Google, the company overwhelmingly complied with the millions of requests made by the government for user information over the last decade. Its data also shows that those requests have spiked over the last five years. It’s unclear how many of those users were given notice of those requests ahead of time or after.
Richards said that cases like these emphasize the need for legal reforms around data privacy and urged Congress to amend the Stored Communications Act to require a higher standard before the government can access our digital data. He also said the federal government needs to regulate Big Tech and place “substantive restrictions on their ability to share information with the government.”
It’s hard to know exactly how tech companies are handling our personal data in relation to the government, but there seems to have been a shift in optics, Richards said. “What we have seen in the 12 months since the leaders of Big Tech were there on the podium at the inauguration,” Richards said, “is much more friendliness of Big Tech towards the government and towards state power.”
From Dakar, Thomas-Johnson said that understanding the extent of the subpoena was terrifying but had not changed his commitment to his work.
“As a journalist, what’s weird is that you’re so used to seeing things from the outside,” said Thomas-Johnson, whose work has appeared in outlets including Al Jazeera and The Guardian. “We need to think very hard about what resistance looks like under these conditions… where government and Big Tech know so much about us, can track us, can imprison, can destroy us in a variety of ways.”