谷歌打破了对我的承诺。现在冰冻组有我的数据。

谷歌打破了对我的承诺。现在冰冻组有我的数据。
Google Broke Its Promise to Me. Now ICE Has My Data

原始链接: https://www.eff.org/deeplinks/2026/04/google-broke-its-promise-me-now-ice-has-my-data

2025年4月，谷歌向美国移民及海关执法局（ICE）提供了阿曼德拉·托马斯-约翰逊的个人数据，托马斯-约翰逊是一位持有美国签证的博士生，*未*事先通知他——这违反了谷歌对用户长达十年的承诺。此事发生在托马斯-约翰逊2024年9月短暂参加一次亲巴勒斯坦抗议活动之后，当时国际学生正受到更严格的审查。托马斯-约翰逊，拥有英国和特立尼达和多巴哥双重国籍，通过一封例行邮件发现了数据移交的情况，邮件称信息*已经*被提供给了国土安全部。与收到提前通知并有机会对传票提出异议的同事不同，他没有获得这样的机会。该传票要求提供诸如IP地址和会话时间等订阅者信息，从而创建了详细的监控档案。电子前沿基金会（EFF）已向加利福尼亚州和纽约州总检察长提交投诉，指控谷歌存在欺骗性贸易行为，认为谷歌打破承诺损害了用户挑战政府数据请求的权利。托马斯-约翰逊现在居住在美国境外，担心持续的监控及其对未来旅行和工作的影响。

最近一篇Hacker News上的文章详细描述了一位用户因谷歌未能遵守其隐私承诺，最终导致其数据被移民及海关执法局（ICE）访问的经历。这起事件引发了关于对大型科技公司信任度下降以及隐私重要性的讨论，特别是对于那些担心政府过度干预的人来说。评论者们强调了谷歌已经放弃了“别做坏事”的座右铭，并质疑了信任谷歌存储敏感数据（包括公司信息和个人照片）的安全性。许多人表达了对更强隐私法律的需求，同时也承认了非公民受到的保护有限。一些用户报告正在积极迁移离开谷歌的服务，选择自托管或像ProtonMail这样的注重隐私的替代方案。共识倾向于主动保护数据——避免依赖容易遵守政府要求的公司，并考虑数据存储选择的长期影响。讨论还指出了一个日益增长的趋势，即寻找位于美国境外的云服务提供商。

原文

In September 2024, Amandla Thomas-Johnson was a Ph.D. candidate studying in the U.S. on a student visa when he briefly attended a pro-Palestinian protest. In April 2025, Immigration and Customs Enforcement (ICE) sent Google an administrative subpoena requesting his data. The next month, Google gave Thomas-Johnson's information to ICE without giving him the chance to challenge the subpoena, breaking a nearly decade-long promise to notify users before handing their data to law enforcement.

Today, the Electronic Frontier Foundation sent complaints to the California and New York Attorneys General asking them to investigate Google for deceptive trade practices for breaking that promise. You can read about the complaints here. Below is Thomas-Johnson's account of his ordeal.

Out of touch but not out of reach

I thought my ordeal with U.S. immigration authorities was over a year ago, when I left the country, crossing into Canada at Niagara Falls.

By that point, the Trump administration had effectively turned federal power against international students like me. After I attended a pro-Palestine protest at Cornell University—for all of five minutes—the administration’s rhetoric about cracking down on students protesting what we saw as genocide forced me into hiding for three months. Federal agents came to my home looking for me. A friend was detained at an airport in Tampa and interrogated about my whereabouts.

I’m currently a Ph.D. student. Before that, I was a reporter. I’m a dual British and Trinadad and Tobago citizen. I have not been accused of any crime.

I believed that once I left U.S. territory, I had also left the reach of its authorities. I was wrong.

The email

Weeks later, in Geneva, Switzerland, I received what looked like a routine email from Google. It informed me that the company had already handed over my account data to the Department of Homeland Security.

At first, I wasn’t alarmed. I had seen something similar before. An associate of mine, Momodou Taal, had received advance notice from Google and Facebook that his data had been requested. He was given advanced notice of the subpoenas, and law enforcement eventually withdrew them before the companies turned over his data.

Google had already disclosed my data without telling me.

I assumed I would be given the same opportunity. But the language in my email was different. It was final: “Google has received and responded to legal process from a law enforcement authority compelling the release of information related to your Google Account.”

Google had already disclosed my data without telling me. There was no opportunity to contest it.

Google’s broken promise

To be clear, this should not have happened this way. Google promises that it will notify users before their data is handed over in response to legal processes, including administrative subpoenas. That notice is meant to provide a chance to challenge the request. In my case, that safeguard was bypassed. My data was handed over without warning—at the request of an administration targeting students engaged in protected political speech.

Months later, my lawyer at the Electronic Frontier Foundation obtained the subpoena itself. On paper, the request focused largely on subscriber information: IP addresses, physical address, other identifiers, and session times and durations.

But taken together, these fragments form something far more powerful—a detailed surveillance profile. IP logs can be used to approximate location. Physical addresses show where you sleep. Session times would show when you were communicating with friends or family. Even without message content, the picture that emerges is intimate and invasive.

State power meets private data

What this experience has made clear is that anyone can be targeted by law enforcement. And with their massive stores of data, technology companies can facilitate those arbitrary investigations. Together, they can combine state power, corporate data, and algorithmic inference in ways that are difficult to see—and even harder to challenge.

The consequences of what happened to me are not abstract. I left the United States. But I do not feel that I have left its reach. Being investigated by the federal government is intimidating. Questions run through your head. Am I now a marked individual? Will I face heightened scrutiny if I continue my reporting? Can I travel safely to see family in the Caribbean?

Who, exactly, can I hold accountable?