Dakar, Senegal – Google handed over a British student journalist’s most sensitive personal data, including bank and credit card numbers, to U.S. Immigration and Customs Enforcement (ICE) following his participation in a pro-Palestinian protest, according to a subpoena obtained by The Intercept. The disclosure raises fresh concerns about the extent of tech companies’ cooperation with government surveillance and the vulnerability of activists to immigration enforcement.
Amandla Thomas-Johnson, a student at Cornell University at the time, attended a five-minute protest at a university job fair in 2024 targeting companies supplying weapons to Israel. The action led to a ban from campus. Following the election of President Donald Trump and the subsequent issuance of executive orders targeting students involved in pro-Palestinian activism, Thomas-Johnson and a friend, Momodou Taal, went into hiding.
Although Google initially informed Thomas-Johnson in April that it had shared his metadata with the Department of Homeland Security, the full scope of the data provided – encompassing usernames, addresses, details of services used (including any IP masking services), phone numbers, subscriber identities, and financial account information – was previously unknown. “I’d already seen the subpoena request that Google and Meta had sent to Momodou [Taal], and I knew that he had gotten in touch with a lawyer and the lawyer successfully challenged that,” Thomas-Johnson said. “I was quite surprised to observe that I didn’t have that opportunity.”
The ICE subpoena, reviewed by The Intercept, offers no specific justification for the request beyond its connection to an investigation related to the enforcement of U.S. Immigration laws. It as well instructs Google not to disclose the existence of the summons indefinitely. Thomas-Johnson, fearing detention, had already fled the United States, first to Geneva, Switzerland, and now resides in Dakar, Senegal.
The Electronic Frontier Foundation (EFF), representing Thomas-Johnson, and the ACLU of Northern California have jointly sent a letter to Google, Amazon, Apple, Discord, Meta, Microsoft, and Reddit, urging them to resist similar subpoenas from DHS without judicial oversight. The letter calls for tech companies to provide users with advance notice of subpoenas, allowing them to challenge the requests, and to oppose gag orders preventing them from informing users about the surveillance. “Your promises to protect the privacy of users are being tested right now,” the letter states. “As part of the federal government’s unprecedented campaign to target critics of its conduct and policies, agencies like DHS have repeatedly demanded access to the identities and information of people on your services.” The Intercept reported on the letter last week.
The EFF and ACLU letter also cites a separate instance where Meta received a subpoena to “unmask” the identities of users documenting immigration raids in California. In that case, users were notified and given an opportunity to contest the request – a courtesy not extended to Thomas-Johnson.
Lindsay Nash, a professor at Cardozo Law and former staff attorney with the ACLU Immigrants’ Rights Project, emphasized the importance of providing notice to individuals whose data is being sought. “The problem is that it doesn’t allow the person whose personal information is on the line and whose privacy may be being invaded to raise challenges to the disclosure of that potentially private information,” Nash said. “And I think that’s important to protect rights that they may have to their own information.”
Google has not responded to requests for comment. The company’s public privacy policy states it will share information in response to “enforceable governmental requests,” but adds that its legal team “frequently push back when a request appears to be overly broad or doesn’t follow the correct process.” But, Google has overwhelmingly complied with millions of government requests for user information over the past decade, with a spike in those requests over the last five years. It remains unclear how many users received prior notification of these requests. The Intercept detailed Google’s compliance record.
Neil Richards, a law professor at Washington University St. Louis specializing in privacy, the internet, and civil liberties, argued that tech companies’ data sharing practices are governed by the Stored Communications Act and Section 5 of the Federal Trade Commission Act, which prohibits deceptive trade practices. “Under both federal law and the law of every state, you cannot deceive consumers,” Richards said. He referenced the Cambridge Analytica lawsuit brought by the Federal Trade Commission as an example of litigation surrounding data collection and sharing practices.
Richards also noted a perceived shift in the relationship between Big Tech and the government. “What we have seen in the 12 months since the leaders of Big Tech were there on the podium at the inauguration,” Richards said, “is much more friendliness of Big Tech towards the government and towards state power.”
From Dakar, Thomas-Johnson expressed that learning the extent of the subpoena was “terrifying,” but affirmed his continued commitment to his work as a journalist. “As a journalist, what’s weird is that you’re so used to seeing things from the outside,” he said. “We need to think highly hard about what resistance looks like under these conditions… where government and Big Tech know so much about us, can track us, can imprison, can destroy us in a variety of ways.”
