For nearly a decade, Google has maintained a public commitment to its users: if a government agency requests your private data through a legal process, the company will notify you first. This window is designed to deliver individuals the opportunity to challenge the request in court before their personal information is handed over to the state.
But for Amandla Thomas-Johnson, a Ph.D. Candidate and former reporter, that promise was discarded. In May 2025, Google handed over his account data to U.S. Immigration and Customs Enforcement (ICE) without any prior warning, leaving him with no chance to contest the seizure of his digital life.
The incident has sparked a legal battle over Google broke its promise to me, with the Electronic Frontier Foundation (EFF) now urging the Attorneys General of California and New York to investigate the tech giant for deceptive trade practices. The complaints allege that Google’s failure to notify users in specific cases constitutes a breach of the trust and transparency the company markets to its global user base.
Thomas-Johnson, a dual citizen of the United Kingdom and Trinidad and Tobago, was not accused of any crime. His ordeal began not with a legal violation, but with a five-minute appearance at a pro-Palestinian protest at Cornell University in September 2024. That brief moment of political expression triggered a cascade of federal scrutiny that eventually followed him across international borders.
The Reach of Federal Surveillance
The pressure on Thomas-Johnson intensified under an administration that had increased rhetoric regarding the crackdown of international students engaging in political protests. The consequences were immediate and visceral: federal agents arrived at his home and a friend was detained and interrogated at an airport in Tampa regarding his whereabouts. Forced into hiding for three months, Thomas-Johnson eventually left the United States, crossing into Canada at Niagara Falls.
Believing that leaving U.S. Territory would place him beyond the reach of federal authorities, he relocated to Geneva, Switzerland. Still, the digital tether remained. Weeks after his departure, he received an email from Google that differed fundamentally from the standard notification process.
While some users, such as Thomas-Johnson’s associate Momodou Taal, received advance notice of subpoenas—which in Taal’s case led to law enforcement withdrawing the requests—Thomas-Johnson’s email was a statement of completed action. The message read: “Google has received and responded to legal process from a law enforcement authority compelling the release of information related to your Google Account.”
Decoding the ‘Subscriber Information’
When the EFF eventually obtained the administrative subpoena issued by ICE in April 2025, the request appeared, on the surface, to be limited to basic subscriber information. However, for those familiar with data architecture, these “fragments” are the building blocks of a comprehensive surveillance profile.
The data requested included:
- IP Addresses: Which allow authorities to approximate a user’s physical location, and movement.
- Physical Addresses: Providing a direct link to where a person sleeps and resides.
- Session Times and Durations: Metadata that reveals when a user is communicating, creating a pattern of life and social association.
By combining these identifiers, the government can construct an intimate map of an individual’s associations and habits without ever needing to read the actual content of their messages. For a student on a visa, this level of scrutiny can lead to heightened anxiety over future travel and professional stability.
| Date | Event |
|---|---|
| September 2024 | Attends pro-Palestine protest at Cornell University. |
| April 2025 | ICE sends administrative subpoena to Google. |
| May 2025 | Google releases data to ICE without notifying the user. |
| Post-May 2025 | EFF files complaints with CA and NY Attorneys General. |
The Intersection of Corporate Data and State Power
This case highlights a critical vulnerability in the modern digital ecosystem: the reliance on private companies to act as the first line of defense for civil liberties. When a company as large as Google bypasses its own transparency protocols, the safeguard is not just broken for one individual, but potentially for millions of users who rely on those policies to protect their constitutional rights.
The EFF’s complaints to the California Attorney General and the New York Attorney General argue that Google’s actions are not merely a policy lapse but a deceptive trade practice. By promising notification and then failing to provide it, the company may have misled users into a false sense of security regarding their data privacy.
For Thomas-Johnson, the impact is not academic. Despite being outside the U.S., he continues to wonder if he is a “marked individual” and whether his continued work as a reporter or his travel to the Caribbean will trigger further federal interventions. The lack of a mechanism to challenge the subpoena in real-time means that the data is already in government hands, creating a permanent record that cannot be easily erased.
Disclaimer: This article is for informational purposes and does not constitute legal advice.
The next phase of this conflict rests with the state regulators in California and New York, who must now decide whether to open formal investigations into Google’s adherence to its information request policies. Any resulting action could force a systemic change in how tech giants handle administrative subpoenas and user notifications.
Do you believe tech companies should be legally mandated to notify users of government data requests? Share your thoughts in the comments below.
