Google disclosed sensitive personal and financial information about a British student journalist to U.S. Immigration and Customs Enforcement after receiving a non-judicial administrative subpoena, according to reporting by The Intercept. The data belonged to Amandla Thomas-Johnson, who attended Cornell University and briefly joined a pro-Palestinian protest while on campus. The demand for his records arrived within hours of the university notifying him that his student visa had been revoked, raising urgent questions about how immigration enforcement intersects with campus speech and digital privacy.
What Data ICE Received From Google’s Administrative Subpoena
The trove shared by Google reportedly included usernames, linked phone numbers, IP addresses, physical and subscriber addresses, and an itemized list of services tied to the account. Most strikingly, it also encompassed payment details: credit card numbers and bank account numbers associated with the profile. The subpoena, which included a gag component, did not provide a specific rationale for targeting Thomas-Johnson, who was studying in New York at the time.
Neither Google nor ICE immediately commented on the disclosure. Google’s public policy statements say the company evaluates government requests for legal sufficiency and notifies users when possible, but gag orders and secrecy rules often prevent timely notice.
A Legal Tool With Minimal Oversight: Administrative Subpoenas
Unlike warrants or court orders, administrative subpoenas are issued directly by agencies without a judge’s approval. Under federal law, they can compel disclosure of non-content records—such as subscriber information and billing details—aimed at identifying an account holder. They cannot demand the content of communications. Providers can push back, and agencies seeking to enforce contested subpoenas typically must go to court, but the initial bar for issuing them is low.
Civil liberties groups warn that this process is ripe for overreach, especially when used to unmask critics or chill protest activity. Digital rights advocates point to prior incidents where DHS components used administrative subpoenas against social media accounts or local agencies in so-called “sanctuary” jurisdictions, only to face refusals or legal challenges. The pattern, they argue, shows a reliance on broad data-grab tools to sidestep judicial scrutiny.
Press Freedom And Campus Speech At Stake
Press freedom organizations, including the Committee to Protect Journalists and the Reporters Committee for Freedom of the Press, have long cautioned that unmasking reporters’ sources or surveilling their digital trails can erode newsgathering. When immigration enforcement intersects with student status, the stakes multiply: revocation of a visa coupled with a rapid-fire data demand can create a powerful chilling effect on academic and political expression.
Thomas-Johnson told The Intercept that the episode underscored how easily authorities and tech platforms can assemble intimate profiles of individuals. His account tracks with broader concerns from campus free speech advocates who say students—especially international students—face disproportionate risks when their online accounts are used to infer political associations or attendance at demonstrations.
Platforms Face Growing Pressure To Push Back
The Electronic Frontier Foundation recently urged major platforms—including Google, Apple, Meta, Microsoft, Amazon, Reddit, and Discord—to stop honoring Department of Homeland Security administrative subpoenas absent court oversight. The group called on companies to demand judicial review, narrow overly broad requests, and notify users with enough time to mount their own challenges when secrecy orders do not block notice.
Transparency reports underscore the scale of the issue. Google says it fields tens of thousands of government data requests in the U.S. each year, with subpoenas making up a sizable share. While many requests are routine and tied to criminal investigations, privacy researchers warn that even “basic” subscriber records can expose identities, social networks, and financial fingerprints—particularly when combined with IP logs and payment instruments.
Why This Case Resonates Beyond One Account
What makes this incident notable is not just the kind of records disclosed, but the context: a student journalist linked to a campus protest, an abruptly revoked visa, and a data demand issued without a judge. That sequence will likely intensify calls for stronger corporate resistance to administrative subpoenas and clearer internal guardrails around financial identifiers, which can be among the most invasive categories of metadata.
Lawmakers and civil liberties groups continue to debate reforms that would tighten access to user records, expand notice rights, and raise the standard for secrecy orders. In the meantime, advocates urge platforms to adopt uniform policies that prioritize user notice, narrow the scope of records produced, and force agencies to justify demands before a court—especially when journalism or protest activity is in play.
The takeaway for users is sobering: your account profile, network identifiers, and payment rails can reveal more about you than the content of your messages. For a student journalist caught in the crosshairs of immigration enforcement, that proved to be more than a theoretical risk.
