Google Handed ICE a Student Journalist’s Bank Details Without Warning
When Big Tech promises to “protect user privacy,” what does that actually mean when the government comes knocking?
The Core Insight
Amandla Thomas-Johnson, a British student journalist, attended a five-minute protest at a Cornell job fair in 2024. That brief appearance triggered a cascade of consequences: a campus ban, eventually forcing him into hiding when the Trump administration began targeting pro-Palestinian protesters.
What followed reveals the true cost of storing your life in the cloud. ICE issued a subpoena to Google demanding Thomas-Johnson’s personal data—and Google complied without giving him any notice or opportunity to challenge it. The scope was breathtaking: usernames, addresses, telephone numbers, subscriber identities, credit card numbers, bank account numbers, and an itemized list of services including any IP masking tools he might use.
The contrast with another case is striking. Thomas-Johnson’s friend Momodou Taal received the same type of subpoena request, but his lawyer successfully challenged it because he was given prior notice. Thomas-Johnson never got that chance.
“I was quite surprised to see that I didn’t have that opportunity,” he said from Dakar, Senegal, where he fled after leaving Switzerland.
Why This Matters
This case exposes a fundamental tension in Big Tech’s relationship with users and government power:
The Notice Gap: Under the Stored Communications Act, tech companies can often provide users with notice before complying with government requests. Google chose not to. This effectively eliminated Thomas-Johnson’s ability to mount a legal challenge to protect his own data.
The Scope Problem: The subpoena demanded financial data that could enable tracking and location—the kind of information that could help ICE physically locate and detain someone. In immigration enforcement, this isn’t abstract; it’s operational.
The Gag Order: ICE requested that Google not “disclose the existence of this summons for indefinite period of time.” This secrecy prevents the kind of public scrutiny that might otherwise constrain overreach.
The EFF and ACLU of Northern California sent a letter to major tech companies last week calling on them to resist such subpoenas and provide users with maximum possible notice. Their message was blunt: “Your promises to protect the privacy of users are being tested right now.”
Key Takeaways
- Google fulfilled an ICE subpoena for a student journalist’s data—including bank and credit card numbers—without prior notice
- The lack of notice prevented the target from legally challenging the disclosure
- Google’s transparency reports show millions of government requests over the past decade, with compliance rates consistently high
- Tech companies have discretion in how and when they notify users; many choose not to
- The case emerged from a five-minute protest attendance, highlighting how minimal participation can trigger extensive surveillance
Looking Ahead
What’s changed since Big Tech leaders stood on the inauguration podium? According to privacy experts, “much more friendliness of Big Tech towards the government and towards state power.”
The Thomas-Johnson case is a canary in the coal mine. As immigration enforcement intensifies and government data requests spike, the gap between tech companies’ stated privacy policies and their actual practices becomes a matter of life-altering consequence for users.
For journalists, activists, and anyone who might attract government attention: the data you store with tech companies is only as protected as those companies choose to make it. And increasingly, that choice seems to favor compliance over resistance.
Based on analysis of “Google Fulfilled ICE Subpoena Demanding Student Journalist’s Bank and Credit Card Numbers” from The Intercept