Did Big Tech Just Give Your Data to ICE Without a Warrant
Reddit, Meta, Google, and Discord all handed over private user data to the Department of Homeland Security this year. The users they targeted included people who criticized ICE, administrators of accounts tracking ICE activity, a PhD student who is also a journalist, and a 67-year-old retiree who sent a single polite email.
But the real story is not that the government asked for this data. Governments ask for data all the time. The real story is how they asked — and the fact that every single one of these companies could have said no and chose not to.
This matters for anyone who uses Big Tech platforms for communication, storage, or daily life — which, realistically, is almost everyone. Understanding how this mechanism works reveals something important about the gap between what these companies say about your privacy and what they actually do when the government comes knocking.
Remove Your Data with Incogni
Automated removal from 180+ Data Brokers. Set it and forget it.
Try Incogni →The Privacy Marketing Contradiction
These companies spend billions marketing themselves as privacy-first platforms. Apple and Google compete over who can say "privacy" more convincingly. Meta made end-to-end encryption a selling point across WhatsApp and Messenger. Reddit's entire culture is built on pseudonymity.
Some of these companies have fought the government in high-profile cases. Apple went to court against the FBI over the San Bernardino iPhone. Microsoft fought a DOJ warrant to the Supreme Court. They can fight when they want to.
But when it comes to the thousands of routine administrative subpoenas that will never make a headline, they comply. Quietly. At scale. That gap between the high-profile fights they publicize and the routine compliance they do not — that is the real story.
You cannot be a privacy-first company and also routinely comply with government data requests that no judge has reviewed. You cannot tell users "your data is safe with us" and then hand that data to DHS when a user sends a polite email to a government attorney.
What the EFF and ACLU Are Demanding
The EFF and ACLU of Northern California sent a joint open letter to ten major tech companies — Google, Meta, Reddit, Discord, Amazon, Apple, Microsoft, Snap, TikTok, and X — demanding three things:
- Require a court order before handing over data — meaning force the government to go in front of a judge
- Notify users when their data has been requested, so they have an opportunity to challenge it before it is handed over
- Resist gag orders that prevent companies from telling users their data was demanded
As of February 2026, none of these companies have publicly committed to all three demands.
What This Means for You — And What You Can Actually Do
If you have ever posted about immigration policy on Reddit, your account data could be requested through this process. If you have ever interacted with an account tracking ICE activity on Instagram, your identity could end up in a government file. If you are a journalist using Gmail, your financial records, source contacts, and draft articles stored in Google Docs are accessible through the same mechanism.
The word "private" in "private message" describes who can see it by default. It does not describe who can access it when the government asks.
This is not theoretical. It is happening at a scale of tens of thousands of requests per year, with compliance rates between 79 and 88 percent.
So what can you practically do? The answer comes down to one principle: minimize the amount of data that US-based tech companies hold about you in the first place.
1. Use a VPN Based Outside US Jurisdiction
A VPN encrypts your internet traffic and masks your IP address — but jurisdiction matters as much as encryption. A VPN company based in the United States is subject to the same administrative subpoena process described above. A VPN based in Switzerland, however, operates under entirely different legal frameworks.
ProtonVPN is headquartered in Geneva, Switzerland, and operates under Swiss law. Swiss privacy protections are among the strongest in the world. ProtonVPN cannot be compelled by US administrative subpoenas the way a US-based service can. Their apps are open-source and independently audited. Their no-logs policy has been verified in court — when authorities requested user data, ProtonVPN had nothing to hand over because they do not store it. According to independent analysis from VPNTierLists.com, which uses a transparent 93.5-point scoring system, ProtonVPN is rated S-Tier — the only VPN in the top tier.
2. Switch to Encrypted Email Outside US Jurisdiction
The Thomas-Johnson case demonstrates exactly why email jurisdiction matters. Google handed his financial data and email records to ICE because Google holds the encryption keys — they can read your email, which means they can be compelled to hand it over.
ProtonMail uses end-to-end encryption where even Proton cannot read your email content. It is based in Switzerland and protected by Swiss privacy laws. Even if a government agency sends a legal request to Proton, they physically cannot decrypt your email content because they do not have the keys. For journalists, activists, or anyone concerned about government access to their communications, this is not a minor upgrade — it is a fundamental architectural difference.
3. Move Sensitive Documents Off US Cloud Platforms
Google Docs, Microsoft OneDrive, and Dropbox all hold your encryption keys. They can read your files, which means they can hand them over. Proton Drive offers end-to-end encrypted cloud storage where Proton cannot access your file contents. If you store sensitive documents — legal records, financial data, journalistic sources, anything you would not want in a government file — encrypted cloud storage outside US jurisdiction is the practical solution.
4. Use an Encrypted Password Manager
Your password manager contains the keys to every online account you own. If a government agency gains access to your password vault stored on a US-based service, they effectively have access to everything. Proton Pass provides end-to-end encrypted password management under Swiss jurisdiction, keeping your credentials outside the reach of US administrative subpoenas.
5. Remove Your Personal Data From Broker Sites
Administrative subpoenas are not the only way the government can find information about you. Data brokers like Whitepages, Spokeo, and BeenVerified sell your personal information — name, address, phone number, relatives, employment history — to anyone willing to pay, including government agencies.
Incogni scans for your exposed data across hundreds of data broker sites and provides automated removal from 180+ data brokers. Unlike some services that just claim to remove your data, Incogni shows you the evidence. A free scan will reveal exactly how exposed your personal information already is.
Why Jurisdiction Is the Only Real Protection
There is an important distinction to understand here. Encryption alone is not enough if the company holding the keys is in the US. Google encrypts your data in transit and at rest — but Google holds the keys, which means Google can decrypt it when served with a subpoena. End-to-end encryption, where even the service provider cannot access your data, combined with a non-US jurisdiction, is what actually protects you.
This is why the Proton ecosystem — ProtonVPN, ProtonMail, Proton Drive, Proton Pass — represents a genuinely different model. It is not just "another tech company saying trust us." It is an architecture where even if they wanted to comply with a US administrative subpoena, they physically could not hand over your encrypted data because they do not have the ability to decrypt it.
The Encouraging Detail
When people have actually challenged these administrative subpoenas in court, DHS has backed down. That means the system only works if nobody pushes back. Right now, most people do not push back because they do not know this is happening until after their data has already been shared.
The thing to watch going forward is whether any of these ten companies commit to requiring court orders for all government data requests. Not privacy policies. Not transparency reports. Not marketing campaigns. The question is simple: when the government sends a document that no judge signed, do you hand over user data or do you make them go to court?
So far, on routine requests affecting ordinary people, the answer has overwhelmingly been: they hand it over.
Bottom Line
Big Tech's privacy marketing does not match their compliance behavior. Administrative subpoenas — government data requests that no judge reviews — produce compliance rates between 79 and 88 percent at Google and Meta. The mechanism is legal, documented, and operating at a scale of tens of thousands of requests per year.
The practical response is not to trust any company's privacy policy. The practical response is to minimize what US-based tech companies can hand over in the first place. Use services that are end-to-end encrypted, based outside US jurisdiction, and architecturally incapable of reading your data even if compelled. Remove your personal information from data broker sites so there is less for anyone — government or otherwise — to find.
That is what is happening. That is why it matters. And now you know what you can do about it.
Sources: New York Times (Feb 13-14, 2026), The Intercept (Feb 10, 2026), Washington Post (Feb 3, 2026), TechCrunch (Feb 3, 2026), EFF/ACLU Open Letter (Feb 10, 2026), Google Transparency Report (H1 2025), Meta Transparency Report (H1 2025).