Hacker News

Privacy, technology and actual freedom overlap massively. Stories like this making it to HN are important since many of the people working at Google that had interactions with this, either by creating the tech or being aware of internal policy changes, read HN. Additionally many founders and decision makers in companies read these stories because it hit HN. Knowing that Google will do this changes your legal calculations. Should I trust them to store my company's data? Will they honor their BAA requirements if they are ditching other promises they made?

People may be tired of seeing stories like this appear on HN, but getting this story exposure to this group is exactly why they need to hit the homepage.

The linked Google policy states:

>We won’t give notice when legally prohibited under the terms of the request.

The post states that his lawyer has reviewed the subpoena, but doesn't mention whether or not it contained a non-disclosure order. That's an important detail to address if the claim is that Google acted against its own policy.

This story is the one that finally pushed me to leave google. I moved off my ~20 year old Google account and deleted everything off their services including almost a decade of Google photos. I cancelled my Google one subscription for extra space. I'm now self hosting what I can and paying proton mail for everything else. I refuse to allow a company that will hand over data at the request of an administrative warrant to hold my data.

How was Amandla even identified? Stingray at the protest? Then how was the phone number linked to Google? Facial recognition at the protest? I guess his details are on file under terms of the visa? So then the government simply asks Google for all details on the individual by name? Either is pretty disturbing.

I still don't understand. Who gave ICE such power, and who is ordering them to do all this? To me, ICE's actions are similar to those of a private army.

I simply assume that everything that travels out of my home through a wire gets tracked and stored by the government.

Everywhere you go, if your phone is in your pocket, you are being tracked and stored, and available to the government.

Everywhere your car goes, is tracked and stored and available to the government.

BTW, the J6 protesters were all tracked and identified by their cell phone data.

> While ICE “requested” that Google not notify Thomas Johnson, the request was not enforceable or mandated by a court

Sounds like Google stopped caring.

But... Why on earth do the people filing an administrative subpoena not have to notify the interested parties too? Why is it Google's responsibility? If they didn't tell you, would you ever find out?

It's insane to trust a company in the way you trust a person. Companies can change their terms of service, their policies, or even their entire ownership or leadership at any time. We have seen over and over again that companies are seldom held accountable for even explicit breaches of prior agreements unless there's either collective action or someone very powerful affected. The only way to trust a company not to leak your data is for them not to have it. The only way to trust a company not to break their product or exploit you with it is for this not to be possible.

"Don't be evil" they used to say.

Promises are broken, policies are changed and political regimes vary. You need to make sure that you consider the future and not just now. And that means NEVER handing your data over in the first place.

This is why E2E encryption is important

"You either die a hero or you live long enough to see yourself become the villain" - Larry Page, Sergey Brin, Eric Schmidt - chanting to each other after a round of ayahuasca.

We could and should have better privacy laws, though foreigners will always be subject to less protection.

That said, a lot of this comes down to a failure in education around privacy and the cultural norm around folks thinking they have nothing to hide. The intuition most people have around privacy, and security, is incredibly poor.

Honestly, I think the author is expecting too much from companies that are under jurisdiction of the US Government, especially in the situation as of 2026. It is telling that when they say "federal government" in the article, they implicitly mean the US Federal Government and not those of the UK or Trinidad and Tobago.

The author (in my opinion) needs to raise this with their own governments (UK is probably the one where they can get better action) to push for data sovereignty laws so that it's at least UK or Trinidad and Tobago that are the governments involved in investigating their data, via appropriate international warrants.

> That notice is meant to provide a chance to challenge the request.

That's the author's interpretation. The promise doesn't indicate anything of the sort (as of this writing). And users cannot challenge these requests -- users don't own the data (in the US). The promise is very clear that Google will provide the data, if the request is compliant.

Now the text of the notification was past tense, that the information was provided, whereas the promise is crystal clear that Google will notify before providing the info, but to me that could amount to a simplification of "we have verified that the request is legally compliant and will be providing the info to them in 250 ms".

Don't get me wrong, I'm not on Google's side. I'm a huge privacy nut. But the fix is to not give your info to Google, not trust that they will abide by any policy. Especially in a case like this where your freedom is at risk. Most people are completely unaware and unthinking but this guy seems that he was fully aware and placed his trust in Google.

Every time this happens the debate goes the same way — trust Google or don't, switch to Proton, self-host everything. But the real issue I believe isn't whether we trust Google. It's that the data existed somewhere it could be taken from in the first place.

I've been thinking about this a lot while working on a side project. I ended up making it work entirely offline — no server, no account, no network calls. Not out of paranoia, just because I couldn't come up with a good reason to ask users to trust me with their data. Turns out the best privacy policy is just not having anyone's data.

The fact that they complied with an administrative subpoena makes it so much worse. "Administrative" anything essentially has about as much value as toilet paper unless it goes to court and the judge agrees with whatever agency wrote it.

This is a good reminder that you should assume there's no privacy on the internet whatsoever, unless you really go to extensive lengths to cover your tracks. And even then, you have to be really careful.

Does anyone remember when western nations were freaking out that Huawei would handle everybody personal data to the Chinese government?

Now, please tell me that American companies are better at privacy than the Chinese ones.

Btw, some alternative email providers in truly democratic countries:

* ProtonMail (Switzerland)

* TutaMail, Posteo, Mailbox.org and Eclipso (Germany)

* Runbox (Norway)

* Mailfence (Belgium)

The author not say whether the subpoena prevented advance notification.

The Google policy he linked to says:

> We won’t give notice when legally prohibited under the terms of the request. We’ll provide notice after a legal prohibition is lifted.

Recently in SF, the police have been very open about their use of drones to follow thieves (completely violating their privacy). It is like China where there are posters telling you drone surveillance is in effect.

I think we need to expand CCPA so that the government cannot simply spy on you by claiming that “criminals” are near you. Even criminals should have their privacy protected or else they will just label everyone criminals.

Huh, I don't think anyone expect Google to maintain privacy for them, Google deliberately leak 500K user info to various governments, every year [1].

https://transparencyreport.google.com/user-data/overview

I feel bad for both sides in this. Google can be put under so much pressure by the government, they are basically forced to do what they says; yes they can fight it, but if the government wants something badly, they will get it, they have powers (especially under the very broad definition of 'national security') to just get automatic compliance, using the same powers they can silence the companies from publishing anything about it too.

I of course feel bad for the student here too, he should not be targeted for exercising his rights to peaceful protest.

But Google is not the enemy here, I would bet good money their hand is forced to comply and their mouth is silenced. The enermy here is the overreaching government and ICE

an apropos bit from the NYT today:

President Trump pressured House Republicans on Wednesday to extend a high-profile warrantless surveillance law without changes, declaring on social media: “I am willing to risk the giving up of my Rights and Privileges as a Citizen for our Great Military and Country!”

Mr. Trump urged the G.O.P. to “unify” behind Speaker Mike Johnson for a critical procedural vote that had been scheduled for late Wednesday night. The vote would clear the way for House approval of a bill extending a major section of the Foreign Intelligence Surveillance Act, or FISA. The law is set to expire on April 20.

The statute, known as Section 702, permits the government to collect the messages of foreigners abroad without a warrant from American companies like Google — even if the targets are communicating with Americans.

It must really really suck to be a data-holder, that every single government out there views as some piggy bank, sitting there waiting to smash & grab.

It's certainly been quite the turn recently. But being between the people and the governments that seemingly inevitably will turn into arch fascist pricks & go to war against the citizens is not an enviable position. Hopefully many jurisdictions start enacting laws that insist companies build unbreakable backdoorless crypto. Hopefully we see legislation that is the exact opposite of chat control mandatory backdoors. It's clear the legal firewalls are ephemeral, can crumble, given circumstances and time. We need a more resolute force to protect the people: we need the mathematicians/cryptographers!

[dead]

[flagged]

[flagged]

> In September 2024, Amandla Thomas-Johnson was a Ph.D. candidate studying in the U.S. on a student visa when he briefly attended a pro-Palestinian protest

As somebody who got two degrees abroad, the idea of attending public protests/riots, particularly any directed against the governments that issued me my student visas, sounds like possibly the stupidest move I could have made. Not sure what bro was thinking here.

As for google, surely we’re all aware by now that all these tech companies can be easily compelled by US law to do all sorts of shit with your data - notwithstanding guidance in their TOS to the contrary. No doubt in the TOS there’s a carve out for this.

FAFO, as they say. Should have just studied and enjoyed the overseas experience.

This is so wrong. What's the solution? Google class action lawsuit?

Sorry guys, but what’s the story here?

Google not protecting users data? Seriously?

Such are the times that he feels he must say that he only attended the protest "for all of five minutes" and that he was protesting "what we saw as genocide".

He is almost ashamed of his views because of the current climate but he didn't do anything wrong, apparently.