The Department of Homeland Security (DHS) is facing scrutiny over its use of administrative subpoenas to obtain user data from technology companies, raising concerns about potential overreach and infringements on First Amendment rights. These subpoenas, unlike traditional court orders, do not require judicial approval and allow DHS to demand information without establishing probable cause.
The practice came to light following the case of Jon, a 67-year-old retiree who emailed a Department of Homeland Security prosecutor urging leniency for an Afghan asylum seeker. According to reporting by the Washington Post, just five hours after sending the email, Jon received a notification from Google informing him that DHS had issued an administrative subpoena for his account information. He was given only seven days to challenge the subpoena in federal court, a timeframe his attorney, Judi Bernstein-Baker, described as insufficient.
What’s particularly concerning, as highlighted by both the Electronic Frontier Foundation (EFF) and recent reporting, is the lack of transparency surrounding these subpoenas. Jon, and initially his attorney, were not provided with a copy of the subpoena itself, hindering their ability to mount a legal challenge. This lack of due process is a central point of contention for privacy advocates.
DHS has been utilizing these administrative subpoenas to identify individuals who have criticized the government, documented Immigration and Customs Enforcement (ICE) activities, or participated in protests. The EFF, in an open letter co-signed by the ACLU of Northern California, is urging companies like Google, Meta, and Microsoft to resist these “lawless” subpoenas. The letter, published on , calls on tech companies to insist on court intervention before complying with DHS requests, arguing that the agency has already demonstrated a pattern of issuing unlawful and unconstitutional demands.
The EFF notes that DHS has withdrawn subpoenas when challenged in court, suggesting an acknowledgement of their questionable legality. However, the burden of challenging these subpoenas falls on individual users, many of whom lack the resources or legal expertise to effectively fight back. The EFF argues that tech companies have a responsibility to protect their users by providing notice when a subpoena is issued and resisting gag orders that would prevent them from informing users they are targets of investigation.
The use of administrative subpoenas represents a significant shift in how the government accesses user data. Traditionally, law enforcement agencies would need to obtain a warrant based on probable cause from a judge. Administrative subpoenas bypass this requirement, granting DHS broad authority to collect information with minimal oversight. This practice raises questions about the balance between national security and individual privacy.
The EFF’s EFFector newsletter, issue 38.3, details the agency’s tactics and provides a deeper dive into the legal arguments against these subpoenas. The newsletter also highlights EFF’s ongoing work to expand end-to-end encryption protections and stop government face scans conducted by ICE. A companion audio explainer, featuring EFF Senior Staff Attorney F. Mario Trujillo, is available on YouTube and the Internet Archive, further clarifying the differences between administrative subpoenas and court orders.
This situation underscores a growing tension between government surveillance and the protection of civil liberties in the digital age. The EFF’s call to action for tech companies to prioritize user privacy and resist unlawful government demands is likely to be a key battleground in the coming years. The outcome will have significant implications for the future of free speech and online privacy in the United States.
The EFF is also advocating for continued protection of Section 230 of the Communications Decency Act, arguing that it remains a crucial safeguard for online speech. The organization believes that weakening Section 230 would have unintended consequences, stifling innovation and limiting the ability of users to express themselves online.
As DHS continues to employ these administrative subpoenas, the debate over the appropriate level of government access to user data is likely to intensify. The actions taken by tech companies in response to these demands will be closely watched by privacy advocates, legal experts, and the public alike.
