In October 2025, a 67-year-old retiree from Philadelphia sent an email to the Department of Homeland Security pleading for basic decency in how they carried out a high-profile asylum case. Within five hours, Google informed him, via email, that DHS had issued a subpoena for the company to turn over personal information connected to his accounts. Not long afterward, federal agents appeared on his doorstep to question him in person. Neither judge nor grand jury ruled that a crime may have been committed; the government simply issued a unilateral administrative subpoena to Google to unmask the critic’s identity.
In order to accelerate their mass arrest and deportation mandates, Immigration and Customs Enforcement, Border Patrol, and other government agencies have supported their on-the-ground operations — raids, prisons and counter-protest measures — with warrantless subpoenas, the exploitation of a largely unregulated commercial data broker industry, and an aggressive dismantling of federal privacy firewalls, all designed to track down immigrants and citizen critics who defend them on social media. The federal government may rely on what large technology companies and financial institutions have already hoarded, a faster approach than building a sprawling data mining network on their own, but one still limited by the discrepancy between state capacity and the volume of their ambitions — for now.
Over the last several weeks, investigative reports confirmed that DHS has been issuing hundreds of subpoenas per month to companies like Google, Meta and Reddit, and that those companies have complied with at least some of those requests for information. According to the reports and people who spoke to Salon for this article, the Trump administration has devoted particular effort in tracking down accounts that monitor ICE raids or are otherwise critical of the agency, as well as thousands of immigrants whom the administration might want to build a case for arresting and deporting, regardless of legal status.
F. Mario Trujillo, a senior staff attorney on the Electronic Frontier Foundation’s civil liberties division, told Salon that the Trump administration has practiced a clear, bifurcated approach towards those two “buckets” of political targets.
“Without access to data, all DHS has, as far as many critics are concerned, is some sort of public post under an anonymous name. What they’re trying to do is get the name of the actual individual — perhaps that’s just an intimidation tactic, or perhaps they’re trying to actually investigate this person,” Trujillo said. “We’ve also seen these subpoenas used against people who are in the country legally, like student visa holders and especially those who have been identified by attending a protest or speaking out against the Trump administration or the war in Gaza. In those cases, they’re trying to get a residential address, or a location through an IP address, whatever they can do to find out where that person is, physically.”
“In the U.S., the corporate and legal landscape tends to look at personal data like a commodity rather than as a human right.”
Tech companies are legally permitted to fight those administrative requests. They also typically notify targeted users and give them a period of time to challenge the subpoena in court — usually 10 to 14 days — before handing over their data. Lawsuits by civil rights organizations and pro bono lawyers on behalf of those people have induced DHS to withdraw its subpoenas before a ruling, rather than risk a judge deciding that their entire approach is unlawful.
Nevertheless, critics have said that tech companies — operating under the pressure of tight federal deadlines and an apparent keenness to curry favor with the Trump administration in return for regulatory benefits — should not even let the process get so far by offering little resistance against potentially thousands of legally flimsy subpoenas. According to Meta, the company produced full or partial data for just over 88 percent of more than 81,000 government data requests issued from January to June 2025.
When reached for comment by Salon, representatives from Google and Meta maintained that their legal teams review every government request with due diligence.
“Our processes for handling law enforcement requests are designed to protect users’ privacy while meeting our legal obligations,” a Google spokesperson said. “We review all legal demands for legal validity, and we push back against those that are overbroad, including objecting to some entirely.”
In a separate statement, a Meta spokesperson clarified that the company notifies all users about any subpoena for their information, unless prohibited by law or in “exceptional circumstances, such as where a child is at risk of harm, emergencies or when notice would be counterproductive.”
A DHS spokesperson described their subpoena requests as fulfilling a “purely investigative” role, citing two statutes. Homeland Security Investigations “has broad administrative subpoena authority under 8 U.S.C. § 1225(d) and 19 U.S.C. § 1509(a)(1) to issue subpoenas,” they told Salon.
Critics say that relying on these statutes for domestic surveillance is severe overreach — broadly, the first of these empowers officers to verify an individual’s right to enter the country, while the other relates to tracking customs duties and trade compliance. Historically, warrantless subpoenas under these laws were used as a narrow investigative tool for specific customs and regulatory violations, not as a weapon to tear away the privacy and protected speech of social media users. While the volume of subpoena requests by the Trump administration is thought by civil rights lawyers to be vast, the actual numbers of how many were accepted by tech companies remain largely obscured by federal and corporate secrecy.
“We don’t know how many of them are bogus, and how many of them are legitimate, and so it’s hard to understand how big of a problem it is,” Trujillo said. “What we’ve seen so far is that one subpoena is usually tied to one specific person, or in a couple cases, we’ve seen one subpoena tied to three or four different accounts. I have not yet seen an administrative subpoena issued by DHS that tries to unmask hundreds or thousands of people at once. At the same time, DHS doesn’t impose a limit on how many administrative subpoenas that it sends to companies. So it could theoretically send 100 administrative subpoenas for 100 different accounts and try to unmask them.”
Start your day with essential news from Salon.
Sign up for our free morning newsletter, Crash Course.
Tech companies like Google and Meta are not the only recourse for the federal government to surveil social media users. They can simply purchase data and even physical locations from third-party brokers that routinely scrape the internet for specific geolocation coordinates from weather apps, mobile games, and digital advertising networks.
According to Kristen Walker, a professor at California State University Northridge, this marketplace exists because of a fundamental legal philosophy. “In the U.S., we tend to look at personal data more from a commodity point of view rather than as a human right,” she told Salon. “Third party tools can grab data as it’s being sent. And in fact, if you are a marketer and you are putting your advertisements up on a search engine or social media site, you’re basically providing your own data and consumer insights to that company.”
The escalation of surveillance has led to some activists taking countermeasures, including the use of encrypted text services like Signal. But they often find themselves in an arms race against both the federal government and a surveillance-industrial complex that often receives generous contracts from the government to help carry the burden of spying on people. Some of those companies are based in the U.S., while others, like Israeli spyware maker Paragon, are based overseas. In 2024, during the Biden administration, the government signed a $2 million contract with Paragon, which has developed software that can penetrate even encrypted channels without the user knowing.
The federal government also maintains its own sensitive records. For decades, the government managed a fragile truce with undocumented immigrants, who in return for paying taxes using an Individual Taxpayer Identification Number, would not have their financial disclosures given to immigration enforcement agencies. In April 2025, that truce was abruptly broken when the Department of the Treasury and DHS signed a Memorandum of Understanding that allowed the IRS to send taxpayer information — names, physical addresses, and financial information — directly to ICE for criminal investigations. By August of that year, ICE reportedly sought information on over 1.2 million taxpayers. While a federal judge ordered a temporary stay on the data sharing in November, critics say the Trump administration had damaged taxpayer trust for political purposes.
We need your help to stay independent
“The reality is that the federal government isn’t just relying on one kind of source of information; they’re coupling data obtained from the IRS, for example, with school enrollment information or public benefits databases,” Alejandra Montoya-Boyer, senior director of The Leadership Conference’s Center for Civil Rights and Technology, told Salon. “If you’re able to put these all together, you can build a bigger picture of who someone is, their family, all of these things that make it easier to identify someone and whole groups of people as undocumented.”
In response to these increasingly aggressive methods, civil liberties groups have pointed people towards state-level laws that might protect their privacy, whenever applicable. California just rolled out the Delete Request and Opt-Out Platform in January 2026 as mandated by the 2023 Delete Act, allowing residents to submit a single request that legally forces over 500 registered data brokers to delete their personal information and halt further collection.
But while the DROP platform offers a vital shield, at least for Californians, it underscores the fractured nature of resistance against a federal apparatus with national research. For people living outside of protected jurisdictions, the burden of digital defense falls on the individual and whatever organizations might be willing to help, without the support of legislation or local government.
Read more
about mass surveillance
