The Department of Homeland Security has issued administrative subpoenas to tech companies demanding user information about anonymous Instagram accounts that document ICE immigration raids and criticize Trump administration policies, according to recent reports.
Administrative subpoenas bypass judicial oversight entirely. Unlike court-authorized subpoenas, which require a judge to review evidence before approving a search, these agency-issued demands let investigators collect user data without independent review. Federal agencies can request login times, device information, IP addresses, and email addresses associated with accounts.
What they cannot obtain through these subpoenas: email contents, search histories, or location data. That requires a warrant.
The demands target anonymous accounts sharing information about local ICE operations and individuals who have protested government policies. Tech companies receiving these subpoenas face a familiar tension: comply with federal law enforcement or protect user privacy.
The broader pattern
This is part of a wider expansion of federal data collection under the current administration. DHS recently received Medicaid enrollment data on millions of Americans from HHS, including immigration status information. The Justice Department requested all Colorado election records in January 2026. States including California and Illinois have pushed back, citing privacy violations.
The approach mirrors Project 2025's framework for expanding state and federal information sharing, tying compliance to federal grants. Several states that resisted similar requests during Trump's first term are again refusing.
What enterprise tech leaders should watch
Three things matter here:
First, the legal mechanism. Administrative subpoenas have existed for decades, but their use for identifying critics rather than investigating specific crimes raises questions about scope creep.
Second, the compliance burden. Tech companies must respond to these demands while potentially facing conflicts with privacy regulations in other jurisdictions. A company operating in Australia or the EU faces different privacy obligations than US federal law requires.
Third, the precedent. If DHS can demand user data to identify critics without judicial oversight, other agencies may follow. Enterprise leaders should review their data retention policies and law enforcement response procedures.
Litigation is already underway challenging DHS and DOJ access to state databases under Privacy Act violations. We'll see whether courts impose limits on administrative subpoenas used this way. History suggests federal data collection powers, once expanded, rarely contract voluntarily.