DHS accused of overreach in data request for Canadian critic from Google

In an unusual legal maneuver, the Department of Homeland Security (DHS) has attempted to compel Google to disclose comprehensive digital records about a Canadian citizen who publicly criticized U.S. immigration policies online. The request, issued under a 1930 customs statute, has prompted immediate backlash from privacy advocates who argue the agency is exploiting jurisdictional loopholes to access data it could not otherwise obtain.

The case centers on a Canadian resident who has not set foot in the United States in over a decade. Following public comments criticizing the Trump administration’s handling of two Minneapolis shooting incidents involving federal immigration agents, the individual became the target of a DHS summons seeking location history, browsing activity, and other personally identifiable information. The demand was delivered to Google under Section 505 of the Tariff Act of 1930, which permits the agency to request records from entities deemed relevant to customs enforcement.

How the DHS Justified Its Unprecedented Request

Legal experts and civil liberties organizations are raising alarms over what they describe as a clear overreach of federal authority. Michael Perloff, senior staff attorney at the American Civil Liberties Union (ACLU) of the District of Columbia, represents the unnamed Canadian in a lawsuit challenging the summons. In a statement to Ars Technica, Perloff emphasized the government’s failure to establish any legitimate connection between the individual’s online activity and U.S. customs enforcement.

“This case isn’t about border security or cross-border commerce,” Perloff explained. “The DHS is attempting to use the fact that Google operates servers within the United States to obtain data that would otherwise fall entirely outside its jurisdiction. We’re talking about the movements and communications of a person who resides in Canada—someone who has never entered this country in more than 10 years.”

The lawsuit, filed against DHS Secretary Markwayne Mullin, alleges that the agency violated both the spirit and the letter of the 1930 statute by targeting an individual with no ties to the U.S. beyond digital connections to American-based technology platforms. Legal scholars note that such tactics could set a precedent for future requests targeting non-U.S. citizens whose data is stored on servers within American borders.

Broader Implications for Digital Privacy and Global Jurisdiction

The incident underscores growing tensions between national security interests and individual privacy rights in the digital age. Privacy advocates warn that the DHS’s approach—leveraging the physical location of servers rather than the residency or actions of individuals—could enable circumvention of international data protection laws. Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), for instance, Canadian citizens enjoy strong protections against unauthorized data collection by foreign governments.

Legal analysts point out that the case raises critical questions about the reach of U.S. surveillance powers abroad. If the DHS succeeds in this attempt, it could embolden other federal agencies to issue similar requests targeting foreign nationals whose data resides on U.S.-based platforms. This would effectively allow American authorities to bypass foreign privacy laws by claiming jurisdiction over the servers hosting the data, regardless of the user’s location or citizenship.

“This isn’t just about one person’s privacy,” Perloff added. “It’s about whether the U.S. government can unilaterally decide it has the right to access the personal information of people anywhere in the world, simply because a major tech company happens to store that data on servers in America.”

What’s Next in the Legal Battle

The lawsuit filed by the ACLU challenges not only the legality of the DHS summons but also the constitutionality of using a 90-year-old customs law to obtain digital records from a non-resident. A hearing on the case is scheduled for late summer, where the court will examine whether the agency’s interpretation of the statute aligns with modern privacy expectations and international norms.

For the Canadian citizen at the center of the controversy, the implications are deeply personal. While the individual has not been directly accused of any wrongdoing, the mere act of seeking this data sends a chilling message to critics of U.S. policies abroad. As the legal and political debate intensifies, the outcome could redefine the boundaries of digital privacy and foreign surveillance for years to come.

With technology continuing to erase geographical boundaries, the case highlights the urgent need for clearer legal frameworks to govern cross-border data requests. Until then, individuals worldwide may find their digital lives subject to the whims of foreign jurisdictions—regardless of where they live or what laws protect them at home.