Weekly Report: IPAが「Cross-Sector Cybersecurity Performance Goals Ver.2.0 (2025-12)[翻訳版]」を公開

JPCERT
1 day 22 hours ago
独立行政法人情報処理推進機構(IPA)は、米国CISAが2025年12月に公表した「Cross-Sector Cybersecurity Performance Goals Ver.2.0」を翻訳し、同庁の了解のもと公開しました。本文書は、重要インフラ事業者に向けて、ITおよびOTにおける優先的に実施すべきサイバーセキュリティ対策を示したものです。

Google Broke Its Promise to Me. Now ICE Has My Data.

EFF update
2 days 6 hours ago

In September 2024, Amandla Thomas-Johnson was a Ph.D. candidate studying in the U.S. on a student visa when he briefly attended a pro-Palestinian protest. In April 2025, Immigration and Customs Enforcement (ICE) sent Google an administrative subpoena requesting his data. The next month, Google gave Thomas-Johnson's information to ICE without giving him the chance to challenge the subpoena, breaking a nearly decade-long promise to notify users before handing their data to law enforcement. 

Google names a handful of exceptions to this promise (such as if Google receives a gag order from a court) that do not apply to Thomas-Johnson's case. While ICE “requested” that Google not notify Thomas-Johnson, the request was not enforceable or mandated by a court. Today, the Electronic Frontier Foundation sent complaints to the California and New York Attorneys General asking them to investigate Google for deceptive trade practices for breaking that promise. You can read about the complaints here. Below is Thomas-Johnson's account of his ordeal. 

Out of touch but not out of reach 

I thought my ordeal with U.S. immigration authorities was over a year ago, when I left the country, crossing into Canada at Niagara Falls.  

By that point, the Trump administration had effectively turned federal power against international students like me. After I attended a pro-Palestine protest at Cornell University—for all of five minutes—the administration’s rhetoric about cracking down on students protesting what we saw as genocide forced me into hiding for three months. Federal agents came to my home looking for me. A friend was detained at an airport in Tampa and interrogated about my whereabouts. 

I’m currently a Ph.D. student. Before that, I was a reporter. I’m a dual British and Trinadad and Tobago citizen. I have not been accused of any crime. 

I believed that once I left U.S. territory, I had also left the reach of its authorities. I was wrong. 

The email

Weeks later, in Geneva, Switzerland, I received what looked like a routine email from Google. It informed me that the company had already handed over my account data to the Department of Homeland Security. 

At first, I wasn’t alarmed. I had seen something similar before. An associate of mine, Momodou Taal, had received advance notice from Google and Facebook that his data had been requested. He was given advanced notice of the subpoenas, and law enforcement eventually withdrew them before the companies turned over his data. 

Google had already disclosed my data without telling me.

I assumed I would be given the same opportunity. But the language in my email was different. It was final: “Google has received and responded to legal process from a law enforcement authority compelling the release of information related to your Google Account.” 

Google had already disclosed my data without telling me. There was no opportunity to contest it. 

Google’s broken promise

To be clear, this should not have happened this way. Google promises that it will notify users before their data is handed over in response to legal processes, including administrative subpoenas. That notice is meant to provide a chance to challenge the request. In my case, that safeguard was bypassed. My data was handed over without warning—at the request of an administration targeting students engaged in protected political speech. 

Months later, my lawyer at the Electronic Frontier Foundation obtained the subpoena itself. On paper, the request focused largely on subscriber information: IP addresses, physical address, other identifiers, and session times and durations. 

But taken together, these fragments form something far more powerful—a detailed surveillance profile. IP logs can be used to approximate location. Physical addresses show where you sleep. Session times would show when you were communicating with friends or family. Even without message content, the picture that emerges is intimate and invasive.  

State power meets private data

What this experience has made clear is that anyone can be targeted by law enforcement. And with their massive stores of data, technology companies can facilitate those arbitrary investigations. Together, they can combine state power, corporate data, and algorithmic inference in ways that are difficult to see—and even harder to challenge. 

The consequences of what happened to me are not abstract. I left the United States. But I do not feel that I have left its reach. Being investigated by the federal government is intimidating. Questions run through your head. Am I now a marked individual? Will I face heightened scrutiny if I continue my reporting? Can I travel safely to see family in the Caribbean? 

Who, exactly, can I hold accountable?

Update: This post has been updated to include more information about Google's exceptions to their notification policy, none of which applied to the subpoena targeting Thomas-Johnson.

Guest Author

EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government

EFF update
2 days 6 hours ago
Google's Failure to Warn Users About Law Enforcement Demands for Data Is Deceptive

SAN FRANCISCO – The Electronic Frontier Foundation sent complaints today to the attorneys general of California and New York urging them to investigate Google for deceptive trade practices, related to the company's broken promise to give users prior notice before disclosing their information to law enforcement. 

The letters were sent on behalf of Amandla Thomas-Johnson, whose information was disclosed to U.S. Immigration and Customs Enforcement (ICE) without prior notice from Google. 

For nearly a decade, Google has promised billions of users that it will notify them before disclosing their personal data to law enforcement. Many times, the company has done just that. But through a hidden and systematic practice, Google has likely violated that promise numerous times over the years. This was the case for Thomas-Johnson, a Ph.D. candidate who was targeted by ICE after briefly attending a protest, effectively preventing him from contesting an invalid subpoena for his data. 

"Google should answer the question: How many other times has it broken its promise to users?” said EFF Senior Staff Attorney F. Mario Trujillo. "Advance notice is especially important now, when agencies like ICE are unconstitutionally targeting users for First Amendment-protected activity. State attorneys general should investigate Google for this deception." 

On Google’s Privacy & Terms page, it promises its users that “When we receive a request from a government agency, we send an email to the user account before disclosing information.” This promise ensures that users can protect their own privacy and decide to challenge overbroad or illegal demands on their own behalf. The company lists a handful of exceptions to this policy (such as if Google receives a gag order from a court) that do not apply to Thomas-Johnson's case. While ICE “requested” that Google not notify Thomas-Johnson, the request was not enforceable or mandated by a court. 

But on May 8, 2025, Google complied with an administrative subpoena from ICE seeking Thomas-Johnson’s subscriber information, including his name, address, IP address, and other personal identifiers. Later that same day, the company sent Thomas-Johnson a message telling him it had already complied with the subpoena, which he would have successfully challenged had he been given advance notice. Google received the subpoena in April and had more than a month to alert Thomas-Johnson. 

Communication between EFF and Google later revealed that this is a systematic issue, not an isolated one. When Google does not fulfill a subpoena within a government-provided artificial deadline, the company's outside counsel explained, Google will sometimes comply with the request and provide notice to a user on the same day. The company calls this practice “simultaneous notice.” 

"What this experience has made clear is that anyone can be targeted by law enforcement," said Thomas-Johnson. "And with their massive stores of data, technology companies can facilitate those arbitrary investigations. Who, exactly, can I hold accountable?" 

Google must commit to ending this deception and pay for its past mistakes. The attorneys general of California and New York are empowered to stop deceptive business practices and seek financial restitution stemming from those practices. As EFF writes in its complaints, they should investigate, hold Google to its public promise to give users advanced notice of law enforcement demands, and take appropriate action if necessary.

Update: This press release has been updated to include more information about Google's exceptions to their notification policy, none of which applied to the subpoena targeting Thomas-Johnson. 
 
For the complaints:
https://www.eff.org/document/eff-letter-re-google-notice-california 
https://www.eff.org/document/eff-letter-re-google-notice-new-york 
https://www.eff.org/document/eff-letter-re-google-notice-exhibits
 
For Thomas-Johnson's account of his ordeal: https://www.eff.org/deeplinks/2026/04/google-broke-its-promise-me-now-ice-has-my-data 

For more information on lawless DHS subpoenas: https://www.eff.org/deeplinks/2026/02/open-letter-tech-companies-protect-your-users-lawless-dhs-subpoenas 

Contact: press@eff.org 

Tags: privacyfree speechanonymityDHSsubpoenafederal law enforcementGoogle
Hudson Hongo

【月刊マスコミ評・放送】「構造的性暴力」メディアは終止符を=岩崎 貞明

日本ジャーナリストクラブ(JCJ)
2 days 6 hours ago
 放送業界全体を揺るがせた「フジテレビ問題」発生から一年が過ぎた。タレントによるアナウンサーへの性暴力事件を個人的なトラブルだと軽視した当時の経営陣の判断ミスによるもので、女性やマイノリティの人権を尊重しない傾向は業界全体にはびこっている。 数年前、愛媛県のテレビ局「あいテレビ」が制作・放送していたローカル枠のバラエティ番組で司会を務めていたフリーランスのアナウンサーが、共演者やスタッフから執拗なセクシュアルハラスメントを受け、うつ病になって番組を降板した。アナウンサーは放送..
JCJ

「外国籍職員採用中止をめぐる三重県1万人アンケートは違法だ」 元地方公務員が監査請求

週刊金曜日
2 days 13 hours ago
「差別を傍観してはいけない。差別解消に向けて努力しなければいけない。これは県反差別条例の理念であり、県民の責務です。私はそれを果たしたい」。記者会見で元地方公務員の竹本昇さん(76歳)はこう強調した。  三重県が検討する […]
admin