Apple, Google, and Meta handed over data from more than 3.5 million user accounts to the US government over the past decade. When you include Foreign Intelligence Surveillance Act (FISA) requests, that number jumps to 6.7 million. And the pace is accelerating.
New research from Swiss privacy company Proton — published this week and reported by Bloomberg, The Hill, and others — quantifies exactly how much Big Tech has become a pipeline for government surveillance. The numbers should concern anyone who uses mainstream cloud services.
The Numbers
Between 2014 and 2024, government data requests to the three largest tech platforms surged 770%. The breakdown by company:
- Apple: 927% increase in disclosed accounts
- Meta: 668% increase
- Google: 557% increase
During the first half of 2025 alone, these three companies provided data on more than 282,000 US-based accounts. In the last 12 months of available data, the US made nearly 500,000 data requests to Google and Meta combined — exceeding all other 14 Eyes Alliance nations put together.
The FISA numbers are even more alarming. Content requests under FISA — which operate with minimal oversight and cannot be legally refused — rose by 2,486% at Meta and 649% at Google over the same period. Apple reported a 443% increase in FISA content requests between 2018 and 2024.
Why These Companies Can’t Say No
The business model is the vulnerability. Meta derives 98% of its revenue from advertising. Google pulls 77% from ads. Both companies collect vast amounts of personal data to power their ad businesses — and that same data is exactly what governments want.
When your cloud provider builds its business on knowing everything about you, government data requests become trivially easy to fulfil. The data is already collected, organised, and searchable. Every email in Gmail, every photo in Google Photos, every file in iCloud, every message on Instagram — it all sits in systems designed to be mined.
Proton’s research also tracked EU requests, which grew by 1,377% over the same period. Germany alone requested data from 77,000 accounts in the second half of 2024, a 2,484% increase since 2014.
Section 702 Expires April 20
This data drop lands at a critical moment. Section 702 of FISA — the provision that allows intelligence agencies to collect communications data on foreign targets and “incidentally” sweep up American data in the process — expires on April 20. That’s two weeks from now.
Congress last reauthorized Section 702 in April 2024, kicking the can down the road for two years. Now the debate is back, and it’s messy.
The bipartisan Government Surveillance Reform Act, introduced in March by Senators Ron Wyden and Mike Lee alongside Representatives Zoe Lofgren and Warren Davidson, would require warrants for accessing Americans’ communications collected under 702, ban government purchases of personal data from data brokers without a warrant, and close the backdoor search loophole that lets agencies query the 702 database for Americans’ information.
Senator Wyden put it bluntly: “Unless Congress passes strong new guardrails to protect Americans’ rights, that information will inevitably be abused.”
But the path forward is unclear. The Congressional Progressive Caucus — 98 House Democrats — voted to oppose any reauthorization without major reforms. About a dozen House Republicans are demanding the same. Meanwhile, the White House wants a clean 18-month extension with no reforms attached.
What the Surveillance Tools Look Like
The Proton report identified several mechanisms governments use to extract data from tech platforms:
- Standard data requests: Law enforcement asks a company for account data, often with a court order but sometimes with just a subpoena
- FISA orders: Secret court orders that companies cannot refuse or publicly disclose in real time
- Geofencing warrants: Requests for data on every device present at a specific location during a specific time
- Search term warrants: Requests for data on everyone who searched for specific terms
- National security letters: FBI-issued demands that come with built-in gag orders
Each of these tools assumes the data exists — and with Big Tech, it almost always does.
Why This Matters
Every piece of data stored with a US tech company is potentially one government request away from being disclosed. That’s not paranoia — it’s what 3.5 million disclosed accounts in a decade proves.
The 770% surge in requests isn’t happening because crime rates increased sevenfold. It’s happening because the data is there, the legal barriers are low, and the companies that hold your information built their businesses on collecting as much of it as possible.
This is the core argument for data sovereignty: where your data is stored, who can access it, and what legal frameworks protect it. Swiss privacy law, for example, doesn’t recognise US FISA orders. European providers operating under GDPR face strict limitations on government access. And services built on end-to-end encryption and zero-knowledge architecture can’t hand over what they can’t read.
If you’re storing files, emails, and personal data with Google, Apple, or Microsoft, you’ve made a choice — even if you didn’t realise it. You’ve chosen to keep your information in systems that are designed to be accessible, stored in jurisdictions that make government access easy, and managed by companies that have no legal or technical basis to refuse.
The alternative is choosing a provider that physically can’t access your data, operates under privacy-first legal frameworks, and isn’t built on an advertising model that requires surveillance by design.
With Section 702’s fate hanging in the balance and data requests climbing year after year, that choice has never been more relevant.