TL;DR:

  • What: Between March and April 2026, the DOJ subpoenaed Apple, Google, Amazon, and Walmart to hand over the identities, addresses, and purchase histories of over 100,000 people who downloaded or bought EZ Lynk's Auto Agent app and hardware [1][2]
  • Why: The DOJ sued EZ Lynk in 2021, alleging its OBD-II diagnostic tool helped users disable emissions controls in violation of the Clean Air Act. Now the government wants to identify every customer, not just the ones it has evidence against [1][2][3]
  • The government's argument: Users "no longer have a cognizable privacy interest" in their data because they accepted terms of service when downloading the app [2]
  • The pushback: EZ Lynk's lawyers say the requests "go well beyond the needs of this case and create serious privacy concerns." Apple and Google reportedly plan to challenge the subpoenas [3][4]
  • The precedent: If the DOJ can demand the identity of everyone who downloaded one app because some users broke the law, that logic applies to VPNs, encrypted messengers, cryptocurrency wallets, or any app the government decides is associated with illegal activity

What the DOJ Wants

The subpoenas hit Apple and Google between March and April 2026. The ask: hand over details on anyone who downloaded EZ Lynk's Auto Agent app. Separate subpoenas went to Amazon and Walmart for the names and addresses of people who bought the physical hardware. [1][2]

EZ Lynk makes an OBD-II diagnostic tool, a device that plugs into your car's onboard computer. Shop technicians use it for vehicle diagnostics. Fleet managers use it for electronic logging. Diesel truck owners use it to monitor performance. And yes, some people use it to reflash engine control units after removing emissions components like diesel particulate filters. [2]

That last use is what the DOJ cares about. In 2021, the U.S. Attorney's Office sued EZ Lynk, alleging the company sold "defeat devices" that helped customers violate the Clean Air Act. A judge cleared the case to proceed in August 2025 after rejecting EZ Lynk's Section 230 defense. [1][5]

But the government isn't just going after EZ Lynk. It wants to identify the customers. All of them. Over 100,000 people who downloaded an app or bought a piece of hardware, the vast majority of whom used it for perfectly legal purposes.

"You Agreed to the Terms of Service"

The DOJ's legal position is remarkable in its bluntness. According to court filings, the government argues that users "no longer have a cognizable privacy interest" in their personal data because they accepted EZ Lynk's terms and conditions when downloading the app. [2]

Read that again. The government's position is that clicking "I Agree" on an app's terms of service (the thing you do dozens of times a year without reading) constitutes giving up your privacy rights to the federal government. Not to the app company. To law enforcement.

This isn't how terms of service work. When you accept an app's TOS, you agree to share data with the company under the conditions they specify. You don't consent to the government demanding that company hand over your identity as part of a fishing expedition into whether some of your fellow users broke a different law.

But if a court agrees with the DOJ here, every TOS you've ever clicked becomes a waiver of your Fourth Amendment protections for that data.

This Is 10x the Last Time They Tried This

The DOJ has done this before, at smaller scale. In 2019, Apple and Google were ordered to hand over information on more than 10,000 people who downloaded a gun scope app (Obsidian 4) as part of an export control investigation. [5]

That case set the template. The EZ Lynk demand is ten times larger. And the underlying offense is less severe: Clean Air Act violations, not weapons export controls. The scale is growing. The threshold for using mass identification is dropping.

Compare this to the tools the government already uses for mass identification:

  • Geofence warrants: Demand data on every phone that was near a location at a specific time. Google announced in 2023 it would stop complying with these. The government adapted.
  • Tower dumps: Demand records of every phone that connected to a cell tower during a window. Thousands of people swept up to find one.
  • Keyword warrants: Demand data on everyone who searched for a specific term. Google has received these since at least 2020.

App download subpoenas are the newest addition to this list. And unlike geofence warrants and tower dumps, which at least have geographic and temporal limits, an app download demand has neither. Everyone who ever downloaded the app, everywhere, at any time.

EZ Lynk Isn't Wrong About the Privacy Problem

EZ Lynk is not a sympathetic defendant. The company is incorporated in the Cayman Islands. Some of its users almost certainly do tamper with emissions systems, which is a real environmental problem: diesel trucks with deleted emissions controls can produce 40-100 times the legal limit of nitrogen oxides. The Clean Air Act exists for a reason.

But EZ Lynk's lawyers are right about the subpoena: "These requests for potentially hundreds of thousands of people's PII go well beyond the needs of this case and create serious privacy concerns." [3][4]

The government says it needs the data to "interview witnesses about how EZ Lynk's technology was being used." [1] But the DOJ already has evidence. Court filings show investigators have collected evidence from social media and forums showing users bragging about removing emissions controls. [1] They have the company's own records from the ongoing lawsuit. They have the technical evidence from the devices themselves.

What they don't have (and what they want) is the identity of every single customer, so they can go fishing through 100,000 people to find the ones worth prosecuting. That's not a targeted investigation. That's a dragnet.

If It Works Here, It Works for Any App

The dangerous part of this case isn't the emissions angle. It's the template.

If the DOJ can demand the identity of everyone who downloaded an app because some users used it illegally, the same logic applies to:

  • VPN apps: Some people use VPNs to circumvent legal restrictions or access illegal content. Subpoena the download list.
  • Encrypted messaging apps: Some people use Signal or Telegram for criminal coordination. Subpoena the download list.
  • Cryptocurrency wallets: Some people use crypto for money laundering. Subpoena the download list.
  • Torrent clients: Some people use BitTorrent for copyright infringement. Subpoena the download list.
  • File-sharing apps: Some people share illegal content. Subpoena the download list.

Every app has users who break the law. The question is whether "some users of this software broke the law" justifies identifying all users of that software. If the answer is yes, the app store becomes a surveillance database, a record of everything you've ever been interested in, accessible to federal prosecutors through civil discovery.

What Apple and Google Do Next Matters

Both companies reportedly plan to challenge the subpoenas. [3][4] That's the right move, and it matters beyond this case.

Apple has positioned itself as a privacy-first company. Google has been slowly moving the same direction: killing geofence warrant compliance in 2023, adding end-to-end encryption to more services. If either company caves on a mass app-user identification demand, every privacy commitment they've made becomes conditional.

Amazon and Walmart received separate subpoenas for hardware purchaser data. Neither company has publicly announced whether they plan to fight. Hardware purchase data is arguably even more targeted than app download data: it's tied to a credit card, a shipping address, a real identity. No throwaway email account. No VPN. Just a receipt.

What This Means for You

  • If you use EZ Lynk for legal purposes: The subpoena demands your identity regardless of how you used the tool. There is nothing you can do retroactively to prevent your data from being included in the request. Watch for announcements from Apple or Google about whether they comply or fight.
  • Think about your app download history. Every app you've ever downloaded is a data point a prosecutor could theoretically demand. App stores keep records. Purchase histories are indefinite. The government's argument (that TOS acceptance waives privacy) would apply to all of them.
  • Support the legal challenges. Organizations like EFF and ACLU regularly file amicus briefs in cases that set mass surveillance precedents. This is one of those cases. The outcome will determine whether "download an app" becomes "join a list the government can access."
  • Watch the precedent, not just the case. Whether EZ Lynk users tampered with emissions controls is a factual question for individual prosecutions. Whether the government can identify 100,000 people to find the ones who did is a constitutional question that affects everyone.

Sources

  1. Gizmodo: "DOJ Is Asking Apple and Google to Hand Over Data on 100,000 Users of a Car App" (May 2026)
  2. The Drive: "DOJ Orders Apple, Google to Hand Over OBDII App User Data in Emissions Probe" (May 2026)
  3. 9to5Mac: "DOJ reportedly demands Apple and Google identify over 100,000 users of car app" (May 15, 2026)
  4. Inc. / Forbes: "Amazon, Apple, and Google Subpoenaed in DOJ Case About Car Emissions" (May 2026)
  5. Carscoops: "The DOJ Wants 100,000 Drivers' Data From Apple And Google Over One Tuning App" (May 2026)