A subpoena is a legal demand to produce documents (subpoena duces tecum) or to appear and testify (subpoena ad testificandum). Issued by a court, a grand jury, an administrative agency with subpoena power, or in some jurisdictions by attorneys in civil litigation. The standard is generally relevance to an investigation or proceeding, far below the probable-cause standard required for a warrant. The subpoena is the workhorse of compelled disclosure in US legal process.
What it means in practice
The operational difference between a subpoena and a warrant is the depth of what gets produced. A subpoena to a service provider for “subscriber information” reaches metadata: account name, billing records, IP address logs, dates of service, sometimes recipient email addresses. A subpoena cannot generally reach communication content (the Stored Communications Act requires a warrant for content held less than 180 days; unsettled law for older content). The practical operator question is what the provider will produce on a subpoena versus what they will fight or require a warrant for. Apple’s law-enforcement-process documentation publishes the answer for every category of iCloud data; Google publishes equivalent for Gmail and Drive; Meta publishes for Facebook, Instagram, and WhatsApp. Reading those documents tells you what an adversary with a subpoena gets without you ever knowing.
Who it affects, and how
Affects anyone whose data sits with a US service provider in any jurisdiction reachable by US subpoena power. The categories most often subpoenaed: financial institutions (bank statements, wire transfer records), telecom providers (call detail records, cell-site location), email providers (subscriber records, sometimes content with a warrant), social media platforms (account metadata, message metadata, sometimes content), cloud storage providers (file lists, file metadata, sometimes file content). The notification policy varies: many providers will tell you when they receive a subpoena unless legally prohibited (gag order, NSL); some never notify. Apple and Google publish transparency reports with aggregate numbers; the per-account answer is opaque unless the provider chooses to inform.
What you can change today
Two structural moves. First, configure your providers to notify you of legal-process requests where the option exists (Google Account, Microsoft Account, Apple ID all have “important security alerts” settings that include some legal-process flags). Second, minimize what your providers hold: enable Apple Advanced Data Protection so iCloud content is end-to-end encrypted, use Proton Mail for content that must not be subpoena-producible, set retention limits on Slack and Discord and any other channel where work conversations linger past their useful life. The goal is not to defeat lawful process, it is to ensure that what gets produced is what you actually intended to leave behind.