The Elon Musk-headed Department of Government Efficiency (DOGE) has been grabbing headlines with its rapid slash-and-burn approach to government budget items, but recent actions in U.S. Treasury computer systems have raised particular privacy concerns and triggered a lawsuit from two of the largest federal employee unions as well as a collective suit from 19 state attorneys general. Some government officials and legal experts are claiming that this access to federal data breaches the Privacy Act of 1974 among other regulations.
DOGE campaign confronted with privacy concerns, security risks
DOGE was an election campaign promise from Trump, meant to be a temporary project to identify and remove wasteful federal spending throughout the whole of the government budget. Established by executive order, the agency is not a Congressionally-approved government department and thus there is much legal conflict and uncertainty about what powers and access to federal data it should have.
Because it was announced so late in the Trump campaign, only about three months prior to the election, critics were not sure what to expect from DOGE. The first month of the Trump administration has made clear that Musk and his team essentially have carte blanche to remove federal employees, programs and even entire agencies, all centered on his appointment as a “special government employee” with authority and access that a standard federal employee would not have.
The cuts have been so big and rapid that it is difficult to keep up with all the controversies they have spawned. But much of the action thus far has been centered on the Treasury, and DOGE’s virtual dissolution of the U.S. Agency for International Development (USAID). The lawsuits from the federal employee unions are focused on DOGE’s access to the Treasury’s payment database and associated privacy concerns, and both are centered on accusations of Musk’s agency violating the Privacy Act of 1974 by accessing payment information. The specific point of contention is access to taxpayer refund information, which falls into a category of federal data that enjoys special legal protections.
Similar security and privacy concerns have been raised by members of the Office of Personnel Management (OPM), which has seen employees locked out of key databases by the DOGE team. Some privacy advocates have noted that contractors are sometimes allowed access to these systems but must go through a specific vetting and training process, one that the very young DOGE team (with some members that are 18 and 19 years old) were very unlikely to have been subject to.
However, it remains unclear as to whether Musk and the DOGE team are actually breaking any laws. The president has broad power to grant individuals access to classified information, and the general public does not have visibility into exactly what is being directly accessed. Trump has suggested that the DOGE team may not have direct access to federal data and are merely making recommendations that are then followed up on by his office, to include the firings of government employees. The cuts are almost certain to spawn a number of lawsuits that have the potential to escalate to the Supreme Court when all is said and done.
Web of regulations and statutes governing federal data access complicate the issue
DOGE is temporarily restricted from accessing government payment systems after a third suit, filed by 19 state attorneys general, prompted a federal judge to issue an order blocking them on February 8. That order is only temporary, however, pending a hearing by another judge on February 14. That suit, headed up by New York Attorney General Letitia James, has also cited privacy concerns as a central issue. The order came after Musk was convinced by the filing of the union suits to limit access to systems containing possibly sensitive federal data to two of his DOGE employees, Tom Krause and Marko Elez, who have been granted the same “special government employee” status that Musk holds. Elez was briefly released from DOGE over the weekend when a Wall Street Journal reporter dug up old tweets of his that were potentially racist, but was subsequently reinstated by Musk after vice president JD Vance weighed in on the issue.
Senate lawmakers have also sent White House Chief of Staff Susie Wiles a letter demanding more information about DOGE’s composition and employee backgrounds, including whether those accessing federal data systems have appropriate security clearances. The lawmakers noted that in addition to the taxpayer information privacy concerns, the DOGE team might have access to security clearance files for intelligence personnel that could expose them or clandestine missions they might be involved with.
Some legal observers believe DOGE’s actions go beyond privacy concerns, also possibly violating federal cybersecurity laws such as the Federal Information Security Modernization Act of 2002. If the workers accessing federal systems are unvetted and unqualified, there is a risk that they could do damage while making changes. And it is possible that sensitive federal data has been transferred to commercial servers that are not up to federal cybersecurity standards.
