Elon Musk may be stepping back from running the so-called Department of Government Efficiency, but his legacy there is already secured. DOGE is assembling a sprawling domestic surveillance system for the Trump administration — the likes of which we have never seen in the United States.
President Trump could soon have the tools to satisfy his many grievances by swiftly locating compromising information about his political opponents or anyone who simply annoys him. The administration has already declared that it plans to comb through tax records to find the addresses of immigrants it is investigating — a plan so morally and legally challenged, it prompted several top I.R.S. officials to quit in protest. Some federal workers have been told that DOGE is using artificial intelligence to sift through their communications to identify people who harbor anti-Musk or -Trump sentiment (and presumably punish or fire them).
What this amounts to is a stunningly fast reversal of our long history of siloing government data to prevent its misuse. In their first 100 days, Mr. Musk and Mr. Trump have knocked down the barriers that were intended to prevent them from creating dossiers on every U.S. resident. Now they seem to be building a defining feature of many authoritarian regimes: comprehensive files on everyone so they can punish those who protest.
“This is what we were always scared of,” said Kevin Bankston, a longtime civil liberties lawyer and a senior adviser on A.I. governance at the Center for Democracy & Technology, a policy and civil rights organization. “The infrastructure for turnkey totalitarianism is there for an administration willing to break the law.” The infrastructure for turnkey totalitarianism is there for an administration willing to break the law.Kevin Bankston, senior adviser on A.IO. governance at the Center for Democracy & Technology
Over the past 100 days, DOGE teams have grabbed personal data about U.S. residents from dozens of federal databases and are reportedly merging it all into a master database at the Department of Homeland Security.
This month House Democratic lawmakers reported that a whistle-blower had come forward to reveal that the master database will combine data from such federal agencies as the Social Security Administration, the Internal Revenue Service and the Department of Health and Human Services. The whistle-blower also alleged that DOGE workers are filling backpacks with multiple laptops, each one loaded with purloined agency data.
For years, privacy advocates, including me, have obsessed about just how much of our data Big Tech companies possess. They know our locations, monitor our browsing and online shopping histories and use that info to make inferences about our interests and habits.
But government records contain far more sensitive information than even the tech giants possess — our incomes, our bank account numbers, if we were fired, what diseases we have, how much we gamble.
In 2009 the Georgetown law professor Paul Ohm envisioned the assemblage of a DOGE-like amount of data and called it the “database of ruin.” “Almost every person in the developed world can be linked to at least one fact in a computer database that an adversary could use for blackmail, discrimination, harassment or financial or identity theft,” he wrote.
We are not all the way down the rabbit hole yet. It appears that DOGE has not yet tried to scoop up data from the intelligence agencies, such as the National Security Agency, which collect vast amounts of communications between foreigners — and often catch Americans’ communications in their net. (That said, it is not encouraging that the head of the N.S.A. was recently fired, apparently at the behest of an online influencer who is friends with the president.)
Even so, the creation of a huge government database of personal information about U.S. residents is dangerous and very likely against the law. In the 1960s, the Johnson administration proposed combining all of its federal dossiers together into a new national databank.
The administration said it just wanted to eliminate duplicate records and perform statistical analysis, but the public was outraged. The databank was scuttled, and Congress passed the Federal Privacy Act of 1974, which requires federal agencies to obtain consent before disclosing individuals’ data across agencies.
Of the more than 30 lawsuits that involve DOGE, several allege that its data incursions violate the Privacy Act. So far, courts have ruled in th plaintiffs’ favor in two of those cases, issuing orders limiting DOGE’s access to data at the Social Security Administration and Department of Treasury. Both cases are ongoing. While the orders restricted DOGE from obtaining personally identifiable data, it remains unclear what happens with data that has been already collected.
But the deeper problem is that the Privacy Act lacks real teeth. It did not give judges the ability to levy meaningful fines or easily halt illegal actions. It failed to establish an enforcement arm to investigate privacy violations in ways that courts can’t. And since then, Congress hasn’t been able to pass comprehensive privacy laws or create stronger enforcement mechanisms.
That makes the United States the only country in the 38-member Organization for Economic Cooperation and Development without a data protection agency to enforce comprehensive privacy laws.
