EPIC’s Fight Against the Administration’s Privacy Abuses

The federal government is unfortunately no stranger to data breaches, but the threat we face now isn’t driven by shadowy hackers: it’s coming from inside the Administration.

On the day of his second inauguration, President Donald Trump signed an Executive Order standing up the Department of Government Efficiency (DOGE). On the Administration’s telling, the Elon Musk-led DOGE was created to address (broadly unsubstantiated) claims of fraud, waste, and abuse of government resources. But since its inception, DOGE personnel have unlawfully forced their way into sensitive databases across the federal government, including at agencies that provide critical services and handle vast stores of sensitive data. This includes the Treasury Department, the Internal Revenue Service, the Office of Personnel Management, the Department of Education, the Social Security Administration, the Department of Health and Human Services, the Department of Housing and Urban Development, the Center for Medicare and Medicaid Services, and many others.

Through these unprecedented database incursions, the DOGE and its agency allies have consolidated access to staggering volumes of sensitive personal data from tens of millions of people—precisely the kind of Big Brother surveillance weapon that federal law prohibits. The more a government entity knows about us, the more it can exert control over us: by building detailed profiles, revoking benefits, targeting us for investigation and enforcement, tracking and harassing us, and cultivating a climate of fear and suspicion. That’s why Congress has imposed strict limits on the government’s collection and aggregation of personal data through the Privacy Act, the E-Government Act of 2002, the Internal Revenue Code, and other privacy laws.

The DOGE and other agencies have systematically disregarded these legal safeguards—not to mention our privacy and safety. Administration officials have violated restrictions on how data can be used, upended long-established security protocols, handed out gratuitous top-level access to critical systems, and deployed unqualified and untrained personnel to handle untold volumes of personal data. In a short time, the Administration has inflicted catastrophic damage to the integrity of federal databases of personal data, including wrongly declaring over 4 million still-living people dead. The Administration’s recklessness is exposing these same databases to potential breach by outside actors and foreign governments—in fact, these kinds of breaches may have already occurred.

The Administration is also working to build a centralized repository of personal data for use in its ruthless crackdowns on immigrants (and beyond). Palantir, a firm known for providing the data analysis that powers many of the federal government’s surveillance tools, has reportedly been tapped to carry out the construction of this massive system. This consolidation is driven in particular by President Trump’s follow-on “information silos” executive order, which attempts to eliminate crucial privacy protections and pave the way for a centralized database. And the Administration is seeking to round up personal data held by states, too, including Supplemental Nutrition Assistance Program (SNAP) data, Medicaid data, and voter registration information.

Congress has long feared that a central database like this would be used to surveil us and curtail our rights. Indeed, it was the Johnson Administration’s ill-fated proposal for a national databank that ultimately led to the passage of the Privacy Act in 1974. When Congress enacted bipartisan “computer matching” amendments to the Privacy Act in 1988, it emphasized that the law did not authorize broad-scale consolidation of personal data across the government or the establishment of centralized interagency databases of personal data.

EPIC’s Efforts to Fight Federal Privacy Abuses

For over 30 years, EPIC has advocated for stronger data privacy and security protections for government information systems, including through our recent comments calling for amendments to strengthen the Privacy Act. As long as privacy abuses by DOGE and other federal agencies continue, EPIC and its allies will fight to defeat them and defend the rule of law.

In February 2025, EPIC and a government worker—working together with counsel from Democracy Forward—filed suit against Treasury, OPM, and the DOGE for their violations of the Privacy Act, the Internal Revenue Code, and the Fifth Amendment right to information privacy. That case is ongoing.

In May 2025, EPIC and a coalition challenged the U.S. Department of Agriculture’s unlawful demand to states for the personal data of millions of people receiving benefits under the Supplemental Nutrition Assistant Program (SNAP). That case led the USDA to temporarily back down from its data demand—though the threat remains, and the case continues.

EPIC has also been investigating the activities of the DOGE and the misuse of federal databases through Freedom of Information Act requests. In EPIC v. OPM, we’re fighting for records on the covertly-installed Government-Wide Email System and OPM’s consolidation of information on federal workers. Since EPIC filed suit, OPM has begun to turn over responsive records.

In May 2025, EPIC began investigating the alleged screening of federal worker communications for signs that a worker is critical of President Trump or his Administration—a blatant violation of federal workers’ privacy and constitutional rights. That same month, EPIC filed extensive comments advising Rep. Lori Trahan and her fellow members of Congress on how the Privacy Act should be updated to safeguard against future data abuses.

In July 2025, EPIC, Protect Democracy, and EFF collaborated on an amicus brief in California v. Department of Health and Human Services highlighting the harms caused by the bulk disclosure of sensitive Medicaid data to the Department of Homeland Security for use in immigration enforcement.

In September 2025, EPIC joined the League of Women Voters, Citizens for Responsibility and Ethics in Washington, Democracy Forward, and the Fair Elections Center in litigation against the Administration’s unlawful expansion and evisceration of privacy safeguards on the Systematic Alien Verification for Entitlements (SAVE) system. The overhaul of SAVE has inflicted widespread privacy harms and caused untold naturalized and derived citizens to be illegally removed from the voter rolls.