Defeating the DOGE: EPIC’s Campaign to Repel the Administration’s Attack on Our Privacy

The federal government is no stranger to breaches, but the threat we face now isn’t driven by shadowy hackers: it’s coming from inside the government. On the day of his second inauguration, President Donald Trump signed an Executive Order standing up the Department of Government Efficiency (DOGE). In theory, the Elon Musk-led DOGE was created to address (broadly unsubstantiated) claims of fraud, waste, and abuse of government resources. But since its inception, DOGE personnel have unlawfully forced their way into sensitive databases across the federal government, including at agencies that provide critical services and handle vast stores of sensitive data. This includes the Treasury Department, the Internal Revenue Service, the Office of Personnel Management, the Department of Education, the Social Security Administration, the Department of Health and Human Services, the Department of Housing and Urban Development, the Center for Medicare and Medicaid Services, and many others.

Through these unprecedented database incursions, the DOGE has consolidated access to staggering volumes of sensitive personal data from tens of millions of people—precisely the kind of Big Brother surveillance weapon that federal law prohibits. The more a government entity knows about us, the more it can exert control over us: by building intimate profiles, by revoking benefits, by targeting us for investigation and enforcement, by tracking and harassing us, and by cultivating a climate of fear and suspicion. That’s why Congress has imposed strict limits on the government’s collection and aggregation of personal data through the Privacy Act, the E-Government Act of 2002, the Internal Revenue Code, and other privacy laws.

The DOGE has systematically disregarded these legal safeguards—not to mention our privacy and safety. DOGE personnel have violated restrictions on how data can be used, upended long-established security protocols, handed out gratuitous top-level access to critical systems, and deployed unqualified and untrained personnel to handle untold volumes of personal data. In a short time, the DOGE has inflicted catastrophic damage to the integrity of federal databases of personal data, including wrongly declaring over 4 million still-living people dead. The DOGE’s recklessness is exposing these same databases to potential breach by outside actors and foreign governments—in fact, this may have already happened.

The DOGE and its agency allies are also advancing toward their goal of creating a centralized repository of the sensitive and personal data. Palantir, a firm known for providing the data analysis that powers many of the federal government’s surveillance tools, has reportedly been tapped to carry out the construction of this massive system. This consolidation is driven in particular by President Trump’s follow-on “information silos” executive order, which attempts to eliminate crucial privacy protections and pave the way for a centralized database. And the administration is seeking to round up personal data held by states, too, including Supplemental Nutrition Assistance Program (SNAP) data, Medicaid data, and voter registration information.

Congress has long feared that a central database like this would be used to surveil us and curtail our rights: it was the Johnson Administration’s ill-fated proposal for a national databank that ultimately led to the enactment of the Privacy Act in 1974. When passing bipartisan “computer matching” amendments to the Privacy Act in 1988, Congress specifically included language stating that they should not be construed to authorize consolidating information across agencies or establishing centralized databases of information.

EPIC’s Efforts to Defeat the DOGE

For over 30 years, EPIC has advocated for stronger data privacy and security protections for government information systems, including through our recent comments calling for amendments to strengthen the Privacy Act. As long as privacy abuses by DOGE and other federal agencies continue, EPIC and its allies will not stop fighting to defend privacy and the rule of law.

In February, EPIC and a government worker—working together with counsel from Democracy Forward—filed suit against Treasury, OPM, and the DOGE for their violations of the Privacy Act, the Internal Revenue Code, and the Fifth Amendment right to information privacy. That case is ongoing.

In another case, EPIC and a coalition challenged the U.S. Department of Agriculture’s unlawful demand to states for the personal data of millions of people receiving benefits under the Supplemental Nutrition Assistant Program (SNAP). That case led the USDA to temporarily back down from its data demand—though the threat remains, and the case continues.

EPIC has also been investigating the activities of the DOGE and misuse of federal databases through Freedom of Information Act requests. [AAK1] [JD2] In EPIC v. OPM, we’re fighting for records on the covertly-installed Government-Wide Email System and OPM’s consolidation of information on federal workers. After we filed suit, OPM agreed to begin processing records.

In May, EPIC began investigating the alleged screening of federal worker communications for signs that a worker is critical of President Trump or his administration—a blatant violation of federal workers’ privacy and constitutional rights.