Legal experts warn that DOGE’s access to federal data is ‘an absolute nightmare’
Recent actions taken by the Treasury have prompted a lawsuit, and a battle concerning the dissolution of USAID is on the horizon.
TroibNews 
Elon Musk's aggressive attempt to seize control of critical federal agencies and processes—and to dismantle some almost immediately—has raised significant concern in Washington regarding the motivations behind his Donald Trump-backed initiative.
According to legal experts, early actions from this ambiguous office have breached the Privacy Act and cybersecurity regulations, leading to a lawsuit that contests the Trump administration's assault on government infrastructure.
Legal and security experts express particular alarm over Musk's plan to close the U.S. Agency for International Development and take charge of the Treasury Department's primary payments database.
“The scale here is unprecedented in terms of the risk to sensitive personal and financial information,” said Alan Butler of the Electronic Privacy Information Center. “It’s an absolute nightmare.”
The attempt to access the Treasury’s extensive payment database prompted a lawsuit on Monday from two major federal employee unions, leaving regulatory lawyers nearly frantic.
Mary Ellen Callahan, former Chief Privacy Officer at the Department of Homeland Security, described DOGE’s access as “a data breach of exponential proportions.” “If we lose control of that data, we've lost control forever,” she emphasized.
The lawsuit, lodged in federal court in Washington by the American Federation of Government Employees and the Service Employees International Union, claims that the Trump administration is violating the Privacy Act of 1974 by sharing payment data with members of the DOGE team.
Other legal experts warn that DOGE’s access may also contravene cybersecurity laws, such as the Federal Information Security Modernization Act of 2002.
Concerns were heightened when reports surfaced that career employees at the Office of Personnel Management had been barred from accessing critical databases by DOGE personnel. A significant OPM database was breached by hackers in 2013, inciting outrage among lawmakers and federal employees, with the U.S. government attributing the hack to China and suggesting the data could be exploited for espionage.
“They're not following the law, they're not following any semblance of best practice, they're just hacking and slashing government IT systems in a way that threatens national security and puts everyone at risk,” Butler stated.
Skepticism also followed Musk's assertions regarding the shutdown of USAID. Established through an executive order by President John F. Kennedy in 1961, USAID was officially created as a federal agency by Congress in 1998, raising doubts about Trump’s authority to eliminate it or effectively merge it into the State Department as Secretary of State Marco Rubio has suggested.
“I think it’s the most clearly unconstitutional act that he’s doing,” remarked Alex Joel, an adjunct professor of law at American University. “He can’t just destroy the whole agency.”
DOGE’s potential access to Treasury's tax data particularly alarmed privacy advocates.
Butler highlighted the likelihood that Treasury systems contain data concerning tax refunds, classified as even more sensitive taxpayer information under federal law.
“That’s almost certainly being violated if you’ve given unauthorized access to 18 or 19 year olds to the Treasury payment system,” Butler pointed out, acknowledging that while contractors can have access, it is contingent on rigorous vetting and training procedures.
“You just can't, like, wave a pen and grant authority to access these sorts of systems. There's actual rules that do govern this,” Butler explained. “It's not that it can't happen. It's that there are processes and procedures in place.”
The risks extend beyond privacy, Butler noted, as granting access untrained individuals could inadvertently disrupt essential federal payment systems.
“Imagine if you just granted some random coder access to a critical system, and they just start going in there and start messing with stuff, and it breaks the system, and then all of a sudden, the US government can't issue payments. That's catastrophic,” Butler warned.
In a White House press briefing on Monday, Trump was ambiguous regarding Musk’s access, implying that he may not have direct access to Treasury data, despite the recent tensions involving DOGE personnel and veteran officials.
“Well, he's got access only to letting people go that he thinks are no good, if we agree with him, and it's only if we agree with him,” Trump explained.
A DOGE spokesperson did not respond immediately to a request for comment.
Presidents possess broad powers to authorize individuals to access classified information, and Trump has worked to streamline the process for acquiring interim clearances compared to his first term.
“There is an argument — not one I would support — that he could direct that DOGE have access to classified information without going through any process and procedure that might be out there,” said Joel, who previously served as a privacy and civil liberties officer for the intelligence community. “I would argue that if he were to do something, he needs to do something that takes into account executive orders that are on the books.”
According to lawyers, however, unclassified information in sensitive systems is governed by various statutes and regulations that the president lacks the clear authority to bypass. Moreover, certain regulations necessitate public notifications that have yet to be made since Trump took office. Additionally, confusion surrounds the classification of DOGE members as government employees, contractors, or outside individuals granted special access.
The ultimate legality of Trump’s plans to close or reorganize USAID will hinge on potential rulings from the Supreme Court, which may address ongoing disputes regarding the president's authority over appropriated funds and the extent of his power to terminate executive branch personnel.
“Some of this is going to be resolved in litigation down the road,” said Paul Larkin of the Heritage Foundation. “There are some aspects of the law that are clear, but they're old and the question is whether the Supreme Court is willing to reconsider them.”
Democratic lawmakers emphasized that any reorganization of USAID must involve Congress.
“Any effort to merge or fold USAID into the Department of State should be, and by law must be, previewed, discussed and approved by Congress,” Senate Foreign Relations Committee Democrats stated in a letter to Rubio on Sunday.
In response to lawmakers on Monday, Rubio appeared to acknowledge Congress's role in the restructuring process the Trump administration plans for USAID. “This letter provides notice and advises you of our intent to initiate consultations with you,” Rubio wrote, whom Trump appointed on Monday as acting administrator of USAID, referring to it as a “review and potential reorganization … consistent with applicable law.”
Lucas Dupont contributed to this report for TROIB News
According to legal experts, early actions from this ambiguous office have breached the Privacy Act and cybersecurity regulations, leading to a lawsuit that contests the Trump administration's assault on government infrastructure.
Legal and security experts express particular alarm over Musk's plan to close the U.S. Agency for International Development and take charge of the Treasury Department's primary payments database.
“The scale here is unprecedented in terms of the risk to sensitive personal and financial information,” said Alan Butler of the Electronic Privacy Information Center. “It’s an absolute nightmare.”
The attempt to access the Treasury’s extensive payment database prompted a lawsuit on Monday from two major federal employee unions, leaving regulatory lawyers nearly frantic.
Mary Ellen Callahan, former Chief Privacy Officer at the Department of Homeland Security, described DOGE’s access as “a data breach of exponential proportions.” “If we lose control of that data, we've lost control forever,” she emphasized.
The lawsuit, lodged in federal court in Washington by the American Federation of Government Employees and the Service Employees International Union, claims that the Trump administration is violating the Privacy Act of 1974 by sharing payment data with members of the DOGE team.
Other legal experts warn that DOGE’s access may also contravene cybersecurity laws, such as the Federal Information Security Modernization Act of 2002.
Concerns were heightened when reports surfaced that career employees at the Office of Personnel Management had been barred from accessing critical databases by DOGE personnel. A significant OPM database was breached by hackers in 2013, inciting outrage among lawmakers and federal employees, with the U.S. government attributing the hack to China and suggesting the data could be exploited for espionage.
“They're not following the law, they're not following any semblance of best practice, they're just hacking and slashing government IT systems in a way that threatens national security and puts everyone at risk,” Butler stated.
Skepticism also followed Musk's assertions regarding the shutdown of USAID. Established through an executive order by President John F. Kennedy in 1961, USAID was officially created as a federal agency by Congress in 1998, raising doubts about Trump’s authority to eliminate it or effectively merge it into the State Department as Secretary of State Marco Rubio has suggested.
“I think it’s the most clearly unconstitutional act that he’s doing,” remarked Alex Joel, an adjunct professor of law at American University. “He can’t just destroy the whole agency.”
DOGE’s potential access to Treasury's tax data particularly alarmed privacy advocates.
Butler highlighted the likelihood that Treasury systems contain data concerning tax refunds, classified as even more sensitive taxpayer information under federal law.
“That’s almost certainly being violated if you’ve given unauthorized access to 18 or 19 year olds to the Treasury payment system,” Butler pointed out, acknowledging that while contractors can have access, it is contingent on rigorous vetting and training procedures.
“You just can't, like, wave a pen and grant authority to access these sorts of systems. There's actual rules that do govern this,” Butler explained. “It's not that it can't happen. It's that there are processes and procedures in place.”
The risks extend beyond privacy, Butler noted, as granting access untrained individuals could inadvertently disrupt essential federal payment systems.
“Imagine if you just granted some random coder access to a critical system, and they just start going in there and start messing with stuff, and it breaks the system, and then all of a sudden, the US government can't issue payments. That's catastrophic,” Butler warned.
In a White House press briefing on Monday, Trump was ambiguous regarding Musk’s access, implying that he may not have direct access to Treasury data, despite the recent tensions involving DOGE personnel and veteran officials.
“Well, he's got access only to letting people go that he thinks are no good, if we agree with him, and it's only if we agree with him,” Trump explained.
A DOGE spokesperson did not respond immediately to a request for comment.
Presidents possess broad powers to authorize individuals to access classified information, and Trump has worked to streamline the process for acquiring interim clearances compared to his first term.
“There is an argument — not one I would support — that he could direct that DOGE have access to classified information without going through any process and procedure that might be out there,” said Joel, who previously served as a privacy and civil liberties officer for the intelligence community. “I would argue that if he were to do something, he needs to do something that takes into account executive orders that are on the books.”
According to lawyers, however, unclassified information in sensitive systems is governed by various statutes and regulations that the president lacks the clear authority to bypass. Moreover, certain regulations necessitate public notifications that have yet to be made since Trump took office. Additionally, confusion surrounds the classification of DOGE members as government employees, contractors, or outside individuals granted special access.
The ultimate legality of Trump’s plans to close or reorganize USAID will hinge on potential rulings from the Supreme Court, which may address ongoing disputes regarding the president's authority over appropriated funds and the extent of his power to terminate executive branch personnel.
“Some of this is going to be resolved in litigation down the road,” said Paul Larkin of the Heritage Foundation. “There are some aspects of the law that are clear, but they're old and the question is whether the Supreme Court is willing to reconsider them.”
Democratic lawmakers emphasized that any reorganization of USAID must involve Congress.
“Any effort to merge or fold USAID into the Department of State should be, and by law must be, previewed, discussed and approved by Congress,” Senate Foreign Relations Committee Democrats stated in a letter to Rubio on Sunday.
In response to lawmakers on Monday, Rubio appeared to acknowledge Congress's role in the restructuring process the Trump administration plans for USAID. “This letter provides notice and advises you of our intent to initiate consultations with you,” Rubio wrote, whom Trump appointed on Monday as acting administrator of USAID, referring to it as a “review and potential reorganization … consistent with applicable law.”
Lucas Dupont contributed to this report for TROIB News
