DOGE Betrays Foundational Commitments of the Privacy Act of 1974

Under the auspices of the so-called “Department of Government Efficiency,” Elon Musk and former staffers—all recent college and high school graduates—have been given access to agency databases teeming with sensitive personal information. The group has entered the Treasury Department’s payment system, which stores federal tax returns, Social Security numbers, home addresses, and birth dates; the Office of Personnel Management’s system, which contains background checks, medical information, bank account information, and biometric data of current, former, and prospective federal employees, contractors, and family members; and the General Service Administration’s system, which stores similarly sensitive personal data.

Condemnation and lawsuits followed, and rightfully so. No one—not even special government employees—should access agency “systems of records” without proper authorization under the Privacy Act of 1974. Nothing suggests that Musk or his employees have such authority. Privacy Act violations are not trivial. Profound harms to privacy and democracy are at stake.

Congress adopted the Privacy Act of 1974 to address agencies’ computerization of personal data without congressional authorization or safeguards. The Act mandated transparency, accountability, and protections around the collection, use, and sharing of personal data. Federal agencies were allowed to computerize personal information only if doing so was “relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by the executive order of the President.” Sharing personal information outside the agency was permissible only if the agency obtained the person’s written consent or if doing so would be “compatible with the purpose for which the [personal information] was collected.” Agencies were banned from collecting information about people’s First Amendment activities; individuals could access their records to ensure that they were accurate. 

President Gerald Ford described the Privacy Act of 1974 as “an historic beginning” of the codification of “fundamental principles to safeguard personal privacy in the collection and handling of recorded personal information by federal agencies.” (As vice president, Ford served on President Nixon’s Domestic Council Committee on the Right to Privacy.) For President Ford, the law struck a “reasonable balance between the right to be left alone and the interest in society in open government, national defense, foreign policy, law enforcement, and a high quality and trustworthy Federal work force.” He promised that his administration would “act aggressively to protect the right of privacy for every American” and called for “the full support of all Federal personnel in implementing requirements of this legislation.” President Ford echoed his predecessor’s recent radio address about the “American right to privacy.” Just months before his resignation, on Feb. 23, 1974, President Nixon warned: “At no time in the past has our government known so much about so many of its individual citizens. This new knowledge brings with it awesome potential for harm as well as good—and an equally awesome responsibility on those who have that knowledge.” (Yes, the Watergate privacy-violating irony.)

The Privacy Act of 1974 grew out of weeks of hearings on the Hill. Republicans and Democrats agreed that government “databanks” of personal data raised unique dangers. Leading the bipartisan efforts were Sen. Sam J. Ervin (D-N.C.), a Southern Democrat and widely admired constitutional expert, Senator Barry Goldwater (R-Ariz.), the Republican party’s presidential candidate in 1964, Sen. Jacob Javits (R-N.Y), Rep. Barry Goldwater, Jr. (R-Ariz), and Rep. Ed Koch (D-N.Y.). Sen. Javits warned his fellow lawmakers about the “new menaces of computer data banks and indiscriminate government and private sector dossiers.” Sen. Ervin agreed: “Privacy, like many of the other attributes of freedom, can be easiest appreciated when it no longer exists. . . . We should not have to conjure up 1984 or Russian-style totalitarianism to justify protecting our liberties against Government encroachment.”

A resounding theme of the hearings was a fear of bureaucratic overreach. Sen. Goldwater asked: “Where will it end? . . . Will we permit all computerized systems to interlink nationwide so that every detail of our personal lives can be assembled instantly for use by a single bureaucrat or institution?” Sen. Charles H. Percy (R-Ill.) warned:

I hope that we never see the day when a bureaucrat in Washington or Chicago or Los Angeles can use his organization’s computer facilities to assemble a complete dossier or all known information about an individual. But, I fear that is the trend. . . . Federal agencies have become omnivorous fact collectors—gathering, combining, using, and trading information about persons without regard for his or her rights of privacy. Simultaneously, numerous private institutions have also amassed huge files . . . of unprotected information on millions of Americans.

As I showed in “Indiscriminate Data Surveillance” (with co-author Barry Friedman) and “A More Perfect Privacy,” the 93rd Congress was clear eyed about the threats that computer “databanks” of personal data posed to individuals and society. Connecticut Sen. Abraham Ribicoff (D-Conn.) underscored that government files contained information “of a most personal nature”—including outdated, inaccurate, and true details—that, if shared, could undermine people’s employment, education, and housing opportunities. Sen. Ervin warned that computerized dossiers could be used as blacklists, preventing people from bidding on government contracts or obtaining licenses.

Lawmakers warned that no one was safe from potential governmental abuse. As Sen. Birch Bayh (D-Ind) highlighted, everyone, “rich or poor, male or female, right or left in political ideology, whatever one’s cultural style or religious views,” was subject to the “dictatorship of dossiers.” Rep. Don Edwards (D-Calif.), a former navy intelligence officer and FBI special agent, was blunt: “the day of big brother and constant surveillance is already upon us” as “agencies of authority are given unfettered access to these records.” Representative William Alexander, Jr. of Arkansas warned that massive databases of personal data would have a “chilling effect on the exercise of First Amendment rights.” Sen. Goldwater warned that computerized records could be used to “manipulate  . . . social conduct.” Professor Arthur Miller, a recurring witness and author of “The Assault on Privacy: Computers, Databanks, and Dossiers,” testified that “Nineteen eighty-four is not a year, but a state of mind.” In turn, federal law needed to strictly regulate databases of personal information to avoid fulfilling Orwell’s vision.

Musk and his team’s access to agency computerized records is an affront to the purpose, spirit, and words of the Privacy Act of 1974. Musk’s staffers may not have been subject to any vetting, let alone the rigorous vetting necessary for government consultants or employees. The Privacy Act does permit the “routine use” of protected information if such use (including sharing) would be compatible with the reason the information was collected in the first place. In connection with the Privacy Act’s commitments, the Treasury Department and OPM have given notice about situations under which agency employees can share records with outside parties and agencies. Were those recognized “routine uses” at play when Musk’s team accessed agency systems of sensitive personal records? What if Musk’s team retrieved people’s records to assess their loyalty to the Trump agenda? What will Musk’s team do with the personal data stored in these highly sensitive systems of records? Will those records be used to carry out retribution that the President has promised? Retribution or loyalty tests have nothing to do with the purpose for which agencies collected that data.

Asking these questions helps answer them. We do not have any assurance that Musk’s team has been vetted or has a congressionally authorized reason to access our personal data. We are bearing witness to the kind of power grab, abuse, and overreach that the Privacy Act of 1974 was passed to prevent.

The 93rd Congress foresaw the dangers to privacy and democracy before our eyes. Personal data stored in agency systems is supposed to be safeguarded so individuals can carry on free from fear that their personal data might land them on a blacklist, as Sen. Ervin warned. The fear of misuse of our personal data might deter people from filing taxes or applying for licenses, as Representative Alexander feared. Trust in government is at an all-time low. These developments raise the specter of Orwellian control and bureaucratic overreach. Sen. Goldwater’s admonition that “total information is total control” is ringing loudly.

We should keep the insights of the 93rd Congress with us as we assess what happens next. A federal district judge has granted temporary injunctive relief to two-Musk employees who are allegedly “special government employees” of the Treasury Department, which allows them to access the agency’s system of records but prevents them from sharing those records with anyone else. (Already one of the two individuals has resigned after journalists discovered his white nationalist posts on X.) That lawsuit, brought by a coalition of labor unions, alleges Privacy Act violations. More suits will follow. Stay tuned.