This was always the reason. The goal – a centralized system with unprecedented access to data about Social Security, taxes, medical diagnoses and other private information – will create a multitude of vulnerabilities, cyber and otherwise.
8 May 2025 – – We really knew the true intent of Elon Musk and Donald Trump 4 weeks ago. That was when it was announced that the U.S. Social Security Administration (SSA) had decided to cut nearly 90% of its regional staff and move all public communication to X – Elon Musk’s social media platform. The SSA will no longer send “Dear Colleague” letters or press releases, cutting off vital information for advocates, seniors, and even its own employees.
What makes this worse? Musk recently sold X’s user data to his AI company, Grok 3, and began merging all of his datasets. That means SSA updates will now be part of a platform actively harvesting data for AI development – obviously raising major privacy red flags, especially for a population that relies on confidentiality and trust.
But as I have written before: this is just impunity in action. Impunity is the mind-set that laws and norms are for suckers. And this impunity is only one part of a broader global trend – some far more serious. In conflicts around the world, attacks on health facilities and civilian structures have increased by 90% in the past five years, and twice as many aid workers have been killed in the last decade as in the one before that. In recent years, civilians account for 84% of war casualties — a 22% point increase from the Cold War period. With no accountability.
That lack of accountability for crimes in all of these places around the globe simply fuels the culture of impunity we see globally. As I said, it’s not just war zones. Impunity is a helpful lens through which to understand the global drift to polycrisis, from climate change to the weakening of democracy. Where corruption runs rampant. Where billionaires can evade taxes, oil companies can misrepresent the severity of the climate crisis, elected politicians subvert the judiciary, and human rights are rolled back.
And Elon Musk is on a roll.
Atlantic Magazine, Politico, The New York Times, The Wall Street Journal, and The Washington Post have done some very detailed analysis on what is happening. I’ll pull just a few points from these sources to give you a big picture.
The Musk-created Department of Government Efficiency (DOGE) was created by Presidential Executive Order and is a unit of the White House, subject to little if any regulation. It has only suffered “road blocks” from law suits made against it in Federal courts, and it had won most of them.
DOGE is racing to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that often violates or disregards core privacy and security protections meant to keep such information safe. Government workers have risked their jobs by leaking internal memos and emails describing why it does.
And much of that harvested data will be used by Musk for his AI development.
The team overseen by Elon Musk is collecting data from across the government, sometimes at the urging of low-level aides, according to multiple federal employees and a former DOGE staffer, who all spoke to the Washington Post and New York Times (who have published the most detailed reports), on the condition of anonymity for fear of reprisals.
The intensifying effort to unify systems into one central hub aims to advance multiple Trump administration priorities, including finding and deporting undocumented immigrants and rooting out fraud in government payments. And it follows a March executive order to eliminate “information silos” as DOGE tries to streamline operations and cut spending. A few specific points from a Washington Post article:
• At several agencies, DOGE officials have sought to merge databases that had long been kept separate, federal workers said. For example, longtime Musk lieutenant Steve Davis told staffers at the Social Security Administration that they would soon start linking various sources of Social Security data for access and analysis, according to a person briefed on the conversations, with a goal of “joining all data across government”.
• But DOGE has also sometimes removed protections around sensitive information – on Social Security numbers, birth dates, employment history, disability records, medical documentation and more. In one instance, a website for a new visa program wasn’t set up behind a protective virtual private network, as would be customary, according to a Department of Homeland Security employee and records. As Politico reported in a separate article, cyber sleuths showed how it could be easily hacked.
The administration’s moves ramp up the risk of exposing data to hackers and other adversaries, according to security analysts, and experts worry that any breaches could erode public confidence in government. Civil rights advocates and some federal employees also worry that the data assembled under DOGE could be used against political foes or for targeted decisions about funding or basic government services. And, in fact, that is already happening.
And the danger is huge. Charles Henderson of security company Coalfire has been quoted in several pieces, putting it all in perspective:
Separation and segmentation is one of the core principles in sound cybersecurity. Putting all your eggs in one basket means I don’t need to go hunting for them. I can just steal the basket. And by not putting the data behind a protective virtual private network, how easy is that?
My military intelligence network tells me that China is the best at this, and there are indications they have already hacked these systems. China has increased its hacking in the United States in recent years, breaching major sensitive data collections at the Federal Office of Personnel Management, stealing files on millions of past and current Federal employees. Not to mention its attack on all of the big U.S. health insurers, and all of the U.S. credit-reporting bureaus. Combining such a tempting target with security shortcuts compounds the risk that China – or other nations – will strike again.
Oh, administration critics are piling up. Last month Democrats asked the inspector general’s office at Social Security to “immediately investigate” whistleblower concerns about how data is being handled, along with DOGE’s plans for “an unprecedented effort to build a massive database”. So far, no response.
And those whistleblowers are revealing that DOGE employees at the Department of Health and Human Services can see not only payment and contractor information, but also Medicaid and Medicare recipients’ Social Security numbers, phone numbers and medical diagnoses. And they are collecting that data on portal drives.
In an affidavit supporting plaintiffs in federal litigation by unions against Social Security, a former government technologist wrote that “the access DOGE is requesting materially increases the risk of hacking and data exploitation”. A court ruling granted a temporary injunction against Social Security that prohibits DOGE from accessing sensitive data, and the case goes to a full hearing very shortly.
Typically, data sharing within the federal government requires multiple steps. That includes legislative permission, public notices of what the government is doing, and “computer matching” agreements between agencies specifying what is to be shared and why. Independent inspectors general also help make sure information is being used appropriately. The point is you want people to have the least amount of access that they absolutely need. So if someone comes in and asks a question, it’s not “here’s the master key”.
There are some combinations of data that are clearly useful. The commission that investigated intelligence failures before the Sept. 11, 2001, terrorist attacks on the World Trade Center and the Pentagon stressed the failures to communicate among intelligence agencies and criminal investigators; in response, Congress created the Department of Homeland Security, in part to merge resources. Still, other attempts to combine sensitive data about Americans were shot down on civil liberties grounds after vigorous public debate. But those walls are coming down.
And that’s the issue. According to whistleblowers across 10 federal agencies, who spoke with the newspapers I listed above on the condition of anonymity out of fear of retribution, the current administration and DOGE are bypassing many normal data-sharing processes. For instance, many agencies are no longer creating records of who accessed or changed information while granting some individuals broader authority over computer systems. DOGE staffers can add new accounts and disable automated tracking logs at several Cabinet departments. Officials who objected were fired, placed on leave or sidelined.
At times, information sharing is tied to specific policy goals, such as pursuing undocumented immigrants. At one previously unreported meeting early last month, the chief information officers at the Departments of Justice, Defense, Treasury, Commerce and Homeland Security were called together and urged to “optimize data sharing” in the pursuit of Mexican drug cartels, according to an emailed invitation.
Often, DOGE appears to be collecting data for the sake of having it. One former DOGE employee said colleagues would return to headquarters triumphant about databases they had accessed, hauling laptops to a war room in the Eisenhower Executive Office Building where Musk had set up shop. What the data had to offer was sometimes beside the point, the former DOGE employee said. They simply were showing off they had “hacked the system”. Other points in the articles:
• At the FBI, a DOGE team urged staff members to combine four siloed buckets of personnel data as quickly as possible, betraying a lack of understanding about what can safely be accomplished on the agency’s aging systems.
• At U.S. Citizenship and Immigration Services, DOGE told staff members to build a system for sharing data internally about applicants to a new visa program for wealthy immigrants, according to a DHS employee and records obtained by the Post. DOGE wants to use the data, which includes applicants’ addresses, birthdays and emails, for an unusual endpoint, the employee said: a public-facing website DOGE set up for the visas.
• DHS staffers cannot identify the location of the server hosting the visa website, the employee said, which violates agency protocol. Normally, before any data transfer involving sensitive personal information, federal employees review and sign documents specifying where the information will be housed at every stage, the employee said. And the Trump visa website lacks other DHS safety precautions, including its own virtual private network behind which staff members could securely access the data.
• At the General Services Administration, political appointees tried to bypass normal safety restraints placed on federal devices, according to two employees who later left. The appointees specifically requested that longtime Tesla employee Thomas Shedd get a federal laptop with its own virtual private network and no security safeguards. (GSA provides administrative and technological support for much of the federal bureaucracy and manages the government’s real estate portfolio.)
Normally, all federal devices would include threat assessment and monitoring programs watched over by IT staff members. But DOGE didn’t want any monitoring.
Experts say the repercussions of the changes DOGE is pushing now will linger well into the future. This threat isn’t just going to exist tomorrow, but it is going to exist for decades to come. Said Albert Cahn, executive director of the Surveillance Technology Oversight Project that is trying to oversight DOGE and build a file on what DOGE is doing:
Whenever we’re thinking about privacy, it’s really hard to un-bake the cake. Data privacy is dead.