Over the first 100 days of his second administration, President Donald Trump, working in concert with Elon Musk’s DOGE proxy—which it still seems a stretch to consider a bona fide government agency—has unleashed an onslaught against both our foundational democratic concepts and the civil service erected on top. Still, one of the less-noticed attacks on our democracy has been the siloing and use-case restrictions on government-collected data.
Yes, I know. People are being sent to a foreign gulag without charge or evidence. RFK Jr. is chipping away at vaccine development. Trump is about to drive the economy off a cliff. Yet here I am talking about something that sounds like what you’d skim over in your annoying annual security training at work. Perhaps, then, it’d be useful for us to start referring to this more as Trump’s effort to collect a government dossier on nearly every person, nonprofit, and business in the country.
At this point, DOGE has either forced or tried to force access to IRS data systems, Social Security data, Selective Service records, Medicare data, Health and Human Services data, Securities and Exchange Commission data, National Labor Relations Board data, and Education Department student data, among other things, with the ultimate goal to make all these disparate information sources interoperable, either in one centralized system or in some other way that they can be compiled and searched together.
Once more, the notion of immigration enforcement and the amorphous blob of “national security”—which at this point seems to encompass more federal policy areas than it excludes—have been the tip of the spear for an expansion of government powers and the surveillance state. A good chunk of this collection thus far has been reportedly oriented toward the administration’s broader crackdown on immigration, which seems to have led a lot of people to tune it out. Plus, the government already has everyone’s data anyway, right? Who cares if one part of the government versus another gets access?
The problem, of course, is that you provided every piece of this data at different times, to different agencies, for different purposes. Think of it this way: You might give a friend a copy of the key to your apartment so that they can feed your cat while you’re away. That is an authorization for that person to use the key in the ways that you agreed upon for the time that you agreed upon. If they then use your key to set up a meth lab in your living room, no one can plausibly say that you signed off on it simply because they had under certain circumstances been allowed to enter your home.
“When most people think about cybersecurity issues, they think about it in terms of their credit score or getting a computer virus. When we think about this sort of government data aggregation, the historical precedents are the Japanese internment and the use of computer databases during the Third Reich,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project.
Data privacy itself seems to have slowly become a relic of another era, but you can at least in theory take measures to protect yourself from pervasive surveillance from private entities like Meta and Alphabet and Amazon. You cannot, however, do the same when it comes to the federal government. “With DOGE data, when you opt out, it’s a felony; when you don’t submit your tax returns, when you don’t submit your Selective Service registration,” said Fox Cahn. “This is the only area of our lives where you know data is being collected whether we want it or not, and the penalty for protecting your privacy could mean going to jail.”
The obvious issue with the idea that this is all a system primarily for immigration enforcement is that of course it’s everyone’s data being sucked into these mass systems, and you can’t exactly put the genie back in the bottle once the data is desiloed and combined; having these tools lying around would be eminently tempting for an authoritarian administration—an issue that is so predictable that it in fact was predicted by lawmakers decades ago.
“Siloing has been partly sort of an accident; databases and systems evolved separately. But it’s also been deliberate. There is a reason for the Data Matching Act, which was an amendment to the Privacy Act, setting a whole series of restrictions that DOGE has flagrantly violated,” said privacy advocate and blogger Edward Hasbrouck, referencing the Computer Matching and Privacy Protection Act passed all the way back in 1988. Among other things, the law requires the government to notify individuals if their data is being matched in federal databases and verify if the data is accurate before taking any “adverse action” as a result, which the administration is obviously ignoring.
Trump’s own March 20 executive order on “stopping waste, fraud, and abuse by eliminating information silos” is specifically geared toward making “all unclassified agency records, data, software systems, and information technology systems” up for grabs to federal officials who want them to advance administration policies, throwing in a laughable nod of doing so “to the maximum extent consistent with law.” If they’re already tossing that bit of the law overboard, does anyone think that the administration won’t reach for the use cases beyond immigration enforcement to target civil society more broadly?
Trump and his cadre have at this point shown themselves willing and able to attack individuals and civil society exclusively and explicitly as a result of their speech and political activity. The cases of Mahmoud Khalil, Rümeysa Öztürk, and Mohsen Mahdawi, among others, have been lumped under the broad banner of immigration enforcement, but immigration is merely the convenient mechanism by which their speech has been punished. None is accused of violating any immigration laws besides the provision on U.S. foreign policy interests that the administration is tortuously twisting into a broad prohibition on pro-Palestinian advocacy.
In the targeting of academic institutions, nonprofits, and law firms, the administration has been just as open about the fact that it will bring the weight of the federal government down to bear on those that are advancing oppositional or even just disfavored political agendas. It doesn’t take much imagination to tease out what form this obsession with regulating acceptable speech and political organizing could take if the Trump team could, with a few keystrokes, pull up a person’s health records, tax records, business associations, registrations, and so on.
“AI is making it possible to have the sort of surveillance that once was only targeted at political dissidents, the most high-profile government opponents, and to replicate that level of tracking for millions,” said Fox Cahn, pointing to the manpower J. Edgar Hoover once devoted to surveilling Martin Luther King Jr. “There were huge efforts to track the members of political dissident groups, and now you can use weaponized tax data to figure out the identities of donors to nearly every major political and social organization in the country.”
In a few cases, DOGE has been sued over access to individual data streams. Even as Trump and Musk are already pretty clearly violating the law, Senators Ron Wyden and Ed Markey are now trying to reinforce data protections with a new bill that would clarify routine data uses, increase penalties for misuse, and expand the ability of courts to stop these data-collection and matching programs as they’re litigated. As Wyden told The New Republic, “No one in the United States should have to worry that the government will illegally weaponize their private information against them. But Trump’s administration is violating every law on the books to pillage Americans’ financial information, medical histories, and other private data.”
Hasbrouck points out that, as has long been the case with faulty facial recognition technology, part of the danger is not only that the technologies will work perfectly but that they will not. “Some of the worst things that we’re seeing happening are ultimately traceable back to the misfits between data that’s being used for a purpose it’s not fit for,” he said, pointing specifically to the case of the administration’s abrupt cancellations of reportedly thousands of student visas in a way that was rumored to be algorithmic. “It’s obvious that what happened was that some kind of visa database was matched against [the FBI’s National Crime Information Center database] on the erroneous assumption that NCIC was an authoritative, accurate database of everybody who has a criminal conviction, which it isn’t.”
After hundreds of lawsuits, the administration was forced to reverse course on the cancellations but never explained in open court how it picked out the students to target. In general, what is or isn’t happening with this matched data is at this point pretty much a matter of speculation, given that we have a partial picture at best. Revelations have mostly come not from public announcements or official acknowledgments but from court documents, leaks, and diligent reporting—including the laudable work of our colleagues at Wired. The wrecking-ball nature of the administration and DOGE’s fundamental incompetence probably mean that they’re not going to be able to obscure much of what they’re doing, but it’s still not particularly reassuring that what we know we know from mainly unofficial channels.
Who is auditing this? Are records even being kept of when the data is downloaded or modified or combined? Who has access, and do they have read/write power? We have at this point no real insight into what the plan is, or if there is a plan at all except, notably, for the involvement of the Peter Thiel–founded data analytics company Palantir, which has been in the news plenty lately for being increasingly enmeshed in the Trump administration after years building its bona fides as a premier law enforcement and government-adjacent surveillance and data analytics company. Per Wired, the company was contracted to build some kind of “mega API,” or application programming interface, layered atop IRS data, precisely to make it more easily accessible and potentially interoperable.
Palantir’s bread and butter—what has made it an incredibly valuable company and left its founders enormously rich—is not the creation of data per se. The company is not really involved in the business of generating the databases it draws on. No, its technical innovations have been about taking those multiple data streams and stitching them together in ways that make them far more useful for drawing conclusions, building relational webs, and ostensibly predicting where, for example, crimes will be committed.
Hasbrouck worries that other private companies will be compelled to feed the beast, even if they’re not necessarily inclined to do so. “We’ve seen pressure being put on social media companies and media companies generally, publishers, to not be critical of the administration as the price of relaxing enforcement of various laws against them or giving them tariff benefits or whatever,” he said. “What I fear is that companies even outside of the space license-plate-reader aggregators, or Palantir, or whatever—the companies that started out with benign purposes for extensive data collection—may find themselves, or may already be finding themselves, behind the scenes … pressured to collaborate to a greater degree than they have in the past.”
Most authoritarian regimes sustain themselves in large part through broad surveillance and tight control of data flows that can feed into systems of semilegal pressure against potential dissidents and opponents. This is something the DOGE team seems to intuitively grasp, just as it grasps that framing this power grab as an immigration enforcement measure—which, to be clear, is not in itself a good reason or a legal defense—will ward off public scrutiny. We should not fall for it.