Although Elon Musk may soon step down from leading the Government Efficiency Department (DOGE), the surveillance infrastructure established under his direction is firmly in place. This agency is assembling an extensive national monitoring system for the current U.S. administration, unlike anything previously seen in the country.
The administration could soon gain access to powerful tools enabling it to swiftly uncover compromising information about political opponents or anyone deemed inconvenient. Plans are reportedly underway to scrutinize tax records to locate migrant addresses under investigation—a move that sparked resignations among senior IRS officials due to serious ethical and legal concerns. Additionally, some federal employees have been informed that artificial intelligence is being deployed to scan communications for anti-Musk or anti-administration sentiments, potentially leading to disciplinary actions or dismissals.
This development marks a rapid departure from the long-standing tradition of safeguarding government-held data from misuse. In just its first 100 days, the leadership of DOGE and the administration have dismantled safeguards designed to prevent the creation of dossiers on every U.S. resident. The result resembles a hallmark of authoritarian regimes: comprehensive records on citizens used to suppress dissent.
“This is the nightmare we always feared,” said a civil liberties attorney specializing in AI governance. “A turnkey totalitarian infrastructure is now available for any administration willing to disregard the law.”
In recent months, DOGE teams have collected personal information on U.S. residents from dozens of federal databases and appear to be merging this data into a master database housed within the Department of Homeland Security. A whistleblower recently revealed that this consolidated database combines information from agencies such as the Social Security Administration, the Internal Revenue Service, and the Department of Health and Human Services. Reports also suggest that DOGE personnel have been transporting multiple laptops loaded with data extracted from various agencies.
Privacy advocates have traditionally focused on the extensive data held by major tech companies, which track locations, browsing habits, and online purchases to infer user preferences and behaviors.
However, government records contain far more sensitive details, including income, bank account numbers, employment status, medical conditions, and even gambling habits—information that surpasses what even tech giants possess.
Back in 2009, a Georgetown University law professor coined the term “the database of ruin” to describe a comparable aggregation of data. He warned that nearly everyone in the developed world could be linked to at least one fact in a computerized database that adversaries might exploit for blackmail, discrimination, harassment, or identity theft.
So far, DOGE has not reportedly attempted to access intelligence agencies such as the National Security Agency (NSA), which collects vast amounts of foreign communications and sometimes inadvertently captures those of Americans. Nonetheless, the recent dismissal of the NSA director—allegedly influenced by a prominent internet figure close to the president—adds to concerns.
The creation of a massive government database containing personal data on U.S. residents is both dangerous and likely unlawful. In the 1960s, a similar proposal to consolidate federal records into a national “data bank” sparked public outrage and was ultimately abandoned. This backlash led Congress to enact the 1974 Privacy Act, requiring federal agencies to obtain consent before sharing personal data across departments.
Over 30 lawsuits have since been filed against DOGE, several alleging violations of the Privacy Act. Courts have so far issued rulings limiting DOGE’s access to personally identifiable information from the Social Security Administration and the Treasury Department, though the fate of already collected data remains unclear.
A deeper problem lies in the Privacy Act’s limited enforcement capabilities. It does not empower judges to impose significant fines or swiftly halt illegal activities. Nor does it establish an enforcement agency to investigate privacy breaches beyond judicial reach. Attempts to pass comprehensive privacy legislation with stronger enforcement mechanisms have repeatedly stalled in Congress.
As a result, the United States stands alone among the 38 member countries of the Organisation for Economic Co-operation and Development in lacking a dedicated data protection authority to enforce general privacy laws. In contrast, each European Union country maintains a data protection agency with investigatory powers, regulatory authority, and the ability to impose fines or suspend data processing.
Without a privacy watchdog, Americans must rely on filing Privacy Act requests to learn what data DOGE holds or hope courts rule in their favor in ongoing litigation. Meanwhile, DOGE continues to amass data from federal agencies unchecked.
For example, last month DOGE gained broad access to payroll records for approximately 276,000 federal employees, leading to administrative leave for officials who resisted. This month, a whistleblower from the National Labor Relations Board presented evidence showing a surge in data diversion following DOGE personnel’s arrival.
“No other country would allow an individual like Elon Musk to comb through government databases, collecting personal information on public employees, taxpayers, and veterans,” said a privacy law expert and founder of a nonprofit focused on AI and digital policy. “While numerous U.S. privacy laws exist, they are effective only when enforced by dedicated privacy agencies.”
There is an urgent need to modernize privacy protections by establishing a federal data protection agency with robust investigative and enforcement powers.
However, it is not too late to prevent the full realization of the so-called database of ruin. Congress could defund DOGE, repeal the executive order that created it, or support legislation proposed by senators aimed at strengthening the Privacy Act with meaningful fines and criminal penalties.
This issue should transcend party lines because once such a database exists, no one is immune from having their information—no matter how innocuous—used against them.
