from the DOGE-makes-a-killing dept
This post is about two things: that it looks like DOGE has violated an injunction, at least in spirit if not letter, and why it matters.
The injunction in question arose in the hybrid case, which named both DOGE and agency officials at the Social Security Administration. It began as a TRO issued on March 20, which then became a preliminary injunction on April 17. The district court also refused to stay its enforcement.
The injunction does several things, but most notably it keeps DOGE from accessing identifiable personal information held on Social Security Administration systems except if certain conditions are met. See, for example, this part which generally bars DOGE’s access:
[T]he United States Social Security Administration (“SSA”), Leland Dudek, and Michael Russo and/or his successor (collectively, “SSA Defendants”), and any and all of their agents and employees, and any person working in concert with them, directly or indirectly, are ENJOINED and RESTRAINED from granting access to any SSA system of record containing personally identifiable information (“PII”), as defined in paragraph 9 hereof, or PII obtained, derived, copied, or exposed from any SSA system of record, including, but not limited to, records known as the Enterprise Data Warehouse (“EDW”), Numident, Master Beneficiary Record (“MBR”), Supplemental Security Record (“SSR”), and Treasury Payment Files, to the Department of Government Efficiency (“DOGE”); the United States DOGE Service; the United States DOGE Service Temporary Organization; members of the DOGE Team established at the Social Security Administration, as defined in ¶ 11(a); Elon Musk; Amy Gleason; and/or any DOGE Affiliate(s), as defined in ¶ 11(b)[.]
Then this part describes conditions that must be met before any exception can be made:
3. SSA may provide members of the DOGE Team with access to discrete, particularized, and non-anonymized data, in accordance with the Privacy Act, and in accordance with the conditions set forth herein: SSA must first comply with the provisions in ¶ 2 of this Order and, in addition, SSA must first obtain from the DOGE Team member, in writing, and subject to possible review by the Court, a detailed explanation as to the need for the record and why, for said particular and discrete record, an anonymized or redacted record is not suitable for the specified use. The general and conclusory explanation that the information is needed to search for fraud or waste is not sufficient to establish need.
According to a declaration by Leland Dudek and certification by the government, the Social Security Administration and DOGE are complying with the injunction, although the SSA acknowledged what it described as two “inadvertent” violations during the pendency of the TRO.
While the Temporary Restraining Order was in effect, SSA had two occasions where systems access was inadvertently granted to systems containing PII. In one instance, controls were in place so the access permissions could not actually be used. In the other, the access was granted inadvertently and the agency confirmed that the systems were not actually accessed, and prompt action was taken to remove the access permissions.
But it is difficult to square this certification with news that DOGE has apparently altered the status of millions of people to make the living seem dead, or specifically move the 6000+ immigrants to the dead list. Furthermore, according to some reports, DOGE renamed the Death Master File to the “Ineligible Master File.”
It is of course theoretically possible that the status changes for the millions of people was done via a script, and DOGE never saw the individual records it changed. It is also possible that the deliberate placing of the 6000+ people was done at the direction of SSA leadership and not DOGE, to the extent that it is believable that such decisions could be taken independently of DOGE’s influence – we’ve seen this issue before, where the Trump Administration has tried to get his appointed toadies to “ratify” terrible things DOGE demanded to give them a veneer of legitimacy, even though they still are things they never could have lawfully done themselves under the APA or other operable laws.
But the injunction (and the TRO, which, although it might have varied slightly from the more recent injunction, does not seem to be significantly different in general substance) also restrained DOGE from altering any code, which, if they ran a script or converted a database name, these actions would seem to violate:
All DOGE Defendants, as well as all SSA DOGE Team members and DOGE Affiliates, are ENJOINED and RESTRAINED from accessing, altering, or disclosing any SSA computer or software code.
And as for whether they forced SSA staff to do these things themselves, it’s the forcing that is the issue. The court was very careful to make sure that SSA staff could still conduct business as normal – it’s partly why the injunction was deemed proper and staying of it not, because the agency was in no way harmed since it could still do its regular work – it was only the DOGE misadventures that were being delayed.
To avoid confusion or doubt, this Order expressly applies only to SSA employees working on the DOGE agenda. Employees of SSA who are not involved with the DOGE Team or otherwise involved in the work of the DOGE Team are not subject to the Order. Therefore, this Order has no bearing on the ordinary operations of SSA.
Only it turns out they don’t seem to have been delayed at all.
What the news is reporting happened here is very wrong, in multiple ways. Not only does it seemingly violate the injunction (and presumably also the TRO, which was likely in force when much of what happened happened – and although the TRO might differ in small detail from the later formal injunction, it seems to be largely the same in substance), but it is also wrong on its face to do what DOGE has apparently done and cause people to wrongfully, and without due process, be deprived benefits and more.
These sorts of concerns about harm to the public seem to have been on the court’s mind for quite some time. For instance, while this injunction was being litigated the government said that DOGE needed access to personally identifiable information to root out fraud. But to the court it sounded like what DOGE claimed it needed to do was an unconstitutional fishing expedition:
As I understand [it], the Fraud Detection Project appears to amount to an attempt to uncover fraud, without particular, specific grounds that suggest fraud. With the Privacy Act in mind, as addressed in ECF 49, it is unclear to me why there is any need to disclose PII before there is a basis to believe that fraud has occurred. Therefore, the Supplemental Declaration should also clarify the work of the Fraud Detection Project, to include whether there are known, identifiable instances of fraud for which particular PII is sought. And, if there are no such specific, identifiable instances of fraud, then Mr. Dudek should address the need for the disclosure of non-anonymized data before there is a factual basis to support a belief that fraud has occurred or is occurring.
Although this language does not specifically raise the issue of the Fourth Amendment, it echoes it. Per the Constitution people are to be secure in their private matters (“papers and effects”) unless there is probable cause, which would entitle the government to invade their privacy and conduct a search and seizure with sufficient particularity. And here the court appears to be saying, “Where is your probable cause that would entitle you to invade people’s privacy in the information on these systems? Where is the particularity?” The Fourth Amendment says that the government doesn’t get to rummage through people’s private records to look for a crime; it has to already have probable cause to believe there was one and then it can get a warrant allowing it to go find the proof. Whereas here DOGE was saying they had a “need” to conduct a warrantless search, and the court reminded them that no, they don’t.
But the concerns that the court stood up for in ordering its injunction is why all this Privacy Act litigation is so important. One way the Fourth Amendment stops being a barrier to the government getting access to people’s private affairs is if they consent to it. Here, the government has an awful lot of private data people have consented for it to have because it made sense to give that consent in that context. For instance, if people want social security benefits, it makes sense to consent for the Social Security Administration to have enough information about them to provide that benefit.
The point of the Privacy Act is to make that limited consent possible by providing the statutory barriers to make sure it is limited. People don’t consent that “the government” has access to their private information; they consent that the relevant agency has it for the limited purpose that they need it. The rest of the government doesn’t get to say, “Hey, we don’t need a warrant because look! We already have all the data we need!” The Privacy Act essentially says the government only “has” the data insofar as the public has consented for it to have it for the limited purpose it was needed and makes it illegal for any agency to share it with other parts of the government, even though technically it could.
Here, DOGE (and also the corrupt leadership of the agency) is trying to shatter those statutory barriers preventing that sharing, and for exactly the reason that we have them: to cause harm to the public. Which is what courts are noticing and why injunctions are being granted in other DOGE Privacy Act cases. Because, as we see with people wrongfully placed on the “dead” list, when the public’s private information is not shielded from unfettered government access, injustice is what follows.
Filed Under: 4th amendment, data, doge, injunction, leland dudek, social security, tro
