Share this @internewscast.com
Left: Elon Musk reveals his T-shirt displaying “DOGE” to the press while on the South Lawn of the White House in Washington, on Sunday, March 9, 2025 (AP Photo/Jose Luis Magana). Right: President Donald Trump takes a moment during his speech in the Oval Office of the White House, Tuesday, May 20, 2025, in Washington (AP Photo/Alex Brandon).
Although Elon Musk, the billionaire entrepreneur, stepped down from his position as a special government employee under the Trump administration and engaged in a public dispute with President Donald Trump after his departure, he continues to be a prominent figure — and a defendant — in a lawsuit related to significant measures implemented by the Department of Government Efficiency (DOGE), apparently linked to its IT modernization strategies.
On Monday, a federal judge at the U.S. District Court for the Southern District of New York listed the ways in which the Office of Personnel Management (OPM) neglected the Privacy Act safeguards by quickly granting DOGE agents administrative access to systems that held “personal information of tens of millions of Americans.” These permissions were unnecessary for the agents, many of whom were not sufficiently trained or cleared to manage such information.
U.S. District Judge Denise Cote, a Bill Clinton appointee, began by noting that there was a massive cybersecurity breach at OPM as recently as 2015, sparking congressional investigation and resulting in a 2016 House Report outlining best mitigation practices moving forward.
Against this backdrop, coupled with the language of the Privacy Act and the Administrative Procedure Act (APA), Cote sided with plaintiffs AFL-CIO and the American Federation of Government Employees in granting a preliminary injunction, citing the Trump administration’s “illegal activities.”
The judge explained that DOGE and OPM’s IT modernization project is actually “laudable” and not the issue at hand. The problem, instead, was the Trump administration playing fast and loose by granting access to systems containing “confidential PII,” or personally identifiable information surrounding plaintiffs’ “most sensitive private affairs” — such as “social security numbers, health care information, banking information, and information about family members.”
“To be sure, the issue here is not whether OPM IT systems should be modernized. That is an entirely laudable goal and the plaintiffs do not suggest otherwise,” the judge wrote. “Indeed, the Government has been engaged in IT modernization efforts for years. But, as the plaintiffs’ experts have explained, IT modernization does not necessarily require access to confidential PII.”
Even if a group of DOGE agents with access to the systems didn’t actually review PII, the damage was done, Cote said.
“The plaintiffs do not have to make that showing to establish their standing, or even a likelihood of success on the merits. It is the intrusion and not the misuse of the data that constitutes the violation,” the judge said. “Granting improper access to legally protected data is sufficient to demonstrate a harm resembling intrusion upon seclusion, and no further use or review of the data is necessary.”
“The plaintiffs have shown a likelihood of proving at trial that those OPM records were ‘disclosed’ to individuals affiliated with DOGE who were not OPM employees or did not have a need for the records in the performance of their duties at OPM,” Cote added later.
The judge further said there’s “clear evidence” several anonymous DOGE agents “did not need access to the records disclosed to them, much less the administrative access that they were given.”
Calling an OPM IT upgrade through DOGE engineering “laudable” and “uncontroversial” in itself, Cote nonetheless slammed “hasty and chaotic disclosures of OPM systems” and concluded it was “especially unlikely that any DOGE agents ever needed administrative access to any OPM systems.”
The judge said this was a “gross departure from [OPM’s] obligations under the Privacy Act as well as its longstanding cybersecurity practices,” in service of a “rushed” attempt to implement President Trump’s policies.
Writing that “security training was an afterthought” for three of five DOGE engineers with access to systems, Cote said DOGE defendants “were likely participants in many of the illegal activities described in this Opinion.”
After finding that the plaintiffs showed “irreparable harm exists,” Cote criticized the Trump administration for declining to say that “mistakes were made”:
The Government could have acknowledged that in its rush to accomplish a new President’s agenda mistakes were made and established, important protocols were overlooked. It has not. The Government has defended this lawsuit by repeatedly invoking a mantra that it adhered to all established procedures and safeguards. It did not. Without a full-throated recognition that the law and established cybersecurity procedures must be followed, the risk of irreparable harm will continue to exist.
The judge separately ordered the plaintiffs and defendants to “meet and confer regarding the terms” and scope of the injunction and to submit follow-up “proposal(s)” by Thursday at noon.
Read the opinion and order here.
