How the government is working to consolidate data about you

The federal government knows your mother’s maiden name and your bank account number. The student debt you hold. Your disability status. The company that employs you and the wages you earn there. And that’s just a start.

These intimate details about the personal lives of people who live in the United States are held in disconnected data systems across the federal government — some at the Treasury, some at the Social Security Administration and some at the Department of Education, among other agencies.

The Trump administration is now trying to connect the dots of that disparate information. Last month, President Donald Trump signed an executive order calling for the “consolidation” of these segregated records, raising the prospect of creating a kind of data trove about Americans that the government has never had before, and that members of the president’s own party have historically opposed.

The effort is being driven by Elon Musk, the world’s richest man, and his lieutenants with the Department of Government Efficiency, who have sought access to dozens of databases as they have swept through agencies across the federal government. Along the way, they have elbowed past the objections of career staff, data security protocols, national security experts and legal privacy protections.

So far, the Musk group’s success has varied by agency and sometimes by the day, as differing rulings have come down from federal judges hearing more than a dozen lawsuits challenging the moves. The group has been temporarily blocked from sensitive data at several agencies, including the Social Security Administration. But on Monday, an appeals court reversed a preliminary injunction barring the group’s access at the Treasury, the Department of Education and the Office of Personnel Management.

And this week, the Internal Revenue Service agreed to help the Department of Homeland Security obtain closely held taxpayer data to help identify immigrants for deportation, over the objections of career employees. In the wake of that decision, the acting IRS commissioner and other top officials are preparing to resign.

The categories of information are drawn from 23 data systems holding personal information about the public across eight agencies that Musk’s aides are seeking to access, according to people familiar with their efforts as well as internal documents and court depositions. In all, The New York Times identified more than 300 separate fields of data about people who live in the U.S. contained in these data systems.

If anything, the list is an undercount. Through his executive orders, Trump has sought to grant Musk’s group access to “all unclassified agency records” — a category that leaves out national security secrets but that includes personally sensitive information on virtually everyone in America.

With such data stitched together, Musk and the White House have said they could better hunt for waste, fraud and abuse.

“The way the government is defrauded is that the computer systems don’t talk to each other,” Musk said in a recent Fox News interview. Link the data, he suggested, and the government could identify swindlers who collect aid from one agency when the IRS knows their income is too high or when the Social Security Administration knows their age is too low.

But critics such as privacy groups, public employee unions and immigrant rights associations who have sued to block the group’s data access warn that so much accumulated information could be used for far more than detecting fraud — and would be illegal.

This assembled data, they say, would give the government too much power, including potentially to punish critics and police immigrants. It would create a national security vulnerability that could be targeted by hostile nation states. And it would break a long-standing covenant between the federal government and the U.S. public rooted in privacy laws — that Americans who share their personal data with official agencies can trust that it will be secured and used only for narrow purposes.

Privacy advocates say that all this data could enable the government to punish its political opponents by weaponizing information about an individual’s personal life (bankruptcies, criminal histories, medical claims) or halting the benefits they receive (housing vouchers, retirement checks, food assistance).

“They have not demonstrated a single case in which fraud detection has required some universal governmental access to everybody’s data,” said Rep. Jamie Raskin, D-Md. “In fact, the creation of a monster uniform database of all information on all citizens will be an invitation to fraud and political retaliation against the people.”

That is how personal data is tracked and used in authoritarian states, Raskin added. Both Russia and China stockpile data on their citizens to track opponents and squash dissent of the ruling party in government.

The White House declined to directly address how it would safeguard and use the data it is seeking to consolidate, including whether the administration is trying to create one central database, citing only its focus on fraud.

“Waste, fraud and abuse have been deeply entrenched in our broken system for far too long,” White House spokesperson Harrison Fields said in a statement. “It takes direct access to the system to identify and fix it.”

Technologists warn that trying to match complex data sets to make decisions about government programs — including by using artificial intelligence to identify waste in government spending, as Musk allies have discussed — could produce rampant errors and real-world harm.

And national security experts note that a large collection of data about American citizens would be an enticing target for enemy nation states, hackers and cybercriminals. Countries including China, Russia and Iran have been behind major breaches of U.S. government databases in recent years, U.S. officials have said.

Private companies and data brokers that buy and sell data know plenty about Americans, too. But a crucial difference lies in what the federal government alone can do with that data, privacy advocates say. Google doesn’t control the apparatus of immigration enforcement. Target doesn’t have the power to halt Social Security payments.

“This gets to a fundamental point about privacy: It is not just the question of, ‘Does anyone else in the world know this about me?’” said John Davisson, the director of litigation at the Electronic Privacy Information Center, which has sued the administration to block DOGE’s access to financial data at the Treasury and federal workforce records at the Office of Personnel Management. “It is a question of who knows this about me, and what can they lawfully — or as a practical matter — do with that information?”

Privacy over efficiency

Congress debated that question 50 years ago as it considered passing a law to protect the privacy of Americans’ data in the wake of the Watergate scandal and with the growing computerization of personal records.

“Where will it end?” said Sen. Barry Goldwater, R-Ariz., at the time. “Will we permit all computerized systems to interlink nationwide so that every detail of our personal lives can be assembled instantly for use by a single bureaucrat or institution?”

With the passage of the 1974 Privacy Act, Americans chose privacy over efficiency, said Julian Sanchez, a libertarian privacy scholar.

“We made a very conscious choice to say we’re accepting the costs of inefficiency,” he said, “because if a unified database came into the hands of someone who wanted to put state power to some repressive purpose, their task would be made too easy by that centralization.”

At times, he said, libertarians have been called paranoid for suggesting such a scenario was still realistic in America in the 21st century.

“I think it’s very evident,” he said, “now it is.”

In Trump’s March 20 executive order, he called for “eliminating information silos” across the government. Within 30 days, the order states, “agency heads shall, to the maximum extent consistent with law, rescind or modify all agency guidance that serves as a barrier to the inter- or intra-agency sharing of unclassified information.” The administration has not specified who would be able to view data that gets consolidated across the government, but the order broadly grants wide-ranging access to federal officials “designated by the president or agency heads.”

The president also is targeting information held by states, seeking “unfettered access to comprehensive data” related to programs that receive federal funding.

The White House did not respond to the concerns raised by critics about the risks of pulling these data streams together.

It remains to be seen whether the courts will ultimately permit the administration’s efforts, some of which appear to run counter to the Privacy Act and other laws.

The Privacy Act prohibits agencies from disclosing personal information without your consent. Agencies also generally aren’t supposed to share data across the government for a purpose unrelated to why it was originally collected.

That means, for example, that the government shouldn’t use personal data you handed over to apply for student loans to later carry out immigration enforcement against your parents. Or use information you filed to itemize your tax deductions to later identify you as a supporter of left-leaning causes.

“The government is not necessarily supposed to be thinking creatively about how it can combine all of the information that it has ever collected about you and your family across dozens of databases over the course of your entire life to find out new things about you,” said Aman George, the legal policy director with Democracy Forward, a liberal-leaning legal group that has brought some of the lawsuits against DOGE.

There are some exceptions to legal privacy standards, including for criminal investigations and for government employees who need restricted data to do their lawfully assigned jobs. But courts that have blocked DOGE’s data access, for now, have found that Musk’s team probably doesn’t have such a need given the group’s vague and shifting mandate.

“Instead, the government simply repeats its incantation of a need to modernize the system and uncover fraud,” wrote district Judge Ellen L. Hollander in issuing a temporary restraining order at the Social Security Administration. “Its method of doing so is tantamount to hitting a fly with a sledgehammer.”

The Internal Revenue Code and Social Security Act add even stricter protections to tax data. And other laws have set security standards for maintaining government data and made it a crime to access a government computer or share data without authorization.

Musk’s team, according to Times reporting and court filings, has also targeted dozens of systems that track federal employees, government acquisition and contracting, and government spending to businesses and outside entities while pursuing widespread staff reductions across the bureaucracy.

The cost of wrong results

The notion of connecting government data systems is much harder than it sounds, former officials said.

When the IRS tried to study if it could identify people eligible for the earned-income tax credit about a decade ago, it ran into different programs and data sets using different definitions for “family” and “income,” said Nina Olson, the former national taxpayer advocate at the IRS from 2001 to 2019.

Try matching data across an even wider array of government systems, and the incongruities would multiply.

“The data is not fit for the purpose that you’re trying to use it for,” said Olson, the executive director of the Center for Taxpayer Rights, which is also suing the government. “And you’ll get wrong results, and there’s consequences to those wrong results.”

People could be cut off from benefits or identified for deportation for suspicious indicators that have benign explanations. However, Musk has shown little interest in the details of those explanations. He has repeatedly misrepresented data about dead people and immigrants receiving Social Security. He has suggested something nefarious must explain a surge in tax credits that can be traced to expansions of the child tax credit and pandemic relief.

What happens if a family claiming a tax credit for the first time is flagged for fraud — and has their Medicaid cut off, too?

“What will their resolution process be? Will they act first and deal with the fallout later?” said Elizabeth Laird with the Center for Democracy and Technology. “People who maybe are like, ‘Well, I got notified my data was breached 10 years ago and I’ve been fine’ — I don’t think they’ve been subjected to what we may see this used for.”

This article originally appeared in The New York Times.