Lambert here: Includes a good compilation of contemporaneous quotes on the Privacy Act from electeds on both sides of the aisle.
Under the auspices of the so-called “Department of Government Efficiency,” Elon Musk and former staffers—all recent college and high school graduates—have been given access to agency databases teeming with sensitive personal information. The group has entered the Treasury Department’s payment system, which stores federal tax returns, Social Security numbers, home addresses, and birth dates; the Office of Personnel Management’s system, which contains background checks, medical information, bank account information, and biometric data of current, former, and prospective federal employees, contractors, and family members; and the General Service Administration’s system, which stores similarly sensitive personal data.
Condemnation and lawsuits followed, and rightfully so. No one—not even special government employees—should access agency “systems of records” without proper authorization under the Privacy Act of 1974. Nothing suggests that Musk or his employees have such authority. Privacy Act violations are not trivial. Profound harms to privacy and democracy are at stake.
Musk and his team’s access to agency computerized records is an affront to the purpose, spirit, and words of the Privacy Act of 1974. Musk’s staffers may not have been subject to any vetting, let alone the rigorous vetting necessary for government consultants or employees. The Privacy Act does permit the “routine use” of protected information if such use (including sharing) would be compatible with the reason the information was collected in the first place. In connection with the Privacy Act’s commitments, the Treasury Department and the Office of Personnel Management have given notice about situations under which agency employees can share records with outside parties and agencies. Were those recognized “routine uses” at play when Musk’s team accessed agency systems of sensitive personal records? What if Musk’s team retrieved people’s records to assess their loyalty to the Trump agenda? What will Musk’s team do with the personal data stored in these highly sensitive systems of records? Will those records be used to carry out retribution that the president has promised? Retribution or loyalty tests have nothing to do with the purpose for which agencies collected that data.
Asking these questions helps answer them. We do not have any assurance that Musk’s team has been vetted or has a congressionally authorized reason to access our personal data. We are bearing witness to the kind of power grab, abuse, and overreach that the Privacy Act of 1974 was passed to prevent.
Add new comment