DOGE: The Data Operation

The Correction

On January 16, 2026, the Department of Justice filed a Notice of Corrections to the court record in AFSCME v. Social Security Administration. The government was acknowledging, eleven months after the fact, that its prior representations to the court about DOGE's access to Social Security data had been inaccurate. ¹

The correction revealed that between March 7 and 17, 2025, DOGE personnel at the SSA had routed agency data through Cloudflare — a commercial server not approved for storing Social Security data and outside the agency's security authorization framework. On March 3, a DOGE SSA member had sent an encrypted, password-protected file containing names and addresses of approximately 1,000 people to the Department of Homeland Security, copying DOGE adviser Steve Davis and a DOGE Department of Labor employee. As of the DOJ filing date, SSA's own CIO had been unable to open the file to determine its contents. The agency could not confirm whether data routed through Cloudflare still existed on that platform. ² ³

The correction matters less for what it revealed than for what it confirmed about the architecture of DOGE's federal data operations: the data had been accessed, copied, and moved before the legal system could respond. A federal judge had issued a temporary restraining order blocking DOGE access to SSA data on March 20, 2025 — seventeen days after the encrypted file was already sent. ¹

The record shows a pattern that repeated across federal agencies throughout 2025. ⁴ ⁵ ⁶ DOGE operated on the speed differential between executive action and institutional response. Personnel were placed in days. Data was accessed in hours. Courts needed weeks to issue temporary restraining orders, months for preliminary injunctions, and the Supreme Court's review came in June — by which time the operational landscape had been transformed.

The question is not whether this was legal. Over a dozen federal courts weighed that question from different angles, reaching different conclusions at different levels of the judiciary. The question is what DOGE actually was. The efficiency narrative — cutting waste, modernizing systems, eliminating redundancy — does not survive contact with the operational record. The Cato Institute, not a body hostile to government reduction, confirmed that "DOGE had no noticeable effect on the trajectory of spending." ⁷ Government spending increased during DOGE's 130-day tenure. ⁷

What DOGE did produce was access — to Treasury's $5 trillion annual payment system, to OPM's records on every federal employee, to SSA's 548 million Social Security Number records, to the IRS Integrated Data Retrieval System, to NLRB case files, to USCIS immigration databases, to DOE nuclear security networks. ⁴ ⁵ ⁸ ⁹ ¹⁰ ¹¹ The Senate Homeland Security and Governmental Affairs Committee's minority staff report — the Peters report, released September 26, 2025 — concluded that DOGE "operates outside of, and even counter to, federal law," identifying likely violations of the Privacy Act of 1974, the E-Government Act of 2002, the Federal Information Security Modernization Act, the Federal Records Act, and potentially the Computer Fraud and Abuse Act. ¹²

A Note on Sources

This account draws primarily on the Senate HSGAC Minority Staff Report (the Peters report, September 26, 2025), federal court filings in AFSCME v. SSA and related litigation, whistleblower disclosures filed with the Office of Special Counsel, OGE Form 278 financial disclosures published by ProPublica, and investigative reporting by ProPublica, NPR, FedScoop, Krebs on Security, and CNN. Where specific dollar amounts, dates, or institutional actions appear, they trace to these primary sources. Where we describe patterns, mechanisms, or motivations, we note the inference. Several key facts — including the contents of an encrypted file, the identity of a political advocacy group, and the destination of exfiltrated data — remain unresolved in the public record and are flagged in the section "What We Do Not Know."

The Access Map

The federal government's data architecture is distributed by design. Treasury handles payments. OPM handles personnel. SSA handles identity. IRS handles tax. DHS handles immigration. Each agency maintains its own systems under its own security authorization, its own privacy impact assessments, its own chains of custody. This distribution is not a legacy of bureaucratic inefficiency. It is a structural expression of the Privacy Act of 1974, which restricts how agencies collect, share, and combine personally identifiable information. The silos are load-bearing.

DOGE treated them as obstacles.

Between January and June 2025, DOGE personnel obtained access to databases at Treasury, OPM, SSA, DHS, IRS, DOE, CFPB, USDA, NLRB, and the Education Department. ⁴ ⁵ ⁸ ⁹ ¹⁰ ¹¹ ¹³ ¹⁴ At Treasury, Tom Krause — CEO of Cloud Software Group — replaced career official David Lebryk, who resigned rather than grant DOGE the access it demanded, and was delegated fiscal assistant secretary duties with top secret clearance. ⁴ Marko Elez, a 25-year-old DOGE employee, briefly had edit access to the Bureau of Fiscal Service payment system — the mechanism through which $5 trillion in annual federal payments flow — before Treasury restricted him to read-only. ⁴

At OPM, DOGE accessed personnel databases containing employment histories, SF-86 security clearance questionnaires, medical records, home addresses, bank account information, and biometric data for the entire federal workforce. Brian Bjelde, a SpaceX vice president of human resources, and Amanda Scales, an xAI recruiter, were installed at OPM. ⁵ At the Department of Energy, two DOGE employees — Luke Farritor, 23, a former SpaceX intern, and Adam Ramada, 35, a Miami venture capitalist — received accounts on the classified NNSA Enterprise Secure Network, which contains nuclear weapons design data, and on SIPRNet. Neither had nuclear experience or prior classified access. DOE stated the accounts were never accessed; both departed in February 2025. ¹¹

The Peters report identified what it characterized as an attempted creation of a master database, pooling data from multiple agencies — SSA, Treasury, DHS, State, and DOJ. SSA data appeared in DHS and DOJ projects in atypical formats, suggesting cross-agency data consolidation without the privacy impact assessments or interagency agreements that federal law requires. ¹⁵ DOGE personnel built specialized computers that provided simultaneous access to networks and databases across agencies. Whistleblowers described teams carrying "backpacks full of laptops," each configured with access to a different agency's systems. ¹⁶

House Oversight Committee Democrats documented DOGE feeding private data into unapproved third-party AI systems and using private servers at OPM. ¹⁷ DOGE staff used Signal, Slack, and Google Docs for official communications, circumventing Federal Records Act requirements. ¹⁸ When American Oversight sued for records, the Trump DOJ revealed a two-day retention policy for certain communications. ¹⁹ Key shutdown orders at agencies were given orally with no documentary record, creating what a court characterized as a deliberate discovery vacuum. ²⁰

Consider what this architecture looks like from the inside. You are a career cybersecurity official at a federal agency — SSA, or OPM, or NLRB. You have spent years building security frameworks, implementing access controls, conducting risk assessments, maintaining audit logs. A group of young engineers arrives with administrator-level credentials issued from outside your chain of command. They disable your monitoring tools. They download code libraries to your systems. They access databases you are responsible for protecting. When you raise objections through the channels your training tells you to use, you are reassigned, overruled, or — in the case of SSA IT chief Greg Pearre — physically removed from your office. ²¹ ²²

The institutional logic of this architecture maps onto what political theorists call sovereign exception: the declaration of emergency — "the government is broken," "the system is wasteful" — as a mechanism for suspending the normal procedural constraints that would otherwise prevent the actions being taken. The emergency does not need to be fabricated. Government inefficiency is real. But the declaration performs a specific function: it justifies bypassing the procurement rules, privacy protections, interagency agreements, and security certifications that exist precisely for situations where someone wants fast access to sensitive data. The efficiency framing is the mechanism of depoliticization — presenting what is structurally a concentration of data access as though it were merely a technical modernization project.

A Brookings Institution analysis compared DOGE's data consolidation effort to the post-9/11 Total Information Awareness program, which Congress defunded in 2003 after determining that centralized data surveillance of the civilian population violated constitutional norms. ²³ The difference: TIA was proposed through the institutional process, debated in Congress, subjected to public scrutiny, and ultimately killed. DOGE's data access was established operationally, before any oversight body could evaluate it, and expanded during the window between judicial orders and their appellate review. The speed was the mechanism.

The CIO Key

The mechanism was consistent across agencies: install a DOGE-aligned official in the Chief Information Officer role, then use that role's institutional authority to approve the data access that career security staff had flagged as unacceptable.

At SSA, the mechanism operated twice.

Michael Russo, a technology executive whose entire career had been in hospitality and retail payment systems, was appointed SSA Chief Information Officer on January 30, 2025. The appointment came directly from Frank Bisignano, the Fiserv CEO who had been nominated as SSA Commissioner and was serving as acting head of the agency. Bisignano described a twenty-year industry friendship with Russo. ²⁴ The appointment did not follow a competitive selection process. It was a personal placement by the incoming commissioner into the agency's top technology role.

Russo's prior employer for six-plus years was Shift4 Payments, where he served as Chief Technology Officer. ²⁵ Shift4 processes payments for Starlink, the satellite internet company controlled by Elon Musk — who simultaneously headed DOGE. Shift4's CEO, Jared Isaacman, was nominated as NASA administrator during the same period. ²⁵ At SSA, witnesses described Russo as "evasive" about DOGE access arrangements and reported that he advocated for DOGE personnel to receive access to "everything including source code." Congressional testimony characterized him as reporting operationally to DOGE rather than to SSA's acting commissioner. ²⁵

Russo held the CIO title through late March 2025, then transitioned to a "special advisor on technology modernization" — a role that, records show, retained the authority to authorize data transfers. ²⁴ On June 25, 2025 — nineteen days after the Supreme Court vacated the lower court's TRO on SSA data access — Russo signed the written authorization allowing DOGE-aligned staffer John Solly to upload a full production copy of the NUMIDENT database to an Amazon Web Services virtual private cloud test environment. ²⁶

The NUMIDENT is SSA's master identity database. It contains Social Security Numbers, names, phone numbers, addresses, dates and places of birth, citizenship status, race and ethnicity, and parents' names and Social Security Numbers for every person who has ever been issued an SSN — more than 300 million living Americans and additional records for deceased persons, totaling over 548 million SSNs. ²⁷ SSA's own internal risk assessment, completed June 16, had concluded that copying the NUMIDENT to a cloud environment carried a 35 to 65 percent probability of a data breach with a "catastrophic adverse effect" rating. ²⁸ Russo authorized the transfer nine days after that assessment.

The second CIO was Aram Moghaddassi. Born in February 1999, Moghaddassi graduated from UC Berkeley with a degree in applied mathematics in 2021. He worked at Neuralink from January 2021 to December 2022 as a senior engineer, then joined the Twitter acquisition team in December 2022 and continued as a senior engineer at X Corp through early 2025. An xAI organizational chart from March 2025 listed him as an "xAI Partner." ²⁹ He holds a co-inventor credit on a Neuralink neural signal compression patent granted in July 2025. ²⁹

Moghaddassi was hired as a Department of Labor Policy Advisor at GS-11 on February 18, 2025. He was detailed to SSA from DOL on February 22. He was simultaneously detailed to HHS as an "Executive Engineer" on March 5. He gained read-write access to the SSA PSSNAP system on March 14. He requested access to USCIS immigration verification systems on March 17. ³⁰ He became SSA's fourth Chief Information Officer since January 20, 2025. ³¹ He was twenty-six years old.

On July 25, 2025 — one month after the NUMIDENT had been uploaded to the AWS environment on Russo's authorization — Moghaddassi issued a Provisional Authorization to Operate for that environment. In his written justification, he stated that he had "determined the business need is higher than the security risk." ³² The NUMIDENT had resided in the cloud environment for thirty days before any formal authorization was issued. What access controls existed during that window, and whether any data was queried, copied, or transmitted, has not been established in the public record.

SSA Chief Data Officer Charles Borges filed a whistleblower disclosure with the Office of Special Counsel on August 26, 2025, specifically naming the NUMIDENT cloud transfer. He resigned three days later. ³³

The NUMIDENT was not the only SSA database operation during this period. On April 8, 2025, SSA added more than 6,300 living immigrants to the Death Master File — a federal database used by financial institutions, employers, and government agencies to verify whether an individual is deceased. For this operation, SSA renamed the file the "Ineligible Master File." The list of individuals was provided by DHS and comprised immigrants whose temporary legal status had recently been revoked. The additions were recorded with fabricated death dates. The population included minors; at least one was 13 years old. ²¹

The authorization chain ran from Moghaddassi, who transmitted the DHS list to SSA, through Acting Commissioner Leland Dudek, who signed two memoranda with DHS Secretary Kristi Noem authorizing the operation. Dudek signed despite initially concluding the action was illegal. Greg Pearre, SSA's career IT chief, was physically removed from his office when he refused to execute the plan on the same grounds. ²¹ Moghaddassi characterized the 6,300 individuals as immigrants "homeland security officials had identified as having temporary legal status but who were now either on the terrorist watch list or had FBI criminal records." ²¹ If the Death Master File additions had not been reversed, affected individuals' benefits, bank accounts, and government services would have been suspended or terminated based on the fabricated death records. The Peters report assessed that a worst-case NUMIDENT breach could require re-issuing Social Security Numbers for all 548 million-plus Americans, with cascading effects on banking, employment, healthcare, and housing. ²⁷

The Peters report characterized the SSA sequence as part of a cross-agency template: career cybersecurity officials who raised objections were sidelined or terminated, and DOGE-affiliated personnel were installed as CIOs to approve their own team's access without following standard oversight procedures. ²² The template at SSA — Bisignano appoints Russo, Russo authorizes Solly, Moghaddassi issues the ATO — is a relay: each link in the chain is a different person, but each person's authority derives from the same external network rather than from the institutional chain of command the CIO role was designed to serve.

The NLRB Breach

At the National Labor Relations Board, the pattern was documented in real time by a network security architect who was watching his own monitoring tools be disabled.

Daniel Berulis, an IT specialist at the NLRB, observed the following sequence beginning March 3, 2025: DOGE engineers created accounts with tenant-admin privileges exempt from logging. The accounts used names like "Whitesox, Chicago M." and "Dancehall, Jamaica R." and email addresses including [email protected]. Three external GitHub code libraries were downloaded to NLRB systems, including one designed for "proxy pool rotation for web scraping and brute forcing." Microsoft Azure network watcher was set to "off" by March 5. Alerting and monitoring tools were disabled on March 10. ⁶ ³⁴

Between March 4 and 5, Berulis documented an anomalous spike in outbound data traffic — approximately 10 gigabytes, primarily text files, transferred from the NLRB's NxGen case management system around 3 to 4 AM EST. ³⁵ NxGen contains personal information on union members, witness testimony in labor disputes, trade secrets submitted by employers, and proprietary company data — all held under confidentiality protections foundational to the agency's adjudicatory function.

On March 11, more than twenty login attempts arrived against the newly created DOGE accounts from IP address 83.149.30.186, which geolocates to Primorskiy Krai in Russia's Far East. Many attempts occurred within fifteen minutes of the accounts being created. The attempts used the correct username and password. They were blocked only by the NLRB's standing geolocation policy prohibiting overseas logins. ³⁶ Berulis's disclosure does not assert attribution for the Russian login attempts. It records them as observed events. The proximity to account creation — within minutes, using valid credentials — is a factual detail whose explanation remains unresolved.

The structural conflict embedded in this operation bears stating directly. SpaceX had active NLRB cases at the time of the data access, including case 19-CA-309274. Musk was simultaneously pursuing a constitutional challenge to the NLRB's structure in the Fifth Circuit. ³⁷ NxGen case data potentially included litigation strategy, witness identities, and proprietary information relevant to those proceedings. The person heading DOGE — the organization whose employees accessed NxGen — was the same person whose company was an active respondent before the agency whose data was accessed.

On April 14, 2025, Berulis filed a formal whistleblower disclosure to Congress and the U.S. Office of Special Counsel through Whistleblower Aid, represented by attorney Andrew Bakaj. ³⁸ While preparing the supplemental disclosure, someone affixed a threatening note to Berulis's home door alongside drone-captured photographs showing him walking in his neighborhood. Bakaj confirmed to journalists that the note made direct reference to the specific disclosure then being prepared. ³⁹

Independent forensic analysis by Krebs on Security corroborated key elements of Berulis's disclosure, including the account creation patterns, the code library downloads, and the disabling of monitoring infrastructure. ⁶

The timing of institutional events around the disclosure is documented but not explained. On April 14 — the date of the filing and the date NPR published its account — administrative access was stripped from career NLRB IT staff. On April 16, DOGE personnel visited the NLRB. That same day, NLRB Director Lasharn Hamilton publicly stated there had been no "official" prior DOGE contact with the agency — a characterization that Berulis's disclosure, filed two days earlier, directly contradicts. The qualifier "official" may technically exclude the informal or undocumented access that Berulis documented as occurring outside standard IT provisioning channels. ⁶

The NLRB operation illustrates a feature of the DOGE data access pattern that distinguishes it from conventional government IT modernization. Standard data access involves authorization through a chain of command, logging of all transactions, monitoring of data movement, and incident reporting when anomalies occur. At the NLRB, each of these controls was systematically disabled: authorization bypassed through tenant-owner accounts exempt from normal provisioning; logging turned off by disabling Azure network watcher; monitoring suppressed by disabling alerting tools; and incident reporting halted by the April 3-4 instruction to cease US-CERT notifications. ⁶ ³⁴ The pattern is consistent not with data access for operational purposes — which would benefit from audit trails and monitoring — but with data access designed to leave no institutional record of what was accessed or where it went.

The Temporal Gap

The legal timeline reveals a structural asymmetry that no individual court ruling could resolve.

AFSCME AFL-CIO v. Social Security Administration was filed on February 21, 2025 in the District of Maryland. On March 20, the court issued a temporary restraining order blocking DOGE access to SSA data. ¹ But by March 20, the most consequential data movements had already occurred: the encrypted file had been sent to DHS on March 3. Data had been routed through Cloudflare between March 7 and 17. The TRO addressed future access, but the past access was already a fact.

Four days after the TRO was issued, on March 24, a DOGE SSA team member signed a "Voter Data Agreement" in his capacity as an SSA employee with an unnamed political advocacy group — whose stated aim was to find evidence of voter fraud and overturn election results in specific states by matching state voter rolls against SSA records. The agreement was signed while the TRO was nominally in effect. SSA did not discover it until November 2025 during an unrelated records review. Two Hatch Act referrals were made to the Office of Special Counsel in December 2025. No evidence has emerged that SSA data was actually transferred under the agreement, but the agreement itself — signed by a federal employee using his SSA authority, while a court order restricted that authority — illustrates the gap between judicial orders and operational reality. ⁴⁰

The Supreme Court vacated the TRO on June 6, 2025, ruling in DOGE's favor in two landmark cases. ⁴¹ Within four days, John Solly submitted the request to copy the NUMIDENT to cloud storage. ²⁶ Within nineteen days, Russo authorized the transfer. Within forty-nine days, Moghaddassi issued the Provisional ATO. The data moved faster than the legal system could evaluate whether it should.

The speed differential is structural, not incidental. Executive action operates in hours and days. Judicial review operates in weeks and months. Data access, once established, is irreversible in a way that contract terminations and personnel actions are not — a fired employee can be reinstated, but data already viewed cannot be un-viewed. Decisions already informed by that data cannot be uninformed. The court may rule favorably, but the remedy is structural: it addresses future access while the past access has already established new institutional facts.

The DOJ's January 2026 correction confirmed this dynamic. The government had told the court one thing about DOGE's data access while the operational record showed another. The correction acknowledged the discrepancy but did not — because it could not — undo the access itself. Democracy Forward, representing AFSCME, moved for discovery and depositions. ¹ The Senate Finance Committee demanded answers after the filing revealed SSA could not account for the full extent of data accessed and shared by DOGE personnel. ¹²

At least twenty federal lawsuits challenged DOGE operations across multiple districts. District courts initially blocked access in at least twelve cases, but appellate courts and the Supreme Court consistently reversed those rulings through mid-2025. ⁴² ⁴³ The Fourth Circuit encapsulated the appellate posture: "unconventional does not necessarily equal unconstitutional." ⁴⁴ Congressional oversight was blocked by the Republican majority — the House Oversight Committee voted along party lines to block a subpoena of Musk. ⁴⁵

The Personnel

Whistleblowers described DOGE employees as "mostly young men ages 18 to mid-20s" functioning as "quarterbacking data with ability to change or exfiltrate information without normal oversight." ⁴⁶ Their workspaces were described as guarded and largely empty. They operated across multiple agencies simultaneously without required cybersecurity training or adherence to privacy protocols. ⁴⁶

The profiles of the most widely deployed DOGE employees illustrate the pattern.

Gavin Kliger, 25, a software engineer from Databricks, was appointed Senior Advisor to the OPM Director for Technology and Delivery on January 20, 2025, and simultaneously deployed across at least eight agencies: OPM, CFPB, USAID, USDA, NIH, IRS, FTC, and Voice of America. ⁴⁷ His OGE Form 278 financial disclosure listed his Databricks employment agreement as still current, with vested stock units valued at $1 million to $5 million and a salary and bonus of $251,000. ⁴⁸ At the CFPB, ethics attorneys warned Kliger in writing that he held up to $715,000 in equities that bureau employees are legally prohibited from owning and that he could not participate in agency actions affecting those holdings. Days later, he managed the reduction-in-force that terminated approximately 1,400 of the agency's 1,700 staff. ⁴⁹ A former CFPB general counsel characterized the episode as a likely violation of 18 U.S.C. section 208, the federal criminal conflict-of-interest statute. ⁴⁹ Kliger departed CFPB on May 8, 2025. ⁵⁰

At least 38 of 109 identified DOGE staffers had worked for Musk companies — SpaceX, Tesla, X, Neuralink, xAI, or the Boring Company. ⁵¹ At least six were former Palantir employees, including Gregory Barbaccia, who became federal CIO after a decade at Palantir, and Clark Minor, installed as HHS CIO overseeing Palantir's $405 million contract portfolio at that agency. ⁵¹ Marc Andreessen served as a DOGE recruiter. Shaun Maguire of Sequoia and Founders Fund assisted in hiring. ⁵¹ At least 23 DOGE staff made personnel or contract decisions at agencies regulating their prior employers. ⁵²

The senior leadership structure mirrored the staffing pattern. Thomas Shedd, a former Tesla software engineer of eight years, became director of GSA's Technology Transformation Services and fired the 18F division of technology consultants. Amanda Scales, a former xAI recruiter, was named OPM chief of staff with authority over federal hiring. Ricardo Biasini, a Tesla and Boring Company engineer, became senior adviser to the OPM director. ⁵³ Antonio Gracias, a Tesla and SpaceX board member, served as a DOGE-affiliated staff member at SSA during the NUMIDENT period. ⁵⁴

Moghaddassi's trajectory is the clearest illustration of the multi-agency access pattern. Within his first sixty days in government, he was credentialed at the Department of Labor, SSA, HHS, and DHS. He gained read-write access to SSA's payment system. He requested immigration verification databases. He emailed Florida's deputy chief of staff requesting voter data. He transmitted a DHS list to SSA for the Death Master File operation. He authorized the NUMIDENT cloud transfer. He became CIO of an agency serving 70 million beneficiaries. ³⁰ ⁵⁵ ²¹ ³² The whole arc — from Neuralink intern to custodian of 548 million identity records — took approximately four months.

Analysis of personnel data indicates at least eight DOGE staff members transitioned from temporary advisory roles to permanent embedded government positions. ⁵⁶ In August 2025, all remaining DOGE staff were moved to political positions. ⁵⁷ When DOGE formally disbanded on November 24, 2025 — eight months ahead of its July 2026 charter expiration — OPM Director Scott Kupor confirmed the dissolution, stating DOGE no longer had "centralized leadership." ⁵⁸ The disbanding represented dispersal rather than cessation. DOGE personnel remained embedded across agencies under the White House technology team umbrella. The U.S. Digital Service was planned to expand to 150 staff in 2026, from 89 in 2025. ⁵⁹

The pipeline ran in one direction: from Silicon Valley companies into government roles, from temporary credentials into permanent positions, from advisory capacity into operational authority. The personnel outlasted the organization that placed them. The mechanism that produced their placement — DOGE — dissolved. The institutional positions they occupied did not.

What We Do Not Know

Several critical questions remain unresolved in the public record.

The encrypted, password-protected file transmitted by a DOGE SSA member to DHS on March 3, 2025 — containing names and addresses of approximately 1,000 people — remained inaccessible to SSA's own CIO as of January 2026. Its contents, its recipient at DHS, and any action taken on its data are unknown. ³

As of the same date, SSA could not determine whether Cloudflare had deleted the agency data routed through its commercial servers during March 7 to 17. ² The full scope of cross-agency data matching — what the Peters report characterized as a master database effort pooling SSA, Treasury, DHS, State, and DOJ data — has not been publicly documented. ¹⁵

The political advocacy group that signed the Voter Data Agreement with a DOGE SSA member on March 24 remains unnamed in public filings. True the Vote, which published an "Appeal to DOGE" in March 2025, is suspected but denies involvement. No evidence has emerged that SSA data was actually transferred under the agreement. ⁴⁰ Separately, Moghaddassi emailed the deputy chief of staff for Florida Governor Ron DeSantis from a DHS email account in March 2025, requesting "Florida voter registration and voting data" for "voter fraud" detection. No evidence has emerged that Florida complied. ⁵⁵

The 10 gigabytes of data transferred from the NLRB's NxGen system between March 4 and 5 has no publicly confirmed destination. Congressional and Inspector General investigations have not disclosed whether the data was retained, copied, or forwarded after leaving NLRB systems. ³⁵

The GAO was auditing DOGE data access at OPM, SSA, and Treasury as of late 2025. Those findings have not been published. ⁶⁰

The Legibility Problem

The federal government's distributed data architecture evolved over decades. It reflects specific institutional choices: that the agency collecting information should control how that information is used; that personally identifiable data should not be freely combined across agencies without legal authorization; that the people with authority over tax records should not, as a structural matter, also have access to immigration records, labor dispute files, and nuclear security networks.

James Scott's Seeing Like a State describes the pattern: central authorities impose legibility on complex systems by simplifying them into standardized, readable formats — and in doing so, destroy the informal structures, local knowledge, and protective complexity that made the system function. Scott's examples are forestry monocultures, Soviet collectivization, Le Corbusier's city grids. The mechanism is the same: the complex, messy system that central authority cannot read is replaced by a simplified, standardized system that central authority can.

DOGE's data operations are a direct instance. The distributed, privacy-protecting architecture of federal data — the silos, the separate authorizations, the agency-specific chains of custody — is messy. It is slow. It is, from the perspective of anyone trying to see the whole picture, illegible. DOGE's solution was to create legibility: centralize access, pool databases, install personnel who would approve the consolidation, and act before the institutions designed to prevent consolidation could respond.

The distributed structure was not a bug. The privacy protections embedded in that structure were not bureaucratic inertia. They were the product of specific historical events — Watergate, COINTELPRO, the Church Committee — that revealed what happens when central authority has unimpeded access to the personal data of the population it governs. The Privacy Act of 1974 was written by legislators who had seen the consequences of that access. The distributed architecture was their answer.

DOGE's answer was to vault over it — to declare the system broken, to use that declaration to justify bypassing the protections the system embodied, and to establish access faster than courts, Congress, or career officials could evaluate whether the access should exist.

The operational record shows the sequence. Declare the government dysfunctional. Use the declaration to justify bypassing normal procedural constraints — procurement rules, privacy assessments, security certifications, interagency agreements. Install personnel whose authority derives from the network that placed them, not from the institutional chain of command. Act within the window of suspended process to create new institutional realities — data accessed, personnel fired, databases consolidated, monitoring disabled. Let legal challenges work through channels that operate on a slower timescale. And when DOGE formally dissolves, the personnel remain, the data has been seen, and the institutional knowledge of the career officials who understood the old system has been dispersed.

The efficiency narrative framed this as modernization. The operational record suggests it was legibility — making the federal government's distributed, privacy-protecting data architecture readable to a private network that arrived with its own personnel, its own tools, and its own objectives.

By the time the institutions caught up, the data had been seen. The personnel had been placed. The injunction, when it arrived, protected a door that was already open.

Sources