Court Blocks DOGE’s Treasury Access, Adding Credence To CFAA Claims
from the even-more-unauthorized dept
Early Saturday morning a judge imposed an emergency temporary restraining order in response to the State of New York v. Trump litigation. This particular lawsuit was brought by several (blue) state attorney generals against Trump, Secretary of the Treasury Scott Bessent, and the Treasury department itself. The order, in short, tells DOGE to get out of Treasury systems.
[T]he defendants are (i) restrained from granting access to any Treasury Department payment record, payment systems, or any other data systems maintained by the Treasury Department containing personally identifiable information and/or confidential financial information of payees, other than to civil servants with a need for access to perform their job duties within the Bureau of Fiscal Services who have passed all background checks and security clearances and taken all information security training called for in federal statutes and Treasury Department regulations; (ii) restrained from granting access to all political appointees, special government employees, and government employees detailed from an agency outside the Treasury Department, to any Treasury Department payment record, payment systems, or any other data systems maintained by the Treasury Department containing personally identifiable information and/or confidential financial information of payees; and (iii) ordered to direct any person prohibited above from having access to such information, records and systems but who has had access to such information, records, and systems since January 20, 2025, to immediately destroy any and all copies of material downloaded from the Treasury Department’s records and systems, if any[.]
We now watch and wait whether Bessent and his department remove the access that it had allowed DOGE staff to obtain, and whether DOGE staff fully relinquish it. If the former does not happen we will be facing new Constitutional crises, if the Administration refuses to abide by a lawful court order. But while Trump might be perfectly willing to play a game of contempt chicken, Bessent might not be. This order requires him to take these steps, and his boss has no lawful authority to order him to ignore it. Trump could in theory fire him if he does, but the court could also fine or even potentially jail him if he does not. (It also puts any DOJ lawyers in a bind. When they show up to the hearing next week to argue why DOGE should not be further enjoined from working in Treasury’s computer systems they will have a hard time explaining why anyone described by this injunction, which in theory is intended to reach everyone Musk has tasked, had not already left them.) We’ll have to wait to see what happens.
But even at this junction it casts some fresh light on the question of whether a Computer Fraud and Abuse Claim could be brought against Musk or his DOGE team. As I wrote before, the authorization Trump empowered them with to demand the access they took was likely forbidden by law. As such, the access they took was likely “without authorization” for purposes of the CFAA statute. This decision does two things to further that argument.
First, the court recognizes the legitimacy of the argument:
The States’ lawsuit challenges a new policy by the United States Department of the Treasury, at the direction of the President and the Secretary of the Treasury, which, as alleged, expands access to the payment systems of the Bureau of Fiscal Services (BFS) to political appointees and “special government employees.” The States contend that this policy, inter alia, violates the Administrative Procedure Act (“APA”), 5 U.S.C. §§ 551 et seq., in multiple respects; exceeds the statutory authority of the Department of the Treasury; violates the separation of powers doctrine; and violates the Take Care Clause of the United States Constitution. The States seek declaratory and injunctive relief. […] [F]or the reasons given by the States, the States have shown a likelihood of success on the merits of their claims, with the States’ statutory claims presenting as particularly strong.
Second, the court has now imposed a TRO on Trump and Bessent, so even if it could have been argued that they did have authority to grant the access before the TRO, they definitely don’t have the authority to grant it now. Perhaps they could reclaim it in a week, assuming Trump and Bessent are able to prevail at the hearing that is scheduled for February 14 to consider whether the restraining order should be converted into a preliminary injunction, but for right now it’s on at least a short pause, because that’s what TROs do: put things on pause when there’s a likelihood of harm before the parties can finally be heard.
The TRO does not directly bind Musk or any of his DOGErs. So it may not put them, absent more from the court, in jeopardy of contempt if they fail to abide by the order and surrender their access (and also destroy any data they exfiltrated, as the TRO also requires). But it would just further their renegade status for CFAA purposes if they fail to conform with a court order constraining their power to have any sort of access, let alone control, of the Treasury department’s computer systems, when anyone in a position of authority to allow it now must forbid it.
At which point the two main sticking points for whether they can be held liable under the CFAA are who has standing to bring a claim, and whether the Muskers have any defenses or immunities as government employees (assuming they even are, as early reports suggested that some may have just been volunteers, although perhaps that situation has since changed).
That latter issue will be set aside for now, as it may take more analysis to consider what defenses might be available for ostensible government employees. On the other hand, it seems likely that the law reaches rogue employees, or else there might be no law that could, and their government employment would provide no defense or immunity to any personal liability (even if it might afford them a government lawyer to assist with the defense, which is another question requiring more analysis).
But it’s that issue of personal liability that makes the CFAA such an intriguing option as a potential defense against DOGE’s illegitimate attack on the nation’s computer systems. True, the CFAA is a criminal law, and the DOJ is free to prosecute, but no one is expecting the DOJ under Trump and Bondi to take that initiative, plus Trump might also attempt to flex his pardoning power again, even if they did.
But CFAA claims can be brought by others with recognized claims of harm, and potentially also others, like organizations and states, who can stand in for those with those claims of harm. As it is we see the states in their current lawsuit describe how the harm Musk’s control of the Treasury Department’s computers to individuals in those states portends a harm to the states themselves, and these arguments seem extensible to CFAA claims as well.
It is important to note though that (so far) this TRO applies only to DOGE’s incursion on Treasury’s systems, and not OPM’s, USAID’s, or any of the others DOGE has compromised already (or set its sights on). But (a) if the states’ argument could prevail to get Musk and Co. out of this system, it could probably prevail in litigation regarding these other systems, and (b) the intrusion into Treasury’s systems, with all its sensitive financial information, has probably required that most Americans if not all get credit monitoring services, at minimum. In which case there should be plenty of plaintiffs with plenty of damages to claim collectively, even if just in small amounts individually because in aggregate it will be millions, if not more.
It is this potential that may provide some leverage against Musk and his minions and what really to watch for. Because while Trump, and even Musk, can talk big, they need people willing to do their bidding. If those people can become scared of the consequences of complying with their bosses’ demands then perhaps they will think twice. Finding an avenue to make them scared thus is important to do so that we can regain the leverage we need to take back our country from them. After all, it’s the government of the people, by the people, for the people, and we the people, all the people, are supposed to be the boss.
Filed Under: cfaa, data, doge, payment systems, privacy, scott bessent, treasury department, tro, unauthorized access
Comments on “Court Blocks DOGE’s Treasury Access, Adding Credence To CFAA Claims”
I agree with your conclusion,but...
…what happens if Trump/Musk just throw their minions under the bus? We already know that neither of these men have any concept of integrity or loyalty or responsibility; if it comes to it, they’ll treat their minions as disposable, blame them for everything, and abandon them to their fate.
If that comes to pass (and it might not) how does the court effectively constrain Trump/Musk — who will probably be willing to defy any/all court orders because they believe they can’t be and won’t be touched?
Re:
For each underling they throw under a bus, everyone else gets a little less willing to be next.
How low will they go?
Thanks to Trump v. United States (2024), the President is basically a King, not subject to the constraints of law.
The magic words “national security” have been joined with “official duties” to excuse any and all actions taken by the office-holder of the President.
Any court injunction doesn’t apply to TFG. That leaves his minions as subject to fines and jail, except TFG would pardon them all as long as they’re doing President Musk’s bidding.
Re:
This is an inaccurate understanding of that ruling, as Cathy CLEARLY explained in her original post. She’s talking about a civil CFAA claim. Trump v. US was only about criminal claims. And it only applies to Trump, not the DOGE team.
Again, Trump’s pardon power is only for federal criminal offense, not civil.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Trump still has absolute control over the offices and systems, and access to those systems, of the Executive Branch. That’s how the Executive Branch works. It’s all his.
This restraining order is just a road bump, frankly questionable, and likely to go away in one method or another, soon.
Re: Re: Re:
Hey shit for brains, you still think ‘government official’ is spelled out in the constitution?
How about you do some actual basic reading before offering your dumb opinion.
Re: Re:
I think it’s pretty clear they’re approaching a point where they’re just going to ignore court orders (Vance said as much last weekend) but I have to figure there are some lawyers thinking they’d rather not end up like Giuliani or Eastman, and some lower-level henchmen who aren’t enthusiastic about being the first guy to say “No” when a judge orders them to jail for contempt.
Re:
That leaves his minions as subject to fines and jail, except TFG would pardon them all as long as they’re doing President Musk’s bidding.
But how long will he let them sit in jail before he decides if he wants to do anything?
The J6 rioters had plenty of time to think about their actions with some of them only recently getting pardoned. In essence they pissed their livelihoods away and sat in jail. Now they think he’s doing them a favor…
And let’s not forget the ‘We build the Wall’ scheme…the gimped vet and Bannon’s buddy got prison, but Bannon got pardoned.
So sure, he can float the idea of pardons, but for his minions to believe that promise is worth a shit is the epitome of stupidity.
Re:
If you don’t know the difference between civil and criminal claims, or the difference between federal and state jurisdiction, maybe don’t wade into commenting on legal matters.
Re: Re:
I know the meaning of the words “Commander in Chief.”
Re:
Was that case the election?
This is the first hope I’ve had in a while that they’re not going to be able to outright starve the poor and make a new class of poor from the current paycheck-to-paycheck class.
My credit’s frozen and anyone else who can for the next four years should do the same.
One of the (alarmingly many) big questions: will SCOTUS ultimately back the TRO (assuming it gets appealed that far that fast)? Recently they seem to be very bad about giving a rip about constitutional authorities.
Emptywheel.net has been covering these issues as well.
Note that TRO from the SDNY case in front of Judge Paul Engelmayer is in tension with the TRO from the DC case in front of Judge Colleen Kollar-Kotelly:
One calls for the destruction of copies of records that had been made, the other calls for preservation.
On the other hand, Engelmayer’s TRO fully blocks DOGE from Treasury, where the DC TRO allowed read-only access (to data).
The question of access to code may still be up in the air. It seems that Musk’s Boy Wonder at Treasury was using a sandbox of some sort, so Production code may still be unaltered. Engelmayer’s TRO should block access to that as well.
I’d just like to point out that this restraining order is specifically about data containing PII.
This means that the software used to manage the systems is still fair game, even if that includes modifying it so that it redirects PII to somewhere outside the department.
I kinda feel like it’s already too late. If all the data hasn’t been syphoned off to private servers or foreign adversaries, they probably put in backdoors or other malicious hardware or software.
Musk and his kids club should have been shot on sight before they ever even gained access to such sensitive and secure locations and data.