When It Comes To DOGE, The Hack Is The Harm And Why There Is Harm
from the litigation-jigsaw-puzzle dept
This post was written on Saturday before news broke that Elon Musk had commanded every single federal employee—including those in the judiciary!—to send a “five things I did last week” email to hr@opm.gov. But even that episode, where Musk and DOGE once again flexed power they don’t lawfully have, and in contact with computer systems and data that they don’t lawfully have access to, just serves as yet one more example of the issues this post was written to discuss.
This post talks about a few things: (1) a small but important win that New York got on Friday, when a court again recognized that what DOGE has been allowed to do at the Treasury department is nuts (and basically illegal), and (2) some issues that are emerging when it comes to demonstrating the standing needed to sue for all the destruction being wreaked across the Executive Branch, why more courts need to recognize that they are not issues that should be derailing these cases, and why all these cases are still, at their core, about Musk and DOGE’s unlawful intrusion into the nation’s most sensitive computer systems.
First the New York case: on Friday the court in New York v. Trump turned the TRO that had been limiting what DOGE could do in the Treasury department into a preliminary injunction. In doing so the court found that the plaintiff states, led by New York, had shown a likelihood of success on their claim that the Treasury department was “arbitrary and capricious” in letting DOGE tear through its systems (and thus violated the APA):
Based upon the factual record developed to date, the Court finds that Plaintiffs will more likely than not succeed in establishing that the agency’s processes for permitting the Treasury DOGE Team access to critical BFS payment systems, with full knowledge of the serious risks that access entailed, was arbitrary and capricious. While it appears that the career staff at BFS did their best to develop what mitigation strategies they could, the inexplicable urgency and time constraints under which they operated all but ensured that the launch of the Treasury DOGE Team was chaotic and haphazard. […] The record is silent as to what vetting or security clearance process [Krause and Elez] went through prior to their appointment. […] The Treasury DOGE Team started its work almost immediately, even though it did not yet have either the HR specialist or the attorney that the E.O. mandated should be members of the team. This left career staff with almost no time to develop their mitigation measures. Within days of [Elez’s] appointment, and apparently after receiving minimal, if any, training regarding the handling of sensitive government information (beyond being instructed to maintain the information on his BFS laptop), Elez was given full access to system source codes. […] Even now, weeks after his departure, the Treasury Department is still reviewing his logs to determine what precisely he accessed and what he did with his access. The Treasury Department also could not confirm whether or not Elez emailed PII or other confidential information to officials outside the Treasury Department.
And then there is the question of under what authority anyone from DOGE had any access at all:
It is also unclear from this record whether the agency established clear reporting lines for the Treasury DOGE Team. Although they are nominally agency employees who sit within the Treasury chain of command, it is notable that they also take instructions from officials at USDS/DOGE. How this works in practice, and the uncertainty this creates as to their status as Treasury employees, calls into question their authority to access Treasury record systems.
So with this new injunction the Treasury department has now basically been ordered to run its department as the law requires, including in how the law requires restricting computer access to certain personnel and only after they have been onboarded properly and with the appropriate vetting. And from the outset that means no one connected with DOGE qualifies:
[The] United States Department of the Treasury and the Secretary of the Treasury are restrained from granting access to any Treasury Department payment record, payment systems, or any other data systems maintained by the Treasury Department containing personally identifiable information and/or confidential financial information of payees to any employee, officer or contractor employed or affiliated with the United States DOGE Service, DOGE, or the DOGE Team established at the Treasury Department, pending further Order of this Court[.]
If the Treasury department wants to give them access, then it’s going to have to do what the law requires before they can, and the court is going to make sure it does:
[B]y Monday, March 24, 2025, the United States Department of the Treasury shall submit a report to this Court: (i) certifying that the Treasury DOGE Team members have been provided with all training that is typically required of individuals granted access to BFS payment systems, including training regarding the federal laws, regulations, and policies governing the handling of personally identifiable information, tax return information, and sensitive financial data, and maintaining the integrity and security of Treasury data and technology, and attesting that any future Treasury DOGE Team member will be provided with this same training prior to being granted access to BFS systems; (ii) certifying the vetting and security clearances processes that members of the Treasury DOGE Team have undergone, and how that vetting process compares with the processes undergone by career employees who have previously been granted access to the BFS payment systems; (iii) describing the mitigation procedures that have been developed to minimize any threats resulting from increased access by members of the Treasury DOGE Team to BFS payment systems; (iv) setting forth the legal authority pursuant to which each DOGE Team member was employed by or detailed to the Treasury Department; and (v) explaining the reporting chains that govern the relationship between the DOGE Team members, USDS/DOGE, and Treasury leadership (with reference, if applicable, to any Memorandum of Understanding setting forth that relationship).
This injunction is a pretty good, albeit narrow, result. It’s good because it gets the job done: it gets DOGE out of the Treasury department, at least in the dangerous, unaccountable way it had been. And it’s good because it is yet more judicial recognition of how dangerous and unaccountable DOGE has been, and in a way that law was unlikely to allow.
The injunction is narrow, however, because the court also rejected most of the claims the plaintiff states had brought, and also many of their claims of standing. And while this rejection doesn’t matter here—in some cases the rejection was probably reasonable, and in any case one claim did stick sufficiently, which was all that was needed—some of the analytical issues that this court struggled with are also tripping up other courts, especially when it comes to them finding the standing needed to give plaintiffs the injunctive relief they need.
All of this litigation we are seeing is something of a jigsaw puzzle, one whose picture is slowly coming together, with lots of different pieces, including a variety of plaintiffs, a variety of claims, and a variety of defendants, and even types of defendants. For instance, we’ve been tracking when Musk and DOGE themselves started to be directly named as defendants, partly because we want them to ultimately be held directly liable for the damage they are causing, but also partly because, for any lawsuit seeking to remediate (or enjoin) a harm, the argument for who was supposed to stop the harm, and why, is different depending on who the defendant is. For instance, it is different to sue an agency and its head for what the agency has done wrong (ex: allowing DOGE to mess with its systems, because it was beyond their own power to allow it) than it is to sue Musk or DOGE for what they are doing wrong (ex: messing with those systems).
In some cases, like AFGE v. OPM, we are seeing a hybrid, and it’s starting to seem like the hybrid approach may be the way to go forward in most cases because it covers both bases and paints a more complete picture of what is going wrong and why injunctive relief is necessary to stop it, and proper to award. Not every court has been convinced, like in AFGE v. Trump, one of the earliest cases to be filed, and one challenging DOGE’s efforts to destroy USAID. Although a TRO was initially granted, and it provided some interim relief, it was only temporary. Last week the court dissolved it and declined to grant a preliminary injunction to keep the agency from trying to fire their own workforce. In declining to grant the sought injunction a significant part of the reasoning was that terminations are normally properly adjudicated via specialized agencies that Congress has established, and that job loss itself wasn’t “irreparable” enough.
But the upshot of this decision is that the court has basically thrust the unions and their employee members into a Kafkaesque nightmare where employees need to be fired first, at which point they will then need to take their claims for wrongful termination (presumably one-at-a-time, instead of collectively as a union), to a different agency tasked with arbitrating federal employment disputes (and which Musk and DOGE have already started to dismantle) to try to get their jobs back. Only then, after this avenue has been exhausted, do USAID employees have any chance to get back to Article III courts to address any of the unconstitutional illegality underpinning the firings and destruction of their agencies in the first place.
Which can’t possibly be the right result, because it would effectively leave them without a remedy for their wrongful termination. The problem is, the statutory scheme that the courts are pointing to, which Congress created to shunt employment disputes to, only makes sense in the context of normal agency operations, which cannot lawfully include dismembering themselves without Congressional authorization. And it certainly cannot include dismembering themselves at the direction of an entirely unlawful power like DOGE or Musk, because of course there were also laws designed to prevent this illegal situation from ever arising. (See for instance recognition by the court in AFL-CIO v. Department of Labor that DOGE may be an improperly-formed agency given the Economy Act of 1932).
What is happeing now if far beyond any sort of HR dispute; it’s the lawless dismantling of government agencies Congress established by law, of which there are myriad consequences, only some of which are experienced in terms of employment. But the goal of all these lawsuits is not just to save the jobs, as in this case, or data privacy, as in others, but to restrain the lawlessness that is causing any of these things (and so much more) to be lost. And addressing that lawlessness is absolutely the purview of the courts—in fact, because they are not Article III courts it may even be inappropriate for these other employment-related agencies to try to address it themselves. These employment-related agencies may ordinarily be able to help employees keep their jobs when an individual firing may be beyond what the law would allow an agency to do, but they can’t fix the real problem that is causing the firings here, at the behest, if not also directly at the hands, of people with no lawful authority to compel them. And it would lead to a bizarre result if Musk and DOGE, as people acting so far beyond the bounds of lawful authority, could then be protected by an actual law now preventing them from being held accountable for it.
In the USAID example, the real problem is not that this agency has suddenly, and independently, decided to destroy itself but that its destruction is clearly being directed by Musk and DOGE, who have no lawful power to do so. They have openly, and repeatedly, bragged about putting the agency into the “woodchipper.” And, as the court in New Mexico v. Musk observed, Musk and his DOGE minions seem to be the supervisory authority governing every contract cancellation, funding freeze, and firing at any agency they have been involved with.
In light of this increasing judicial recognition, Musk and DOGE should from now on probably be named in just about every lawsuit brought to challenge what is happening in the Executive Branch, even if the agency and its real officials are also named, because it appears to be Musk and DOGE’s ultra vires behavior that is at the root of all the harm accruing. It also seems important to name them given all the vagueness and inconsistencies in the government’s declarations about their behavior and what authority it now claims to have behind it, which courts are starting to call out as we also saw in New Mexico. With these declarations it seems like the Trump administration has apparently begun to retroactively try to dot some of the i’s they should have had dotted before Musk and DOGE started acting so radically, like properly hire and vet staff that gets to access Treasury’s computer systems. But it does seem like these efforts are too little too late: even in the case of the Treasury department, discussed above, even if the agency now properly hires all the DOGErs, unaccountable DOGE personnel had still been mucking about in those computer systems for way too long without those formalities being satisfied, and in doing so creating exactly the sort of problems that those formalities were supposed to forestall. Just as they have in every other agency they’ve invaded.
And ultimately it seems like pretty much all the resulting harm being sued over—contract cancellations, funding freezes, or firings—originates from Musk and DOGE’s incursions into the agencies’ computer systems. Which is important to explain to courts, for several reasons.
One is with respect to an issue that has started to come up in some of these lawsuits, addressing how a case called TransUnion applies. TransUnion is a case about “standing.” In general people can only sue when they have standing, or, in other words, an actual (or very likely) injury that is redressable if the court were to give them the relief they want from this particular defendant. So one thing the Trump administration has been trying to do to dismiss all these lawsuits is argue that the plaintiffs bringing them don’t have the standing needed to demand the injunctions they are demanding. And one argument they’ve used in some of the cases addressing the privacy harms resulting from DOGE running rampant through these systems, is that the plaintiffs don’t have the standing that TransUnion says they need to have to complain about the privacy harm DOGE’s actions may have caused.
In TransUnion the Supreme Court wouldn’t let concerns that impermissible data access might lead to harm give the plaintiffs standing to sue for the data breach itself because the possible harm was just too hypothetical. So what the Trump administration is arguing, and come courts, like in EPIC v. OPM, are accepting, is that any worry about data DOGE may have exfiltrated potentially falling into the wrong hands is worry about a harm too hypothetical to entitle anyone to sue over it. In other words, “Yeah, the bad guys might get your data, but they might not, so no standing for you.”
But what this argument misses is that DOGE itself are the bad guys! The bad guys already got the data! Their unauthorized access to it was the exfiltration! The fact that yet more bad guys may also get the data is beyond the point. DOGE’s penetration into these secure systems, gaining access to data that was supposed to be protected against unauthorized access, for all the reasons that it needed to be kept secure from unauthorized access, is why all the people who are now suffering a consequence from that unauthorized access—including their sudden loss of agency employment, without the authorization of Congress—should now have standing to sue to stop that harm.
Because it was only because of that access that such consequences are accruing. Through their unauthorized access to all these agency systems Musk and DOGE got the visibility they needed to be able to direct all the contract cancellations, funding freezes, and firings that they have already directed or yet plan to. We know there is this connection between their destructive demands and the access to these systems they’ve had because they have essentially publicly claimed as much, and because they would not have needed to demand access to these systems in the first place if they could have done their damage to the agencies without it. Even to the extent that agency officials may now seek to launder DOGE’s unconstitutionally destructive demands (like to fire the majority of agency personnel) by implementing them under their own auspices, such ratification of these inherently unconstitutional plans is irretrievably tainted by DOGE’s interference, which was enabled by their illicit intrusion into these agencies’ protected computer systems. That unlawful intrusion was the predicate act from which all the subsequent harms have flowed, and any lawsuits challenging any of this resulting harm probably needs to make that reality prominently clear—and before an Article III court that should be ready to stop it.
Filed Under: doge, elon musk, preliminary injunction, treasury department, tro, usaid
Comments on “When It Comes To DOGE, The Hack Is The Harm And Why There Is Harm”
This comment has been flagged by the community. Click here to show it.
The Media Is The Enemy Of Democracy
Techdirt views the American public as the “bad guys”. If you view the American taxpayers as being “bad” for wanting to see how their money is being spent, then you are a threat to democracy.
Re:
Your act is almost a century old. That’s why none of us take you seriously.
This comment has been flagged by the community. Click here to show it.
Re: Re:
The poll numbers of the legacy media say otherwise!
Re: Re: Re:
So what? Your act is at least as old as the Nazis and equally as vile.
Re: Re: Re:2
FYI, Koby’s act goes back to 1096.
Re: Re: Re:
You’re talking to the wrong audience for that sort of goalpost-shifting, Brave Ser Koby.
Re: Re: Re:
WELL THAT DOES IT! I’M NOT VOTING FOR THE MEDIA NEXT TERM!
Re: Re: Re:
Bruh you’re polling below anal herpes and just above a festering open wound.
Re:
Nope. You don’t get to do your weasel words and propaganda here.
Literally the sentence before (which you conveniently excluded) identified the subject of the statement:
Re:
Seems like you only trust the government (A.K.A. DOGE) to actually give you information.
So why are you here?
This comment has been flagged by the community. Click here to show it.
Re: Re:
When it comes to two groups, where the first entity says “Here, let me look into the numbers and tell you”, and the second one says “Noooooo! Don’t look! Don’t look!!!”, I’m definitely going to trust the first one.
Re: Re: Re:
And you don’t care at all whether they got access to the numbers through legal channels, or whether their access and their distribution of the numbers leaves sensitive data open to collection by hostile entities who could use it to harm other Americans?
Re: Re: Re:
I guess it doesn’t matter to you that they make up the numbers.
Re: Re: Re:
Except DOGE is only feeding you numbers and claims about those numbers it thinks support it’s claims. You aren’t seeing the stuff they aren’t mentioning. And even many instances of what they have released have been proven to be bullshit or their own misunderstandings or math errors. So you can’t even trust what they release.
You’re also missing that people aren’t saying, “don’t look at the numbers.” If a legitimate, authorized, security-cleared government office in charge of accountability and able to investigate fraud were to review the numbers, that’s fine. When you have partisan tech bros who haven’t gone through any training or clearance combing through personal and sensitive information for whatever supports their preconceptions and partisan witch-hunting and they publish their thoughts without vetting or actual investigation, you’re just getting a firehose of bullshit.
You’ve just chosen the fiction you want to hear. Don’t pretend DOGE is about transparency. They’re literally claiming to be FOIA-proof.
Re: Re: Re:2
We could call them “General Inspectors”, or something close to that.
Re: Re: Re:3
Maybe we could create an office to help handle information like this and present it to congress, all this accountability stuff. Maybe call it the Government Accountability Office
Re: Re: Re:
No one’s saying “don’t look.” They’re saying “maybe don’t give access to unaccountable, untrustworthy, shit-for-brains tech bros who don’t know what they’re doing, and who are misinterpreting things they don’t understand, while simultaneously believing they understand things they don’t.
It’s a pretty clear difference that everyone else here understands.
It only calls into question why you don’t understand it.
Re: Re: Re:2
You can’t get him to understand something that would ruin his professional contrarian schtick.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
The experience of the Trump 1.0 administration is that the career bureaucrats at the departments were engaged in rank insubordination, and were actively hiding their payments and reasons for the expenditures from the political appointees. At no point could the existing system be held accountable. DOGE cut the Gordian Knot.
By the way, DOGE is accountable to the President, the same as it has been for the past 12 years. And the American public trusts them MUCH more than the existing bureaucracy. I understand things perfectly, and you just have a bias. I’ll betcha a dollar to a donut that you and your Copia fellows were on the receiving end of the grant money.
Re: Re: Re:3
The question is whether that knot was holding up Chesterson’s Fence.
And that’s a problem when the president considers himself a king who is above the law.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:4
No, it isn’t. The system was designed to stymie publicly elected officials from implementing policy preferences of the American public.
Re: Re: Re:5
How can you know this with the certainty of God if you’re not someone who either worked on or worked with that system in a direct manner?
Re: Re: Re:6
Cue the bullshit claims of being a Federal Government employee in 3, 2, 1…
Re: Re: Re:3
Hey you sign up for one of the DOGE branded cuck chairs they selling? You can watch a bull with an elon face mask tear through your partner like they are a government server.
Re:
No, Techdirt is referring to people in other nations who are hostile towards the U.S. and may use the info they could get their hands on because of DOGE’s malfeasance to harm Americans abroad as “the bad guys”. You refusing to see that as a problem puts you on the same level as MAGA ideologists who think Russia should be allowed to take over Ukraine: unwilling to see the bigger picture because of the narrow frame given to you by your right-wing media sources (including the co-presidents themselves).
This comment has been flagged by the community. Click here to show it.
Re: Re:
What are you worried about? Perhaps Russia will gather up $40 billion worth of Rubles, and flush it down the toilet?
Re: Re: Re:
The lives of Americans in nations where their presence, if known and exposed, would result in harm to (or even the death of) those Americans. You think that’s worth letting Elon Musk play God?
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
Your comments are an admission of the Deep State. USAID’s strayed from its original mission of providing development and health/disaster relief funds, to becoming a hostile undercover psyops. Shut it down.
Re: Re: Re:3
Koby, we’ve talked about this, son. The Deep State doesn’t exist. You need to stop huffing cat piss and come back to reality.
Re: Re: Re:3
You’re totally right bro! STS is a well known reverse vampire who works with both the saucer people AND the mole people!
Re: Re: Re:4
HEY!
…you forgot about the lizard people in the Deep State. 🦎
Re: Re: Re:
Kinda like what both ya bois did with their fortunes?
Re: Re: Re:
You mean how Trump did with taxpayer-owned documents? Careful who you defend, shitstain. Despite Trump’s desires, you’ll soon be on the wrong side of history again now everybody’s learning the problems with the populist vote and abstention.
Re:
Why don’t you fuck off with your defense of the inexcusable, I’m sure you can find likeminded people who abhor reality somewhere else. And that strawman you just regurgitated, it stinks.
And if you really want to see an enemy of democracy, look no further than your mirror.
Re:
I’ll also note the absurdity of Koby’s headline.
The irony is that Koby is referring to the media as some kind of single entity but completely ignores that his own preferred propaganda comes from Trump’s sycophantic media channels.
The media can be an asset to democracy specifically because it operates in opposition to the secrecy of the government. Note that Koby doesn’t actually have the access to know what DOGE is doing, yet he continually proclaims that whatever they’re doing is legal.
I’d also question what Koby thinks democracy is. He appears to think it’s voting that enables an autocratic omnipotent administration that overrides human and constitutional rights.
This comment has been flagged by the community. Click here to show it.
Re: Re:
MSNBC, CNN, CBS, NBC, ABC, PBS, NPR, NYT, USA Today, WSJ, WaPo, LAT…
They’re parroting the same exact line, they’re all bemoaning that government waste was uncovered, and the spigot is about to be shut off. Yeah, the legacy media IS a single entity.
Re: Re: Re:
You forgot Fox News, which is easily a “legacy” news outlet and the most-watched cable news network in the United States. What makes it any different than the other outlets when—as proven by a settlement in a defamation case that cost it close to a billion dollars—they lie at least as much as the other outlets you bemoan?
Re: Re: Re:2
It’s worse than that.
Fox is the most-watched network on cable television, period. Propaganda outcompetes entertainment and sports.
The irony is that even as cable TV is mired in a secular decline — the customers are cutting cords, newer customers aren’t coming to replace ex-customers, and streaming has shown to be the substitute good because customers want to watch only a few streaming services rather than a buffet of hundreds of channels — Fox grows more powerful because the customers who are keeping cable are the ones who keep Fox on all day.
Re: Re: Re:
I’d ask for citations but I know you can’t provide them. If you did try to, you’d do exactly what DOGE is doing and try to only find something that supports your bias, rather than an honest assessment of the full breadth of the issue.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
If you see ANY news actors on TV reporting on DOGE without a big frumpy pouty sad face, please report back immediately!
Re: Re: Re:3
How about you do your own homework, son.
Re: Re: Re:3
You’ve accepted the newspeak redefinition of bureaucracy and USAID spending as corruption manifest, so your claim of news organizations “bemoaning that government waste was uncovered” is actually just reporting on blatant corruption and unconstitutional actions by DOGE and the president.
You acting as a repeater station for your echo chamber isn’t the same thing as you knowing anything for certain. You’re a sycophantic Chatty Cathy and you need to clip your string.
Re: Re: Re:
How’s things in your drug-fueled la-la land?
Re: Re: Re:
“They’re parroting the same exact line.”
Son we watch you run up here every single day your fresh talking points straight out of the kremlin and or elons anus.
Re: Re:
And the problem is he’s not the only one here that believes free speech rights should be allowed to override human dignity and rights.
Re:
By transparency, you mean raking through to find anything you can spin as being bad, while ignoring all the money pissed away on subsidies to Trump donors, in order to justify gutting every necessary government service and replacing everyone competent with a shitbag right wing effluencer so nothing will work for the next twenty years even if the democrats rehire everyone.
It’s the same ‘transparency’ we saw with the Twitter files, the thing you all used to pretend there was bias, based on the headlines only, ignoring the content and context.
Nothing wrong with wanting transparency, and TD are generally among the first to call for it.
But DOGE has consistently demonstrated that they’re not really interested in transparency; they’re interested in doing what they want and to hell with the actual consequences.
Re:
Twitter was supposed to become the most transparency company on Earth to prevent another “Twitter Files” useless round. Two years later, I’m pretty sure that no even a single oil company is less transparent than it.
Maybe DOGE is now less transparent than Twitter.
Koby has already popped up to spew his uneducated take, but remember this ruling when you read his baseless claims that the executive can do anything, include authorize anyone to do anything, within the executive branch. There are legal and constitutional limits to presidential authority and what he can delegate and authorize to those under him. It’s part of the checks and balances that the other branches of government provide. They do legally get to weigh in on how the executive branch is run. If they couldn’t then there wouldn’t be any checks on presidential power at all.
Re:
That aligns what MAGA ideologists want: a king, a god, a manly man’s man of a father figure whose authority is final and absolute with any dissent punishable with violence.
Re: Re:
It’s fitting to see people that voted for him being negatively impacted by the hack and slash. Prices and inflation are not coming down. His tariffs will increase costs more. But don’t worry, he’ll just say, “It’s not my fault” and magically, it won’t be in the minds of idiots.
Re: Re: Re:
And even though this might seem counterintuitive and against everything you stand for, when they complain about this, you’ll want to empathize with them and let them know you’re on their side on that specific issue. Telling them “you fucked around and found out” (or a less profane equivalent thereof) will only make them angrier and make you seem like an asshole. (Exceptions can be made for assholes who will get angrier even when you try to show empathy, like our usual troll brigade.) If you want MAGA ideologists to dislike Trump instead of you, point their anger at the right target and let them know that, in this narrow instance of agreement, you’ve got their backs.