Part three of a three-part series.
By now you have probably heard two versions of this story.
Version one: ideologues used “efficiency” as cover to pull the world’s most sensitive administrative data into political, financial, and competitive channels—deliberate, planned, worse than the headlines.
Version two: a chaotic initiative staffed by people who moved fast, broke what they did not understand, and exposed systems through recklessness more than malice. A screw-up, not a plot.
Those two stories have been the poles of the public argument since early 2025. They generate heat. They have not generated a full accounting.
Here is what they share: the data may already be out. Monitoring was turned off. Logs were deleted. People who tried to file formal incident reports were told to stand down. A whistleblower who went to the U.S. Senate was threatened with a drone-photograph note on his door.
Whether you believe version one or two today, the damage model is the same. Intent is a question for investigators. Scale is a fact for everyone else.
What the court filings and complaints actually show
Set motive aside. Documents filed in litigation and with oversight bodies—under oath, including by the government—show three use patterns for data DOGE teams accessed. None of them is “find duplicate Social Security payments faster.”
SSA court correction: “Voter Data Agreement,” advocacy coordination, Hatch Act referrals described in filings.
SSA OIG-tracked allegations: restricted extracts (NUMIDENT / Death Master) and post-government employer incentives — denied; investigations live.
NLRB case files while Musk enterprises contested board authority — conflict framed by labor experts & NPR reporting.
The damage surface for the public is shared even when motive is unknowable: incentives diverge from “stop improper payments.”
Branches are categories in litigation / oversight text — not independent findings of criminal or civil liability.
Use case one: political. In a January 2026 correction filed in federal court, the government acknowledged a DOGE team member at SSA signed a “Voter Data Agreement” with a political advocacy group—purportedly to match SSA-held data against state voter rolls “to find evidence of voter fraud and to overturn election results in certain states.” Justice Department attorneys described two SSA employees referred to the Office of Special Counsel for potential Hatch Act violations—civil enforcement today, not a substitute for an elections oversight verdict.
Use case two: financial. An SSA Office of Inspector General complaint—still active—alleges a former DOGE engineer retained restricted databases, including NUMIDENT and the Master Death File, on personal media and discussed bringing them to a private-sector employer. Multiple outlets identified the engineer as John Solly, now in a senior technology role at Leidos, which holds major federal health-IT contracts; Solly denied wrongdoing through counsel, and Leidos said it found no evidence supporting the allegations. Treat every dollar figure downstream as contested—but live litigation.
The Economic Policy Institute published a stylized scenario: if politically privileged access to federal datasets yielded even ten percent of the market-insight value imputed to the U.S. data-broker industry, the headline number they computed was $43.4 billion. That is not a cash invoice. It is an order-of-magnitude warning about incentives.
Use case three: competitive intelligence. The NLRB holds active unfair-labor-practice files—cases against employers, worker identities, confidential exhibits. In spring 2025, DOGE teams gained the kind of access Daniel Berulis documented in his court-filed declaration. Elon Musk’s companies were litigating against the board’s authority while he led the White House’s efficiency push; NPR documented parallel SpaceX and constitutional challenges.
Sharon Block—Harvard Law School’s Center for Labor and a Just Economy, formerly an NLRB member—told NPR: “DOGE is, whether they admit it or not, headed by somebody who is the subject of active investigation and prosecution of cases. It is incredibly troubling.”
Three use patterns. Three agencies. None of them is efficiency.
The working hypothesis: Arguing “evil versus incompetent” is the wrong frame. The documented applications—political matching, alleged private transfer of crown-jewel SSA files, competitive exposure of labor-case evidence—share one trait: they treat federal personal data as fuel for non-statutory ends. Whether that emerged from planning or opportunism inside a reckless operation does not change the exposure class for the public. The actionable question is whether our institutions can respond without waiting on a morality play.
How this was possible
The Trump White House said plainly that if Elon Musk encountered a conflict between DOGE’s work and his private interests, Musk would excuse himself. No independent review body sat above that decision. No statutory penalty attached if he did not.
Meanwhile the NLRB—the repository of files on Musk companies—faced the administration’s broader labor-agency campaign. Courts went back and forth on the removal of board member Gwynne Wilcox and other moves that weakened the agency’s ordinary independence.
Those are political facts, not emotional labels. The structural point is simpler: oversight mechanisms shrank at the same moment privileged access expanded, and the telemetry that should have recorded what happened was switched off or deleted—exactly what Berulis swore to at NLRB, what Meyer described at CFPB, and what SSA admitted it could not verify in January 2026.
You do not have to call that evil to call it brittle.
The frame that lets everyone off the hook
If DOGE was a conspiracy, half the country’s elected officials treat the word as fundraising copy—and the technical work of reconstruction stalls behind classified cynicism.
If DOGE was incompetence, the story becomes Washington being Washington. Adults supposedly stepped in. News cycles move on.
Both endings land in the same place: a polity that thinks it processed the event without building tools equal to the risk.
The Privacy Act of 1974 exists because Congress feared unlimited federal accumulation of personal data. On March 20, 2025, President Trump signed Executive Order 14243—“Stopping Waste, Fraud, and Abuse by Eliminating Information Silos”—directing agencies to dismantle the barriers between datasets the Privacy Act deliberately erected.
Whether you love or hate that policy trade, it intersects with the technical reality that monitoring and logging went dark at multiple agencies in overlapping windows—the same pattern Jake Braun told NPR looks like nation-state tradecraft if you ignore the badge colors.
None of that requires comic-book villains. It requires incentives and architecture.
What accountability would have to look like
The American breach-response template—hearings, IG reports, eighteen months of credit monitoring—assumes a finite incident: a defined attacker, dataset, and clock start.
SSA’s January 2026 filing says the agency still cannot verify what left its controlled systems. Berulis swore the NLRB’s logs for the March spike window were deleted. The thumb-drive allegations remain under SSA OIG review.
That is not a breach shape private-sector notification laws were built for.
A proportionate response would require institutions we do not yet have: notification pathways that do not depend on an agency admitting a “breach” in the corporate sense; forensic authorities outside the executive chain that can subpoena cloud tenants and contractors; statutory timelines that survive administrations.
None of those exists at federal scale today. Creating them means Congress absorbing an incentive both parties sometimes share—to declare the episode closed before the spreadsheet closes.
What you do with this
This series began with the administrative harm of proving you are you—hours on hold, fraud alerts, life interrupted.
It ends with the boring civic truth: if notification depends on an agency confirming chain of custody, and the chain is what got erased, “wait for intent findings” is not a consumer-protection strategy.
You may already inhabit the pre-letter phase: data exists somewhere you cannot see, accessed by actors whose incentives do not align with yours, with no statutory tripwire to force disclosure. That is not speculative pessimism. It is the conjunction of what SSA told a federal judge and what Berulis swore about logs.
The intent question may resolve in courts years from now—or not. Structural remedies do not require answering it first. They require deciding whether Americans get governance fit for data systems where insiders can disable the audit trail.
That is not rhetoric. It is a design problem—and the distance between our institutions and a credible answer is the part of the story still unwritten.
What would change my mind
-
Legally binding proof—with published scope limitations—that the voter-data agreement, alleged thumb-drive transfers, and NLRB file access each stayed inside authorized purposes, with contemporaneous oversight records intact.
-
A transparent forensic audit by a body without executive-branch reporting lines, naming cross-agency datasets touched, downstream copies, and verified destruction or retention controls.
-
Congressional enactment of a federal notification and audit regime for federal PII accessed outside approved environments—functionally equivalent to private-sector breach law—for executive actors, demonstrating that the structural problem can draw bipartisan legislation even when partisan narratives disagree.
Related: Your Data Left the Building — part one: SSA’s admissions and the missing “breach edge.”
Related: This Is What a Cover-Up Looks Like — part two: Berulis’s declaration and the US-CERT filing that never arrived.
Related: We Already Paid for This — different agency, same lesson: when public data infrastructure is captured, the bill shows up elsewhere.
If you found this useful, the best thing you can do is forward it to one person who would push back on it. I’d rather be wrong in public than right in private.