The Trump administration’s ongoing efforts to combine access to the sensitive and personal information of Americans into a single searchable system with the help of shady companies should terrify us – and should inspire us to fight back.
While couched in the benign language of eliminating government “data silos,” this plan runs roughshod over your privacy and security. It’s a throwback to the rightly mocked “Total Information Awareness” plans of the early 2000s that were, at least publicly, stopped after massive outcry from the public and from key members of Congress.
Related Articles
Tally of Microsoft victims surges to 400 as hackers exploit SharePoint flaw
Caltech settles class-action lawsuit accusing it of misleading students about cybersecurity bootcamp
Windows’ infamous ‘blue screen of death’ will soon turn black
Billions of login credentials have been leaked online, Cybernews researchers say
Empty shelves plague some Whole Foods after distributor knocked offline by cyberattack
‘Dangerous reboot’
It’s time to cry out again.
This dangerous reboot started on Inauguration Day, when the President unleashed DOGE agents across myriad federal agencies to needlessly access the personal data of tens of millions of people. It expanded in March when President Trump signed an executive order calling for the federal government to share data across agencies, raising the specter of master access to personal and sensitive information about people in the U.S.
Under this order, ICE is trying to get access to the IRS and Medicaid records of millions of people, and is demanding data from local police. The administration is also making grabs for food stamp data from California and demanding voter registration data from at least nine states.
Much of the plan seems to rely on the data management firm Palantir, formerly based in Palo Alto. It’s telling that the Trump administration would entrust such a sensitive task to a company that has a shaky-at-best record on privacy and human rights.
The New York Times reported in May that Palantir already had received more than $113 million in federal government spending since Trump took office, including new contracts with the Department of Homeland Security and the Pentagon; it also signed a new $795 million contract with the Defense Department. The company says it builds “dashboards” that let someone search for and use information stored in multiple digital locations through a single interface. In practice, this approach to accessing disparate data stored separately is very hard to do well. It creates many false-positives and false-negatives, among other junk responses. And in the case of the current ICE raids, this can result in scary detentions and arrests of the wrong people. Palantir also locks agencies into the company so the taxpayer payments have to keep coming.
Bad ideas for spending your taxpayer money never go away – they just hide for a few years and hope no one remembers. But we do. In the early 2000s, when the stated rationale was finding terrorists, the government proposed creating a single all-knowing interface into multiple databases and systems containing information about millions of people. Yet that plan was rightly abandoned after less than three years and millions of wasted taxpayer dollars, because of both privacy concerns and practical problems.
It certainly seems the Trump administration’s intention is to try once again to create a single, all-knowing way to access and use the personal information about everyone in America. Today, of course, the stated focus is on finding violent illegal immigrants and the plan initially only involves data about you held by the government, but the dystopian risks are the same.
This kind of sensitive data at their fingertips is the dream of authoritarians. It can be a tool to target political dissidents, to discriminate against vulnerable communities, to manipulate our democratic process and more. It also carries tremendous security risks by creating a giant all-you-can-eat buffet for spies and thieves for crimes ranging from identity theft to extortion to targeting for kidnapping or disappearances.
Dangerous either way
A single interface is dangerous enough when the information it can access is right. It is even more dangerous when, as it predictably will, it returns corrupted, wrong, or outdated information about you or your loved ones. One commentator rightly called this approach the “Database of Ruin” for the many ways it can be weaponized against anyone at any time.
We already have laws that should prevent this.
Over fifty years ago, after the scandals surrounding Nixon’s “enemies list,” Watergate, and COINTELPRO, in which a President bent on staying in power misused government information to target his political enemies, Congress enacted laws to protect our data privacy. Those laws ensure that data about you collected for one purpose by the government can’t be misused for other purposes or disclosed to other government officials with an actual need. Also, they require the government to carefully secure the data it collects. While not perfect, these laws have served the twin goals of protecting our privacy and data security for many years.
Now the Trump regime is basically ignoring them, and this Congress is doing nothing to stand up for the laws it passed to protect us.
But many of us are pushing back. At the Electronic Frontier Foundation, where I’m executive director, we have sued over DOGE agents grabbing personal data from the U.S. Office of Personnel Management, filed an amicus brief in a suit challenging ICE’s grab for taxpayer data, and co-authored another amicus brief challenging ICE’s grab for Medicaid data. We’re not done and we’re not alone.
Team required
Fighting tech-enabled tyranny and protecting privacy and security is a team sport.
Some states are moving to defend their residents’ personal information. In California, the Assembly voted overwhelmingly to pass AB 1337, a bill co-sponsored by my organization to expand controls on data collection and sharing so that it applies to cities and counties as well as the state. It’s meant to ensure that the data about us that anyone – government or not – has gathered for legitimate reasons can’t be secretly co-opted by anyone else, including the federal government, to target, persecute, or prosecute people for seeking reproductive healthcare, for their immigration status, for practicing a particular religion, for being of a particular race, gender identity, or sexual orientation—or simply for exercising their First Amendment rights.
Over the long run, people need to be able to control their own data – when and how it’s collected, used and shared. We need strong data protections and accountability for data breaches and poor security. The U.S. is badly in need of a comprehensive data privacy law that would finally exert clear, broad and actionable controls on both governments and private companies with real accountability for any failure to protect us.
At least as to data the government has in its possession, we do have some laws already in place. But we need to push – including support for litigation, pressure on our lawmakers and public advocacy – to be sure that those laws are vigorously enforced. The pathway is not easy, and it’s made rockier by both a feckless Congress and timid courts, but it’s a way forward.
The Trump administration’s current drive toward “one interface to rule them all” should spur all of us to stand up and prevent the next Total Information Awareness. Our privacy and security depend on it.
Cindy Cohn is executive director of the Electronic Frontier Foundation, a nonprofit digital civil liberties group based in San Francisco.