I was going to comment on this Paul Krugman column and Dean Baker’s response eventually anyway. Both analyze Elon Musk’s false claims about Social Security and debunk his insistence that there could be that much fraud. Baker describes that requiring SSA recipients to use online portals rather than the phone would “reduce fraud by an amount equal to 0.007 percent of spending.” But both also assume that the reason Elon clings stubbornly to those claims after being disproven is about protecting his own ego.

My guess, instead, is that it’s an ego thing, that Social Security has become to Musk what Canada has become to Donald Trump. Both men at one point said something stupid, something that would have turned them into laughingstocks if there weren’t so much fear in the air. But both men have been unable to let go, doubling down in what amounts to an attempt to redeem their initial foolishness.

[snip]

Musk’s big blooper was his claim that millions of dead people are receiving Social Security checks. This claim probably reflected the failure of young Musk staffers — what Dudek called the “DOGE kids” — to understand how the SSA’s databases work, combined with a complete lack of common sense. I mean, if there really were huge numbers of dead people receiving Social Security payments, don’t you think someone else would have noticed?

In a normal political environment, getting something that big that wrong would have destroyed Musk’s credibility and led to his permanent exile from any role in setting policy. But this is America in 2025, so Trump amplified the already-refuted claim when addressing Congress, and Musk seems more powerful than ever.

Furthermore, Musk refuses to give up his Social Security smears, making the completely implausible claim that fraudulent use of Social Security numbers accounts for 10 percent of federal spending. And I’d argue that that the plan to effectively cut off many disabled Americans is best seen as part of a desperate effort to find or pretend to find Social Security fraud, retroactively justifying Musk’s big mistake.

As I said, I was going to point to what I view as a misapprehension of how Elon uses language anyway. In my opinion, Elon was not — Elon rarely does — making truth claims; he was making a utilitarian assertion about fraud that served as cover.

But then I read this 130-page opinion from Judge Ellen Lipton Hollander, broadly enjoining DOGE from wading through Social Security data and requiring it to return any data DOGE boys already took.

Her opinion concludes by describing that the privacy violations she enjoins — the stated purpose behind providing ten DOGE members access to data that SSA would normally withhold even from very seasoned experts — serve a “fishing expedition … in search of a fraud epidemic, based on little more than a suspicion.”

The American public may well applaud and support the Trump Administration’s mission to root out fraud, waste, and bloat from federal agencies, including SSA, to the extent it exists. But, by what means and methods?

The DOGE Team is essentially engaged in a fishing expedition at SSA, in search of a fraud epidemic, based on little more than suspicion. It has launched a search for the proverbial needle in the haystack, without any concrete knowledge that the needle is actually in the haystack.

To facilitate the expedition, SSA provided members of the SSA DOGE Team with unbridled access to the personal and private data of millions of Americans, including but not limited to Social Security numbers, medical records, mental health records, hospitalization records, drivers’ license numbers, bank and credit card information, tax information, income history, work history, birth and marriage certificates, and home and work addresses.

Yet, defendants, with so called experts on the DOGE Team, never identified or articulated even a single reason for which the DOGE Team needs unlimited access to SSA’s entire record systems, thereby exposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government. Indeed, the government has not even attempted to explain why a more tailored, measured, titrated approach is not suitable to the task. Instead, the government simply repeats its incantation of a need to modernize the system and uncover fraud. Its method of doing so is tantamount to hitting a fly with a sledgehammer.

But along the way, Hollander lays out reasons to suspect it may be something else.

It includes a 3-page section, “SSA in the Crosshairs,” showing how Trump and Musk kept making evolving claims of fraud at Social Security; it includes Howard Lutnick’s confession that this was the plan at least by October.

On February 19, 2025, Howard Lutnick, the Secretary of the Department of Commerce, stated on Fox News: “‘Back in October . . . I flew down to Texas, got Elon Musk [to set up DOGE], and here was our agreement: that Elon was gonna cut a trillion dollars of waste[,] fraud and abuse . . . . We have almost $4 trillion in entitlements, and no one’s ever looked at it before. You know Social Security is wrong, you know Medicaid and Medicare are wrong . . . .[]’”

Hollander describes the access that such claims justified, relying heavily on the — uncontested, Judge Hollander notes — claims of Tiffany Flick (one, two).

She also puts the declarations of two Social Security declarants (newly-installed CIO Michael Russo and career Deputy Commissioner for HR Florence Felix-Lawson) to lay out the kind of access the 10 DOGE boys have gotten.

Currently, defendants claim there are ten members of the DOGE Team working at SSA. Defendants concede that seven of the ten employees have and have had access to personally identifiable information contained in SSA data systems. ECF 36 at 7.

Specifically, Employee 1 is a software engineer, appointed as an expert, and a special government employee under 5 U.S.C. § 3109 and 5 C.F.R. Part 304. ECF 36-2, ¶ 5. His duties purportedly relate to improper payments and SSA’s Death Master File, or records maintained by SSA on deceased individuals. Id. Felix-Lawson states: “SSA is currently working with the Small Business Administration (SBA) to effectuate an interagency agreement for Employee 1 to be detailed temporarily to SBA.” Id. Although Employee 1’s background investigation is still pending, id. ¶ 15, Russo states that Employee 1 has access to PII from MBR, SSR, Numident, and Treasury payment files showing SSA payments. ECF 36-1, ¶ 7. In other words, Employee 1 has access to SSA records even though his detail agreement and background investigation are incomplete.

Employee 2 is a Senior Advisor ((Program Specialist AD-0301-00) and serves as the DOGE Team lead. ECF 36-2, ¶ 8. His interagency detailing agreement from NASA is not yet finalized and his background investigation is still pending. Id.; see also id. ¶ 15. Although Employee 2 has had no access to “any SSA programmatic data or systems,” he has accessed SSA personnel data provided to him by Human Resources. ECF 36-1 (Russo Decl.), ¶ 13. He is responsible for consulting on the SSA’s workforce plans, including but not limited to reorganization and hiring. Id. As with Employee 1, his access to PII was premature.

Employee 3 is a Schedule C Policy Advisor, detailed from the Department of Labor to SSA. ECF 36-2, ¶ 6. His duties relate to improper payments and SSA’s Death Master File. Id. His background investigation is complete. Id. ¶ 15. Like Employee 1, he has access to PII from MBR, SSR, Numident, and Treasury payment files showing SSA payments. ECF 36-1, ¶ 8. He also has access to the National Directory of New Hire Data, maintained on SSA’s network for Office of Child Support Services. Id. ¶ 15.

Employee 4 was appointed as an expert, special government employee. ECF 36-2, ¶ 11. His duties currently relate to improper payments and death data. Id. His background investigation is still pending. Id. ¶ 15. However, he has not yet been granted access to SSA data or PII or access to systems containing such information. ECF 36-1, ¶ 16.

Employee 5 is an engineer detailed from the United States DOGE Service to SSA. ECF 36-2, ¶ 7. He is subject to an Interagency Agreement with U.S. Digital Service (now U.S. DOGE Service), which authorizes his work to include, but does not limit work to, increasing efficiency and the modernization of SSA IT infrastructure and systems, detecting waste, fraud, and abuse. Id. His background investigation is complete. Id. ¶ 15. Like Employees 1 and 3, he has access to PII from MBR, SSR, Numident, and Treasury payment files showing SSA payments. ECF 36-1, ¶ 9. He has also apparently been granted access to “several other databases but never accessed the data in them.” Id.

Employee 6 was appointed as an expert, and is a special government employee. ECF 36- 2, ¶ 11. His duties currently relate to improper payments and death data. Id. His background investigation is still pending. Id. ¶ 15. But, he has not been granted access to SSA data or PII or access to systems containing such information. ECF 36-1, ¶ 16.

Employee 7 is described as a detailee from Department of Labor (“DOL”) to SSA, but the detailing agreement is not yet finalized. ECF 36-2, ¶ 11. His duties relate to improper payments. Id. And, despite the fact that his background investigation is still pending, id. ¶ 15, he was granted access to “SSA Systems.” ECF 36-1, ¶ 14. According to Russo, Employee 7 has so far only accessed Numident. He was apparently granted access because “his work involves analysis of improper payments relating to death records maintained in the Numident.” Id. However, “[a]ll other access initially granted has since been revoked pending review of further data access needs.” Id. 37 Like Employee 3, he also has access to the National Directory of New Hire Data, maintained on SSA’s network for Office of Child Support Services. Id. ¶ 15.

Employee 8 is an engineer, detailed from OPM to SSA, whose duties relate to improper payments and death data. ECF 36-2, ¶ 10. His background investigation is complete. Id. ¶ 15. And, like Employees 1, 3, and 5, he has access to PII from MBR, SSR, Numident, and Treasury payment files showing SSA payments. ECF 36-1, ¶ 12.

Employee 9 was appointed as an expert, and is a special government employee. ECF 36- 2, ¶ 11. His duties relate to improper payments and death data. Id. Although his background investigation is still pending, id. ¶ 15, Employee 9 has access to PII from MBR, SSR, Numident, and Treasury payment files showing SSA payments. ECF 36-1, ¶ 11. In other words, access to the records appears premature.

Employee 10 is a software engineer, detailed from the Office of the Administrator at the General Services Administration to SSA. ECF 36-2, ¶ 9. His duties include “supporting the leadership team with the assessment and enhancement of internal processes and operational procedures” by “focusing on identifying inefficiencies and areas for improvement and ensuring that the administrative and programmatic functions align with the best practices for effectiveness and accountability.” Id. His background investigation is complete. Id. ¶ 15. And, like Employees 1, 3, 5, 8, and 9, he has access to PII from MBR, SSR, Numident, and Treasury payment files showing SSA payments. ECF 36-1, ¶ 10.

36 Special Government Employees are exempt from some of the ethics rules that apply to most federal employees. See 18 U.S.C. §§ 203, 205, 207–209.

37 On March 5, 2025, the SSA “began onboarding” Employee 7, although the detail agreement from the DOL is pending. ECF 36-2, ¶ 12. On March 11, 2025, in the midst of the briefing for the Motion, Employee 7 “was granted access to SSA systems.” ECF 36-1, ¶ 14. But, by the time the defendants’ brief was filed on March 12, 2025 at 4:03 p.m., Employee 7’s access had been revoked, pending review of further data access needs. Id. [my emphasis]

These details show multiple things:

• Multiple DOGE boys are getting access to highly sensitive data before their background checks are completed.
• Multiple DOGE boys are detailed from or to other agencies (including SBA, NASA, DOL, OPM, GSA); while the issue of dissemination between agencies via such details is not before Hollander, it’s a key issue in other lawsuits.
• At least four of these DOGE boys are Special Government Employees who (Hollander notes) don’t have to comply with the same ethical requirements as normal government employees.
• In two cases, DOGE boys were granted access they either didn’t use or that subsequently got revoked, undermining claims of “need to know” at the base of the way Hollander applied the Privacy Act.

When Hollander pressed the government why the DOGE boys needed this access, they offered “circular statements” with “no explanation as to why or how the particular records correlated to the performance of job duties.”

For example, the Court asked counsel for the government: “[W]hat was the mission and what was the need? What was the purpose in providing access to all of this information?” ECF 45 at 23. The Court again pressed about why the DOGE Team would “need” the scope of information at issue here. Id. at 24, 38. And, toward the end of the hearing, the Court once again gave the government the opportunity to explain the “need for all of those records.” Id. at 84.

Besides cursory, circular statements about members of the DOGE Team in need of all SSA data because of their work to identify fraudulent or improper payments, counsel provided no explanation as to why or how the particular records correlated to the performance of job duties. See, e.g., id. at 21–22 (“The goal is to review . . . the Social Security Administration’s records to see if there are improper or fraudulent payments. Naturally if one is looking for improper or fraudulent payments, one looks at the data to see if any such payments are made.”); id. at 23 (“[If] one is looking for fraudulent or improper payments that may or may not be going out by the Social Security Administration, one would need to look at the records, the beneficiary data, the payment data in order to do an assessment of that and to recommend potential changes.”); id. at 24 (“I can tell you that they are looking for instances of improper or fraudulent payments and that it is natural that one would look at the data in that system to see if they’ve been substantiated . . . .”); id. at 39 (“These particular people are working at the agency in order to carry out the sort of broad policy prescription contained in the Executive Order. They are also looking at improper payments and potential waste or improper or fraudulent payments. . . .”); id. at 85 (“[I]f you wanted to decide whether or not [a claim for benefits] was improper or not, you would need to look at the records to see if the payment was properly made or if it was fraudulent.”)

Hollander relied on Flick’s declaration to contrast the access DOGE has with the anonymized approach SSA normally uses to isolate suspected fraud before looking more closely.

As discussed, defendants have not provided the Court with a reasonable explanation for why the DOGE Team needs access to the wide swath of data maintained in SSA systems in order to root out fraud and abuse. And, as detailed by Flick, SSA has practices in place for audits or other searches for alleged fraud or abuse. Instead, defendants disregarded protocols for proper hiring, onboarding, training, and access limitations, and, in a rushed fashion, provided access to a massive amount of sensitive, confidential data to members of the DOGE Team, without any articulated explanation for the need to do so.

Then there’s the point Hollander made twice. While DOGE was granting all this access to our private data, it was unwilling to disclose the names of the DOGE boys who had been granted access, even though the government had named DOGE boys at Treasury, Department of Education, and elsewhere.

15 As noted, defendants have not identified the names of the government employees who have been provided access to the SSA data at issue. In similar cases, however, the defendants have identified government employes by name. See, e.g., See Alliance for Retired Americans, 2025 WL 740401, at *4–6; American Federation of Teachers et al., 2025 WL 582063, at *2–3.

[snip]

Defendants clearly understand why guarding privacy, rather than waiting for harm to occur, is important. After all, that is precisely the reason why they have withheld even the names of the members of the SSA DOGE Team. But, defendants have not shown the same level of care with the far more sensitive, confidential data of millions of Americans who entrusted their government with their personal and private information. The trust appears to have been violated, without any articulated need. Plaintiffs are likely to succeed on a claim that the conduct at issue was unreasonable and capricious. Plaintiffs have therefore shown a likelihood of success on their arbitrary and capricious claim.

There may be a very specific reason why DOJ is hiding which DOGE boys are at Social Security, besides the visibility it would give on sharing between agencies: because, according to some reports, that’s where Marko Elez ended up, after he left Treasury.

It’d be one thing for Elez to “accidentally” get read-write access at Treasury. But if similar kinds of access surprises happened at Social Security, claims of surprise would ring hollow.

In response to this order, Leland Dudek (whose recorded admissions that Social Security fraud isn’t that bad, as well as his assertions that these directions are all coming from Trump, appear not to have made it into the court record) has threatened to shut down all of Social Security in response, claiming DOGE is everywhere, running everything.

Dudek may have ulterior motive to say that. After all, since he’s on the record admitting these claims of fraud are overinflated, he may be on the hook for providing access in search of fraud based on false pretenses, which (as Hollander noted in her opinion) is a crime.

The Act also establishes criminal penalties for willful violations of its requirements. See 5 U.S.C. § 552a(i). It is a federal crime for any agency officer or employee willfully to disclose a protected record “in any manner to any person or agency not entitled to receive it,” id. § 552a(i)(1), or to maintain a system of records “without meeting the notice requirements” provided in the Act, id. § 552a(i)(2). It is also a federal crime for any person to “request[ ] or obtain[ ] any record concerning an individual from an agency under false pretenses.” Id. § 552a(i)(3).

This is not about fraud. And SSA maybe the first place where the false claims used to leverage access to highly personal data come to a head.