WASHINGTON, D.C.—U.S. Senator Gary Peters, Ranking Member of the Homeland Security and Governmental Affairs Committee, demanded answers from 24 federal agencies on how the Department of Government Efficiency (DOGE) and DOGE-affiliated individuals, many of whom do not possess security clearances, have accessed and used data in federal information technology systems. Peters is requesting information on how individuals accessing these systems are complying with federal cybersecurity and privacy laws to protect sensitive information.
“Since January 23, 2025, employees working on behalf of the U.S. Digital Service (USDS), which the Administration is referring to as DOGE, have gained access to systems and databases at multiple federal agencies,” Senator Peters wrote. “Federal agencies, as part of their authorized activities, collect, maintain, and utilize an enormous amount of sensitive data to carry out their missions. This data can include personally identifiable information (PII) collected from the public, federal and contractor employee data, law enforcement sensitive data, and confidential commercial information, including from critical infrastructure operators. Failure to appropriately control access to this data creates significant privacy and security risks and may violate federal law.”
Recent reports indicate that individuals claiming to be DOGE employees have allegedly threatened federal agency staff with dismissal when seeking unauthorized access to federal systems and data repositories. The Trump Administration has not yet provided information about whether DOGE personnel are following legal requirements for privacy and security, including the Privacy Act, E-Government Act, and Federal Information Security Modernization Act (FISMA). There are also no details about how DOGE-affiliated individuals with system access are being vetted.
Given the sensitive nature of federal agency data, this lack of transparency raises concerns about the potential for data misuse. Moreover, reports suggest DOGE plans to apply artificial intelligence to agency systems and collected data. However, little is known about which AI tools may be used, what agency data will be processed, how data will be combined, or the cybersecurity consequences of allowing sensitive data to be processed with artificial intelligence tools.
In the letters, Peters requested more information about the positions, employment details, security clearances, and reporting structures of all DOGE-affiliated individuals working at these federal agencies, along with details about which systems and data repositories were accessed by DOGE personnel, whether the systems contained sensitive or classified information, how data was transferred, and which security measures were in place. Finally, Peters pushed for information about any AI tools or models that DOGE-affiliated individuals have applied to agency data, including procurement details, use cases, and security and privacy assessments.
Peters sent letters to the Department of Agriculture, Department of Commerce, Department of Defense, Department of Education, Department of Energy, Department of Health and Human Services, Department of Homeland Security, Department of Housing and Urban Development, Department of Justice, Department of Labor, Department of State, Department of Transportation, Department of Veterans Affairs, Department of the Interior, Department of the Treasury, Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, National Science Foundation, Nuclear Regulatory Commission, Office of Personnel Management, Small Business Administration, Social Security Administration, and U.S. Agency for International Development.
Peters also sent a letter to the Government Accountability Office requesting an audit of DOGE’s activities, focusing on whether they are complying with established privacy and cybersecurity laws for federal agency data and systems.
Text of the letter to the Department of Homeland Security can be read here.
###