As the second Trump administration is dispatching its minions to stalk US streets, smashing citizens’ First Amendment rights, in partnership with unregulated Big Tech, it also surveils online, helping itself to citizens’ personal identifiable information (PII).
In the age of surveillance capitalism, information is a hot commodity for corporations and governments, precipitating a multi-billion-dollar industry that not only profits from the collection and commodification of citizens’ PII, but also puts individuals, businesses, organizations, and governments at risk for cyberattacks and data theft.
Social security numbers, location details, health information, student loan and financial data, purchasing habits, library borrowing and internet browsing history, and political and religious affiliations are just some of the personal information that data brokers buy and sell to advertisers, banks, insurance companies, mortgage brokers, law enforcement and government agencies, foreign agents, and even spammers, scammers, and stalkers. Over time, that information often ends up changing hands again and again.
As an example, and to the alarm of civil liberties experts, the Airlines Reporting Corporation (ARC), “a shady data broker” owned by at least eight US-based commercial airlines, including Delta, American, and United, has been collecting US travelers’ domestic flight records and selling them to Customs and Border Protection, and the Department of Homeland Security; and as part of the deal, government officials are forbidden to reveal how ARC sourced the flight data.
Online users should know that many data brokers camp out on Facebook and at Google’s advertising exchange, drawing from such sources as credit card transactions, frequent shopper loyalty programs, bankruptcy filings, vehicle registration records, employment records, military service, and social media posting and web tracking data harvested from websites, apps, and mobile and wearable biometric devices to “craft customized lists of potential targets.” Even when gathered data is de-identified, privacy experts warn that this is not an irreversible process, and the risk of re-identifying individuals is both real and underestimated.
Government’s misuse and abuse of citizens’ privacy
Many Americans do not realize that the United States is one of the few advanced economies without a federal data protection agency. If the current administration continues on its path of eroding citizen privacy, the scant statutory protections the United States does have may prove meaningless.
The Fair Credit Reporting Act (FCRA) of 1970 was enacted to protect consumers from government overreach into personal identifiable data, and has been promoted as the primary consumer privacy protection. However, in 2023, attorney and internet privacy advocate Lauren Harriman warned how data brokers circumvent the FCRA, for instance, “pay[ing] handsome sums to your utility company for your name and address.” Data brokers then repackage those names and addresses with other data, without conducting any type of accuracy analysis on the newly formed dataset, before then selling that new dataset to the highest third-party bidder.
Invasion of the data snatchers
Though the “gut-the-government bromance” between the president and Elon Musk appears to be on the rocks just six months into Trump 2.0, the Department of Government Efficiency’s unfettered access to data is concerning, especially after the June 6, 2025, Supreme Court ruling that gave the Musk-led DOGE complete access to confidential Social Security information irrespective of the privacy rights once upheld by the Social Security Act of 1935. The act prohibits the disclosure of any tax return in whole or in part by officers or employees of the Social Security Administration and the Department of Health and Human Services.
Nevertheless, DOGE has commandeered the Social Security Administration (SSA) and Department of Health and Human Services systems and those of at least fifteen other federal agencies containing Americans’ personal identifiable information without disclosing “what data has been accessed, who has that access, how it will be used or transferred, or what safeguards are in place for its use.”
Since DOGE infiltrated the Social Security Administration, the agency’s website has crashed numerous times, creating interruptions for beneficiaries. In June, Senators Elizabeth Warren and Ron Wyden issued a letter to the SSA’s commissioner, detailing their concerns about DOGE’s use of PII. Warren told Wired that “DOGE staffers hacking away Social Security’s backend tech with no safeguards is a recipe for disaster…[and] risks people’s private data, creates security gaps, and could result in catastrophic cuts to all benefits.”
Likewise, the Internal Revenue Code of 1939 (updated in 1986) was enacted to ensure data protection, prohibiting—with rare exceptions—the release of taxpayer information by Internal Revenue Service employees. According to the national legal organization Democracy Forward, “Changes to IRS data practices—at the behest of DOGE—throw into question those assurances and the confidentiality of data held by the government collected from hundreds of millions of Americans.”
Equally troubling is that Opexus, a private equity-owned federal contractor, maintains the IRS database. Worse still is that two Opexus employees—twin brothers and skilled hackers with prison records for stealing and selling PII on the dark web—Suhaib and Muneeb Akhter, had access to the IRS data, as well as to that of the Department of Energy, Defense Department, and the Department of Homeland Security’s Office of Inspector General.
In February 2025, approximately one year into their Opexus employment, the twins were summoned to a virtual meeting with human resources and fired. During that meeting, Muneeb Akhter, who still had clearance to use the servers, accessed an IRS database from his company-issued laptop and blocked others from connecting to it. While still in the meeting, Akhter deleted thirty-three other databases, and about an hour later, “inserted a USB drive into his laptop and removed 1,805 files of data related to a ‘custom project’ for a government agency,” causing service disruptions.
That investigations by the FBI and other federal law enforcement agencies are underway does little to quell concerns about the insecurity of personal identifiable information and sensitive national security data. And although the Privacy Act of 1974, the Fourth Amendment, the Fifth Amendment, and the Computer Fraud and Abuse Act of 1986 were all established to protect PII, the June Supreme Court ruling granting DOGE carte blanche data access dashes all confidence that laws will be upheld.
Americans don’t know what they don’t know
Perhaps most disconcerting in this whole scenario is that too few citizens realize just how far their online footprints travel and how vulnerable their private information actually is. According to internet culture reporter Kate Lindsay, citizen ignorance comes not only from a lack of reporting on how tech elites pull government strings to their own advantage, but also from fewer corporate news outlets covering people living with the consequences of those power moves. Internet culture and tech, once intertwined topics for the establishment press, are now more separately focused on either AI or the Big Tech power players, but not on holding them to account.
The Tech Policy Press argues that the government’s self-proclaimed need for expediency and efficiency cannot justify flouting data privacy policies and laws, and that the corporate media is largely failing their audiences by not publicizing the specifics of how the government and its corporate tech partners are obliterating citizens’ privacy rights. “To make matters worse, Congress has been asleep at the switch while the federal government has expanded the security state and private companies have run amok in storing and selling our data,” stated the senator from Silicon Valley, Ro Khanna.
A 2023 Pew Research Center survey of Americans’ views on data privacy found that approximately six in ten Americans do not bother to read website and application policies. When online, most users click “agree” without reading the relevant terms and conditions they accept by doing so. According to the survey, Americans of all political stripes are equally distrustful of government and corporations when it comes to how third parties use their PII. Respondents with some higher education reported taking more online privacy precautions than those who never attended college. The latter reported a stronger belief that government and corporations would “do the right thing” with their data. The least knowledgeable respondents were also the least skeptical, pointing to an urgent need for critical information literacy and digital hygiene skills.
Exploitation of personal identifiable information
After Musk’s call to “delete” the Consumer Financial Protection Bureau (CFPB), approximately 1,400 staff members were fired in April, emptying out the agency that was once capable of policing Wall Street and Big Tech. Now, with the combined forces of government and Big Tech, and their sharing of database resources, the government can conduct intrusive surveillance on almost anyone, without court oversight or public debate. The Project on Government Oversight has argued that the US Constitution was meant to protect the population from authoritarian-style government monitoring, warning that these maneuvers are incompatible with a free society.
On May 15, 2025, the CFPB, against the better judgment of the Committee on Oversight and Government Reform and wider public, quietly withdrew a rule, proposed in 2024, that would have imposed limits on US-based data brokers who buy and sell Americans’ private information. Had the rule been enacted, it would have expanded the Fair Credit Reporting Act (FCRA) data protections for citizens. However, in February, Russell Vought, the self-professed White nationalist and Trump 2.0 acting director of the Office of Management and Budget and the CFPB, demanded its withdrawal, alleging the ruling would have infringed on financial institutions’ capabilities to detect and prevent fraud. Vought also instructed employees to cease all public communications, pending investigations, and proposed or previously implemented rules, including the proposal titled “Protecting Americans from Harmful Data Broker Practices.”
The now-gutted CFPB lacks both the resources and authority needed to police the widespread exploitation of consumers’ personal information, says the Electronic Privacy Information Center, the privacy rights advocacy agency.
Double standards for data privacy
Although the government’s collection of PII has always been a double-edged sword, with Big Tech on the side of Trump 2.0, data surveillance of law-abiding citizens has soared to worrying heights. Across every presidency since 9/11, government surveillance has become increasingly more extensive and elaborate. Moreover, Big Tech is all too willing to pledge allegiance to whichever party happens to be in power. According to investigative journalist Dell Cameron, the US Defense Intelligence Agency, Defense Counterintelligence and Security Agency, and Customs and Border Protection are among the largest “federal agencies known to purchase Americans’ private data, including that which law enforcement agencies would normally require probable cause to obtain.”
Meanwhile, it’s a Big Tech and data broker free-for-all. DOGE’s and the feds’ activities are shrouded in secrecy, often facilitated by the Big Tech lobbying money that seeks to replace legitimate privacy laws with “fake industry alternatives.” Banks, credit agencies, and tech companies must adhere to consumer privacy laws. “Yet DOGE has been granted sweeping access across federal agencies—with no equivalent restrictions,” said business reporter Susie Stulz.
Know your risks
Interpol has warned that scams known as “pig butchering” and “business email compromise” and those used for human trafficking are on the rise due to an increase in the use of new technologies, including apps, AI deepfakes, and cryptocurrencies. Hacking agents, humans, and bots are becoming more sophisticated, while any semblance of data privacy guardrails for citizens has been removed.
Individual choices matter. At minimum, when using technology, consider if a website or app’s services are so badly needed or wanted that you are willing to give up your personal identifiable information. Standard advice to delete and block phishing and spam emails and texts remains apropos, but only scratches the surface of online protection.
Privacy advocates assert that DOGE’s access to personal identifiable information escalates the risk of exposure to hackers and foreign adversaries as well as to widespread domestic surveillance. Trump’s latest contract with tech giant Palantir to create a national database of Americans’ private information raises a big red flag for civil rights organizations, “that this could be the precursor to surveillance of Americans on a mass scale.” Palantir’s involvement in government portends to be the last step “in transforming America from a constitutional republic into a digital dictatorship armed with algorithms and powered by unaccountable, all-seeing artificial intelligence,” wrote constitutional law and human rights attorney John W. Whitehead.
A longtime J.D. Vance financial backer, Palantir’s Peter Thiel, the South African, White nationalist billionaire and right-wing donor, is credited with catapulting Vance’s political career. Unsurprisingly, the Free Thought Project reported that since Trump’s return to the White House, “Palantir has racked up over $100 million in government contracts, and is slated to strike a nearly $800 million deal with the Pentagon.” Palantir, incidentally, is also contracted with the Israeli government, as is Google.
Know your rights
The right to privacy is enshrined in Article 12 of the 1948 Universal Declaration of Human Rights. “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” Article 17 of the 1966 International Covenant on Civil and Political Rights asserts the same, and in 1992, the United States ratified the treaty, thereby consenting to its binding terms.
But is privacy actually a protected civil right in the United States? According to legal scholars Anita Allen and Christopher Muhawe, the history of US civil rights law shows limited support for conceptualizing privacy and data protection as a civil right. Nonetheless, civil rights law is a dynamic moral, political, and legal concept, and if privacy is interpreted as a civil right, privacy protection becomes a fundamental requirement of justice and good government.
Protection from surveillance needs to be top-down through legal and policy limits on data collection, and bottom-up by putting technological control of personal data into the hands of consumers, i.e., the targets of surveillance.
As long as the public is uninformed and the corporate press remains all but silent, the more likely it is that these unconstitutional practices will not only continue but will become normalized. Until the United States is actually governed by and for the people, we the people can start practicing surveillance self-defense now. Although constitutional lawyers are typically considered the first responders to assaults on the Constitution and privacy rights, a constellation of efforts over time is required to, as much as possible, keep private data private.
Ultimately, though, the safeguarding of data cannot be left to the government or corporations, or even the lawyers. For that reason, the Electronic Frontier Foundation’s tips and tools for customizing individualized digital security plans are made available to everyone. By implementing such plans and possessing strong critical media and digital literacy skills, civil society will be better informed and more empowered in the defense of privacy rights.
- Original publication at Project Censored Dispatch.