AMERICAN FEDERTION OF STATE COUNTY AND MUNICIPAL EMPLOYEES AFL CIO v. SOCIAL SECURITY ADMINISTRATION (2025)

MEMORANDUM OPINION

Table of Contents *

I. Introduction․––––

II. Procedural Summary․––––

III. Background․––––

A. The Parties․––––

1. Plaintiffs․––––

2. Defendants․––––

B. Post-Inauguration Period․––––

1. Executive Order 14,158․––––

2. SSA in the Crosshairs․––––

3. Recent Changes at SSA․––––

C. Declarations․––––

D. Administrative Record․––––

1. Legal Standard․––––

2. DOGE Team․––––

3. SSA Systems of Record․––––

IV. Standing․––––

A. Legal Standard․––––

B. Discussion․––––

1. Associational Standing․––––

2. Injury in Fact․––––

V. APA Claims․––––

A. Judicial Review of APA Claims․––––

B. The Contentions․––––

C. Analysis․––––

D. No Other Adequate Remedy․––––

VI. Preliminary Injunction․––––

A. Likelihood of Success on the Merits․––––

1. Privacy Act․––––

a. Need․––––

b. Routine Use․––––

2. Arbitrary and Capricious․––––

B. Irreparable Harm․––––

C. Balance of the Equities and the Public Interest․––––

VII. Conclusion․––––

VIII. Bond․––––

I. Introduction

The Social Security Administration was established in 1935. Almost from its inception, it has collected, stored, respected, and protected the private, personal, and confidential information of the American people. Indeed, ensuring confidentiality of personal records has been a bedrock principle of the agency. See Soc. Sec. Admin., SSA's Commitment to Protecting Privacy through Compliance, https://perma.cc/DF3N-VQS6. In recent months, however, the Social Security Administration has abruptly changed course.

This case concerns the decision of the Social Security Administration (“SSA” or the “Agency”) to provide eleven individuals affiliated with the Department of Government Efficiency (“DOGE”) with unlimited access to the SSA records of millions of Americans.¹ On January 20, 2025, following the inauguration of President Donald J. Trump, the President issued Executive Order 14,158, which established DOGE. See 90 Fed. Reg. 8441 (Jan. 29, 2025).

According to plaintiffs, SSA “has abandoned its commitment to maintaining the privacy of personal data” and has unlawfully “opened its data systems to unauthorized personnel from [DOGE] in violation of applicable laws and with disregard fo[r] the privacy interest of the millions of Americans that SSA serves.” ECF 17, ¶ 2. At the hearing (ECF 43) held on plaintiffs’ motion for temporary restraining order (“TRO”), defense counsel acknowledged that SSA did, indeed, provide DOGE affiliates with access to a “massive amount” of records. ECF 45 (TRO Tr., 3/14/25), at 17.² The appointment form for SSA DOGE Employee 1 seeks “[a]ccess to all SSA systems and the associated source code to assist with modernization efforts ․” ECF 86-5 at 20 (emphasis added). Moreover, it is undisputed that these records contain sensitive, confidential, and personally identifiable information (“PII”).³

Plaintiffs, the American Federation of State, County and Municipal Employees, AFL-CIO (“AFSCME”); Alliance for Retired Americans (“ARA” or “Alliance”); and American Federation of Teachers (“AFT”), are two national labor and membership associations and one grassroots advocacy organization. They filed suit against SSA and three other defendants on February 21, 2025, challenging the legality of the Agency's decision to provide DOGE with unlimited access to a trove of personal and confidential information pertaining to millions of Americans. ECF 1.⁴ On March 7, 2025, plaintiffs filed a “First Amended Complaint For Declaratory and Injunctive Relief.” ECF 17 (“Amended Complaint”). They added three defendants.

The defendants are the Social Security Administration; Leland Dudek, in his official capacity as “purported Acting Commissioner” of the SSA; Michael Russo, in his official capacity as Chief Information Officer (“CIO”) of the Agency;⁵ Elon Musk, in his official capacity as “Senior Advisor to the President and de facto head of” DOGE; the “U.S. DOGE Service”; the U.S. DOGE Service Temporary Organization; and Amy Gleason, in her official capacity as the DOGE Acting Administrator.

As discussed, infra, I issued a Temporary Restraining Order on March 20, 2025, barring the disclosure of PII to DOGE personnel under certain circumstances. See ECF 48, ECF 49. The government appealed that ruling to the Fourth Circuit on March 24, 2025. ECF 57. The Fourth Circuit dismissed the appeal on April 1, 2025, based on lack of jurisdiction. ECF 81 (Order); ECF 82 (Judgment); ECF 83 (Corrected Order).

Thereafter, plaintiffs moved for a preliminary injunction (ECF 110), which defendants oppose. ECF 113. This Memorandum Opinion addresses that motion. As I consider the preliminary injunction motion, I am mindful of the decision of a divided panel of the Fourth Circuit on April 7, 2024, granting a stay pending appeal as to the preliminary injunction issued in the case of American Federation of Teachers, et al. v. Bessent, et al., DLB-25-0430, 2025 WL 895326 (D. Md. Mar. 24, 2025). See American Federation of Teachers, et al. v. Bessent, et al., No. 25-1282, 2025 WL 1023638, at *1 (4th Cir. Apr. 7, 2025). There, in an unpublished opinion, the panel majority concluded that the government “made a strong showing that it will succeed on the merits as to standing.” Id. at *1 (Agee, J.). And, in an eight to seven vote, the Fourth Circuit declined to hear the Bessent matter en banc. Notably, the panel in Bessent is the same panel that considered and dismissed the government's appeal of the TRO issued in this case.⁶

In my view, this case differs markedly from Bessent, in several important respects. First, virtually from its inception, SSA has been guided by an abiding commitment to the privacy and confidentiality of the personal information entrusted to it by the American people. Regulation No. 1, adopted by the Social Security Board in 1937, governed privacy and disclosure of Social Security records. Soc. Sec. Admin., Social Security History Regulation No. 1, https://perma.cc/H59K-PMN2; see also ECF 22-10, ¶ 4. This principle has informed the expectations of the American public that the information held by SSA is private and confidential.

Second, this case involves access to personal information of children. Notably, the Agency “pays more benefits to children than any other federal program.[ ]” ECF 17, ¶ 31 (citing Soc. Sec. Admin., Understanding the Benefits (2025) 2, https://perma.cc/V2MH-VANX). The Agency's records include family court records and school records. ECF 17, ¶ 35.

Third, this case involves SSA's access, inter alia, to extensive medical and mental health records of SSA beneficiaries. As “the nation's principal benefit-paying agency” (ECF 17, ¶ 28), SSA “manages and administers” several of “the largest federal benefit programs,” including the Old-Age, Survivors, and Disability Insurance program (“OASDI”) and the Supplemental Security Income program (“SSI”). Id. ¶¶ 19, 30. Although most of Social Security's beneficiaries are retired, id. ¶ 31, many others “receive benefits because they have a qualifying disability; are the spouse (or former spouse) or child of someone who receives or is eligible for Social Security; or are the spouse (or former spouse), child, or dependent parent of a deceased worker.[ ]” Id. (citing Soc. Sec. Admin., Understanding the Benefits (2025) 2, https://perma.cc/V2MH-VANX). Individuals must submit medical and/or mental health information to SSA to receive disability benefits. These include medical and mental health treatment records, prescription medications, hospitalization records, records of medical tests performed by the listed providers (with the enumerated list including HIV, AIDS, and psychological/IQ tests), and addiction treatment records. ECF 17, ¶ 35; ECF 22-1, ¶ 11. And, SSA periodically conducts reviews of disability determinations, so the medical records of beneficiaries are updated.

II. Procedural Summary

The Amended Complaint (ECF 17) contains seven counts. Four counts allege violations of the APA, 5 U.S.C. § 706(2) (ECF 17, Counts I, III, IV, V); Count II alleges a violation of the Privacy Act, 5 U.S.C. § 552a(o); Count VI alleges ultra vires actions by the DOGE Defendants; and Count VII alleges violation of the Appointments Clause of the Constitution, U.S. Const. art. II, § 2, cl. 2.

On March 7, 2025, plaintiffs moved for a temporary restraining order. ECF 21. It was supported by a memorandum (ECF 21-1) (collectively, the “TRO Motion”) and numerous exhibits. See ECF 22.⁷ Defendants opposed the TRO Motion (ECF 36), supported by two exhibits. Plaintiffs replied on March 13, 2025 (ECF 39) and submitted additional exhibits.

The Court held a TRO Motion hearing on March 14, 2025, at which argument was presented. ECF 43; ECF 45 (Transcript). By Memorandum Opinion (ECF 49) and Order (ECF 48) of March 20, 2025, I granted the TRO. In the interest of judicial economy, I incorporate by reference the opinion docketed at ECF 49.

Subject to certain exceptions, the TRO enjoins SSA, Dudek, and Russo from providing the DOGE Defendants, SSA DOGE Team members, and DOGE affiliates with access to any SSA system of record containing PII. It also required the DOGE Defendants, SSA DOGE Team members, and DOGE affiliates to disgorge and delete all PII in their possession or under their control that was obtained from a SSA system of record. ECF 48, ¶ 1. But, the TRO does not preclude SSA from providing members of the SSA DOGE Team with access to redacted or anonymized data of SSA, provided that a) the persons to whom access is given have completed training and background checks comparable to that which is typically required for SSA employees with such access; b) inter-agency detailing agreements are completed, where required, for members of the SSA DOGE Team; and c) all required Agency paperwork is completed. Id. ¶ 2. Moreover, the TRO permits SSA to provide the DOGE Team with access to “discrete, particularized, and non-anonymized” data, provided that SSA complies with the requirements of paragraph 2 of the TRO and SSA obtains a written statement from the DOGE Team member explaining the need for the record and why anonymization is not feasible. Id. ¶ 3.

Defendants filed a status report on March 24, 2025 (ECF 56), along with a Declaration of Dudek. ECF 56-1. As noted, they appealed to the Fourth Circuit on the same date. ECF 57. Then, on March 26, 2025, defendants moved for a stay pending appeal. ECF 60. Several hours later, defendants also moved for a stay in the Fourth Circuit. See Case No. 25-1291, Docket Entry No. 5. By Memorandum (ECF 78) and Order (ECF 79) of March 31, 2025, I denied the Motion for Stay. And, by agreement of the parties (ECF 68), the TRO was extended through April 17, 2025. ECF 69.

On March 27, 2025, the government filed a “Notice of Compliance with Paragraphs 2-3” of the TRO (“Notice”). ECF 62. The government claimed that, as to four DOGE Team members, SSA satisfied the criteria set by the Court in the TRO for access to PII. Id. The Notice is supported by two declarations. ECF 62-1 (Dudek); ECF 62-2 (Florence Felix-Lawson). In response to the filing, I convened an emergency telephone hearing (ECF 67), in which Acting Commissioner Dudek participated. The transcript of the hearing is docketed at ECF 73. In accordance with a briefing schedule set by the Court during the telephone hearing (see ECF 64), Mr. Dudek filed a Supplemental Declaration. ECF 74-1.

Plaintiffs oppose the Notice (ECF 77), supported by the Declaration of “Alex Doe,” a former Digital Services Expert at the United States Digital Service (ECF 77-1), and the Declaration of Ann Lewis, former Director of the Technology Transformation Services within the U.S. General Services Administration (ECF 77-2). Defendants replied on April 1, 2025 (ECF 80), and submitted another Declaration of Mr. Dudek. ECF 80-1. On the same date, the Fourth Circuit dismissed the appeal for lack of jurisdiction. ECF 81, ECF 82, ECF 83.

By Memorandum and Order of April 2, 2025 (ECF 95), the Court requested additional documentation from the government with respect to the Notice, pursuant to paragraph three of the TRO. Defendants submitted the additional documentation on April 7, 2025. ECF 114. Then, in a submission of April 8, 2025, plaintiffs challenged defendants’ compliance. ECF 120. The matter is pending.

Defendants filed the Administrative Record, under seal, on April 2, 2025. ECF 86; ECF 86-1 to ECF 86-6. The certification of the Administrative Record (“A.R.”) (ECF 100-1) and the index (ECF 100-2) were submitted on April 3, 2025. On April 4, 2025, the Court held a hearing (ECF 108) to resolve several disputes in connection with the Administrative Record. See ECF 84, ECF 96, ECF 106. Defendants supplemented the A.R. on April 7, 2025. ECF 112. And, on April 9, 2025, they filed a redacted version on the public docket. ECF 121.

Plaintiffs filed a “Motion for Preliminary Injunction And/Or 5 U.S.C. § 705 Stay” on April 4, 2025. ECF 110. It is supported by a memorandum (ECF 110-1) (collectively, the “Motion” or “P.I. Motion”), and exhibits. Defendants oppose the Motion. ECF 113 (the “Opposition” or “P.I. Opposition”). Plaintiffs replied on April 10, 2025 (ECF 122) (the “Reply”) and submitted another exhibit.

At the request of the Court (ECF 116), plaintiffs filed a supplemental memorandum (ECF 119) addressing the decision of the divided panel of the Fourth Circuit in American Federation of Teachers v. Bessent, 2025 WL 1023638 (4th Cir. Apr. 7, 2025), granting the government's motion for a stay of the preliminary injunction issued by the District Court. The ruling in Bessent also prompted the government to ask this Court to reconsider its stay decision. ECF 117. Plaintiffs opposed that request, noting defendants’ consent to the extension of the TRO. ECF 119. By Order of April 11, 2025 (ECF 127), I denied the government's renewed stay request, in light of its consent to an extension of the TRO (ECF 68). ECF 127.

During the evening of Friday, April 11, 2025, plaintiffs filed a motion to expand the scope of the P.I. Motion hearing and to submit supplemental declarations. ECF 129. By Order of April 11, 2025, I approved the request as to the filing of additional declarations, but granted defendants leave to move to rescind the Order as improvidently granted. ECF 131. Defendants responded on April 14, 2025, opposing plaintiffs’ motion to expand the scope of the P.I. Motion hearing and to file supplemental declarations. ECF 132.

Also on April 14, 2025, plaintiffs submitted a four-page Supplemental Declaration of Tiffany Flick. ECF 136-1. And, by Order of April 14, 2025 (ECF 137), I granted leave to the government to respond to ECF 136-1 by 9:00 a.m. on April 15, 2025.

In a concurrence dismissing the government's appeal of the TRO, Judge Agee admonished the parties, with regard to the preliminary injunction motion that had not then been filed, to “explain in specific detail the basis for their respective arguments.” ECF 83 at 3. And, he “recommend[ed] the district court move expeditiously ․ while also allowing the introduction of relevant evidence.” Id.

While preparing for the P.I. Motion hearing, I identified issues of concern regarding certain submissions by SSA. Therefore, mindful of Judge Agee's comment, I wrote to counsel on April 11, 2025 (ECF 127) and said, in part:

Testimony from Acting Commissioner Dudek may be helpful as to the various SSA projects that Mr. Dudek has referenced in his declarations, and for which he claims the DOGE Team requires access to PII. Therefore, I ask that Acting Commissioner Dudek appear at the P.I. Motion hearing on April 15, 2025, in order to clarify information that has been provided.

To be clear, I did not order Mr. Dudek to appear. And, by letter of April 14, 2025 (ECF 138), the government advised that it would “stand on the record in its current form.” Id.

The Court held a hearing on the P.I. Motion on April 15, 2025. ECF 139: ECF 143 (Tr. 4/15/25).⁸ The Court heard argument of counsel, but no evidence was presented. Mr. Dudek did not appear, and the clarification was not provided. See ECF 143 at 19.

I shall refer to SSA, Dudek, and Russo collectively as the “SSA Defendants.” As indicated, I shall refer to the Department of Government Efficiency as “DOGE.” And, I shall refer to U.S. DOGE Service as “USDS.” Collectively, I shall refer to USDS; U.S. DOGE Service Temporary Organization; Musk; and Gleason as the “DOGE Defendants.” And, for convenience, I shall sometimes refer to all of the defendants collectively as the “government.” The eleven individuals assigned to, detailed to, employed by, or working at SSA to implement the DOGE Agenda, as contemplated by § 2(c) of Executive Order 14,158, shall be referred to as the “DOGE Team.” And, I use the term “DOGE affiliate” to refer to any SSA employee, contractor, special government employee, expert, or consultant working in concert with or at the direction of the DOGE Team, directly or indirectly, to implement the DOGE agenda.

As used here, PII or “ ‘personally identifiable information’ means information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.” Office of Mgmt. & Budget, Exec. Office of the President, OMB Circular A-130, Managing Information as a Strategic Resource (2016), https://perma.cc/L3CV-M6RF. SSA's records include Social Security Numbers (“SSNs”), medical and mental health records, driver's license information, bank account data, tax information, employer and employee payment records, earnings history, birth and marriage records, home and work addresses, immigration records, health care providers’ contact information, and family court records. Such information is generally considered PII.

III. Background

A. The Parties

1. Plaintiffs

AFSCME is a “national labor organization and unincorporated membership organization” headquartered in Washington, D.C. ECF 17, ¶ 16. It “is the largest trade union of public employees in the United States, with around 1.4 million members organized into approximately 3,400 local unions, 58 councils, and other affiliates in 46 states, the District of Columbia, and Puerto Rico.” Id. Of AFSCME's members, “approximately 200,000 are retired public service workers who continue to remain members of AFSCME, participate in its governance, and advocate for fairness, equality, and income security for retired Americans.” Id.

Alliance is a “grassroots advocacy organization with 4.4 million members headquartered in Washington, D.C.” Id. ¶ 17. It was founded by the AFL-CIO Executive Council in 2001 and has 40 state alliances as well as members in every state. Id. The Alliance's retiree members include “former teachers, industrial workers, state and federal government workers, construction workers, and community leaders united in the belief that every American deserves a secure and dignified retirement after a lifetime of hard work.” Id.

AFT is a “national labor organization headquartered in Washington, D.C.” Id. ¶ 18. It represents “over 1.8 million members who are employed as pre-K through 12th-grade teachers, early childhood educators, paraprofessionals, and other school-related personnel; higher education faculty and professional staff; federal, state, and local government employees; and nurses and other healthcare professionals.” Id. According to the Amended Complaint, “[a]pproximately 490,000 of AFT's members are retired, and most benefit from programs administered by SSA.” Id. Plaintiffs assert, id.: “Economic and retirement security is at the core of AFT's mission.”

As I discuss in more detail, infra, each plaintiff organization has many members for whom SSA holds personal, sensitive information, such as Social Security Numbers (“SSN”), bank account numbers, medical and mental health information, tax information, and home addresses. See, e.g., ECF 22-1 (Declaration of Ann Widger, Director of Retirees at AFSCME), ¶¶ 10–13; ECF 22-6 (Declaration of Richard J. Fiesta, Executive Director of Alliance), ¶ 9; ECF 22-8 (Declaration of Bernadette Aguirre, Director of the Retiree Division of AFT), ¶ 8. And, members of each organization are concerned that DOGE's access to this information violates their privacy interests, increases their risk of identity theft, and increases the risk that the benefits to which they are entitled will be delayed or cut off. See ECF 22-1, ¶¶ 16, 17, 27, 30, 32; ECF 22-6, ¶¶ 7, 12, 13; ECF 22-8, ¶¶ 12, 13, 15.

2. Defendants

The Social Security Administration is an “independent federal agency.” ECF 17, ¶ 19. Founded in 1935, during the Great Depression, (id. ¶ 28), SSA was intended to “ ‘give some measure of protection to the average citizen,’ particularly those facing ‘poverty-ridden old age.’ ” Id. (quoting Soc. Sec. Admin., Presidential Statement on Signing the Social Security Act (August 14, 1935), https://perma.cc/7RDU-EDWD). “Collectively, SSA pays over $1.5 trillion to seventy million people—more than one in five Americans—each year.” ECF 17, ¶ 32 (citing Soc. Sec. Admin., Fact Sheet, https://perma.cc/595S-B36F). The Agency employs “roughly 57,000” people. ECF 39-1 (Supplemental Declaration of Tiffany Flick), ¶ 7.

In addition to dispersing funds to eligible beneficiaries, SSA issues Social Security Numbers to “U.S. citizens, permanent residents, and other eligible noncitizens.” ECF 17, ¶ 29. To date, more than “450 million” SSNs have been issued. Id. SSA also “helps administer” federal programs, such as “Medicare, Medicaid, SNAP, eVerify, and the Help America Vote Act.” Id. ¶ 33.

“To facilitate its work on behalf of the American public, SSA collects and houses some of the most sensitive, personally identifiable information (including personal health information) of millions of seniors, working-age adults, and children.” Id. ¶ 34. By way of example, Form SS-5, “which applicants must submit to SSA to receive” a SSN, “requires applicants to provide their name (including prior names or other names used), place and date of birth, citizenship, ethnicity, race, sex, phone number, and mailing address, as well as their parents’ names and [SSNs].” Id.

The Agency also collects a wide range of other personal information, including “driver's license and identification card information, bank and credit card information, birth and marriage certificates, pension information, home and work addresses, school records, immigration and/or naturalization records, health care providers’ contact information, family court records, employment and employer records, psychological or psychiatric health records, hospitalization records, addiction treatment records, and tests for, or records about, HIV and AIDS.” Id. ¶ 35. Moreover, SSA collects tax and earnings information. Id. ¶ 36. For example, employers submit to SSA a W-3 form each year that shows “total earnings, Social Security wages, Medicare wages, and withholdings for all employees for the previous year.” Id.

The Court takes notice that retirement benefits are funded by the nation's workforce, through mandatory payment of payroll taxes by both employers and employees. At certain ages, individuals become eligible for retirement benefits, calculated based on work history and earnings records maintained by SSA. Simply put, SSA collects and maintains the work and earnings history of nearly all working Americans for the entirety of their working lives. See, e.g., ECF 22-3 (Declaration of John Doe), ¶ 5 (stating that SSA has 65 years of his employment records); see also Soc. Sec. Admin., Understanding the Benefits (2025) 2, https://perma.cc/V2MH-VANX.

The Agency is subject to a “panoply of laws” that govern and protect SSA's data systems and the disclosure of PII held by SSA. ECF 17, ¶ 39. These include the Privacy Act, the Social Security Act, the Tax Reform Act of 1976, the Taxpayer Browsing Protection Act, and the Federal Information Security Modernization Act (“FISMA”). Id. See ECF 49 at 45–51.

Leland Dudek is the Acting Commissioner of the SSA. ECF 17, ¶ 20. He was selected by President Trump on or about February 16, 2025, after the resignation of Michelle King, then the Acting SSA Commissioner. ECF 1, ¶ 88. Dudek approved the data access to the DOGE Team that is at issue here. See ECF 36-1 (Declaration of Russo), ¶ 6; see also, e.g., ECF 86-2 at 1–30.

At the outset of the litigation, Michael Russo was the Chief Information Officer of the SSA. ECF 17, ¶ 21. He assumed the position on February 3, 2025. ECF 36-1, ¶ 1. As the CIO, Russo was responsible for implementation and management of information technology, and he was “responsible for oversight of grants of permissions [sic] to access SSA systems.” Id. ¶ 2. As noted, he has since been replaced in this role. See 110-1 at 4.

Elon Musk is a “Senior Advisor to the President and the de facto Head of DOGE.” ECF 17, ¶ 23.⁹ Executive Order 14,158 established the U.S. DOGE Service, previously the U.S. Digital Service,¹⁰ and renamed it as the United States DOGE Service. Id. ¶ 24. USDS is part of the Executive Office of the President (“EOP”). Id. U.S. DOGE Service Temporary Organization is a “temporary organization also created by Executive Order 14,158 and headed by the U.S. DOGE Service Administrator.” Id. ¶ 25.

Amy Gleason is the Acting Administrator of USDS and the U.S. DOGE Service Temporary Organization. Id. ¶ 26. She was named to the position on February 25, 2025. See Citizens for Resp. & Ethics in Washington v. U.S. Doge Serv. (“CREW”), No. 25-CV-511 (CRC), 2025 WL 752367, at *2 (D.D.C. Mar. 10, 2025).

B. Post-Inauguration Period

1. Executive Order 14,158

Following President Trump's inauguration on January 20, 2025, he signed Executive Order 14,158, 90 Fed. Reg. 8441 (Jan. 29, 2025) (“E.O.” or “DOGE Order”), titled “Establishing and Implementing the President's ‘Department of Government Efficiency.’ ” The E.O. established DOGE “to implement the President's DOGE Agenda, by modernizing Federal technology and software to maximize governmental efficiency and productivity.” Id. § 1. It renamed the United States Digital Service as the “United States DOGE Service (USDS)” and moved it from the Office of Management and Budget to the EOP. Id. § (3)(a).¹¹ In addition, the DOGE Order established a USDS Administrator in the EOP, who “shall report to the White House Chief of Staff.” Id. § 3(b). And, the DOGE Order creates “a temporary organization known as ‘the U.S. DOGE Service Temporary Organization,’ ” which is “dedicated to advancing the President's 18-month DOGE agenda.” Id.

Further, the DOGE Order provides, id. § 3(c): “In consultation with USDS, each Agency Head[¹² ] shall establish within their respective Agencies a DOGE Team of at least four employees, which may include Special Government Employees,[¹³ ] hired or assigned within thirty days of the date of this Order. Agency Heads shall select the DOGE Team members in consultation with the USDS Administrator. Each DOGE Team will typically include one DOGE Team Lead, one engineer, one human resources specialist, and one attorney. Agency Heads shall ensure that DOGE Team Leads coordinate their work with USDS and advise their respective Agency Heads on implementing the President's DOGE Agenda.”

Section 4 of the DOGE Order concerns “Modernizing Federal Technology and Software to Maximize Efficiency and Productivity.” Id. § 4. It provides, id. § 4(a): “The USDS Administrator shall commence a Software Modernization Initiative to improve the quality and efficiency of government-wide software, network infrastructure, and information technology (IT) systems. Among other things, the USDS Administrator shall work with Agency Heads to promote inter-operability between agency networks and systems, ensure data integrity, and facilitate responsible data collection and synchronization.”

Relevant here, § 4(b) of the E.O. states: “Agency Heads shall take all necessary steps, in coordination with the USDS Administrator and to the maximum extent consistent with law, to ensure USDS has full and prompt access to all unclassified agency records, software systems, and IT systems. USDS shall adhere to rigorous data protection standards.”

2. SSA in the Crosshairs

According to the Amended Complaint, “President Trump, Elon Musk, and other administration officials have had their sights set on Social Security for the past year ․” ECF 17, ¶ 60. For example, President Trump and Mr. Musk have “repeatedly suggested that there is widespread fraud within Social Security, as well as other entitlements.” Id. ¶ 65. On February 11, 2025, Musk posted on “X”, formerly known as Twitter, as follows:

See id. ¶ 66.¹⁴ And, on February 17, 2025, Musk posted on X, see id. ¶ 67:

Further, the Amended Complaint states, id. ¶ 68: “On February 17, 2025, White House Press Secretary Karoline Leavitt stated on Fox News that President Trump ‘has directed Elon Musk and the DOGE team to identify fraud at the Social Security Administration.[ ]’ ” (Quoting Yamiche Alcindor & Raquel Coronell, Top Social Security Official Steps Down After Disagreement With DOGE Over Sensitive Data, CNN (Feb. 17, 2025), https://perma.cc/9ZLL-VLFH). In particular, Leavitt claimed that Musk and the DOGE Team “ ‘suspect that there are tens of millions of deceased people who are receiving fraudulent Social Security payments.[ ]’ ” ECF 17, ¶ 68 (quoting Zachary B. Wolf, Trump And Musk Set Their Sights On Social Security By Spreading Rumors, CNN (Feb. 19, 2025), https://perma.cc/YY7H-8XPA).

On February 19, 2025, Howard Lutnick, the Secretary of the Department of Commerce, stated on Fox News: “ ‘Back in October ․ I flew down to Texas, got Elon Musk [to set up DOGE], and here was our agreement: that Elon was gonna cut a trillion dollars of waste[,] fraud and abuse ․ We have almost $4 trillion in entitlements, and no one's ever looked at it before. You know Social Security is wrong, you know Medicaid and Medicare are wrong ․[ ]’ ” ECF 17, ¶ 69 (citation omitted).

In a press release on February 19, 2025, Dudek stated “that DOGE ‘is a critical part of President Trump's commitment to identifying fraud, waste, and abuse.[ ]’ ” Id. ¶ 70 (quoting Soc. Sec. Admin., Press Release, Statement from Lee Dudek, Acting Commissioner, About Commitment to Agency Transparency and Protecting Benefits and Information (Feb. 19, 2025), https://perma.cc/W33R-QKEZ). And, on February 22, 2025, President Trump claimed that “tens of millions of Americans are improperly receiving Social Security benefits,[ ] calling Social Security ‘the biggest Ponzi scheme of all time ․ It's all a scam, the whole thing is a scam.[ ]’ ” ECF 17, ¶ 71 (citations omitted).

Then, on February 28, 2025, Musk appeared on “ ‘The Joe Rogan Experience’—a widely listened to podcast—and proclaimed that ‘a basic search of the Social Security database’ indicated ‘20 million dead people [were] marked as alive’ and that ‘Social Security is the biggest Ponzi Scheme of all time.’ ” Id. ¶ 72 (citation omitted; alteration in ECF 17). According to plaintiffs, “[t]hat claim is false.” Id. (citing Soc. Sec. Admin., Off. of Inspector Gen., IG Reports: Nearly $72 Billion Improperly Paid; Recommended Improvements Go Unimplemented (Aug. 19, 2024), https://perma.cc/WR7T-3KZA).

President Trump continued to deride the SSA. On March 4, 2025, in the President's first speech of his second term to a joint session of Congress, he “claimed there to be ‘shocking levels of incompetence and probable fraud in the Social Security Program.’ ” ECF 17, ¶ 73 (citation omitted).

3. Recent Changes at SSA

Plaintiffs assert that DOGE and the DOGE Team “have wrought havoc” on SSA in the past few months. ECF 110-1 at 7. For example, recent news reports claim that DOGE has weaponized SSA as a vehicle to financially cripple immigrants, even some with legal status, allegedly to coerce them to “self deport.” See ECF 129 at 1; see also Alexandra Berzon, et al., Pushing ‘Self-Deportation,’ White House Moves to Cut Migrants’ Social Security, N.Y. Times (Apr. 10, 2025), https://perma.cc/H67G-6L2M. In particular, the Agency has allegedly added to its “death master file,” renamed the “ineligible master file,” the names of people who are actually alive. As a result of being added to the death database, these people are then “blacklisted from a coveted form of identity” needed for virtually all financial transactions. Id.; see also Hannah Natanson & Lisa Rein, Inside DOGE's Push to Defy a Court Order and Access Social Security Data, Wash. Post (Apr. 15, 2025), https://perma.cc/A343-RDKD. The news has also reported crashes of the SSA website. See, e.g., Lisa Rein, et al., Social Security Website Keeps Crashing, As DOGE Demands Cuts to IT Staff, Wash. Post (Apr. 7, 2025), https://perma.cc/LXM2-SRHH.

On February 21, 2025, “SSA announced an ‘organizational realignment’ of its Office of Analytics, Review, and Oversight, which was responsible for addressing recommendations from external monitoring authorities and overseeing fraud detection.” ECF 17, ¶ 75 (citing Soc. Sec. Admin., Press Release, Social Security Announces Change to Improve Agency Operations and Strengthen Protections (Feb. 21, 2025), https://perma.cc/3EC7-KARR). On February 24, 2025, “SSA announced it was closing the agency's Office of Transformation,[ ] which was dedicated to the digital modernization of SSA programs and services, including improving the agency's website.” ECF 17, ¶ 76 (citation omitted). The next day, “SSA shuttered its Office of Civil Rights and Equal Opportunity,[ ] which had been tasked with overseeing the agency's civil rights, equal employment, harassment prevention, accommodations, and disability services.” Id. (citation omitted).

The Agency has also closed local offices and “drastically reduc[ed] customers’ ability to access services ․.” ECF 110-1 at 7. On February 27, 2025, “SSA announced that it was implementing an ‘agency-wide organizational restructuring that will include significant workforce reductions’[ ] and began offering buyouts to agency employees.[ ]” ECF 17, ¶ 77 (citations omitted). The following day, “SSA announced it was reducing the agency's workforce by 7,000 and reducing the number of regional SSA offices from ten to four.[ ]” Id. ¶ 78 (citation omitted). But, the Agency “had already been at a fifty-year staffing low.[ ]” Id. (citation omitted). And, on February 28, 2025, the same day that the Agency announced the significant workforce reduction, “twenty senior SSA leaders announced their resignations.[ ]” Id. ¶ 79 (citation omitted). In addition, “DOGE has also been examining SSA's contracting and other systems, posting various cuts to agency contracts on its ‘wall of receipts.[ ]’ ” Id. ¶ 80 (citation omitted).

According to plaintiffs, Dudek “has confirmed: DOGE personnel—or, as he called them, ‘outsiders who are unfamiliar with nuances of SSA programs’—are calling the shots.[ ]” Id. ¶ 81 (citing Lisa Rein et al., DOGE Is Driving Social Security Cuts and Will Make Mistakes, Acting Head Says Privately, Wash. Post (Mar. 6, 2025), https://perma.cc/FYY3-QGRR).

C. Declarations

In connection with their TRO Motion, plaintiffs submitted declarations from eleven individuals: (1) Ann Widger, the Director of Retirees at AFSCME (ECF 22-1); (2) Sue Conard, a retiree member of AFSCME (ECF 22-2); (3) “John Doe,” a retiree member of AFSCME (ECF 22-3); (4) Tamara Imperiale, a retiree member of AFSCME (ECF 22-4); (5) Charles “CK” Williams, a retiree member of AFSCME (ECF 22-5); (6) Richard J. Fiesta, the Executive Director of ARA (ECF 22-6); (7) Linda Somo, a member of Alliance (ECF 22-7); (8) Bernadette Aguirre, Director of AFT'S Retiree Division (ECF 22-8); (9) David Gray, a retired member of AFT (ECF 22-9); (10) Tiffany Flick, a former long-term SSA employee who most recently served as Acting Chief of Staff to Acting SSA Commissioner Michelle King (ECF 22-10; ECF 39-1); and (11) Kathleen Romig, the Director of Social Security and Disability Policy at the Center on Budget and Policy Priorities (ECF 39-2).

Plaintiffs have submitted eleven additional declarations in support of their P.I. Motion. These include supplemental declarations from Widger (ECF 110-3); Conard (ECF 110-4); Fiesta (ECF 110-5); Somo (ECF 110-6); Aguirre (ECF 110-7); and Gray (ECF 110-8), who confirm that everything they stated in their previous declarations remains true. ECF 110-3, ¶ 1; ECF 110-4, ¶ 1; ECF 110-5, ¶ 1; ECF 110-6, ¶ 1; ECF 110-7, ¶ 1; ECF 110-8, ¶ 1. Plaintiffs also filed declarations of Erie Meyer, founding member of the U.S. Digital Service and former Chief Technologist of two federal agencies (ECF 110-9); Marcela Escobar-Alava, former CIO at SSA (ECF 110-10); and “Brady Doe,” an SSA employee (ECF 110-12), as well as two supplemental declarations of Flick. ECF 110-11; ECF 136-1. With their Reply, plaintiffs filed a Supplemental Declaration of Meyer. ECF 122-1.

Defendants did not submit any declarations in connection with their P.I. Opposition. See ECF 113. But, they have submitted several declarations in connection with the TRO Opposition and in subsequent filings, including their Notice of Compliance (ECF 62). See, e.g., ECF 36-1 (Russo); ECF 36-2 (Felix-Lawson); ECF 62-2 (Felix Lawson); ECF 56-1 (Dudek, 3/24/25); ECF 60-1 (Dudek, 3/26/25); ECF 62-1 (Dudek, 3/27/25); ECF 74-1 (Dudek, 3/28/25); ECF 80-1 (Dudek, 4/1/25).

In plaintiffs’ opposition (ECF 77) to the Notice of Compliance filed by defendants (ECF 62), plaintiffs submitted two declarations. One is the Declaration of Alex Doe, a former “Digital Services Expert at the United States Digital Services ․” ECF 77-1. The other is the Declaration of Ann Lewis, the former Director of the Technology Transformation Services within the U.S. General Services Administration. ECF 77-2.

I previously discussed the declarations submitted in connection with the TRO in my Memorandum Opinion of March 20, 2025 (ECF 49), which I incorporate here. I generally discuss the declarations in the context of the issues, to the extent relevant. However, for background, I briefly discuss below a few of the declarations.

Tiffany Flick retired from SSA on or about February 16, 2025, after almost 30 years of service at the Agency, where she held a variety of positions. ECF 22-10 (“Flick Declaration”), ¶¶ 1, 2, 45, 46. Most recently, Flick served as the Acting Chief of Staff to Acting SSA Commissioner Michelle King. Id. ¶ 2. Flick provides a blistering account of events that unfolded at SSA from late January through the time of her resignation in mid February 2025.

On the morning of January 30, 2025, Flick received a call from Dudek, who was then serving as a senior advisor in the Office of Program Integrity. Id. ¶ 9. Dudek told Flick that two DOGE associates, Michael Russo and Scott Coulter, would be working at SSA. Id. Flick reported the call to Acting Commissioner King. Id. ¶ 10.

Russo began his onboarding process on January 31, 2025. Id. ¶ 11. He joined the Agency as the CIO on February 3. Id. Upon arrival, Russo “requested to bring in a software engineer named Akash Bobba, who was already assisting DOGE in multiple agencies.” Id. ¶ 13. But, “there were challenges with Mr. Bobba's background check that took a few days to resolve.” Id.

Flick recounts that on February 10, 2025, the Commissioner's Office and the Office of Human Resources were contacted by several people, including DOGE manager Steve Davis, about giving Mr. Bobba immediate access to SSA data. Id. ¶ 14. Russo and Davis “grew increasingly impatient” and ultimately Bobba was sworn in “over the phone” at around 9 p.m. that evening, “contrary to standard practice.” Id. ¶ 16. Flick characterizes the request for same-day access for Bobba as “unprecedented” in her time working “for multiple SSA commissioners across multiple administrations ․” Id. ¶ 15. Nor did she understand “the apparent urgency with which Mr. Bobba needed to be onboarded and given access to SSA's systems and data,” which she described as “highly sensitive.” Id. And, she asserts that “the credentialing process necessary for access to the systems would take longer.” Id. ¶ 16.

Flick “determined” that Mr. Bobba would have “anonymized and read-only Numident data using a standard ‘sandbox’ approach,” so that he would not have access to other data. Id. ¶ 26. According to Flick, the access she had determined to provide Bobba would enable him to answer DOGE's “numident-related questions about fraud,” as Flick understood them, without exposing personally identifiable information. Id. And, this approach was consistent with the way that SSA handles “any request to review SSA's records for potential fraud, waste, and abuse by oversight agencies ․ or auditors․” Id.

However, because of the expedited basis on which Bobba was granted access, the anonymized file provided to him had “technical glitches that created problems with the data in the file.” Id. ¶ 27. On February 15, 2025, after Bobba had experienced technical issues with the anonymized Numident file (id. ¶ 28), he did not wait for SSA to resolve the technical issues. Rather, Russo obtained “an opinion” from the federal Chief Information Officer, a Presidential appointee housed within the Office of Management and Budget, stating that “he could give Mr. Bobba access to all SSA data.” Id. ¶ 39. And, Russo and “other DOGE officials demanded that Mr. Bobba be given immediate, full access to SSA data in the Enterprise Data Warehouse (‘EDW’), which included Numident files, the Master Beneficiary Record (‘MBR’) files, and the Supplemental Security Record (‘SSR’) files.” Id. ¶ 30. Moreover, Russo “repeatedly stated that Mr. Bobba needed access to ‘everything, including source code.’ ” Id. ¶ 36. But, Russo “never provided the kind of detail that SSA typically requires to justify this level of access.” Id. ¶ 38.

According to Flick, Acting Commissioner King requested additional details from Russo on “why this level of access was necessary for the work [of] Mr. Bobba ․” Id. ¶ 44. But, she did not receive an answer. Id. Instead, on February 16, 2025, Commissioner King “received an email from the White House noting that the President had named Mr. Dudek as the Acting Commissioner,” although Flick understood that Dudek was on administrative leave. Id. ¶ 45. Shortly after Acting Commissioner King informed Flick that Dudek had been elevated to Acting Commissioner, Flick retired. Id. ¶ 46. Flick claims that, upon her departure, Dudek gave Bobba and “the DOGE team access to at least the EDW database, and possibly other databases.” Id. ¶ 47.

In a Supplemental Declaration (ECF 39-1), Flick maintains that several employees of the DOGE Team accessed SSA data systems prior to having signed finalized detail agreements from other agencies. Id.¶ 3. And, she claims that this “is not in keeping with agency practice because the agency does not consider a detailee to be an employee of SSA until a detail agreement is signed and finalized.” Id.

In addition, Flick disputes the contention that the DOGE Team cannot perform its work using anonymized data. She states, id. ¶ 4:

Normally when analysts or auditors review agency data for possible payment issues, including for fraud, the review process would start with access to high-level, anonymized data based on the least amount of data the analyst or auditor would need to know. If a subset of records within that data are flagged as suspicious, the analyst or auditor would access more granular, non-anonymized data to just that subset of files. In my experience, the type of full, non-anonymized access of individual data on every person who has a social security number or receives benefit[s] from Social Security is unnecessary at the outset of any anti-fraud or other auditing project. While agency anti-fraud experts would have access to the types of data that Mr. Russo describes, they also have significant training and expertise in agency programs and how to read and understand the data from agency systems.

Flick also explains that the “need to know” reason for full, non-anonymized access to SSA data systems articulated in this case are “far from sufficiently detailed to justify granting the level of access the DOGE Team now has.” She posits that only thirty to forty Agency employees have the extent of access that is sought by the DOGE Team, out of “roughly 57,000 employees.” Id. ¶ 7. However, she contends that, unlike the DOGE Team, these thirty to forty employees are “highly skilled and highly trained.” Id.

Russo became the Chief Information Officer at SSA on February 3, 2025. ECF 36-1, ¶ 1. He is a “Non-Career Senior Executive reporting directly to SSA's Acting Commissioner, Leland Dudek.” Id. Felix-Lawson has been the Deputy Commissioner of Human Resources at the SSA since November 17, 2024. ECF 36-2, ¶ 1. She is a “Career Senior Executive reporting directly to SSA's Acting Commissioner, Leland Dudek.” Id.

As the CIO, Russo is “responsible for oversight of grants of permissions [sic] to access SSA systems,” including to SSA's DOGE Team. ECF 36-1, ¶ 2. In his Declaration of March 12, 2025, Russo asserted that the “SSA DOGE Team currently consists of ten SSA employees: four SSA special government employees (Employees 1, 4, 6, and 9) and six detailees to SSA from other government agencies and offices (Employees 2, 3, 5, 7, 8, and 10).” Id. ¶ 4. However, the DOGE Team now consists of eleven people. ECF 56-1 (Dudek Declaration), at 2 n.1.¹⁵

Russo contends that the “overall goal of the work performed by SSA's DOGE Team is to detect fraud, waste and abuse in SSA programs and to provide recommendations for action to the Acting Commissioner of SSA, the SSA Office of the Inspector General, and the Executive Office of the President.” ECF 36-1, ¶ 5. He also describes the particular data access granted to each employee, as well as the stated need for the data, discussed in more detail, infra.

Felix-Lawson is “responsible for leading and overseeing human resource services to the agency, including but not limited to appointing and onboarding new personnel, including regular and special government employees and detailees.” ECF 36-2, ¶ 2.¹⁶ She provided the dates when each DOGE Team member was brought onto the SSA DOGE Team, as well as additional details regarding their duties, training, and background investigations.¹⁷ I discuss this information, infra.

Felix-Lawson also described the background investigation process for DOGE Team members. As of March 27, 2025, she claimed that “Employee 1, Employee 5, Employee 8, and Employee 9 have completed the steps in the background investigation process that SSA would require prior to granting access to personally identifiable information.” ECF 62-2 ¶ 12. But, she stated: “All four individuals have background investigations pending—i.e., with [Defense Counterintelligence and Security Agency, “DSCA”]—which have not been finally adjudicated by SSA. Once these four SSA DOGE Team employees are adjudicated by SSA, they will be eligible to receive clearances.” Id. ¶ 8.

Dudek, now Acting Commissioner at SSA, was previously “a Senior Advisor in SSA's Office of Program Integrity (“OPI”), which provides oversight of the agency's anti-fraud program, improper payment initiatives, and related activities. OPI's key workloads include fraud detection analytics and models.” ECF 80-1, ¶ 3. Dudek claims that he has “extensive other work experience in data safeguarding in government projects, to include inter-governmental data encryption efforts as well as serving as the Chief Information Security Officer for the Recovery Accountability and Transparency Board, created by the American Recovery and Reinvestment Act of 2009.” Id. Dudek has described himself as having “expertise in SSA systems, data, and fraud efforts” based on his current role, as well as his prior work history. Id.

Along with the Status Report submitted by defendants on March 24, 2025 (ECF 56), they submitted a Declaration of Dudek, certifying SSA's compliance with the TRO. See ECF 56-1. In connection with the motion for stay pending appeal, filed March 26, 2025, defendants submitted another Declaration of Dudek (ECF 60-1), explaining the “operational burden on the agency to continue to comply” with the TRO. Id. ¶ 3. SSA also identified, for the first time, specific efforts of the DOGE Team concerning detection of fraud, including detection of “Direct Deposit Fraud”; “Wage Reporting Fraud”; “Improved Fraud Detection”; and “Extreme Age Records.” Id. ¶ 6.

In the Notice (ECF 62) filed on March 27, 2025, the government asked the Court to authorize access to PII. Dudek submitted another Declaration (ECF 62-1) in support of the Notice. For the first time, Dudek identified specific projects on which DOGE Employees 1, 5, 8, and 9 are working, and for which he claims access to PII is necessary. The projects are as follows: (1) “Are You Alive Project,” ECF 62-1, ¶ 9; (2) “Death Data Clean Up Project,” id. ¶ 10; and (3) “direct-deposit change, new claim, and wage-reporting fraud detection,” or “Fraud Detection.” Id. ¶ 11.

In response to the submission of ECF 62, the Court promptly held a telephone hearing on March 27, 2025. ECF 63, ECF 67. Mr. Dudek participated and responded to a handful of questions from the Court. See ECF 73 (Transcript). However, he was not questioned by either side, nor was he under oath.

On March 28, 2025, in response to an Order of March 27, 2025 (ECF 64), seeking clarification regarding the Notice and some comments of Mr. Dudek (ECF 62), Dudek filed another Declaration. ECF 74-1. He provided additional information regarding the “Fraud Detection” project, on which Employee 8 is working. In connection with defendants’ reply concerning the Notice (ECF 80), defendants submitted yet another Declaration of Dudek (ECF 80-1) on April 1, 2025.

D. Administrative Record

Defendants filed the Administrative Record, under seal, on April 2, 2025. ECF 86; ECF 86-1 to ECF 86-6. They filed a redacted version on the public docket on April 9, 2025. ECF 121. And, they provided a supplement on April 7, 2025. ECF 112.

1. Legal Standard

The parties do not address the role of an administrative record in a challenge to an agency action. Generally, “claims brought under the APA are adjudicated without a trial or discovery, on the basis of an existing administrative record[.]” Audubon Naturalist Soc'y of the Cent. Atl. States, Inc. v. U.S. Dep't of Transp., 524 F. Supp. 2d 642, 660 (D. Md. 2007).

In Dow AgroSciences LLC v. Nat'l Marine Fisheries Serv., 707 F.3d 462, 467 (4th Cir. 2013), the Fourth Circuit stated that the court “must only consider the record made before the agency at the time the agency acted” and “may not ‘intrude upon the domain which Congress has exclusively entrusted to an administrative agency.’ ” (Quoting SEC v. Chenery Corp., 318 U.S. 80, 94 (1943)); see Citizens to Preserve Overton Park, Inc. v. Volpe, 401 U.S. 402, 420, 91 S.Ct. 814, 28 L.Ed.2d 136 (1971) (stating that judicial review “is to be based on the full administrative record that was before the [agency] at the time [it] made [its] decision”), abrogated on other grounds by Califano v. Sanders, 430 U.S. 99, 97 S.Ct. 980, 51 L.Ed.2d 192 (1977); Hill Dermaceuticals, Inc. v. FDA, 709 F.3d 44, 47 (D.C. Cir. 2013) (“[I]t is black-letter administrative law that in an APA case, a reviewing court ‘should have before it neither more nor less information than did the agency when it made its decision.’ ” (citation omitted)). Moreover, “judicial inquiry into ‘executive motivation’ represents ‘a substantial intrusion’ into the workings of another branch of Government and should normally be avoided.” Dep't of Commerce v. New York, 588 U.S. 752, 780–81, 139 S.Ct. 2551, 204 L.Ed.2d 978 (2019) (citation omitted).

Section 706 of the APA requires the reviewing court to review the “whole record or those parts of it cited by a party ․” 5 U.S.C. § 706; see Ergon-W. Va., Inc. v. EPA, 980 F.3d 403, 410 (4th Cir. 2020) (stating that, in its “evaluation of the agency action” the court “ ‘shall review the whole record or those parts of it cited by a party’ ․” (citation omitted)). Ordinarily, this inquiry “is limited to evaluating the agency's contemporaneous explanation in light of the existing administrative record.” New York, 588 U.S. at 780, 139 S.Ct. 2551 (citing Vt. Yankee Nuclear Power Corp. v. Nat. Res. Def. Council, Inc., 435 U.S. 519, 549, 98 S.Ct. 1197, 55 L.Ed.2d 460 (1978)); see Overton Park, 401 U.S. at 420, 91 S.Ct. 814.

The record includes “the facts presented to the agency” and “the reasons given by the agency for taking the action.” Dow AgroSciences LLC, 707 F.3d at 468. “The whole administrative record includes pertinent but unfavorable information, and an agency may not exclude information on the ground that it did not ‘rely’ on that information in its final decision.” Tafas v. Dudas, 530 F. Supp. 2d 786, 793 (E.D. Va. 2008) (collecting cases).

Of relevance, “the focal point for judicial review” under the APA “should be the administrative record already in existence, not some new record made initially in the reviewing court.” Camp v. Pitts, 411 U.S. 138, 142, 93 S.Ct. 1241, 36 L.Ed.2d 106 (1973) (per curiam). In other words, the record does not include “facts and justifications for agency action provided to a reviewing court for the first time.” Tafas, 530 F. Supp. 2d at 793. Moreover, the court “ ‘may not accept [agency] counsel's post hoc rationalizations for agency action’ ” because the “court may look only to these contemporaneous justifications in reviewing the agency action.” Dow AgroSciences LLC, 707 F.3d at 467-68 (emphasis in Dow AgroSciences) (quoting Motor Vehicle Mfr. Ass'n v. State Farm Auto. Ins. Co., 463 U.S. 29, 50, 103 S.Ct. 2856, 77 L.Ed.2d 443 (1983)). “[O]n the basis of the record the agency provides,” the court decides “whether the action passes muster under the appropriate APA standard of review.” Fla. Power & Light Co. v. Lorion, 470 U.S. 729, 744, 105 S.Ct. 1598, 84 L.Ed.2d 643 (1985).

A “complete administrative record” does not include “privileged materials, such as documents that fall within the deliberative process privilege, attorney-client privilege, and work product privilege.” Tafas, 530 F. Supp. 2d at 794 (citing Town of Norfolk v. U.S. Army Corps of Eng'rs, 968 F.2d 1438, 1457–58 (1st Cir. 1992)); see, e.g., In re Subpoena Duces Tecum, 156 F.3d 1279, 1279 (D.C. Cir. 1998) (“Agency deliberations not part of the record are deemed immaterial.”); Portland Audubon Soc'y v. Endangered Species Comm., 984 F.2d 1534, 1549 (9th Cir. 1993) (noting that “neither the internal deliberative process of the agency nor the mental processes of individual agency members” are proper components of the administrative record); Comprehensive Cmty. Dev. Corp. v. Sebelius, 890 F. Supp. 2d 305, 312 (S.D.N.Y. 2012) (“[C]ourts have consistently recognized that, for the purpose of judicial review of agency action, deliberative materials antecedent to the agency's decision fall outside the administrative record.”); Oceana, Inc. v. Locke, 634 F. Supp. 2d 49, 54 (D.D.C. 2009) (“[A]gencies need not place predecisional and deliberative material in the administrative record, so their absence from the record does not mean that the record is ‘incomplete.’[ ]”), rev'd on other grounds, 670 F.3d 1238 (D.C. Cir. 2011). This is because “it is the agency's articulated justification for its decision that is at issue; the private motives of agency officials are immaterial.” Comprehensive Cmty. Dev. Corp., 890 F. Supp. 2d at 312.

Of course, “there are cases that do not fit the mold.” Mayor & City Council of Baltimore v. Trump, 429 F. Supp. 3d 128, 137 (D. Md. 2019). To accommodate those cases, courts have recognized several narrow exceptions to the APA's record rule. Tafas, 530 F. Supp. 2d at 795; James N. Saul, Overly Restrictive Administrative Records and the Frustration of Judicial Review, 38 Envtl. L. 1301, 1308 (2008) (cataloguing exceptions). For example, discovery beyond the record may be appropriate where the record is incomplete; where additional information would provide helpful context; where supplemental information would assist the court in determining whether the agency failed to consider relevant factors; and, where the record's integrity has been impugned. Saul, supra, at 1308–11.

Notably, a “court may go outside [the] record for explanation of highly technical matters.” J.H. Miles & Co., Inc. v. Brown, 910 F. Supp. 1138, 1147 (E.D. Va. 1995) (citing Asarco, Inc. v. EPA, 616 F.2d 1153, 1159–60 (9th Cir. 1980)); Bunker Hill Co. v. EPA, 572 F.2d 1286, 1292 (9th Cir. 1977) (“[C]ourts are not straightjacketed to the original record in trying to make sense of complex technical testimony, which is often presented in administrative proceedings without ultimate review by nonexpert judges in mind.”). Also of import, if the record is inadequate or “fail[s] to explain administrative action” and, as a result, “frustrate[s] effective judicial review,” the court may “obtain from the agency, either through affidavits or testimony, such additional explanation of the reasons for the agency decision as may prove necessary.” Camp, 411 U.S. at 142, 93 S.Ct. 1241; see Env't Def. Fund, Inc. v. Costle, 657 F.2d 275, 285 (D.C. Cir. 1981) (noting that “[w]hen the record is inadequate,” the court may seek “additional explanations,” but “[t]he new materials should be merely explanatory of the original record and should contain no new rationalizations”) (citing Bunker Hill Co. v. EPA, 572 F.2d 1286, 1291 (9th Cir. 1977)).

In my view, SSA's system of records is not a subject of common knowledge. The various declarations submitted by the parties, concerning the Agency's system of records and the protocols at SSA for managing and protecting these records, are important to the Court's understanding of the issues.¹⁸

2. DOGE Team

The SSA DOGE Team consists of five special government employees and six detailees from other federal agencies. In particular, Employee 2 is detailed from the National Aeronautics and Space Administration (“NASA”) (ECF 86-2 at 52–63); Employee 3 is detailed from the Department of Labor (“DOL”) (id. at 33–40, 103 S.Ct. 2856; id. at 48–51, 103 S.Ct. 2856); Aram Moghaddassi, who is Employee 7, is detailed from the DOL (id. at 41–47, 103 S.Ct. 2856); Employee 8 is detailed from the Office of Personnel Management (id. at 72–75); Employee 10 is detailed from the General Services Administration (“GSA”) (id. at 76–79); and it appears that Employee 5 is detailed from USDS (id. at 101–09, 63 S.Ct. 454; see ECF 143 at 32, 34).

The special government employees are all appointed as “experts.” Employee 1 was appointed on February 10, 2025 (ECF 86-5 at 43); Antonio Gracias, Employee 4, was appointed on February 23, 2025 (id. at 45, 103 S.Ct. 2856); Employee 6 was appointed on February 24, 2025 (id. at 46, 103 S.Ct. 2856); Employee 9 was appointed on February 23, 2025 (id. at 47, 103 S.Ct. 2856); and Employee 11 was appointed on March 16, 2025 (id. at 48, 103 S.Ct. 2856). Employee 1 is described as an expert in “modern computer programming languages, cloud and other infrastructure, AI, etc.” Id. at 20. Gracias is described as having “over 25 years of experience in private equity investing” and “was a Director of Tesla from 2007 to 2021.” Id. at 22. Employee 6's investing-related experience is described in the list of his special qualifications. Id. at 27. Employee 9's described experience includes design, development, and implementation of automation and scheduling tools, an inventory-tracking system, an analytics database, and a forecasting model. Id. at 34, 103 S.Ct. 2856. Employee 11 is described as having “over ten years of experience building cloud-native geospatial solutions.” Id. at 31, 103 S.Ct. 2856.

I discuss, infra, various documents that were executed by these SSA DOGE Team members. I also discuss, infra, SSA policies contained in the Administrative Record.

3. SSA Systems of Record

The SSA's Information Security Policy (ECF 86-3 at 168 through ECF 86-5 at 14) provides a useful summary of several of the SSA systems of record at issue in this case. They are as follows, ECF 86-4 at 54 (emphasis omitted):

• “Death Master File (DMF) – Publicly available database containing death notices for individuals enrolled in the U.S. Social Security program since 1936.”

• “Document Management Architecture (DMA) – Architecture that addresses SSA document capture, indexing, routing, storge retrieval, and management needs. DMA uses hardware and software components to create an object repository for storage and retrieval of information.”

• “Master Beneficiary Record (MBR) – Payment file from which Social Security checks are paid. The MBR contains information on Title II[19] beneficiaries, such as payment status, type, and amount.”

• “Master Earnings File (MEF) – File of workers’ earning records and information on the individual's entire work experience.”

• “NUMIDENT – Master file of assigned Social Security Numbers (SSNs). This file contains identifying information given by the applicant for an SSN.”

• “Supplemental Security Record (SSR) – Payment file from which Social Security Income (SSI) checks are paid. The SSR contains information on Title XVI beneficiaries, such as payment status, type, and amount.

In addition, in Dudek's Declaration of March 26, 2025 (ECF 62-1), he references data “schema” in EDW. These include PROME, PCHIP, PVIR, and PVIPR. Id. ¶ 9. Dudek states, id.: “PROME contains login data to mySSA.gov; PCHIP has 1-800 number caller data; PVIP contains field office call data; and PVIPR contains field office appointments.”

In Russo's Declaration of March 12, 2025 (ECF 36-1), he indicates that access was granted to certain DOGE Team members to “Treasury Payment Files Showing SSA Payments (containing information from Social Security Online Accounting and Reporting System, System of Records (SSOARS).” See, e.g., id. ¶ 7. The Administrative Record does not describe these files.

IV. Standing

The parties vigorously dispute whether plaintiffs have standing to pursue their claims. The matter of standing is a “threshold jurisdictional question.” Dreher v. Experian Info. Sols., Inc., 856 F.3d 337, 343 (4th Cir. 2017). “The standing inquiry asks whether a plaintiff ha[s] the requisite stake in the outcome of a case ․” Deal v. Mercer Cty Bd. of Educ., 911 F.3d 183, 187 (4th Cir. 2018).

A. Legal Standard

It is a bedrock principle that Article III of the Constitution “confines the federal judicial power to the resolution of ‘Cases’ and ‘Controversies.’ ” TransUnion LLC v. Ramirez, 594 U.S. 413, 423, 141 S.Ct. 2190, 210 L.Ed.2d 568 (2021); see Murthy v. Missouri, 603 U.S. 43, 56, 144 S.Ct. 1972, 219 L.Ed.2d 604 (2024) (“Article III of the Constitution limits the jurisdiction of federal courts to ‘Cases’ and ‘Controversies.’ ”); Fed. Election Comm'n v. Cruz, 596 U.S. 289, 295, 142 S.Ct. 1638, 212 L.Ed.2d 654 (2022) (“The Constitution limits federal courts to deciding ‘Cases’ and ‘Controversies.’ ”) (quoting Art. III, § 2); Carney v. Adams, 592 U.S. 53, 58, 141 S.Ct. 493, 208 L.Ed.2d 305 (2020) (recognizing that Article III requires “a genuine, live dispute between adverse parties ․”); Clapper v. Amnesty Int'l USA, 568 U.S. 398, 408, 133 S.Ct. 1138, 185 L.Ed.2d 264 (2013) (“Article III of the Constitution limits federal courts’ jurisdiction to certain ‘Cases’ and ‘Controversies.’ ”); Lewis v. Cont'l Bank Corp., 494 U.S. 472, 477, 110 S.Ct. 1249, 108 L.Ed.2d 400 (1990) (It is fundamental that Article III of the Federal Constitution confines the federal courts to adjudicating “actual, ongoing cases or controversies.”); Opiotennione v. Bozzuto Mgmt. Co., 130 F.4th 149, 153 (4th Cir. 2025) (“Article III of the constitution limits the judicial power of the United States to ‘Cases’ and ‘Controversies.’ ”); Laufer v. Naranda Hotels, LLC, 60 F.4th 156, 161 (4th Cir. 2023) (same).

A federal court may resolve only “a real controversy with real impact on real persons ․” American Legion v. American Humanist Assn., 588 U.S. 29, 87, 139 S.Ct. 2067, 204 L.Ed.2d 452 (2019). Indeed, “ ‘no principle is more fundamental to the judiciary's proper role in our system of government than the constitutional limitation of federal-court jurisdiction to actual cases or controversies.’ ” Spokeo, Inc. v. Robins, 578 U.S. 330, 337, 136 S.Ct. 1540, 194 L.Ed.2d 635 (2016) (quoting Raines v. Byrd, 521 U.S. 811, 818, 117 S.Ct. 2312, 138 L.Ed.2d 849 (1997)). “Continued adherence to the case-or-controversy requirement of Article III maintains the public's confidence in an unelected but restrained Federal Judiciary ․ For the federal courts to decide questions of law arising outside of cases and controversies would be inimical to the Constitution's democratic character.” Arizona Christian School Tuition Organization v. Winn, 563 U.S. 125, 133, 131 S.Ct. 1436, 179 L.Ed.2d 523 (2011); see DaimlerChrysler Corp. v. Cuno, 547 U.S. 332, 341, 126 S.Ct. 1854, 164 L.Ed.2d 589 (2006) (“[T]he constitutional limitation of federal-court jurisdiction to actual cases or controversies” is “fundamental to the judiciary's proper role in our system of government[.]”).

Relevant here, “Federal courts can only review statutes and executive actions when necessary ‘to redress or prevent actual or imminently threatened injury to persons caused by ․ official violation of law.’ ” Murthy, 603 U.S. at 56, 144 S.Ct. 1972 (citing Summers v. Earth Island Institute, 555 U.S. 488, 492, 129 S.Ct. 1142, 173 L.Ed.2d 1 (2009)). Courts “do not adjudicate hypothetical or abstract disputes.” TransUnion, 594 U.S. at 423, 141 S.Ct. 2190. Nor do courts “exercise general legal oversight” of other government branches, id., or render “advisory opinions.” Id. at 424, 141 S.Ct. 2190. Simply put, in the absence of a case or controversy, “the courts have no business deciding [the case] ․” DaimlerChrysler Corp., 547 U.S. at 341, 126 S.Ct. 1854. And, when there is no case or controversy, “the court's subject matter jurisdiction ceases to exist ․” S.C. Coastal Conservation League v. U.S. Army Corps. of Eng'rs, 789 F.3d 475, 482 (4th Cir. 2015); see Gardner v. GMAC, Inc., 796 F.3d 390, 395 (4th Cir. 2015) (same).

A “case or controversy exists only when at least one plaintiff” establishes standing to sue. Murthy, 603 U.S. at 57, 144 S.Ct. 1972 (citing Raines, 521 U.S. at 818, 117 S.Ct. 2312). Thus, “the doctrine of standing [serves] as a means to implement” the case or controversy requirement. Laufer, 60 F.4th at 161; see TransUnion LLC, 594 U.S. at 423, 141 S.Ct. 2190 (“For there to be a case or controversy under Article III, the plaintiff must have ․ standing.”); Spokeo, Inc., 578 U.S. at 338, 136 S.Ct. 1540 (“Standing to sue is a doctrine rooted in the traditional understanding of a case or controversy.”); Raines, 521 U.S. at 818, 117 S.Ct. 2312 (“One element of the case-or-controversy requirement” is that a plaintiff must establish standing to sue).

To establish standing under Article III of the Constitution, a plaintiff must satisfy three well established elements: “(i) that he suffered an injury in fact that is concrete, particularized, and actual or imminent; (ii) that the injury was likely caused by the defendant; and (iii) that the injury would likely be redressed by judicial relief.” TransUnion LLC, 594 U.S. at 423, 141 S.Ct. 2190 (citing Lujan v. Defenders of Wildlife, 504 U.S. 555, 560–561, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992)); see Food and Drug Admin. v. Alliance for Hippocratic Medicine, 602 U.S. 367, 380, 144 S.Ct. 1540, 219 L.Ed.2d 121 (2024); Students for Fair Admissions, Inc. v. President & Fellows of Harvard Coll., 600 U.S. 181, 199, 143 S.Ct. 2141, 216 L.Ed.2d 857 (2023); Cruz, 596 U.S. at 296, 142 S.Ct. 1638; Susan B. Anthony List v. Driehaus, 573 U.S. 149, 168, 134 S.Ct. 2334, 189 L.Ed.2d 246 (2014); Clapper, 568 U.S. at 409, 133 S.Ct. 1138; Delmarva Fisheries Ass'n, Inc. v. Atl. States Marine Fisheries Comm'n, 127 F.4th 509, 515 (4th Cir. 2025); Fernandez v. RentGrow, Inc., 116 F.4th 288, 294 (4th Cir. 2024); Laufer, 60 F.4th at 161; Maryland Shall Issue, Inc. v. Hogan, 971 F.3d 199, 210 (4th Cir. 2020); Sierra Club v. U.S. Dep't of the Interior, 899 F.3d 260, 284 (4th Cir. 2018); Cahaly v. Larosa, 796 F.3d 399, 406 (4th Cir. 2015). Requiring a plaintiff to demonstrate these three elements “ensures that federal courts decide only the ‘rights of individuals,’ and that federal courts exercise ‘their proper function in a limited and separated government.’ ” TransUnion LLC, 594 U.S. at 423, 141 S.Ct. 2190 (citations omitted).

Notably, “a plaintiff must demonstrate standing separately for each form of relief sought.” Friends of the Earth, Inc. v. Laidlaw Envtl. Servs. (TOC), Inc., 528 U.S. 167, 185, 120 S.Ct. 693, 145 L.Ed.2d 610 (2000); see Trans Union LLC, 594 U.S. at 431, 141 S.Ct. 2190 (Plaintiffs “must demonstrate standing for each claim that they press and for each form of relief that they seek (for example, injunctive relief and damages)”); Town of Chester, N.Y. v. Laroe Estates, Inc., 581 U.S. 433, 439, 137 S.Ct. 1645, 198 L.Ed.2d 64 (2017) (“ ‘[A] plaintiff must demonstrate standing for each claim he seeks to press and for each form of relief that is sought.’ ”) (citation omitted); see also MSP Recovery Claims, Series LLC v. Lundbeck LLC, 130 F. 4th 91, 104 (4th Cir. 2025); Episcopal Church in S.C. v. Church Ins. Co. of Vt., 997 F.3d 149, 154 (4th Cir. 2021). And, a plaintiff must demonstrate each element of standing “with the manner and degree of evidence required at the successive stages of the litigation.” Lujan, 504 U.S. at 561, 112 S.Ct. 2130. At the preliminary injunction stage, “the plaintiff must make a ‘clear showing’ that she is ‘likely’ to establish each element of standing.” Murthy, 603 U.S. at 58, 144 S.Ct. 1972 (citation omitted).

But, “standing in no way depends on the merits of the plaintiff's contention that particular conduct is illegal.” Warth v. Seldin, 422 U.S. 490, 500, 95 S.Ct. 2197, 45 L.Ed.2d 343 (1975); see Cruz, 596 U.S. at 298, 142 S.Ct. 1638 (“For standing purposes, we accept as valid the merits of [the plaintiff's] claims ․”); Equity In Athletics, Inc. v. Dep't of Educ., 639 F.3d 91, 99 (4th Cir. 2011) (“This court assumes the merits of a dispute will be resolved in favor of the party invoking our jurisdiction in assessing standing ․”). As the Laufer Court said, 60 F.4th at 161: “A district court may limit its standing inquiry to the allegations of the complaint or, if there are any material factual disputes, it may conduct an evidentiary hearing.”

Here, the plaintiffs are organizations, not individuals. For an organization, there are two paths to standing. See Students for Fair Admissions, Inc., 600 U.S. at 199, 143 S.Ct. 2141; Warth, 422 U.S. at 511, 95 S.Ct. 2197; S. Walk at Broadlands Homeowner's Ass'n, Inc. v. OpenBand at Broadlands, LLC, 713 F.3d 175, 182 (4th Cir. 2013). First, an organization “may have standing in its own right to seek judicial relief from injury to itself and to vindicate whatever rights and immunities the association itself may enjoy.” Warth, 422 U.S. at 511, 95 S.Ct. 2197. This is sometimes called organizational standing. See, e.g., Food & Water Watch, Inc. v. Vilsack, 808 F.3d 905, 919 (D.C. Cir. 2015). Second, “an association may have standing solely as the representative of its members.” Warth, 422 U.S. at 511, 95 S.Ct. 2197; see Hunt v. Wash. St. Apple Advert. Comm'n, 432 U.S. 333, 343, 97 S.Ct. 2434, 53 L.Ed.2d 383 (1977) (“[A]n association has standing to bring suit on behalf of its members.”). This is often called “associational” standing, which is a type of representational standing.²⁰ The Supreme Court has recognized that “there may be circumstances where it is necessary to grant a third party standing to assert the rights of another.” Kowalski v. Tesmer, 543 U.S. 125, 129–30, 125 S.Ct. 564, 160 L.Ed.2d 519 (2004).

Plaintiffs claim associational standing.²¹ For associational standing, an organization must demonstrate that (a) “ ‘its members would otherwise have standing to sue in their own right; (b) the interests it seeks to protect are germane to the organization's purpose; and (c) neither the claim asserted nor the relief requested requires the participation of individual members in the lawsuit.’ ” Students for Fair Admissions, Inc., 600 U.S. at 199, 143 S.Ct. 2141 (quoting Hunt, 432 U.S. at 343, 97 S.Ct. 2434); see S. Walk at Broadlands Homeowner's Ass'n, Inc., 713 F.3d at 184 (same); Equity In Athletics, Inc., 639 F.3d at 99 (same). An organization “must ‘make specific allegations establishing that at least one identified member had suffered or would suffer harm.’ ” S. Walk at Broadlands Homeowner's Ass'n, Inc., 713 F.3d at 184 (quoting Summers, 555 U.S. at 498, 129 S.Ct. 1142) (emphasis in S. Walk at Broadlands).

Injury in fact is the “ ‘[f]irst and foremost’ of standing's three elements.” Spokeo, Inc., 578 U.S. at 338, 136 S.Ct. 1540 (citing Steel Co. v. Citizens for Better Environment, 523 U.S. 83, 103, 118 S.Ct. 1003, 140 L.Ed.2d 210 (1998)). “[A]n injury in fact is ‘an invasion of a legally protected interest’ which is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.’ ” Opiotennione, 130 F.4th at 153 (quoting Lujan, 504 U.S. at 560, 112 S.Ct. 2130) (internal quotation marks omitted); see Monsanto Co. v. Geertson Seed Farms, 561 U.S. 139, 149, 130 S.Ct. 2743, 177 L.Ed.2d 461 (2010) (requiring the plaintiff to allege a “concrete, particularized, and actual or imminent” injury); see also TransUnion LLC, 594 U.S. at 423, 141 S.Ct. 2190. Therefore, under Article III, “a party invoking the jurisdiction of a federal court [must] seek relief for a personal, particularized injury.” Hollingsworth v. Perry, 570 U.S. 693, 715, 133 S.Ct. 2652, 186 L.Ed.2d 768 (2013).

The injury in fact requirement protects the federal courts “from becoming a ‘vehicle for the vindication of the value interests of concerned bystanders.’ ” Food and Drug Admin., 602 U.S. at 382, 144 S.Ct. 1540 (citation omitted). It “screens out plaintiffs who might have only a general, legal, moral, ideological, or policy objection to a particular government action.” Id. at 381, 144 S.Ct. 1540; see Valley Forge Christian College v. Americans United for Separation of Church and State, 454 U.S. 464, 473, 487, 102 S.Ct. 752, 70 L.Ed.2d 700 (1982).

“Concreteness and particularity are two different requirements that each must be met.” Opiotennione, 130 F.4th at 153. “[A]n injury is ‘particularized’ if it ‘affect[s] the plaintiff in a personal and individual way.’ ” Id. (quoting Spokeo, Inc., 578 U.S. at 339, 136 S.Ct. 1540) (second alteration in Opiotennione; internal quotation marks omitted); see Food and Drug Admin., 602 U.S. at 381, 144 S.Ct. 1540. A concrete injury is one that is “ ‘real, and not abstract.’ ” TransUnion LLC, 594 U.S. at 417, 141 S.Ct. 2190 (citation omitted); see Food and Drug Admin., 602 U.S. at 381, 144 S.Ct. 1540. “ ‘[F]inancial harm is a classic and paradigmatic form of injury in fact.’ ” Md. Shall Issue, Inc., 971 F.3d at 210) (citations omitted).

But, of relevance here, “[v]arious intangible harms can also be concrete.” TransUnion, LLC, 594 U.S. at 425, 141 S.Ct. 2190. The Supreme Court has said, id.: “Chief among them are injuries with a close relationship to harms traditionally recognized as providing a basis for lawsuits in American courts. Those include, for example, reputational harms,[²² ] disclosure of private information, and intrusion upon seclusion.” (citing, inter alia, Davis v. Federal Election Comm'n, 554 U.S. 724, 733, 128 S.Ct. 2759, 171 L.Ed.2d 737 (2008) (disclosure of private information); Gadelhak v. AT&T Services, Inc., 950 F.3d 458, 462 (7th Cir. 2020) (Barrett, J.), cert. denied, ––– U.S. ––––, 141 S.Ct. 2552, 209 L.Ed.2d 568 (2021) (intrusion upon seclusion)); see also Krakauer v. Dish Network, L.L.C., 925 F.3d 643, 653 (4th Cir. 2019) (“Intrusions upon personal privacy were recognized in tort law and redressable through private litigation.”). And, “[t]he fact that an injury may be suffered by a large number of people does not of itself make that injury a nonjusticiable generalized grievance.” Spokeo, Inc., 578 U.S. at 339 n.7, 136 S.Ct. 1540.

The existence of an applicable statute that authorizes legal action under certain circumstances does not automatically create standing. In other words, “plaintiffs cannot establish a cognizable injury simply by pleading a statutory violation.” Garey v. James S. Farrin, P.C., 35 F.4th 917, 921 (4th Cir. 2022); see Raines, 521 U.S. at 820 n.3, 117 S.Ct. 2312 (“It is settled that Congress cannot erase Article III's standing requirements by statutorily granting the right to sue to a plaintiff who would not otherwise have standing.”). “Congress's determination that a cause of action exists does not displace [the] ‘irreducible constitutional minimum’ of standing.” Krakauer, 925 F.3d at 652 (citation omitted). But, Congress can “ ‘elevat[e] to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate in law.’ ” Spokeo, 571 U.S. at 341, 134 S.Ct. 1090 (alteration in Spokeo) (citation omitted). In this regard, I pause to reference the Privacy Act, which Congress enacted to “protect the privacy of individuals identified in information systems maintained by Federal agencies.” Privacy Act of 1974, Pub. L. 93-579, § 2(a)(5), 88 Stat. 1896 (1974).

“Private litigation, even if authorized by statute to serve a range of public ends, must vindicate the plaintiffs’ interests, rather than serve solely [as] a vehicle for ensuring legal compliance.” Krakauer, 925 F.3d at 653. Thus, “Article III standing requires a concrete injury even in the context of a statutory violation.” Spokeo, Inc., 578 U.S. at 341, 136 S.Ct. 1540; see TransUnion, 594 U.S. at 426, 141 S.Ct. 2190. Nevertheless, Congress is “well positioned to identify intangible harms that meet minimum Article III requirements,” so “its judgment is ․ instructive and important.” Spokeo, Inc., 578 U.S. at 341, 136 S.Ct. 1540.

The Supreme Court has made clear that when plaintiffs proceed under a statutory cause of action, they can establish a cognizable injury by “identif[ying] a close historical or common-law analogue for their asserted injury,” for which courts have “traditionally” provided a remedy. TransUnion LLC, 594 U.S. at 424, 141 S.Ct. 2190. The Court has said: “Central to assessing concreteness is whether the asserted harm has a ‘close relationship’ to a harm traditionally recognized as providing a basis for a lawsuit in American courts—such as physical harm, monetary harm, or various intangible harms ․” Id. at 417, 141 S.Ct. 2190 (quoting Spokeo, Inc., 578 U. S. at 340–41, 136 S.Ct. 1540). Critically, there need not be “an exact duplicate in American history and tradition,” although a federal court is not entitled to “loosen Article III based on contemporary, evolving beliefs about what kinds of suits should be heard in federal courts.” TransUnion LLC, 594 U.S. at 424–25, 141 S.Ct. 2190.

As discussed, an injury in fact must also be actual or imminent. The concepts of actual, ongoing injury or imminent injury are “disjunctive.” Deal, 911 F.3d at 189. Ongoing injuries are, “by definition, actual injuries for purposes of Article III standing.” Id. The imminence requirement is a “ ‘somewhat elastic concept.’ ” Clapper, 568 U.S. at 409, 133 S.Ct. 1138 (citation omitted). Its “ ‘purpose’ ” is “ ‘to ensure that the alleged injury is not too speculative for Article III purposes—that the injury is certainly impending.’ ” Id. (citation omitted) (emphasis in Clapper).

Notably, a threatened injury can satisfy Article III standing. Beck v. McDonald, 848 F.3d 262, 271 (4th Cir. 2017); see South Carolina v. United States, 912 F.3d 720, 726 (4th Cir. 2019). However, the Supreme Court has “repeatedly reiterated that ‘threatened injury must be certainly impending to constitute injury in fact,’ and that ‘[a]llegations of possible future injury’ are not sufficient.” Clapper, 568 U.S. at 409, 133 S.Ct. 1138 (quoting Whitmore v. Arkansas, 495 U.S. 149, 158, 110 S.Ct. 1717, 109 L.Ed.2d 135 (1990)) (emphasis and second alteration in Clapper).

The second component of standing concerns traceability. This means that the injury in fact must be “fairly traceable to the challenged conduct of the defendant.” Md. Shall Issue, 971 F.3d at 210. “For an injury to be traceable, ‘there must be a causal connection between the injury and the conduct complained of’ by the plaintiff.” Air Evac EMS, Inc. v. Cheatham, 910 F.3d 751, 760 (4th Cir. 2018) (quoting Lujan, 504 U.S. at 560, 112 S.Ct. 2130). However, “the defendant's conduct need not be the last link in the causal chain ․’ ” Air Evac EMS, Inc., 910 F.3d at 760; see also Lexmark Int'l, Inc. v. Static Control Components, Inc., 572 U.S. 118, 134 n.6, 134 S.Ct. 1377, 188 L.Ed.2d 392 (2014) (“Proximate causation is not a requirement of Article III standing ․”). “[W]here the plaintiff suffers an injury that is ‘produced by [the] determinative or coercive effect’ of the defendant's conduct ‘upon the action of someone else,’ ” the traceability requirement is satisfied. Lansdowne on the Potomac Homeowners Ass'n, Inc. v. OpenBand and Lansdowne, LLC, 713 F.3d 187, 197 (4th Cir. 2013) (quoting Bennett v. Spear, 520 U.S. 154, 169, 117 S.Ct. 1154, 137 L.Ed.2d 281 (1997)).

To satisfy the third element of standing, redressability, a plaintiff “ ‘must show that it is likely, as opposed to merely speculative, that the injury will be redressed by a favorable [judicial] decision.’ ” Deal, 911 F.3d at 189 (quoting Sierra Club, 899 F.3d at 284). The “very essence” of the redressability requirement is that “[r]elief that does not remedy the injury suffered cannot bootstrap a plaintiff into federal court.” Steel Co., 523 U.S. at 107, 118 S.Ct. 1003. But, the “burden imposed by this requirement is not onerous.” Deal, 911 F.3d at 189. For example, plaintiffs “ ‘need not show that a favorable decision will relieve [their] every injury.’ ” Id. (citation omitted). “Rather, plaintiffs ‘need only show that they personally would benefit in a tangible way from the court's intervention.’ ” Id. (quoting Sierra Club, 899 F.3d at 284).

“To determine whether an injury is redressable, a court will consider the relationship between ‘the judicial relief requested’ and the ‘injury’ suffered.” California v. Texas, 593 U.S. 659, 671, 141 S.Ct. 2104, 210 L.Ed.2d 230 (2021) (citation omitted). Notably, the “second and third standing requirements—causation and redressability—are often ‘flip sides of the same coin.’ ” Food & Drug Admin., 602 U.S. at 380–81, 144 S.Ct. 1540 (quoting Sprint Commc'ns Co. v. APCC Services, Inc., 554 U.S. 269, 288, 128 S.Ct. 2531, 171 L.Ed.2d 424 (2008)). “If a defendant's action causes an injury, enjoining the action or awarding damages for the action will typically redress that injury.” Food & Drug Admin., 602 U.S. at 380, 144 S.Ct. 1540.

B. Discussion

In analyzing the issue of standing, I am not writing on a blank slate. Several district judges have found standing in analogous cases involving agency dissemination of PII to DOGE personnel. See American Federation of Labor and Congress of Industrial Organizations, et al. v. Department of Labor, et al., JDB-25-339, 2025 WL 1129227 (D.D.C. Apr. 16, 2025) (“AFL-CIO”); American Federation of Government Employees, AFL-CIO v. U.S. Office of Personnel Management, DLC-25-1237, 2025 WL 996542, at *9 (S.D.N.Y. Apr. 3, 2025) (“New York OPM Action”); American Federation of Teachers, et al. v. Bessent, et al., DLB-25-0430, 2025 WL 895326, at *13 (D. Md. Mar. 24, 2025); Alliance for Retired Americans v. Bessent, CKK-25-0313, 2025 WL 740401, at *16 (D.D.C. Mar. 7, 2025); New York v. Trump, JAV-25-01144, 2025 WL 573771, at *12 (S.D.N.Y. Feb. 21, 2025).

However, as noted earlier, in Bessent, a divided panel of the Fourth Circuit recently granted the government's motion for a stay of the preliminary injunction, pending appeal. American Federation of Teachers, et al. v. Bessent, et al., No. 25-1282, 2025 WL 1023638 (4th Cir. Apr. 7, 2025). Judges Agee and Richardson concluded, inter alia, that the plaintiffs, both organizations and individuals, “seemingly lack standing.” Id. at *4.

1. Associational Standing

The parties primarily dispute the injury in fact requirement of associational standing. Therefore, before turning to that issue, I shall briefly address the other elements.

As noted, the first element of associational standing requires that at least one member of each plaintiff organization has standing to sue in his or her own right. Students for Fair Admissions, Inc., 600 U.S. at 199, 143 S.Ct. 2141; S. Walk at Broadlands Homeowner's Ass'n, Inc., 713 F.3d at 184. In other words, at least one member of each plaintiff organization must show “(i) that he suffered an injury in fact ․; (ii) that the injury was likely caused by the defendant; and (iii) that the injury would likely be redressed by judicial relief.” TransUnion LLC, 594 U.S. at 423, 141 S.Ct. 2190.

Here, there is no dispute that if plaintiffs’ members have suffered an injury in fact, then such an injury was caused by defendants’ actions and would be redressable by judicial relief. See Food & Drug Admin., 602 U.S. at 380, 144 S.Ct. 1540 (“If a defendant's action causes an injury, enjoining the action or awarding damages for the action will typically redress that injury.”); Massachusetts v. EPA, 549 U.S. 497, 525, 127 S.Ct. 1438, 167 L.Ed.2d 248 (2007) (“[A] plaintiff satisfies the redressability requirement when he shows that a favorable decision will relieve a discrete injury to himself. He need not show that a favorable decision will relieve his every injury.”) (cleaned up; emphasis in original).²³

As discussed, the second element of associational standing requires that the interests the organization “ ‘seeks to protect are germane to the organization's purpose.’ ” Students For Fair Admissions, Inc., 600 U.S. at 199, 143 S.Ct. 2141 (citation omitted). Plaintiffs posit: “Among Plaintiffs’ organizational goals is ensuring that their members have access to and are able to benefit from well-run programs by SSA. Plaintiffs also seek to ensure protection of their members’ data and Social Security benefits, so that they can retire with the dignity they deserve.” ECF 110-1 at 13; see ECF 22-1 (Widger Decl.), ¶¶ 7, 8; ECF 22-6 (Fiesta Decl.), ¶ 3; ECF 22-8 (Aguirre Decl.), ¶¶ 3, 5. Each plaintiff has members for whom SSA holds personal, sensitive information, such as bank account numbers, medical information, tax information, and home addresses. ECF 22-1 (Widger Decl.), ¶¶ 10–13; ECF 22-6 (Fiesta Decl.), ¶ 9; ECF 22-8 (Aguirre Decl.), ¶ 8. And, in view of the access to PII provided to the DOGE Team, several of plaintiffs’ members assert an ongoing invasion of privacy, which has made at least some members anxious and distressed, see, e.g., ECF 22-3 (Doe Decl.),¶ 7; ECF 22-4 (Imperiale Decl.), ¶ 8; ECF 22-7 (Somo Decl.), ¶¶ 11, 13; ECF 22-9 (Gray Decl.), ¶ 10, and concerned about pursuing benefits under the newly-enacted Social Security Fairness Act. See ECF 22-1 (Widger Decl.), ¶ 26; ECF 22-6 (Fiesta Decl.), ¶ 17; see also ECF 22-5 (Williams Decl.), ¶ 7; ECF 22-7 (Somo Decl.), ¶ 12.

Defendants do not contend that the interests of plaintiffs in protection of their members’ privacy are not germane to plaintiffs’ purposes. I am satisfied that the interests plaintiffs seek to protect are “germane” to plaintiffs’ organizational purposes.

The third element of associational standing requires that “ ‘neither the claim asserted nor the relief requested requires the participation of individual members in the lawsuit.’ ” Students for Fair Admissions, Inc., 600 U.S. at 199, 143 S.Ct. 2141 (citation omitted). “ ‘[I]ndividual participation’ is not normally necessary when an association seeks prospective or injunctive relief for its members ․” United Food & Com. Workers Union Loc. 751 v. Brown Grp., Inc., 517 U.S. 544, 546, 116 S.Ct. 1529, 134 L.Ed.2d 758 (1996) (quoting Hunt, 432 U.S. at 343, 97 S.Ct. 2434).

Plaintiffs seek declaratory and injunctive relief, not monetary damages. Nevertheless, defendants assert that the participation of plaintiffs’ individual members is necessary for Counts I and II, which implicate the Privacy Act, 5 U.S.C. § 552a. ECF 113 at 14. This argument is founded primarily on two grounds. First, as defendants point out, the Privacy Act does not provide injunctive relief for disclosure claims. Id. at 15 (citing 5 U.S.C. § 552a(g)). Therefore, in defendants’ view, plaintiffs necessarily seek monetary damages, which requires participation of individual members. ECF 113 at 15. Second, defendants argue that organizations cannot bring Privacy Act claims because such claims are “specific and personal to individual persons.” Id.

In Warth, 422 U.S. at 515, 95 S.Ct. 2197, the Court distinguished associational standing, when “a declaration, injunction, or some other form of prospective relief” is sought, and associational standing, when “an association seeks relief in damages for alleged injuries to its members.” As to a damages request, “whatever injury may have been suffered is peculiar to the individual member concerned, and both the fact and extent of injury would require individualized proof.” Id. at 515–16, 95 S.Ct. 2197. But, as to a request for injunctive relief, individual participation is ordinarily not necessary because “it can reasonably be supposed that the remedy, if granted, will inure to the benefit of those members of the association actually injured.” Id. at 515, 95 S.Ct. 2197.

Bessent is pertinent to defendants’ first contention, concerning the unavailability of injunctive relief under the Privacy Act for a disclosure claim. The District Court in Bessent said that although the plaintiffs do not have an adequate remedy under the Privacy Act, they have an available remedy under the APA. The District Court relied on Doe v. Chao, 435 F.3d 492, 504 n.17 (4th Cir. 2006) (“Chao II”). See Bessent, 2025 WL 895326, at *19 n.17.

In Chao II, the Fourth Circuit suggested that a plaintiff may pursue injunctive relief for a Privacy Act disclosure claim through the APA. The Court said, 435 F.3d at 504 n.17: “We note that we do not read these cases to stand for the proposition that the Government may not be enjoined from violating the Privacy Act by disclosing personal records. Instead, we read these cases as stating that such relief is not authorized by the Privacy Act, standing alone. Often, however, and as was the case in the instant action, injunctive relief for a Government's violation of the Act will instead be appropriate and authorized by the APA.” And, in 2004, the Supreme Court observed in Doe v. Chao, 540 U.S. 614, 619 n.1, 124 S.Ct. 1204, 157 L.Ed.2d 1122 (2004) (“Chao I”): “The Privacy Act says nothing about standards of proof governing equitable relief that may be open to victims of adverse determinations or effects, although it may be that this inattention is explained by the general provisions for equitable relief within the [APA] ․”

As Judge Richardson observed in Bessent, 2025 WL 1023638, at *6, and as I recognized in my TRO Opinion (ECF 49 at 90, 105), the cited comments of the Fourth Circuit and the Supreme Court in Chao I and Chao II are dicta. But, defendants have not identified any case at odds with either Chao I or Chao II. And, at the P.I. Motion hearing, defense counsel acknowledged that he could not cite any case that disagreed with the dicta. ECF 143 at 40.

In the absence of other guidance, dicta is very helpful to a district judge laboring in the trenches.²⁴ Indeed, “dicta from the Supreme Court is not something to be lightly cast aside.” Peterson v. BMI Refractories, 124 F.3d 1386, 1392 n.4 (11th Cir. 1997). The Fourth Circuit has said as much, stating that “carefully considered language of the Supreme Court, even if technically dictum, generally must be treated as authoritative.” Wynne v. Town of Great Falls, S.C., 376 F.3d 292, 298 n.3 (4th Cir. 2004) (citation omitted).

Moreover, this Court has identified a handful of cases that suggest that the dicta in Chao I and Chao II is sound. In F.A.A. v. Cooper, 566 U.S. 284, 303 n.12, 132 S.Ct. 1441, 182 L.Ed.2d 497 (2012), the Supreme Court stated, again in dicta, that the Privacy Act “deters violations of its substantive provisions,” inter alia, “possibly by allowing for injunctive relief under the Administrative Procedure Act ․”. In Doe v. Stephens, 851 F.2d 1457, 1466–67 (D.C. Cir. 1988), the D.C. Circuit concluded that the plaintiff could pursue declaratory relief pursuant to the APA for his Privacy Act claim concerning the disclosure of medical records. And, in Radack v. U.S. Dep't of Just., 402 F. Supp. 2d 99, 103 (D.D.C. 2005), the plaintiff was permitted to pursue injunctive relief for a Privacy Act disclosure claim through the APA.

With respect to defendants’ second argument, this prong of the “associational standing test is best seen as focusing on ․ matters of administrative convenience and efficiency, not on elements of a case or controversy within the meaning of the Constitution.” United Food & Com. Workers Union Loc. 751, 517 U.S. at 557, 116 S.Ct. 1529. This case involves alleged sweeping access to PII, and the challenged conduct pertains to most of plaintiffs’ members, representing a large number of people. If plaintiffs’ members were to each bring suit on their own behalf, the challenged conduct would generally implicate the same facts, the same defendants, and the same data systems that were made available to DOGE personnel. As a matter of judicial economy, if plaintiffs’ members were each to file suit, the courts would be flooded. It is far less burdensome on the courts to adjudicate one case filed by plaintiffs on behalf of their many members.

The government has not identified a case where a court concluded that a plaintiff organization did not have associational standing to assert a Privacy Act claim on the ground that participation of individual members was necessary. But, plaintiffs have previously identified several cases in which judges have concluded that a plaintiff organization had standing to bring a Privacy Act claim on behalf of its members. ECF 39 at 14 (citing, inter alia, Democratic Party of Virginia v. Brink, 599 F. Supp. 3d 346, 356 (E.D. Va. 2022); Nat'l Ass'n of Letter Carriers, AFL-CIO v. U.S. Postal Serv., 604 F. Supp. 2d 665, 671–72 (S.D.N.Y. 2009)). Because plaintiffs do not seek monetary damages with respect to their Privacy Act claims, the participation of individual members is not necessary.

I turn to the requirement of an injury in fact, which is at the heart of the standing dispute.

2. Injury in Fact

The alleged harm is certainly particularized. Plaintiffs assert a violation of their members’ privacy based on the Agency's disclosure of PII. In addition, the harm is ongoing and/or imminent, given that eleven members of the DOGE Team are working at SSA and Dudek has approved their access to PII. The harm must also be concrete. This is where the battle lies.

As noted, in TransUnion, 594 U.S. at 424, 141 S.Ct. 2190, the Supreme Court concluded that plaintiffs challenging a statutory violation can establish standing by “identif[ying] a close historical or common-law analogue for their asserted injury,” for which courts have “traditionally” provided a remedy. Plaintiffs argue that the harm their members are facing is akin to the tort of intrusion upon seclusion. ECF 110-1 at 11.²⁵ Defendants disagree. See ECF 113 at 11–13.

In Bessent, involving the disclosure of PII to DOGE by the departments of Treasury, Education, and the Office of Personnel Management, a divided panel of the Fourth Circuit rejected the District Court's reliance on the tort of intrusion on seclusion as a proper common law analog to establish a concrete injury in fact. Bessent, 2025 WL 1023638, at *2, *5. But, there are important factual distinctions between Bessent and this case.

The Supreme Court and other courts have explicitly recognized that intrusion upon seclusion is an intangible harm “with a close relationship” to a harm “traditionally recognized as providing a basis for lawsuits in American courts.” TransUnion LLC, 594 U.S. at 425, 141 S.Ct. 2190; see also Krakauer, 925 F.3d at 653; Gadelhak, 950 F.3d at 462 (Barrett, J.). The tort is rooted in the common law right to privacy.

In 1890, in an influential Harvard Law Review article, Samuel Warren and Louis Brandeis articulated the conceptual basis for the right of privacy and claims based on invasion of that right. Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890). In Howard v. Antilla, 294 F.3d 244, 247–48 (1st Cir. 2002), the court said: “It is rare that the pedigree of a whole breed of common law tort claims can be traced with pinpoint accuracy. But in the case of common law claims for invasion of the right of privacy, most sources agree that the broad contours of these legal theories were first outlined by Samuel Warren and Louis Brandeis in the pages of the Harvard Law Review.”²⁶ Warren and Brandeis succinctly defined the right to privacy as the right “ ‘to be let alone.’ ” The Right to Privacy, 4 Harv. L. Rev. at 193 (citation omitted).

William Prosser authored an equally influential article in 1960, which helped to shape modern privacy law. Privacy, William L. Prosser, 48 Cal. L. Rev. 382 (August 1960);²⁷ see West v. Media Gen. Convergence, Inc., 53 S.W.3d 640, 642–43 (Tenn. 2001) (“The protection of privacy rights are still reflected in current law, owing much to the efforts of Dean William L. Prosser ․”). Prosser described invasion of privacy as “not one tort, but a complex of four.” Prosser, supra, 48 Cal. L. Rev. at 389. He defined the four versions, as follows, id.:

1. Intrusion upon the plaintiff's seclusion or solitude, or into his private affairs.

2. Public disclosure of embarrassing private facts about the plaintiff.

3. Publicity which places the plaintiff in a false light in the public eye.

4. Appropriation, for the defendant's advantage, of the plaintiff's name or likeness.

According to Prosser, these four torts “are tied together by the common name [i.e., invasion of privacy], but otherwise have almost nothing in common except that each represents an interference with the right of the plaintiff ․ ‘to be let alone.’ ” Id. at 389, 144 S.Ct. 1540; see also William L. Prosser, Handbook of the Law of Torts, Ch. 22, at 832 (3d ed. 1964) (same).

The Restatement (Second) of Torts (1977) (October 2024 update) (“Restatement”) adopts the four versions of the tort articulated by Prosser. See id. at Ch. 28A. Many states, as well as the District of Columbia, have done the same. See, e.g., Nayani v. Bhatia, 371 Ga.App. 44, 899 S.E.2d 485, 488 (Ga. App. 2024); Mitchell v. Baltimore Sun Co., 164 Md. App. 497, 522, 883 A.2d 1008, 1022 (2005); Busse v. Motorola, Inc., 351 Ill.App.3d 67, 286 Ill.Dec. 320, 813 N.E.2d 1013, 1017 (Ill. App. 2004); Wolf v. Regardie, 553 A.2d 1213, 1216–17 (D.C. 1989); Godbehere v. Phoenix Newspapers, Inc., 162 Ariz. 335, 783 P.2d 781, 784 (Az. 1989).

Pertinent here, § 652B of the Restatement defines intrusion upon seclusion as follows: “One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of privacy, if the intrusion would be highly offensive to a reasonable person.” (Emphasis added). This is the law in Maryland. It is also the law in most states. See Eli A. Meltz, No Harm, No Foul: Attempted Invasion of Privacy and the Tort of Intrusion upon Seclusion, 83 Fordham L. Rev. 3431, 3440–41 (May 2015) (stating that approximately thirty-eight states have explicitly adopted the Restatement's formulation or one closely mirroring it); see, e.g., Furman v. Sheppard, 130 Md. App. 67, 73, 744 A.2d 583, 585 (2000) (Intrusion upon seclusion occurs where there is an “intentional intrusion upon the solitude or seclusion of another or his private affairs or concerns that would be highly offensive to a reasonable person.”); Lipscomb v. Aargon Agency, Inc., PWG-13-2751, 2014 WL 5782040, at *2 (D. Md. Nov. 5, 2014); Gamble v. Fradkin & Weber, P.A., 846 F. Supp. 2d 377, 383 (D. Md. 2012); Bailer v. Erie Ins. Exch., 344 Md. 515, 525–26, 687 A.2d 1375, 1380-81 (1997); Mitchell, 164 Md. App. at 522, 883 A.2d at 1022; Johnson v. Stewart, 854 So. 2d 544, 547 (Ala. 2002); Chicarella v. Passant, 343 Pa.Super. 330, 494 A.2d 1109, 1114 (Pa. 1985).

“A legitimate expectation of privacy is the touchstone of the tort of intrusion upon seclusion.” Fletcher v. Price Chopper Foods of Trumann, Inc., 220 F.3d 871, 877 (8th Cir. 2000). The “kind of harm vindicated by the intrusion-upon-seclusion tort is relatively broad.” Dickinson v. Direct Energy, LP, 69 F.4th 338, 345 (6th Cir. 2023). However, “[c]onduct that a particular plaintiff finds offensive, but that would not offend a reasonable person, cannot establish intrusion upon seclusion.” Neal v. United States, 599 F. Supp. 3d 270, 306 (D. Md. 2022); see also Whye v. Concentra Health Servs., Inc., ELH-12-3432, 2013 WL 5375167, at *14 (D. Md. Sept. 24, 2013), aff'd, 583 Fed. App'x 159 (4th Cir. 2014).

“ ‘The invasion may be (1) by physical intrusion into a place where the plaintiff has secluded himself, (2) by use of the defendant's senses to oversee or overhear the plaintiff's private affairs, or (3) some other form of investigation or examination into plaintiff's private concerns.’ ” Yates v. Com. Index Bureau, Inc., 861 F. Supp. 2d 546, 552 (E.D. Pa. 2012) (citation omitted; emphasis added); see also Broughton v. McClatchy Newspapers, Inc., 161 N.C.App. 20, 588 S.E.2d 20, 27 (N.C. App. 2003) (“Generally, there must be a physical or sensory intrusion or an unauthorized prying into confidential personal records to support a claim for invasion of privacy by intrusion.”). But, intrusion upon seclusion requires a “ ‘substantial’ ” intrusion, judged by an objective reasonableness standard. Whye, 2013 WL 5375167, at *14 (quoting Restatement § 652B, cmt. d). And, “[a]n intrusion upon seclusion claim requires that the matter into which there was an intrusion is entitled to be private and is kept private by the plaintiff.” Barnhart v. Paisano Pubs., LLC, 457 F. Supp. 2d 590, 593 (D. Md. 2006).

The Restatement provides several useful illustrations. For example, it explains that an intrusion upon seclusion may occur by an “investigation or examination into [the plaintiff's] private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit an inspection of his personal documents.” Restatement § 652B cmt. b. And, relevant here, the Restatement contemplates that inspection of certain private records can qualify as intrusion upon seclusion. See id. On the other hand, “there is no liability for the examination of a public record concerning the plaintiff, or of documents that the plaintiff is required to keep and make available for public inspection.” Id. cmt. c.

Courts have applied the tort in cases involving disclosure of medical records or other confidential information. The Fourth Circuit has said that “the disclosure of one's private personnel files and medical records amounts to a per se intrusion into seclusion if the records contain sensitive materials[.]” Sabrowski v. Albani-Bayeux, Inc., 124 F. App'x 159, 161 (4th Cir. 2005) (per curiam) (citation omitted); see Hooper v. United States, CL-12-0297, 2013 WL 5530603, at *5 (D. Or. Sept. 25, 2013) (“[A] plaintiff's medical records are considered private, and the unauthorized access or disclosure of the records is an intrusion on seclusion.”); David A. Elder, Privacy Torts §§ 2.6, 2:22 (December 2024 update) (providing numerous examples of cases where disclosure of medical or other confidential information amounted to an intrusion on seclusion).

“[B]oth the common law and the literal understandings of privacy encompass the individual's control of information concerning his or her person.” U.S. Dep't of Just. v. Reps. Comm. For Freedom of Press, 489 U.S. 749, 763, 109 S.Ct. 1468, 103 L.Ed.2d 774 (1989). As one commentator has explained: “Intrusion is an intentional tort violating the right to choose when and to what extent one will permit others to know personal affairs ․” Theodore R. LeBlang, Invasion of Privacy: Medical Practice and the Tort of Intrusion, 18 Washburn L.J. 205, 212 (Winter 1979). The alleged access to the PII of plaintiffs’ members appears to fall under this umbrella.

The government relies heavily on the Fourth Circuit's decision in O'Leary v. TrustedID, Inc., 60 F.4th 240 (4th Cir. 2023), to demonstrate that intrusion upon seclusion is not a proper analog here. ECF 113 at 11 (“The O'Leary decision controls here ․”); id. at 13 (“There is no material distinction between O'Leary and this case.”). There, the Court considered whether the plaintiff, O'Leary, had standing to bring suit under South Carolina's Financial Identity Fraud and Identity Theft Protection Act, S.C. Code Ann. § 37-20-180 (“SC Act”). O'Leary, 60 F.4th at 241. The SC Act prohibited “ ‘requir[ing] a consumer to use his social security number or a portion of it containing six digits or more to access an Internet web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet web site.’ ” Id. (citation omitted; alteration in O'Leary).

Equifax, a nonparty to the case, was subject to a data breach. Id. Equifax engaged its subsidiary, defendant TrustedID, Inc., “to use TrustedID's website to inform customers whether they were impacted by the data breach.” Id. The plaintiff visited TrustedID's website to learn whether his data had been compromised. Id. The website required O'Leary to enter his six-digit SSN, but it did not use “any other safety precautions.” Id. After entering his SSN, O'Leary was informed that he was not impacted by Equifax's data breach. Id. But, he alleged that TrustedID “shared the six digits of his SSN with Equifax.” Id.

O'Leary sued TrustedID, “alleging that TrustedID's practice of requiring six digits of consumers’ SSNs violated the [SC] Act and South Carolina's common-law right to privacy.” Id. at 241. He later added a claim of negligence. Id. TrustedID moved to dismiss, pursuant to Fed. R. Civ. P. 12(b)(6). Id.

The plaintiff “said he was injured when TrustedID ‘intentionally [took] personal identifying information and monetiz[ed] it in some way.’ ” Id. at 242 (citation omitted; alterations in O'Leary). TrustedID referred to the alleged injury as “ ‘an invasion of privacy or intrusion upon seclusion.’ ” Id. (citation omitted). The district court determined that O'Leary had alleged “ ‘an intangible concrete harm in the manner of an invasion of privacy,’ which the court said was ‘enough to give [it] subject-matter jurisdiction at this early stage of the case.’ ” Id. (citations omitted; alteration and emphasis in O'Leary). Accordingly, the district court determined that the plaintiff had standing. But, the court dismissed the plaintiff's claims pursuant to Rule 12(b)(6), and the plaintiff appealed. Id.

The Fourth Circuit concluded that the plaintiff “alleged only a bare statutory violation and no Article III injury.” Id. The Court explained, id. at 243: “The intangible harm of enduring a statutory violation, standing alone, typically won't suffice under Article III—unless there's separate harm (or a materially increased risk of another harm) associated with the violation.” Extrapolating, inter alia, from cases involving the Fair and Accurate Credit Transactions Act (“FACTA”), 15 U.S.C. § 1681 et seq., as well as data breach cases, the Fourth Circuit said, id. at 244: “Article III excludes plaintiffs who rely on an abstract statutory privacy injury unless it came with a nonspeculative increased risk of identity theft.” But, O'Leary had not alleged, “even in a speculative or conclusory fashion,” that “entering six digits of his SSN on TrustedID's website has somehow raised his risk of identity theft.” Id. Rather, “O'Leary relies entirely on a mere procedural violation of a statute, which Article III rejects.” Id. at 245.

According to the Court, O'Leary had not alleged “an injury with a ‘close relationship’ to a traditional or common-law analog”, because “he appears to rely on some abstract privacy interest in his SSN itself.” Id. (citation omitted). The Court considered two traditional analogs for intangible harms that confer standing: intrusion upon seclusion and disclosure of private information. Id. at 245–46.

The Court defined intrusion upon seclusion as a cause of action “ ‘against defendants who invade[ ] the private solitude of another.’ ” Id. at 245 n.2 (quoting Gadelhak, 950 F.3d at 462). It acknowledged that the Supreme Court in TransUnion “mention[ed] intrusion upon seclusion as a traditionally recognized harm that provides a basis for lawsuits in federal court.” O'Leary, 60 F.4th at 245 (citing TransUnion, 594 U.S. at 425, 141 S.Ct. 2190). It also noted that TransUnion cited “as an example then-Judge Barrett's holding in Gadelhak that receiving unwanted text messages (which violated the Telephone Consumer Protection Act of 1991) could be a concrete injury in fact, as it closely relates to intrusion upon seclusion.” Id. at 245 (citing Gadelhak, 950 F.3d at 462). And, the Fourth Circuit acknowledged that it, too, had recognized that “violations involving unwanted calls under the Telephone Consumer Protection Act are concrete injuries in fact, based on federal courts’ traditional protection of ‘privacy interests in the home.’ ” O'Leary, 60 F.4th at 245 (quoting Krakauer, 925 F.3d at 653).

However, the Court determined that O'Leary’s alleged injury did not bear a close relationship to intrusion upon seclusion. O'Leary, 60 F.4th at 245. Specifically, O'Leary alleged that he “chose to hand over his partial SSN ‘[i]n exchange for’ finding out whether he was impacted by Equifax's data breach.” Id. (citation omitted; alteration in O'Leary). And, the Fourth Circuit said, id.: “It's the unwanted intrusion into the home that marks intrusion upon seclusion, and O'Leary hasn't pleaded anything that closely relates to that.” (Emphasis added).

With respect to disclosure of private information, the Court recognized that it “can be another traditional analog for intangible harms that confer standing[.]” Id. at 246 (citing Davis, 554 U.S. at 733, 128 S.Ct. 2759). The Court reviewed Davis, 544 U.S. at 733, 744, 125 S.Ct. 2113, which “held that a self-financed political candidate had standing to challenge a statute that would require him to disclose to the government when he spent more than $350,000 in personal funds on his campaign,” because it “implicated the candidate's privacy of association guaranteed by the First Amendment.” O'Leary, 60 F.4th at 246. But, the Court determined that O'Leary’s “associational rights” were not impacted, because “he (voluntarily) disclosed his partial SSN to TrustedID, not to the government.” Id. at 246.

O'Leary involved what the Fourth Circuit characterized as an “abstract privacy interest in [a partial] SSN ․” Id. at 245. The O'Leary Court concluded, id. at 246: “O'Leary hasn't adequately pled that he was injured by the alleged statutory violation at all—much less in a way that closely relates to a traditional analog for a federal lawsuit.”

Defendants contend that there is “no material distinction between O'Leary and this case ․” ECF 113 at 13. I disagree. For starters, this case concerns far more than access to even complete SSNs. It involves access to a wide swath of confidential and sensitive PII, such as medical and mental health records, financial and bank information, tax records, work histories, birth certificates, and personal records concerning children. In Judge King's dissent in Bessent, 2025 WL 1023638, which involved some of the same kinds of records, he characterized the records as “some of the most sensitive personal information imaginable ․” Id. at *7. The same cannot be said for the partial SSN at issue in O'Leary.

In Bessent, Judge Richardson acknowledged, id. at *5: “Prying eyes and probing fingers can be ․ disquieting when aimed at one's private affairs ․” Moreover, he cited Meltz, supra, 83 Fordham L. Rev. at 3453, for the proposition that “ ‘harm from an intrusion occurs even when no information is acquired,’ ” because it is the intrusive act itself that is problematic. Bessent, 2025 WL 1023638, at *5. But, he “question[ed] whether entries of information stored in government databases could be part of any plaintiff's seclusion at all.” Id. As Judge Richardson put it, each “plaintiff's information” is just “one row in various databases that are millions upon millions of rows long.” Id. He acknowledged that “intrusion upon seclusion has long been understood to guard not against the disclosure of sensitive information as such, but against the feeling of unease when and where one should ideally be at peace.” Id. at *4 (citing Restatement, § 652B cmt. a).

Here, even before Bessent was decided by the Fourth Circuit, at least one member of each plaintiff organization described the kind of “unease” that Judge Richardson regards as integral to an intrusion upon seclusion claim. See, e.g., Gray, ECF 22-9, ¶ 10 (“My anxiety is at an all-time high because of the threats to my personal information and benefits that come from DOGE access to sensitive information like my Social Security information.”); Doe, ECF 23-3, ¶ 7 (expressing distress and anxiety about DOGE personnel having access to PII, including “current bank account information and [Doe's] entire work and income history”); Imperiale, ECF 22-4, ¶ 8 (“I am experiencing great distress over the possibility of my private data being accessed by DOGE ․”); Somo, ECF 110-6, ¶ 9 (“DOGE having access to my sensitive information is almost like someone breaking into my house and stealing stuff. It's a horrible feeling ․”).²⁸

Defendants also point to O'Leary for the proposition that the tort of intrusion upon seclusion requires an “ ‘unwanted intrusion into the home ․’ ” ECF 113 at 13 (quoting O'Leary, 60 F.4th at 245) (emphasis in ECF 113). But, that position is inconsistent with both the historical and modern understanding of the tort, and Judge Richardson acknowledged as much in Bessent, 2025 WL 1023638. He said: “To be sure, as the [Restatement] examples show, intrusion upon seclusion can occur beyond the confines of the home. And the government overreaches when arguing for such a limited understanding of the tort.” Id. at *5; see Restatement § 652B cmt. c (recognizing that there can be an intrusion upon seclusion “[e]ven in a public place ․” and referencing numerous examples that do not involve the home); Meltz, supra, 83 Fordham L. Rev. at 3421 (“The tort of intrusion upon seclusion protects individuals from unwanted invasions into their personal space and personal affairs.”) (emphasis added); Prosser, supra, 48 Cal. L. Rev. at 389–90 (referencing numerous examples of the tort that do not involve the home); see also, e.g., Dickson, 69 F.4th at 345, 347 (explaining that, “at its core,” intrusion upon seclusion protects “the right to maintain a sense of solitude in one's life and private affairs” and intrusion upon seclusion can occur “even when the victim is physically present in a public place”) (emphasis added); Anthony v. United States, 632 F. Supp. 3d 1017, 1039 (D. Ariz. 2022) (denying motion for summary judgment as to intrusion upon seclusion claim, where intrusion occurred at a hospital); Doe v. Hosp. of Univ. of Pennsylvania, 546 F. Supp. 3d 336, 353 (E.D. Pa. 2021) (denying motion to dismiss intrusion upon seclusion claim, where the alleged intrusion occurred at a hospital); Hernandez v. Hillsides, Inc., 47 Cal.4th 272, 97 Cal.Rptr.3d 274, 211 P.3d 1063, 1078 (Cal. 2009) (recognizing that intrusion upon seclusion can occur at the workplace).

The contention that intrusion upon seclusion is limited to the home is also inconsistent with Gadelhak, which the O'Leary Court cited. See O'Leary, 60 F.4th at 245 n.2 (quoting Gadelhak, 950 F.3d at 462). In Gadelhak, 950 F.3d at 463, authored by then Judge Barrett, the Seventh Circuit concluded that “unwanted text messages can constitute a concrete injury-in-fact for Article III purposes.” The Gadelhak Court observed, id. at 462: “The common law has long recognized actions at law against defendants who invaded the private solitude of another by committing the tort of ‘intrusion upon seclusion.’ ” The court reasoned that “irritating intrusions,” such as persistent telephone calls and unwanted text messages, “pose the same kind of harm that common law courts recognize ․” Id. at 462–63 (emphasis in original). The unwanted text messages did not involve the home; text messages can be received almost anywhere. Nevertheless, Judge Barrett wrote, id. at 462: “The harm posed by unwanted text messages is analogous to that type of intrusive invasion of privacy”, i.e., intrusion on seclusion.

The Seventh Circuit revisited Gadelhak in Pucillo v. National Credit Systems, Inc., 66 F.4th 634, 641 (7th Cir. 2023). There, the court reiterated: “Text messages may create an injury because they can disrupt a person anytime, anywhere, thereby invading ‘private solitude.’ ” Id. at 641 (quoting Gadelhak, 950 F.3d at 262) (emphasis added).

In Bessent, the panel majority criticized the District Court's reliance on Garey, 35 F.4th 917, to establish standing. See Bessent, 2025 WL 1023638, at *2, *4. In Garey, the Fourth Circuit considered whether plaintiffs had standing to sue for an alleged violation of the Driver's Privacy Protection Act (“DPPA”), 18 U.S.C. § 2721 et seq. The statute provides a private cause of action against “ ‘[a] person who knowingly obtains, discloses or uses personal information, from a motor vehicle record,’ for an impermissible purpose.” Id. at 920 (citing 18 U.S.C. § 2724(a)). The defendants, personal injury lawyers, obtained motor vehicle accident reports from North Carolina law enforcement agencies or “private data brokers,” id. at 919, which contained names and home addresses of the drivers. Id. at 919–20. The defendants used the personal information in the reports “to mail unsolicited attorney advertising materials to the drivers involved in those crashes.” Id. at 920; see also id. at 919.

The Garey Court concluded that plaintiffs’ allegation that their “privacy [was] invaded by Defendants’ knowingly obtaining his or her name and address from a motor vehicle record for an impermissible purpose in violation of law” constituted a “legally cognizable privacy injury.” Id. at 922. The Court reasoned that the alleged harm was “closely related to the invasion of privacy, which has long provided a basis for recovery at common law.” Id. at 921. Therefore, the Fourth Circuit concluded that the plaintiffs “alleged a legally cognizable privacy injury.” Id. at 922.²⁹

In reaching its conclusion, the Garey Court cited Krakauer, 925 F.3d 643. Specifically, the Garey Court said that Krakauer involved a “nearly identical standing challenge ․” Garey, 35 F.4th at 921 (emphasis added).

Krakauer involved the Telephone Consumer Protection Act of 1991 (“TCPA”), 47 U.S.C. § 227, which, among other things, prohibits telephone calls to residential phone numbers on the national “Do-Not-Call” registry. Krakauer, 925 F.3d at 648. The TCPA provides a private right of action for violations of the statute. Id. at 649. The plaintiffs filed a class action lawsuit, alleging that the defendant's sales representatives “routinely flouted” the TCPA. Id. at 648. The Fourth Circuit concluded that the private right of action “plainly satisfies the demands of Article III.” Id. at 653. It said, id.: “Our legal traditions ․ have long protected privacy interest in the home.” Citing the Restatement, the Court also said: “Intrusions upon personal privacy were recognized in tort law and redressable through private litigation.” Id. Krakauer analogized the harm in that case, unwanted phone calls to the home, to the harm associated with the tort of intrusion upon seclusion. Id.

Krakauer involves a statute altogether different from the one in Garey, and completely different facts. Nevertheless, as to standing, the Garey Court stated that it was “[a]pplying the same analysis as Krakauer” to “reach the same result.” Garey, 35 F.4th at 922. Both Garey and Krakauer recognized that a claim of invasion of privacy, based on conduct in violation of a federal statute, satisfied Article III. The cases do not compel the conclusion that the tort is viable only when it involves the home.

Of course, we can parse both Krakauer and Garey to find distinctions with this case, just as those two cases also have differences. But, the Supreme Court has made clear that, as to the analog, there need not be “an exact duplicate in American history and tradition.” TransUnion LLC, 594 U.S. at 424–25, 141 S.Ct. 2190; see also Salazar v. Paramount Glob., 133 F.4th 642, 2025 WL 1000139, at *2 (6th Cir. Apr. 3, 2025) (“We are analyzing whether the asserted harm is sufficiently analogous to a traditional harm recognized by law—not whether the plaintiff has pleaded an element-by-element match to a historical tort.”); Salazar v. Nat'l Basketball Ass'n, 118 F.4th 533, 542 n.6 (2d Cir. 2024) (a plaintiff need not “plead every element of a common-law analog to satisfy the concreteness requirement.”) (emphasis in Salazar); Drazen v. Pinto, 74 F.4th 1336, 1343 (11th Cir. 2023) (en banc) (explaining that a common law analog does “not require carbon copies”).

The proper focus is on the kind of harms protected at common law, not the degree of the harm. See Krakauer, 925 F.3d at 654 (“Our inquiry is focused on types of harms protected at common law, not the precise point at which those harms become actionable.”); Gadelhak, 950 F.3d at 462 (“But when Spokeo instructs us to analogize to harms recognized by the common law, we are meant to look for a ‘close relationship’ in kind, not degree.”); see also Ward v. NPAS, Inc., 63 F.4th 576, 580–81 (6th Cir. 2023) (focusing on the “kind” of harm protected by common law intrusion upon seclusion); Perez v. McCreary, Veselka, Bragg & Allen, P.C., 45 F.4th 816, 822 (5th Cir. 2022) (courts should “focus[ ] on types of harms protected at common law, not the precise point at which those harms become actionable”) (citation omitted).

At least seven circuits, including the Fourth Circuit in Krakauer, “have held that receiving either one or two unwanted texts or phone calls resembles the kind of harm associated with intrusion upon seclusion”, for purposes of standing, even though that harm would not rise to the “degree of offensiveness required to state a claim for intrusion upon seclusion at common law.” Drazen, 74 F.4th at 1344 (citing cases) (emphasis in Drazen). In other words, courts look to the “ ‘types of harms protected at common law, not the precise point at which those harms become actionable.’ ” Id. (quoting Krakauer, 925 F.3d at 654). Thus, the Drazen Court held, 74 F.4th at 1345, that “the harm associated” with even just one “unwanted text message shares a close relationship with the harm underlying the tort of intrusion upon seclusion,” and constitutes “a concrete injury” for purposes of standing.

Cases from other courts support the conclusion that intrusion on seclusion is an appropriate analog here. Persinger v. Southwest Credit Systems, L.P., 20 F.4th 1184 (7th Cir. 2021), is informative. There, the plaintiff alleged that a debt collection company accessed her credit information without a permissible purpose, in violation of the Fair Credit Reporting Act (“FCRA”). Id. at 1188. Specifically, the defendant obtained from a credit reporting agency the plaintiff's “propensity-to-pay score,” which is intended to predict the likelihood of repayment of a debt. Id. at 1189. It is not a full credit report, but rather a form of “soft pull” that “is not visible to third parties and does not affect one's credit score.” Id. The plaintiff's only injury was an invasion of privacy. Id. at 1191.

The Seventh Circuit noted the four types of invasion of privacy discussed earlier, and considered intrusion upon seclusion as “the best comparator ․” Id. at 1192. Relevant here, the court said, id.: “An unauthorized inquiry into a consumer's propensity-to-pay score is analogous to the unlawful inspection of one's mail, wallet, or bank account.” The court added, id.: “Whether [plaintiff] would prevail in a lawsuit for common law invasion of privacy is irrelevant.[ ] It is enough to say that the harm alleged in her complaint resembles the harm associated with intrusion upon seclusion.” And, citing Gadelhak, 950 F.3d at 462, the Persinger Court stated, 20 F.4th at 1193, that “the FCRA's protection of consumer credit information is akin to the common law's protection of private information thorough the tort of invasion of privacy.”

The case of Nayab v. Cap. One Bank (USA), N.A., 942 F.3d 480 (9th Cir. 2019), also provides guidance. There, the Ninth Circuit considered whether a “consumer suffers a concrete Article III injury in fact when a third-party obtains her credit report for a purpose not authorized by the FCRA. Id. at 487. The court described the alleged harm as “the release of highly personal information in violation of the FCRA ․” Id. at 491–92.

In evaluating the issue of standing, the court said, id. at 491: “The harm attending a violation of § 1681b(f)(1) of the FCRA is closely related to—if not the same as—a harm that has traditionally been regarded as providing a basis for a lawsuit: intrusion upon seclusion (one form of the tort of invasion of privacy).” The Ninth Circuit explained that intrusion upon seclusion does “ ‘not always require additional consequences to be actionable.’ ” Id. at 491 (quoting Eichenberger v. ESPN, Inc., 876 F.3d 979, 983 (9th Cir. 2017)). Therefore, the Nayab Court reasoned, 942 F.3d at 492: “When a third party obtains the consumer's credit report in violation of 15 U.S.C. § 1681b(f)—that is, for a purpose not authorized by statute—the consumer is harmed because he or she is deprived of the right to keep private the sensitive information about his or her person. This harm is highly offensive and is not trivial because a credit report can contain highly personal information.” (Internal citation omitted).

Plaintiffs advised the Court of the decision issued yesterday in AFL-CIO, 2025 WL 1129227 . ECF 144 (notice); ECF 144-1 (copy of opinion).³⁰ On the matter of standing, the case is instructive. The plaintiffs, all organizations, allege that DOGE personnel have received unprecedented access to the systems of records containing PII maintained by the Department of Health and Human Services, the Consumer Financial Protection Bureau, and the DOL. AFL-CIO, 2025 WL 1129227, at *1–4. Among other things, the amended complaint asserts Privacy Act and APA claims. Id. at *4–5. The defendants moved to dismiss the amended complaint, which the court denied, except as to the standalone Privacy Act claim, because it is not available to an organization. Id. at *1, *21.³¹

Relevant here, the court concluded that the plaintiffs have both associational and organizational standing. Focusing on associational standing, Judge Bates determined that “the harm that plaintiffs allege their members are suffering has a close relationship with the harm asserted in a suit for the tort of intrusion upon seclusion.” Id. at *7. Referring to United States DOGE Service as “USDS,” id. at *1, the court reasoned, id. at *7: “USDS personnel have intruded upon their sensitive personal information within the agency systems.”

Of note, the court considered the Fourth Circuit's decision in Bessent. Focusing on Judge Richardson's concurrence, Judge Bates said, id. at *8: “This Court is the first to admit that seeing someone's name and SSN in the 648th row of a spreadsheet is ‘different in kind’ from peeping into someone's bedroom window.” But, the court explained that it “reads TransUnion and the cases it relied upon to leave it to Congress, not judges, to determine what is sufficiently bad to be deemed unlawful.” Id. (emphasis in AFL-CIO).

Judge Bates observed that the “Supreme Court has routinely explained [that] Congress can ‘elevat[e] to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate at law.’ ” Id. (quoting Spokeo, Inc., 578 U.S. at 341, 136 S.Ct. 1540) (alteration in Spokeo, Inc.). Moreover, he recognized that “Congress enacted the Privacy Act to ‘protect the privacy of individuals identified in information systems maintained by Federal agencies.’ ” AFL-CIO, 2025 WL 1129227, at *8 (quoting Chao II, 540 U.S. at 618, 124 S.Ct. 1204). He said, AFL-CIO, 2025 WL 1129227, at *8 (emphasis in AFL-CIO; internal citations omitted):

Put simply, then, Congress ‘identified’ an individual's interest in his information being viewed only by the federal agency that maintains it—and even then, only by those employees with a need to view it—as a ‘modern relative of a harm with long common law roots.’ So [the Privacy Act] in effect created a new sphere in which individuals not only expect privacy, but have a right to it—i.e., a sphere of seclusion. As a result, an intrusion upon that sphere—even if the sphere literally encompasses only one row of millions in a database—amounts to an injury similar to the intrusion upon other private spheres, such as one's home.

The court added that “the Privacy Act makes it so an individual ‘should ․ be at peace’ with the fact that his information is maintained and only reviewable by the relevant agency, and it is thus warranted that individuals like the union members here ‘feel[ ] ․ unease’ when outsiders view it.” Id. (quoting Bessent, 2025, WL 1023638, at *4) (alteration in AFL-CIO). The court acknowledged that the harm “that results from such a disclosure may not seem as grave as the harm in a window-peeper intrusion-upon-seclusion claim.” AFL-CIO, 2025 WL 1129227, at *8. But, “the intrusions ‘nevertheless pose the same kind of harm that common law courts recognize—a concrete harm that Congress has chosen to make legally cognizable.’ ” Id. (quoting Gadelhak, 950 F.3d at 463) (emphasis in Gadelhak).

The court also rejected the defendants’ argument that the plaintiffs’ alleged harms were not concrete because the plaintiffs alleged “neither that defendants are currently disseminating or using members’ information nor that defendants will do so imminently.” AFL-CIO, 2025 WL 1129227, at *8. Judge Bates explained that intrusion upon seclusion “does not require publication or use to be actionable.” Id.³²

In the recent case of New York OPM Action, 2025 WL 996542, the plaintiffs, current and former federal government employees and their unions, sued defendants OPM, its Acting Director, and DOGE defendants. Id. at *1, *2. The plaintiffs alleged that data contained in OPM databases was improperly disclosed to individuals associated with DOGE, in violation, inter alia, of the Privacy Act and the APA. Id. at *1, *2. Information contained in those databases included “identifying information such as names, birthdates, social security numbers, demographic information, education and employment histories, personal health records, financial information, and information concerning family members and other third parties.” Id. at *2.

In particular, the complaint alleged that in January 2025, “OPM gave at least six DOGE agents immediate access to all personnel systems at OPM” and, a week later, “gave more DOGE agents access to OPM systems.” Id. According to the complaint, at the time the DOGE agents were provided access, “they had not been properly vetted, had not received customary security clearances, and had not received OPM's security training.” Id. Further, the plaintiffs alleged that, “in violation of the Privacy Act, the DOGE Defendants were given access to OPM data without obtaining the consent of affected individuals and with no lawful need for access to the records disclosed to them.” Id.

The defendants moved to dismiss the complaint pursuant to, inter alia, Fed. R. Civ. P. 12(b)(1), based on lack of standing. Id. at 3–4. The court ruled that the “complaint adequately alleges that the individual plaintiffs and members of the plaintiffs unions have experienced a concrete injury in fact that is analogous to the tort of intrusion on seclusion.” Id. at *5. Emphasizing that the records “at issue contain information about the deeply private affairs of the plaintiffs,” the court reasoned that the “individual plaintiffs had every reason to expect that their OPM records would be carefully guarded and kept private and secure.” Id. at *6. The court added, id.: “That is in fact what the Privacy Act requires.” Among other things, the court also found relevant that “these records were disclosed to DOGE agents in a rushed and insecure manner that departed substantially from OPM's normal practices,” i.e., “the DOGE agents were not vetted, were not required to obtain security clearances, and were not trained about OPM security protocols and duties before the records were disclosed to them.” Id. Therefore, the court concluded that, based on the allegations of the complaint, “this intrusion upon the individual plaintiffs’ private affairs and confidential information was a substantial invasion of their privacy and would be highly offensive to a reasonable person.” Id.

In reaching its conclusion, the court rejected the defendants’ argument that the plaintiffs’ injury could only be considered concrete if the “DOGE agents examined or used the records to which OPM gave them access.” Id. at *7. Rather, it recognized that standing exists “when an unauthorized third party was granted access to a plaintiff's legally protected data, due to the resulting harm's resemblance to intrusion upon seclusion.” Id.

In Alliance for Retired Americans, 2025 WL 740401, Judge Kollar-Kotelly, of the United States District Court for the District Court of Columbia, found that three plaintiff organizations had standing to sue the Department of Treasury and Treasury Secretary Bessent, among other defendants, on behalf of their members. There, DOGE personnel were provided access to systems of records maintained by the Department of Treasury that contained sensitive and personal information, such as routing and bank account numbers, as well as information about individual credit and debit card numbers. Id. at *5–8, *16.³³

Notably, the court rejected the argument that the plaintiffs lacked standing because the members’ information was shared only within the government, and not to the public. The court acknowledged that a “lack of public exposure supports an argument that the harm that Plaintiffs describe is not analogous to the reputational harm caused by defamation.” Id. at *15. But, the tort of intrusion upon seclusion does not require publication. Id. at *16. And, the court concluded that the alleged injury of plaintiffs’ members—the same one alleged by plaintiffs here—“bears a close relationship to the harm essential to an intrusion upon seclusion at common law.” Id.

Of import, the court found that the plaintiffs’ members had a reasonable expectation of privacy in the records at issue because, inter alia, it is “entirely reasonable for [plaintiffs’] members to rely on the explicit statutory protections provided by the Privacy Act and the Internal Revenue Code.” Id. Further, she found that the intrusion at issue would be highly offensive to a reasonable person, pointing, among other things, to “the sensitivity of the information at issue.” Id. at *17.

New York v. Trump, JAV-25-01144, 2025 WL 573771 (S.D.N.Y. Feb. 21, 2025), is also informative. There, nineteen states filed suit against President Trump, the U.S. Department of Treasury, and Treasury Secretary Bessent, challenging access to financial and other information provided to members of the DOGE Team by the United States Department of Treasury. Id. at *1. The disbursements included funding to state governments for Medicaid, FEMA, education, and foster care programs. Id. at *2. And, payment files contained Social Security and bank account numbers as well as federal tax return information. Id. at *7. The court granted a preliminary injunction that, inter alia, enjoined the Treasury Department from granting any DOGE affiliates access to any payment record or payment system containing personally identifiable information and/or confidential financial information of the payees. Id. at *27.³⁴

The court pointed to the Second Circuit's decision in Bohank v. Marsh & McLennan Companies, Inc., 79 F.4th 276 (2d Cir. 2023). There, the Second Circuit concluded that “ ‘exposure of [the plaintiff's] private PII to unauthorized third parties’ bore a ‘close relationship to a well-established common-law analog: public disclosure of private facts.’ ” Id. at 285. Relying on Bohank, the district court found that the plaintiff-states had standing to sue. Specifically, the court reasoned that the plaintiffs adequately alleged “past harm in the unauthorized disclosure of [their] confidential financial information to the DOGE Team ․” New York v. Trump, 2025 WL 573771, at *12. The court also found that the plaintiffs had “adequately alleged ․ the risk of future harm, in the risk of exposure of their confidential information to officials of USDS/DOGE and to the public through potential hacking.” Id. (emphasis added).

Any claim that plaintiffs’ members suffered no injury in fact because the protected information was disclosed only to government employees also carries no water.³⁵ Intrusion upon seclusion “does not depend upon any publicity given to the person whose interest is invaded or to his affairs.” Restatement § 652B cmt. a; see also Koeppel v. Speirs, 808 N.W.2d 177, 180 (Iowa 2011) (“[P]roof that information obtained through an intrusion has been distributed to third parties is not required.”); Martin v. Mooney, 448 F. Supp. 3d 72, 82 (D.N.H. 2020) (“An intrusion upon seclusion claim does not require publicity.”); Hamberger v. Eastman, 106 N.H. 107, 206 A.2d 239, 242 (N.H. 1964) (intrusion upon seclusion “does not require publicity and communication to third persons”).

In other words, “[t]he intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the” information obtained. Restatement § 652B cmt. b; see Nayab, 942 F.3d at 491 (Intrusion upon seclusion does “ ‘not always require additional consequences to be actionable.’ ”) (citation omitted); Perry v. Cable News Network, Inc., 854 F.3d 1336, 1341 (11th Cir. 2017) (“Further, in the tort of intrusion upon seclusion,[ ] ‘[t]he intrusion itself makes the defendant subject to liability, even though there is no publication or other use,’ meaning a showing of additional harm is not necessary to create liability.”) (citation omitted; second emphasis added). Moreover, the harm associated with intrusion on seclusion does not dissipate merely because PII is accessed only by government employees, if they were not entitled to access the information. See, e.g., Parks v. U.S. IRS, 618 F.2d 677, 683 (10th Cir. 1980) (concluding that plaintiffs had standing to sue for a Privacy Act violation, although there was only an intra-agency disclosure, because “plaintiffs are the objects or the subjects of the disclosure and the allegation is that they suffered a personal invasion”).³⁶

It is also significant that the SSA data systems contain a trove of medical and mental health records. Although Bessent, 2025 WL 1023638, involved some health records (see Berner, J., dissenting, id. at *10), it does not appear that such records were central to the case. Here, the Agency gathers extensive medical records, and the concern among plaintiffs’ members regarding access to medical and mental health records is not merely hypothetical.

According to Fiesta, the Executive Director of the Alliance, the Alliance has members who receive Social Security Disability Insurance (“SSDI”) benefits. ECF 22-6, ¶ 8. These members “have submitted sensitive medical information to SSA to receive disability benefits, including health records and doctors’ evaluations for physical and mental conditions.” Id. ¶ 18; see also id. ¶ 9 (SSA collects and maintains “medical histories” of some ARA members). Widger, the Director of Retirees at AFSCME, avers that SSA “has in its systems the private medical information of AFSCME members who are applying for or have applied for disability insurance benefits ․” ECF 22-1, ¶ 10. She states, id. ¶ 11: “Required medical information includes all prescription and non-prescription medicines the person is currently taking; all health care providers from whom the individual has sought treatment (doctor, hospital, clinic, psychiatrist, nurse practitioner, therapist, physical therapist or other medical professional) and the medical conditions that were treated and evaluated; all medical tests performed by the listed providers (with the enumerated list including HIV and psychological/IQ tests); and other personal health information.” And, for a “mental health disability claim,” information “could include notes from psychotherapists and counseling sessions.” Id. ¶ 12. In addition, Widger asserts, id. ¶ 13: “AFSCME members share this information with SSA because they are required to do so to obtain benefits, and they expect the agency to follow the law and keep that data safe and secure.” She adds, id. ¶ 12: “Information disclosed concerning health conditions like HIV or other STDs can result in stigma, social isolation, job loss, housing loss, and other harms.”

Further, Widger avers that she has personally been in contact with multiple retiree-members of AFSCME who are concerned about access to medical records. Id. ¶¶ 28, 29, 31. For example, one eighty-year-old retiree told Widger that he was “frightened” about who has access to his medical records. Id. ¶ 28. Another retiree participates in the SSDI program and told Widger that she is “frightened about her medical information being accessible by those who are targeting SSDI for cuts.” Id. ¶ 29. She avers that since DOGE was granted access to SSA systems, retiree members have flooded AFSCME with questions, concerns, and fear about the security of their data, their health information, and their benefits. Id. ¶¶ 27, 28, 29.

Imperiale, a 60-year-old retiree member of AFSCME, participates in the SSDI program. ECF 22-4, ¶¶ 1, 2, 4. She explains that she was “forced to retire earlier than [she] would have wanted due to an injury [she] sustained while working ․” Id. ¶ 3. Imperiale avers, id. at 4: “I am now anxious and distressed about the access of my private data by DOGE, which the [SSA] stores and which I have submitted to SSA and continue to submit and update to receive SSDI benefits.” Further, she asserts, id. ¶ 7: “It was my expectation that the personal information I submitted and continue to submit to SSA—including private health information about my disability—would be used only to determine whether I was eligible for benefits, and not disclosed for any other purpose.”

“ ‘[A] patient's medical information, as reflected in the records maintained by his or her medical providers, is certainly a matter which a reasonable person would consider to be private.’ ” Nayani, 899 S.E.2d at 488 (alteration in Navani; citation omitted); see Doe v. Delie, 257 F.3d 309, 315 (3d Cir. 2001) (“We have long recognized the right to privacy in one's medical information ․”). Indeed, as stated earlier, in some jurisdictions “the disclosure of one's private personnel files and medical records amounts to a per se intrusion into seclusion if the records contain sensitive materials[.]” Sabrowski, 124 F. App'x at 161; see Hooper, 2013 WL 5530603, at *5 (“[A] plaintiff's medical records are considered private, and the unauthorized access or disclosure of the records is an intrusion on seclusion.”); Crosten v. Kamauf, 932 F. Supp. 676, 685 (D. Md. 1996) (declining to dismiss intrusion upon seclusion claim because “the Court cannot say, as a matter of law, that disclosing the fact that someone is in psychotherapy could not be highly offensive to a reasonable person.”); see also Randolph v. ING Life Ins. & Annuity Co., 973 A.2d 702, 710 (D.C. 2009) (stating that “conduct giving rise to unauthorized viewing of personal information such as a plaintiff's Social Security number and other identifying information can constitute an intrusion that is highly offensive to any reasonable person”); Toomer v. Garrett, 155 N.C.App. 462, 574 S.E.2d 76, 90 (N.C. App. 2002) (“The unauthorized examination of the contents of one's personnel file, especially where it includes sensitive information such as medical diagnoses and financial information, like the unauthorized opening and perusal of one's mail, would be highly offensive to a reasonable person”).

The enactment of the Health Insurance Portability and Accountability Act (“HIPPA”), 29 U.S.C. § 1181 et seq., is a reflection of societal views as to the sanctity of medical information. HIPPA “is the primary federal law which was passed to ensure an individual's right to privacy over medical records.” United States v. Elliott, 676 F. Supp. 2d. 431, 436 (D. Md. 2009). For example, under HIPPA, subject to narrow exceptions, a covered entity “must obtain an authorization for any use or disclosure of psychotherapy notes ․” 45 C.F.R. § 164.508(a)(2). Although HIPPA does not apply to the government, see 45 C.F.R. §§ 160.102, 164.104, the statute suggests the view that there is an expectation of privacy in medical records that is engrained in our culture. See Perez-Denison v. Kaiser Found. Health Plan of the Nw., 868 F. Supp. 2d 1065, 1090 (D. Or. 2012) (“HIPAA suggests Congress has determined reasonable people want their medical records private and strongly object to those records being inappropriately accessed.”).³⁷

The evidentiary “psychotherapist-patient privilege” also illustrates the importance of confidentiality that our society attaches to mental health matters. The privilege is “ ‘rooted in the imperative need for confidence and trust’ ” between a therapist and patient in regard to discussions concerning health issues. Jaffee v. Redmond, 518 U.S. 1, 10, 116 S.Ct. 1923, 135 L.Ed.2d 337 (1996); see also id. at 12, 116 S.Ct. 1923 (noting that “all 50 States and the District of Columbia have enacted into law some form of psychotherapist privilege”). And, as noted, in certain circumstances, SSA collects the treatment records of mental health care providers. See ECF 22-1 (Widger Decl.), ¶ 12.

“The question of what kinds of conduct will be regarded as a ‘highly offensive’ intrusion is largely a matter of social conventions and expectations.” J. Thomas McCarthy, The Rights of Publicity and Privacy § 5.1(A)(2) (1993). It is almost self-evident that in our society PII, such as SSNs, medical and mental health information, and certain financial records, are regarded as private, sensitive, and confidential information, found in places equivalent to “private and personal mail,” a “wallet,” a “safe,” or a home. Restatement § 652B cmt. b.³⁸

Members of the plaintiff organizations have expressed their belief of an expectation of privacy as to their PII. See ECF 22-2 (Conard), ¶ 10 (“I always expected that the personal data I have submitted, and continue to submit when required, to SSA would remain private and used only to determine whether I was eligible for benefits, and not to be used for any other purpose.”); ECF 22-5 (Williams), ¶ 6 (same); ECF 22-3 (Doe), ¶ 6 (same); ECF 22-9 (Gray), ¶¶ 6, 8 (expectation that data would remain “confidential,” and data is “personal and private”); ECF 22-4 (Imperiale), ¶ 5 (“As a retiree with a disability, it is very important to me that my data remain private.”); ECF 110-4 (Conard Supplemental Declaration), ¶ 2 (“I have handed over a lot of information to SSA, including my home address, my phone number, and sensitive financial information, on the promise that [SSA] will keep it confidential and on the understanding, made clear by the [A]gency's own website, that they value privacy and security.”); ECF 110-6 (Somo Supplemental Declaration), ¶ 4 (“I have an expectation that the [A]gency will keep my information private because it's what they told me.”); ECF 110-4 (Conard Supplemental Declaration), ¶ 2 (“I have handed over a lot of information to SSA, including my home address, my phone number, and sensitive financial information, on the promise that [SSA] will keep it confidential and on the understanding, made clear by the [A]gency's own website, that they value privacy and security.”); see also ECF 22-8 (Declaration of Bernadette Aguirre, Director of the Retiree Division of AFT), ¶ 12 (averring that she has “personally heard from retiree members who send data to SSA that they are concerned about DOGE's access to the private personal and financial information they have provided to SSA”). The members’ expectation of privacy as to the PII is objectively reasonable.³⁹

To be sure, plaintiffs cannot establish a cognizable injury in fact merely by pleading a statutory violation of the Privacy Act.⁴⁰ But, the Supreme Court has made clear that the judgment of Congress remains “instructive and important.” Spokeo, Inc., 578 U.S. at 341, 136 S.Ct. 1540; see TransUnion LLC, 594 U.S. at 425, 141 S.Ct. 2190 (“Courts must afford due respect to Congress's decision to impose a statutory prohibition or obligation on a defendant, and to grant a plaintiff a cause of action to sue over the defendant's violation of that statutory prohibition or obligation.”); Drazen, 74 F.4th at 1345 (“[T]he Constitution empowers Congress to decide what degree of harm is enough so long as that harm is similar in kind to a traditional harm.”). In particular, Congress can “ ‘elevat[e] to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate in law.’ ” Spokeo, 578 U.S. at 341, 136 S.Ct. 1540 (quoting Lujan, 504 U.S. at 578, 112 S.Ct. 2130) (alteration in Spokeo, Inc.). By enacting the Privacy Act, the Social Security Act, FISMA, and the Internal Revenue Code, Congress recognized, in general, that improper access to or disclosure of personally identifiable information—even to government employees—poses a harm to legitimate privacy interests.

The legislative history of the Privacy Act supports this conclusion. Congress proclaimed: “The right to privacy is a personal and fundamental right protected by the Constitution of the United States[.]” Privacy Act of 1974, Pub. L. No. 93-579, § 2(a)(4), 88 Stat. 1896. Congress also found: “The privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by federal agencies[.]” Id. § 2(a)(1). Moreover, Congress recognized that “[t]he increasing use of computers and sophisticated information technology, while essential to the efficient operations of the government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information[.]” Id. § 2(a)(2); see Tankersley v. Almand, 837 F.3d 390, 395 (4th Cir. 2016) (same). Thus, Congress declared: “In order to protect the privacy of individuals identified in information systems maintained by federal agencies, it is necessary and proper for the Congress to regulate the collection, maintenance, use, and dissemination of information by such agencies.” Pub. L. No. 93-579, § 2(a)(5).

If receiving a single unwanted text message or phone call is sufficiently offensive to constitute concrete harm for standing purposes, in the context of intrusion upon seclusion, as several Circuits have determined, then providing the DOGE Team with access to the medical records and sensitive financial information of millions of people, if unauthorized, or without adequate need, is surely sufficiently offensive so as to constitute concrete harm. Such unrestricted access to PII that SSA provided to the DOGE Team would be highly offensive to an objectively reasonable person. And, applying the principles gleaned from the cases discussed above to the allegations here, SSA's provision to the DOGE Team of wholesale access to SSA records containing PII, without consent, and allegedly without need and to unqualified personnel, is sufficiently analogous to the tort of intrusion upon seclusion.

Therefore, plaintiffs have satisfied the injury in fact requirement of Article III. Because the remaining elements of associational standing are satisfied, I conclude that plaintiffs have standing to pursue their claims.⁴¹

V. APA Claims

A. Judicial Review of APA Claims

As noted, plaintiffs lodge several claims under the APA. Section 702 of the APA provides, in part: “A person suffering legal wrong because of agency action, or adversely affected or aggrieved by agency action within the meaning of a relevant statute, is entitled to judicial review thereof.” 5 U.S.C. § 702; see also id. § 794 (permitting review of “Agency action made reviewable by statute and final agency action for which there is no other adequate remedy in a court”).

“The APA establishes a ‘basic presumption of judicial review’ of agency action.” Lovo v. Miller, 107 F.4th 199, 205 (4th Cir. 2024) (quoting Lincoln v. Virgil, 508 U.S. 182, 190, 113 S.Ct. 2024, 124 L.Ed.2d 101 (1993) (internal quotation marks and citation omitted)); see Dep't of Homeland Sec. v. Regents of the Univ. of Calif., 591 U.S. 1, 16, 140 S.Ct. 1891, 207 L.Ed.2d 353 (2020); see also Weyerhaeuser Co. v. U.S. Fish & Wildlife Serv., 586 U.S. 9, 22, 139 S.Ct. 361, 202 L.Ed.2d 269 (2018) (“The Administrative Procedure Act creates a basic presumption of judicial review [for] one ‘suffering legal wrong because of agency action.’ ”) (citation and some internal quotations omitted; alteration in Weyerhaeuser); Casa de Maryland v. U.S. Dep't of Homeland Sec., 924 F.3d 684, 697 (4th Cir. 2019); Ergon-W. Va., Inc. v. EPA, 896 F.3d 600, 609 (4th Cir. 2018); Roland v. United States Citizenship & Immigration Servs., 850 F.3d 625, 629 n.3 (4th Cir. 2017); Friends of Back Bay v. United States Army Corps. Of Eng'rs, 681 F.3d 581, 586 (4th Cir. 2012). Of relevance here, even if an agency's actions are based on a President's Executive Order, this does not “insulate them from judicial review under the APA, even if the validity of the Order were thereby drawn into question.” Chamber of Com. of U.S. v. Reich, 74 F.3d 1322, 1327 (D.C. Cir. 1996).

The presumption of judicial review “may be rebutted only if the relevant statute precludes review, 5 U.S.C. § 701(a)(1), or if the action is ‘committed to agency discretion by law,’ § 701(a)(2).” Weyerhaeuser Co., 586 U.S. at 23, 139 S.Ct. 361; see Gonzalez v. Cuccinelli, 985 F.3d 357, 366 (4th Cir. 2021). The latter exception is read “quite narrowly.” Weyerhaeuser Co., 586 U.S. at 23, 139 S.Ct. 361; accord Citizens to Preserve Overton Park, Inc. v. Volpe, 401 U.S. at 402, 410, 91 S.Ct. 814 (1977). This applies “in those rare instances where ‘statutes are drawn in such broad terms that in a given case there is no law to apply.’ ” Id. (quoting Lincoln, 508 U.S. at 191, 113 S.Ct. 2024); see also Heckler v. Chaney, 470 U.S. 821, 830, 105 S.Ct. 1649, 84 L.Ed.2d 714 (1985) (judicial review is unavailable if the statute provides “no judicially manageable standards ․ for judging how and when an agency should exercise its discretion”); see also Speed Mining, Inc. v. Fed. Mine Safety & Health Rev. Comm'n, 528 F.3d 310, 317 (4th Cir. 2008).

Under the APA, the federal government waives sovereign immunity for a suit brought by “ ‘a person suffering legal wrong because of agency action’ ” who seeks to obtain relief “ ‘other than money damages.’ 5 U.S.C. § 702.” See Medical Imaging & Technology Alliance v. Library of Congress, 103 F.4th 830, 836 (D.C. Cir. 2024); City of New York v. U.S. Dep't of Defense, 913 F.3d 423, 430 (4th Cir. 2019). “The term ‘action’ as used in the APA is a term of art that does not include all conduct” of the government. Vill. Of Bald Head Island v. U.S. Army Corps. Of Eng'rs, 714 F.3d 186, 193 (4th Cir. 2013). The APA defines “agency action” to include “the whole or a part of an agency rule, order, license, sanction, relief, or the equivalent or denial thereof, or failure to act.” 5 U.S.C. § 551(B). The term “ ‘agency action’ is a capacious term, ‘cover[ing] comprehensively every manner in which an agency may exercise its power.’ ” Maryland, et al. v. United States Dep't of Agriculture, et al., JKB-25-0748, 2025 WL 800216, at *11 (D. Md. Mar. 13, 2025) (quoting Whitman v. Am. Trucking Ass'ns, 531 U.S. 457, 478, 121 S.Ct. 903, 149 L.Ed.2d 1 (2001)) (alteration in Dep't of Agriculture).

Of import, the APA limits judicial review to “final agency action for which there is no other adequate remedy in a court.” 5 U.S.C. § 704; see Lovo, 107 F.4th at 205; City of New York, 913 F.3d at 430–31; NAACP v. Bureau of the Census, 945 F.3d 183, 189 (4th Cir. 2019); Clear Sky Car Wash LLC v. City of Chesapeake, 743 F.3d 438, 445 (4th Cir. 2014); Golden & Zimmerman LLC v. Domenech, 599 F.3d 426, 432–33 (4th Cir. 2010).⁴² Indeed, “finality under the APA is a jurisdictional requirement.” Jake's Fireworks Inc. v. Consumer Prod. Safety Comm'n, 105 F. 4th 627, 631 (4th Cir. 2024); see also Nat'l Veterans Legal Servs. Program v. United States Dep't of Def., 990 F.3d 834, 836 (4th Cir. 2021). Therefore, a court lacks subject matter jurisdiction if the plaintiff challenges an “agency action” that is not “fit for review.” City of New York, 913 F.3d at 430.

In Bennett v. Spear, 520 U.S. 154, 117 S.Ct. 1154, 137 L.Ed.2d 281 (1997), the Court articulated a two-part test to determine finality of agency action. An agency action is final if it (1) “mark[s] the consummation of the agency's decisionmaking process” and (2) is an action “by which rights or obligations have been determined, or from which legal consequences will flow.” Id. at 177–78, 117 S.Ct. 1154; see Biden v. Texas, 597 U.S. 785, 808, 142 S.Ct. 2528, 213 L.Ed.2d 956 (2022). The finality requirement ensures that judicial intervention does not deny an agency the “opportunity to correct its own mistakes and to apply its expertise.” Federal Trade Comm'n. v. Standard Oil Co. of California, 449 U.S. 232, 242, 101 S.Ct. 488, 66 L.Ed.2d 416 (1980); see also Univ. of Medicine & Dentistry of New Jersey v. Corrigan, 347 F.3d 57, 69 (3d Cir. 2003). It also avoids “piecemeal review,” which is “inefficient” and might prove to be “unnecessary” upon the agency's completion of its process. Standard Oil Co. of California, 449 U.S. at 242, 101 S.Ct. 488.

But, there are limitations on judicial review. The Fourth Circuit has said: “Review is available only when acts are discrete in character, required by law, and bear on a party's rights and obligations. The result is a scheme allowing courts to review only those acts that are specific enough to avoid entangling the judiciary in programmatic oversight, clear enough to avoid substituting judicial judgments for those of the executive branch, and substantial enough to prevent an incursion into internal agency management.” City of New York, 913 F.3d at 432 (citing Norton v. Southern Wilderness Alliance (“SUWA”), 542 U.S. 55, 64–65, 124 S.Ct. 2373, 159 L.Ed.2d 137 (2004)). Thus, the APA does not allow a court to review an agency's “day-to-day operations.” Lujan v. Nat'l Wildlife Fed'n, 497 U.S. 871, 899, 110 S.Ct. 3177, 111 L.Ed.2d 695 (1990).⁴³

The scope of judicial review is limited in “two important respects.” City of New York, 913 F.3d at 431. First, the plaintiff must “identify specific and discrete governmental conduct, rather than launch a ‘broad programmatic attack’ on the government's operations.” Id. at 431 (quoting SUWA, 542 U.S. at 64, 124 S.Ct. 2373). The Fourth Circuit has explained, City of New York, 913 F.3d at 431: “This distinction between discrete acts, which are reviewable, and programmatic challenges, which are not, is vital to the APA's conception of the separation of powers. Courts are well-suited to reviewing specific agency decisions, such as rulemakings, orders, or denials. [Courts] are woefully ill-suited, however, to adjudicate generalized grievances asking us to improve an agency's performance or operations.”

Second, “the definition of ‘agency action’ is limited to those governmental acts that determin[e] rights and obligations.’ ” Id. (quoting Clear Sky Car Wash LLC, 743 F.3d at 445 (alteration in City of New York). In City of New York, 913 F.3d at 431, the Court said: “This limitation ensures that judicial review does not reach into the internal workings of the government, and is instead properly directed at the effect that agency conduct has on private parties.” In order to satisfy the requirement, “a party must demonstrate that the challenged act had ‘an immediate and practical impact,’ Golden & Zimmerman LLC v. Domenech, 599 F.3d 426, 433 (4th Cir. 2010), or ‘alter[ed] the legal regime’ in which it operates.” Id. (citing Bennett, 520 U.S. at 178, 117 S.Ct. 1154).

Courts take a “ ‘pragmatic’ approach ․ to finality.” U.S. Army Corps of Engineers v. Hawkes Co., 578 U.S. 590, 599, 136 S.Ct. 1807, 195 L.Ed.2d 77 (2016) (quoting Abbott Labs. v. Gardner, 387 U.S. 136, 149, 87 S.Ct. 1507, 18 L.Ed.2d 681 (1967)); see Her Majesty the Queen in Right of Ontario v. U.S. E.P.A., 912 F.2d 1525, 1531 (D.C. Cir. 1990) (noting that the finality requirement is applied in a “ ‘flexible and pragmatic way’ ”). “The core question is whether the agency has completed its decisionmaking process, and whether the result of that process is one that will directly affect the parties.” Franklin v. Massachusetts, 505 U.S. 788, 797, 112 S.Ct. 2767, 120 L.Ed.2d 636 (1992) (plurality opinion); see Ipsen Biopharmaceuticals, Inc. v. Azar, 943 F.3d 953, 956 (D.C. Cir. 2019) (stating that the focus of the inquiry is on “ ‘the concrete consequences an agency action has or does not have’ ”) (citation omitted); Flue-Cured Tobacco Cooperative Stabilization Corp. v. EPA, 313 F.3d 852, 858 (4th Cir. 2002) (“[T]he critical issue is whether the [agency's action] gives rise to legal consequences, rights, or obligations.”).

To satisfy the consummation element, the challenged agency action need not be formal action or reduced to writing. See, e.g., Her Majesty the Queen in Right of Ontario, 912 F.2d at 1531 (noting that “the absence of a formal statement of the agency's position ․ is not dispositive); R.I.L-R v. Johnson, 80 F. Supp. 3d 164, 184 (D.D.C. 2015) (“Agency action, however, need not be in writing to be final and judicially reviewable.”). Indeed, a “contrary rule would allow an agency to shield its decisions from judicial review simply by refusing to put those decisions in writing.’ ” R.I.L-R, 80 F. Supp. 3d at 184 (citation omitted). And, agency action has legal consequences if it “alters the legal regime[.]” Bennett, 520 U.S. at 178, 117 S.Ct. 1154; see Hawkes, 578 U.S. at 598–99, 136 S.Ct. 1807; Nat'l Res. Def. Council v. EPA, 643 F.3d 311, 320 (D.C. Cir. 2011).

Pursuant to the APA, a court must set aside agency action that is “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law,” 5 U.S.C. § 706(2)(A); “contrary to constitutional right, power, privilege, or immunity,” id. § 706(2)(B); or “in excess of statutory jurisdiction, authority, or limitations, or short of statutory right.” Id.§ 706(2)(C). The Fourth Circuit has said: “The APA provides that a reviewing court is bound to ‘hold unlawful and set aside agency action’ for certain specified reasons, including whenever the challenged act is ‘arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.’ ” Friends of Back Bay, 681 F.3d at 586–87 (quoting 5 U.S.C. § 706(2)(A)); see United States v. Bean, 537 U.S. 71, 77, 123 S.Ct. 584, 154 L.Ed.2d 483 (2002); N. Carolina Growers’ Ass'n., Inc. v. United Farm Workers, 702 F.3d 755, 763 (4th Cir. 2012).

Review under the APA is highly deferential, however, and the agency action enjoys a presumption of validity and regularity. Overton Park, 401 U.S. at 415, 91 S.Ct. 814; Ohio Valley Envtl. Coal. v. Aracoma Coal Co., 556 F.3d at 177, 192 (4th Cir. 2009) (citation omitted). Nevertheless, “the power of ․ agencies is circumscribed by the authority granted,” and courts are “entrusted” with “protect[ing] justiciable individual rights against administrative action fairly beyond the granted powers.” Stark v. Wickard, 321 U.S. 288, 309–10, 64 S.Ct. 559, 88 L.Ed. 733 (1944). In other words: “Agencies must operate within the legal authority conferred by Congress, and when those limits are transgressed, an individual may seek recourse in the Article III courts.” Medical Imaging & Technoloy Alliance, 103 F.4th at 838. “In determining whether a ‘meaningful standard’ for reviewing agency discretion exists, courts consider the particular language and overall structure of the statute in question, as well as ‘the nature of the administrative action at issue.’ ” Speed Mining, Inc., 528 F.3d at 317 (internal citations omitted) (quoting Heckler, 470 U.S. at 830, 105 S.Ct. 1649, and Drake v. FAA, 291 F.3d 59, 70 (D.C. Cir. 2002)).

Notably, “[t]he scope of review under the ‘arbitrary and capricious’ standard is narrow and a court is not to substitute its judgment for that of the agency ․” Motor Vehicle Mfrs. Ass'n of the United States v. State Farm Mut. Auto. Ins. Co., 463 U.S. 29, 43, 103 S.Ct. 2856, 77 L.Ed.2d 443 (1983); see Overton Park, 401 U.S. at 415, 91 S.Ct. 814; Ohio Valley Envtl. Coal, 556 F.3d at 192. A court must perform a “thorough, probing, [and] in-depth” review of an agency action. Overton Park, 401 U.S. at 415, 91 S.Ct. 814. In assessing an agency decision, “the reviewing court ‘must consider whether the decision was based on a consideration of the relevant factors and whether there has been a clear error of judgment.’ ” Marsh v. Oregon Natural Res. Council, 490 U.S. 360, 378, 109 S.Ct. 1851, 104 L.Ed.2d 377 (1989) (quoting Overton Park, 401 U.S. at 416, 91 S.Ct. 814).

“ ‘Deference is due where the agency has examined the relevant data and provided an explanation of its decision that includes a rational connection between the facts found and the choice made.’ ” Ohio Valley Envtl. Coal., Inc. v. United States Army Corps of Engineers, 828 F.3d 316, 321 (4th Cir. 2016) (citation omitted); see Trinity Am. Corp. v. U.S. EPA, 150 F.3d 389, 395 (4th Cir. 1998); Clevepak Corp. v. U.S. EPA, 708 F.2d 137, 141 (4th Cir. 1983). However, “[t]he ‘arbitrary and capricious’ standard is not meant to reduce judicial review to a ‘rubber-stamp’ of agency action.” Ohio Valley Envtl. Coal, 556 F.3d at 192 (citation omitted). In Judulang v. Holder, 565 U.S. 42, 53, 132 S.Ct. 476, 181 L.Ed.2d 449 (2011), the Supreme Court said: “[C]ourts retain a role, and an important one, in ensuring that agencies have engaged in reasoned decisionmaking.”

In sum, “Congress's ‘historic practice’ of providing for judicial review of administrative action reflects the importance of an independent check on the exercise of executive power.” Med. Imaging & Tech. All., 103 F.4th at 839 (quoting Bowen v. Michigan Acad. of Fam. Physicians, 476 U.S. 667, 670–73, 106 S.Ct. 2133, 90 L.Ed.2d 623 (1986)). Unless Congress makes a decision to withhold judicial review, “courts have the power and the duty to review agency action for conformity with the law.” Med. Imaging & Tech. All., 103 F.4th at 839.

B. The Contentions

Plaintiffs maintain, inter alia, that the SSA Defendants’ “decision to provide the DOGE Team with expansive access to SSA record systems without ․ completed background investigations, ․ need-to-know, and without regard for agency principles including segregation of duties and least-privilege access, constitutes final agency action for purposes of the APA.” ECF 110-1 at 21–22. They maintain that SSA's action in providing full access to PII to the DOGE Team is in marked contrast to the Agency's usual procedures. Id. at 22, 139 S.Ct. 361. Notably, plaintiffs do not challenge individual decisions of Dudek. In essence, their view is that the decisions, collectively, amount to a change in SSA policy, and the change constitutes a final agency action.

In support of their position, plaintiffs cite to Russo's Declaration (ECF 36-1), in which he stated that “ ‘data access to the DOGE team was first approved by SSA's Acting Commissioner [Dudek]’ ” and that PII “was granted with respect to SSA's MBR, SSR, Numident, and Treasury Payment Files on February 12 and February 20” of 2025. ECF 110-1 at 22 (citing ECF 36-1, ¶¶ 6, 7). Plaintiffs also maintain that this assertion is supported by the Administrative Record. ECF 110-1 at 22 (citing ECF 86-2 at 1–32) (reflecting Dudek's approval of requests for data access for DOGE Team members). According to plaintiffs, Dudek's decision “gave DOGE Team members access to virtually all data and records systems maintained by SSA, despite longstanding policy and practice at SSA of guarding the confidentiality and privacy of PII.” ECF 110-1 at 22.

Of import, plaintiffs maintain that DOGE Team members received “far broader access than what is automatically afforded” to SSA employees, even when oversight agencies or auditors review SSA records for potential waste, fraud, and abuse. Id. And, beyond scope of access, plaintiffs insist that “SSA has made a change to what requirements need to be met by employees to obtain such broad access,” and that the access decision “is at odds with SSA's earlier policy and practices.” Id.

Defendants posit that no final agency action is implicated here. ECF 113 at 16. They assert that plaintiffs must demonstrate that the DOGE Team does “not have a right to access” plaintiffs’ members’ information, and “that steps were taken with the information that had legal consequences.” Id. at 20, 139 S.Ct. 361.

According to defendants, the actions identified by plaintiffs are “both tentative and interlocutory in nature, as the nature of the SSA DOGE Team's composition and projects are in flux.” Id. at 18, 139 S.Ct. 361. In addition, they contend that the declarations accompanying their TRO Opposition demonstrate that no new finalized policy was implemented—or existing policy definitively changed—as SSA continues to onboard employees where needed in a workaday application of previous standards. Id. at 19, 139 S.Ct. 361.

In the view of defendants, the access provided by SSA to the DOGE Team is akin to the garden variety decision of the Agency “to open an e-mail account for an employee, to assign an employee on a particular matter, or to ensure that an employee has the relevant training to access systems or participate in certain programs.” Id. at 18, 139 S.Ct. 361. And, they assert that a “court could not review such decisions without bringing within the scope of the APA virtually every aspect of an agency's relationship with its employees, a result the ‘final agency action’ limitation of the APA is designed to prevent.” Id. Therefore, defendants maintain that plaintiffs have failed to “demonstrate how providing a new employee with system access necessary to his or her function ‘consummat[es]’ the hiring agency's decisionmaking process in such a way that legal consequences flow to Plaintiffs.” Id. at 19, 139 S.Ct. 361 (citing Hawkes Co., 578 U.S. at 597, 136 S.Ct. 1807).

C. Analysis

In my view, the government misses the mark in claiming that no final agency action is implicated here and, in effect, that it is merely business as usual at SSA. I rely on my earlier analysis in ECF 49, buttressed by the recent submission of the Administrative Record and additional declarations.

As noted, Russo concedes that on February 12, 2025 and February 20, 2025, Dudek granted the DOGE Team access to personally identifiable information with respect to SSA's MBR, SSR, Numident, and Treasury Payment Files. ECF 36-1, ¶ 7. The scope of access concerned virtually all data and records systems maintained by SSA. ECF 22-10, ¶ 36. Yet, the Administrative Record reflects an entrenched, longstanding policy and practice at SSA of guarding the confidentiality and privacy of PII, except as needed, and, when needed, allowing only tailored access but not full access. SSA's decision to provide such broad access to the DOGE Team upended the longstanding policy and practice that has governed SSA with respect to access to PII.

For example, the Administrative Record reflects the policy of “least privilege,” by which “a user [is] given no more privileges than those necessary to perform their job.” ECF 86-5 at 18. According to the A.R., least privilege works as follows: (1) “Identify the user's current job”; (2) “Determine the minimum privileges required”; (3) “Restrict the user to those privileges”; (4) “Consider the resource you are trying to protect. What is the Least Privilege amount of access you should grant in order to protect the resource and still allow those employees who need access to do their job?” Id. (emphasis in ECF 86-5).

SSA's Office of Information Security (“OIS”) has explained that the “principle” of least privilege “restricts user access to the minimum amount of systems resources needed to perform assigned job duties or responsibilities.” Id. And, even when “access is granted, it is always limited to those who have a legitimate need for these resources to perform their assigned position responsibilities.” Id. Further, the OIS explains that the least privilege principle is important because “[u]nlimited rights and access can equate to unlimited potential for damage. The more privileges an account or user has, the greater potential for abuse or errors.” Id.

Moreover, the Information Security Policy (“ISP”) states that, “[i]n adherence to the security principles of least privilege, separations of duties, and need-to-know, the handling and exchange of data include” certain steps. ECF 86-4 at 52. The ISP instructs managers to “[r]estrict access to information systems to the minimum level required to perform assigned duties.” ECF 86-4 at 8.

To access SSA systems of record, the ISP establishes that individuals must complete (1) “Mandatory Information Security Awareness Training during onboarding”; and (2) “Mandatory Information Security Awareness Training within the agency defined timeframe each Fiscal Year.” Id. at 49, 132 S.Ct. 476.

Section 3.1.3.1 of the ISP provides, in part, ECF 86-4 at 36:

• “Managers authorize access to SSA Information Systems based upon official business ‘Need-To-Know,’ and limited to the ‘Least Privilege’ access required for performing job functions. Whenever access is granted, it is limited access to those who have a legitimate need for these resources to perform their assigned position responsibilities.”

• “System Managers (SMs) must ensure adequate ‘separation of duties’ within the roles of Information Systems.” Id.

• “Upon suitability clearance, users are authorized access to general SSA network resources. Specific access to information systems necessary to perform job duties must be requested via the agency's access management platform.” Id. at 37, 103 S.Ct. 2856.

• “Accounts must be reviewed annually to ensure access is appropriate for each user's assigned duties; frequency of review depends upon account type.” Id.

In addition, SSA requires its supervisors to conduct “Access Certifications” approximately every thirty days to “ensure adherence to the principles of ‘least privilege’ and ‘need to know.’ ” ECF 86-2 at 109. Yet, SSA policy provides that “certifiers are not allowed to review and certify their own access. The certification of the certifier's access is the responsibility of the certifier's Supervisors.” Id. This limitation supports the separation of duties principle. Id.; see also ECF 86-4 at 36 (“System Managers (SMs) must ensure adequate ‘separation of duties’ within the roles of Information Systems.”).

The Administrative Record also contains information as to the Privacy Act. ECF 86-2 at 149–71. SSA's policy of respecting privacy is consistent with federal regulations governing the Social Security Administration, which admonish SSA employees to be mindful of their responsibilities under the Privacy Act. The Employee Standards of Conduct for SSA state, 20 C.F.R. Pt. 401, App. A(a):

All SSA employees are required to be aware of their responsibilities under the Privacy Act of 1974, 5 U.S.C. 552a․ Instruction on the requirements of the Act and regulation shall be provided to all new employees of SSA. In addition, supervisors shall be responsible for assuring that employees who are working with systems of records or who undertake new duties which require the use of systems of records are informed of their responsibilities. Supervisors shall also be responsible for assuring that all employees who work with such systems of records are periodically reminded of the requirements of the Privacy Act and are advised of any new provisions or interpretations of the Act.

SSA's regulations also provide that “Systems Employees shall: (a) Be informed with respect to their responsibilities under the Privacy Act; ․ [and] (c) Disclose records within SSA only to an employee who has a legitimate need to know the record in the course of his or her official duties.” 20 C.F.R. Pt. 401, App. A(d)(1) (emphasis added).

Marcela Escobar-Alava, the former CIO at SSA, explains Agency policy in her Declaration, which is unrefuted. See ECF 110-10. She avers that “SSA's IT and data security practices are driven by a few ideas: (1) use least privilege access; (2) segregation of duties; and (3) incorporate other ‘Zero-Trust’ principles (including assuming breach and verifying any requests for information as though they originated outside of the system).” Id. ¶ 2.

Escobar-Alava explains that least privilege access “is the idea that users should be granted permission to access the smallest amount of and least identifying data possible to complete their jobs.” Id. ¶ 3. In other words, least privilege access means that “users should be granted the most restrictive type of access—for example, read-only access instead of write access. Data should be sanitized or anonymized wherever possible; users should be required to validate or explain what they are trying to access and why; and they should not be permitted to access production data with ‘write’ permissions unless absolutely necessary, authorized and documented.” Id. This is “important because it prevents systems from having over-privileged users that may increase the potential for breach or misuse.” Id.

“Segregation of duties (‘SoD’) is the idea that no user should have enough privileges to misuse a system on their own.” Id. ¶ 4. Escobar Alava explains, for example, that “the person in charge of issuing benefits through a system should not be the same person crafting the code that govern[s] that system.” Id.

When Escobar-Alava worked at SSA, she “saw these principles put into practice.” Id. ¶ 5. As an example, she states that “anyone seeking access to sensitive data housed in SSA systems was required to provide a justification as to why they needed access to specific systems, information of that kind, of that quantity, or in that way.” Id.

Notably, the level of access granted is not usually full access. Escobar-Alava explains: “In keeping with the principles outlined above, SSA's Enterprise Data Warehouse, or EDW, includes many sandbox functions.” Id. ¶ 7. And according to Escobar-Alava, “standard practice would be to (1) grant DOGE Team members access to the data they sought in a ‘sandbox’ environment with anonymized data, and (2) refuse requests for write-access and access to SSA source code.” Id.

Flick's Declaration, which is also unrefuted, bolsters the conclusion that the extent of access that SSA provided here constitutes a dramatic change in policy at SSA. She asserts: “The importance of privacy is engrained in every SSA employee from day one.” ECF 22-10, ¶ 4. And, “[a]long with accurate and timely payment of benefits, attention to privacy is one of SSA's most fundamental duties.” Id. To that end, employees are required to sign documents every year acknowledging their duty to protect PII and are also required to attend annual information security training. Id. ¶ 6; see also ECF 86-3 at 83 (referencing OMB-related requirement of “Annual Reminder on Safeguarding Personally Identifiable Information (PII) for SSA Employees and its accompanying Acknowledgement Statement” that employees must sign annually).

According to Flick, the scope of access requires a “ ‘need to know.’ ” ECF 110-11, ¶ 43. This requirement is plainly evident from the Administrative Record. For example, the Information Security Officer manual states: “The principles of ‘need-to-know’ and ‘least privilege’ are the basis of the SSA system access policy.” ECF 86-3 at 107; see also ECF 86-2 at 74 (Employee 8's unsigned Special Government Employee agreement states that employee “will not access, or attempt to access, classified information without the proper security clearance and a need to know”). Flick maintains that the “need to know” reasons for full, non-anonymized access to SSA data systems articulated in this case are “far from sufficiently detailed to justify granting the level of access the DOGE Team now has.” ECF 39-2, ¶ 5.

In combination with “need to know,” Flick explains that SSA's policy and procedures also follow the “ ‘least privilege’ method for granting access, which means that people are permitted to access only the lowest amount of information that will allow them to accomplish their jobs.” ECF 110-11, ¶ 4. She contends that “this method of granting access applies to all agency systems and data, including the MBR, Supplemental Security Income Record, Numident, Master Earnings File, and to any mechanism through which one can access data (for example, through both the EDW and via direct access to systems of record like the MBR).” Id.

Flick also provided examples of the separation of duties principle from her recent time at SSA. She explains, id. ¶¶ 5–12:

For example, the former Office of Analytics, Review, and Oversight included an Office of Program Integrity, which managed SSA's anti-fraud work and contained two components that separated the duties within the anti-fraud work: the fraud analytics team, which examined SSA data for patterns of fraud; and the fraud investigations team, which probed specific instances of fraud referred by the analytics team. Employees in each of these components had access to different levels of data.

The analytics team (comprised of data scientists, mathematicians, and statisticians) looks for patterns and thus needs access to less granular information. They look for a pattern by using structured query language to determine, for example, a list of Social Security Numbers (“SSNs”) associated with dates of birth before 1920.

By contrast, the certified fraud investigators in the investigations component need more specific information. For example, to examine an instance of direct-deposit fraud, they need to review specific data on an individual's MBR (such as the history of changes to routing number or contact information). They access that detailed data through the EDW and search for those details by SSN.

When determining whether an individual employee has a defined business need for accessing PII, SSA considers factors including the type of work that person will do (e.g., fraud analytics versus fraud investigations); the means through which they will access data (i.e., through EDW or via direct access to production data); and the way in which one will interact with that data (i.e., read-only access versus write access).

***

Changes to production data are made either through programmatic systems used by the front-line employees who work in local Social Security offices to process benefits or update Social Security records for the public or through “batch jobs,” which are programs written by IT programmers (or software engineers) to update production systems or data. Batch jobs are subject to extensive process controls, including multiple layers of testing, integration, and data validation.

Due to SSA's requirement to utilize a separation of duties, generally programmers who write code to update programmatic systems that affect benefit payments or maintenance of Social Security records do not have access to update or “write” to production systems or data. However, if there is an emergency business need that requires an IT programmer (or software engineer) to update a programmatic system or data, they must make a special request with justification, and would have time-limited access, which would only be provided on an “emergency” basis and last for the duration of the specific action but no longer than 24 hours.

Flick's averment suggests that SSA employees writing code for projects such as the Death Data Clean Up Project or the Fraud Detection Project, described infra, are not supposed to be the same employees investigating fraud.

Critically, the DOGE Team received far broader access than what is customarily afforded when SSA records are reviewed “for potential fraud, waste, and abuse by oversight agencies ․ or auditors․” ECF 22-10, ¶ 26. Flick avers that typically, “when analysts or auditors review agency data for possible payment issues, including for fraud, the review process would start with access to high-level, anonymized data based on the least amount of data the analyst or auditor would need to know.” ECF 39-1, ¶ 4. Then, if a subset of the data are “flagged as suspicious, the analyst or auditor would access more granular, non-anonymized data to just that subset of files.” Id. She also insists that “the type of full, non-anonymized access of individual data on every person who has a social security number or receives benefit from Social Security is unnecessary at the outset of any anti-fraud or other auditing project.” Id.

As the government has acknowledged, “SSA's Office of Financial Policy and Program Integrity confirmed that the level of access granted to the SSA DOGE team to perform analysis has likewise been granted to [only] 30 to 40 employees in their component.” ECF 113 at 7. And, SSA has well over 50,000 employees. ECF 39-1, ¶ 7. Moreover, there is no indication that new arrivals at the Agency are afforded such access. As Flick puts it, SSA “would not provide full access to all data systems even to our most skilled and highly trained experts.” ECF 22-10, ¶ 37.

Clearly, with the arrival of the DOGE Team, SSA has changed the scope of access and the requirements to obtain access. Flick provides several examples of occurrences that reflect that Dudek's decision to authorize the DOGE Team to obtain access to the SSA data systems is at odds with SSA's earlier policy and practices. According to Flick, the onboarding process for one of the DOGE Team employees was “contrary to standard practice,” ECF 22-10, ¶ 16, and the speed at which access to systems was provided was “unprecedented.” Id. ¶ 15.

Flick makes clear, and the declarations submitted by defendants confirm, that several employees of the DOGE Team accessed SSA data systems prior to having signed finalized detail agreements from other agencies. ECF 39-2, ¶ 3. According to Flick, this “is not in keeping with agency practice because the agency does not consider a detailee to be an employee of SSA until a detail agreement is signed and finalized.” Id. Moreover, according to Escobar-Alava, SSA “conforms with industry-standard IT and data security practices by requiring a completed background check for employees who will be given access to PII. At SSA, no employees are given such access until they have been fully cleared. That often takes months, even when someone already has clearance from the White House or another agency.” ECF 110-10, ¶ 6.

Alex Doe is a former Digital Services Expert at USDS. ECF 77-1, ¶ 1.⁴⁴ Doe asserts: “USDS employees detailed to SSA received access to data including PII, but only after months of clearance that exceeded the preliminary clearance we had already received from the [EOP],” and these employees could “only access data including PII on SSA devices, which were only issued after the agency confirmed that we had the adjudicated clearance described.” Id. ¶¶ 5, 6. But, defendants’ declarations demonstrate that some of the background investigations for some DOGE Team members were still pending when they were provided access to PII in the SSA data systems. See ECF 36-2, ¶ 15. And, proof of completion of the DOGE Team members’ background investigations is a troubling omission from the Administrative Record. See ECF 86.

I discuss “need,” infra. But, at this juncture, it is noteworthy that the Administrative Record does not reflect a need for access to PII of the magnitude at issue here. And, need is an inherent component of SSA's policies, practices, and the law. At best, there are vague and conclusory assertions that access to SSA's systems of records is necessary to root out fraud.

For example, on February 19, 2025, Russo, on behalf of the DOGE Team, sought access to EDW copies of the Numident, MBR, and SSR, as well as certain SSA payment files. ECF 86-2 at 5. He stated, in part, id.: “SSA has a need to rapidly respond to concerns regarding potentially large-scale fraud and improper payments related to data issues in payment files SSA sends to [Bureau of Fiscal Service] and concerns that those potential issues in those payment files may relate, in part, to SSNs without an associated date of death in SSA's Numident master files.”

Apart from the issue of need, some of the DOGE Team members clearly were not entitled to access, because they either were not properly detailed to SSA, or had not been vetted or adequately trained, or necessary work documents were not signed. This, too, is contrary to Agency practice. Compare ECF 36-2, ¶ 6 (Employee 3's agreement finalizing onboarding on February 22, 2025) with ECF 36-1, ¶ 8 (Employee 3 was granted access to PII on February 21, 2025); compare ECF 86-2 at 41–47 (Moghaddassi executed Memorandum of Understanding on March 21, 2025) with ECF 36-1, ¶ 14 (Moghaddassi was granted access to “SSA Systems” on March 11, 2025); ECF 86-2 at 72–75 (Employee 8's Special Government Employee Agreement dated February 26, 2025, remains unsigned by Employee 8).

In Bessent, 2025 WL 1023638, Judge Richardson stated that the “types of agency action that traditionally satisfy” the two-prong test in Bennett v. Spear, 520 U.S. 154, 117 S.Ct. 1154, 137 L.Ed.2d 281, “are what one would expect: binding agency opinions, ․ compliance orders ․ and promulgated rules ․” Id. at *5. The “types of agency action that traditionally fail this two-prong test are also what one would expect: tentative recommendations, ․ intermediate decisions, ․ and the initiation of enforcement proceedings ․” Id. He suggested that the “agency action” in Bessent, “granting IT access to certain employees,” “does not fit comfortably into either bucket.” Id.

Dudek's decision to grant access to DOGE Team members was not tentative, interlocutory, or intermediate. He expressly approved multiple access requests. And, because Dudek is the Acting Commissioner of the Agency, there is no supervisor to override his decision. Moreover, Dudek's repeated and rapid approvals of access requests indicate no further deliberation is contemplated. The record also makes clear that the broad access approved here was hardly consistent with SSA's ordinary business operations and procedures. The approval decisions are akin to a binding agency opinion—one that established DOGE's entitlement to access PII, notwithstanding the Agency's customs, practices, policies, and procedures.

Venetian Casino Resort, L.L.C. v. E.E.O.C., 530 F.3d 925 (D.C. Cir. 2008), is instructive. There, the employer, the operator of a casino, sought an injunction to bar the Equal Employment Opportunity Commission (“EEOC”) from releasing, without notice, the confidential documents that the employer provided during various EEOC investigations. The EEOC claimed that the employer's claims were not cognizable under the APA because the EEOC's disclosure policy as to the confidential information was not a final agency action and because the matter of disclosure is committed to the discretion of the agency and thus not reviewable. Id. at 931.

As the court explained, the employer was challenging the agency decision to adopt a policy of disclosing confidential information without notice. Id. The D.C. Circuit concluded: “Adopting a policy of permitting employees to disclose confidential information without notice is surely a ‘consummation of the agency's decisionmaking process,’ and ‘one by which [the submitter's] rights [and the agency's] obligations have been determined.’ ” Id. at 931.⁴⁵ Contrary to defendants’ assertions, see ECF 113 at 20, nothing in Venetian was specific to third-party access to the information.

The logic of Venetian applies here. The evidence is rather overwhelming in establishing that, contrary to SSA's well entrenched policy and practice, Dudek made the unprecedented decision to provide the DOGE Team with non-anonymized access to virtually all SSA records. ECF 86-2 at 1–4. Moreover, Dudek agreed to do so without signed detail agreements, adequate training, completed background investigations, and/or executed work forms for all DOGE Team members, and without adequately specified “need.” This clearly reflects consequences in terms of statutory violations as well as “a ‘consummation of the agency's decisionmaking process,’ and ‘one by which [the submitter's] rights [and the agency's] obligations have been determined.’ ” Venetian Casino Resort, L.L.C., 530 F.3d at 931.

In sum, the Agency's decision to allow the DOGE Team access to the PII of millions of Americans, is a sea change that falls within the ambit of a final agency action. In granting the DOGE Team access to records in the manner alleged, SSA veered far from principles that have been the mainstay of the Agency. The decision to do so qualifies as a final agency action.

D. No Other Adequate Remedy

Plaintiffs assert that “nothing absent an injunction will prevent the SSA Defendants’ disclosure of and access to the data in question.” ECF 110-1 at 28.

Defendants argue that the APA provides for judicial review only in circumstances where there is no other adequate remedy. See ECF 113 at 21. But, defendants contend that “the Privacy Act provides a ‘comprehensive remedial scheme’ for injuries arising out of the inappropriate dissemination of private information about individuals.” ECF 36 at 22 (quoting Wilson, 535 F.3d at 703). Therefore, they contend that plaintiffs “cannot use the APA to circumvent the Privacy Act's carefully drawn limitations on the types of relief they can seek.” ECF 113 at 21.

As discussed, review under the APA is limited to “final agency action for which there is no other adequate remedy in a court.” 5 U.S.C. § 704. And, the statute “makes it clear that Congress did not intend the general grant of review in the APA to duplicate existing procedures for review of agency action.” Bowen v. Massachusetts, 487 U.S. 879, 903, 108 S.Ct. 2722, 101 L.Ed.2d 749 (1988). Plaintiffs “may advance an APA claim as well as another type of claim only if the APA claim does not duplicate ‘existing procedures for review of an agency action.’ ” Cent. Platte Nat. Res. Dist. v. U.S. Dep't of Agric., 643 F.3d 1142, 1148 (8th Cir. 2011) (citation omitted).

Courts have stated that an adequate alternative remedy “does not need to provide relief ‘identical’ to that available to a party under the APA—it must merely be of the ‘same genre.’ ” Westcott v. McHugh, 39 F. Supp. 3d 21, 33 (D.D.C. 2014) (quoting Garcia v. Vilsack, 563 F.3d 519, 522 (D.C. Cir. 2009)); see also El Rio Santa Cruz Neighborhood Health Ctr., Inc. v. U.S. Dep't of Health & Hum. Servs., 396 F.3d 1265, 1272 (D.C. Cir. 2005). Notably, where courts have held that a plaintiff could not also bring an APA claim to obtain relief for an agency's alleged Privacy Act violation, it has been where the Privacy Act provided the kind of relief plaintiff sought. See, e.g., Poss v. Kern, No. 23-CV-2199 (DLF), 2024 WL 4286088, at *6 (D.D.C. Sept. 25, 2024) (no APA claim when seeking “removal and deletion of the allegedly defamatory report from DOD's database”); Haleem v. U.S. Dep't of Def., No. CV 23-1471 (JEB), 2024 WL 230289, at *14 (D.D.C. Jan. 22, 2024) (“The Privacy Act and FOIA thus provide adequate remedies to compel responses to his requests and the production of withheld records, meaning Plaintiff cannot premise an APA claim on Defendants’ alleged failure to respond to such requests or produce such records.”); Harrison v. BOP, 248 F. Supp. 3d 172, 182 (D.D.C. 2017) (finding no APA claim because Privacy Act provided relief when agency failed to provide requested records); Westcott, 39 F. Supp. 3d 21 (no APA claim because Privacy Act permits removal or revision of memorandum of reprimand contained in official military records); Wilson v. McHugh, 842 F. Supp. 2d 310, 320 (D.D.C. 2012) (finding no APA claim because Privacy Act applied when agency refused to withdraw a press release).

The injunctive relief sought by plaintiffs here is not available under the Privacy Act. But, as discussed in the context of standing, and important to repeat here, there have been cases suggesting that injunctive relief may be available through the APA. In 2004, the Supreme Court observed in Chao I, 540 U.S. at 619 n.1, 124 S.Ct. 1204: “The Privacy Act says nothing about standards of proof governing equitable relief that may be open to victims of adverse determinations or effects, although it may be that this inattention is explained by the general provisions for equitable relief within the [APA] ․” And, in Chao II, the Fourth Circuit suggested that a plaintiff may pursue injunctive relief for a Privacy Act disclosure claim through the APA. 435 F.3d at 504 n.17. The Court said, id.: “We note that we do not read these cases to stand for the proposition that the Government may not be enjoined from violating the Privacy Act by disclosing personal records. Instead, we read these cases as stating that such relief is not authorized by the Privacy Act, standing alone. Often, however, and as was the case in the instant action, injunctive relief for a Government's violation of the Act will instead be appropriate and authorized by the APA.”

In Bessent, 2025 WL 1023638, at *6, Judge Richardson observed that the comments of the Fourth Circuit in Chao II and the Supreme Court in Chao I are dicta. I, too, made that observation in the TRO opinion. ECF 49 at 90. But, defendants have not identified any case at odds with either Chao I or Chao II.

Moreover, “not all dicta are created equal.” Farah v. U.S. Att'y Gen., 12 F.4th 1312, 1323 (11th Cir. 2021) (citing Bryan A. Garner et al., The Law of Judicial Precedent § 4, at 69 (2016)). Indeed, as other courts have noted, “there is dicta and then there is dicta, and then there is Supreme Court dicta.” Schwab v. Crosby, 451 F.3d 1308, 1325 (11th Cir. 2006); see also Peterson, 124 F.3d at 1392 n.4 (emphasizing that “dicta from the Supreme Court is not something to be lightly cast aside”). Moreover, the Fourth Circuit has previously said that “carefully considered language of the Supreme Court, even if technically dictum, generally must be treated as authoritative.” Wynne, 376 F.3d at 298 n.3 (citation omitted). And, the fact that dicta is not binding “does not mean that the dicta is incorrect.” Preterm-Cleveland, 994 F.3d at 531.

I conclude that plaintiffs are not barred from seeking injunctive relief under the APA.

VI. Preliminary Injunction

Plaintiffs seek a preliminary injunction to enjoin DOGE's access to SSA's data systems. A preliminary injunction is “an extraordinary remedy that may only be awarded upon a clear showing that the plaintiff is entitled to such relief.” Winter v. Nat. Res. Def. Council, Inc., 555 U.S. 7, 22, 129 S.Ct. 365, 172 L.Ed.2d 249 (2008).

Alternatively, plaintiffs seek a stay under 5 U.S.C. § 705. Pursuant to 5 U.S.C. § 705, a reviewing court may stay “agency action” pending judicial review “to prevent irreparable injury.” The standards for granting a TRO, a preliminary injunction, and a § 705 stay are essentially the same. Casa de Maryland, Inc. v. Wolf, 486 F. Supp. 3d 928, 949–50 (D. Md. 2020) (citing cases); Maags Auditorium v. Prince George's Cty., Md., 4 F. Supp. 3d 752, 760 n.1 (D. Md. 2014) (“The standard for a temporary restraining order is the same as a preliminary injunction.”), aff'd, 681 F. App'x 256 (4th Cir. 2017).

The party seeking a preliminary injunction must demonstrate that: (1) he is likely to succeed on the merits; (2) he is likely to suffer irreparable harm in the absence of preliminary relief; (3) the balance of equities tips in his favor; and (4) an injunction is in the public interest. Nken v. Holder, 556 U.S. 418, 426, 129 S.Ct. 1749, 173 L.Ed.2d 550 (2009); Winter, 555 U.S. at 20, 129 S.Ct. 365; see Frazier v. Prince George's Cty., Md., 86 F. 4th 537, 543 (4th Cir. 2023) (same). The plaintiff must satisfy each requirement as articulated. Real Truth About Obama, Inc. v. Fed. Election Comm'n, 575 F.3d 342, 347 (4th Cir. 2009).⁴⁶

To meet the first requirement, the plaintiffs must “clearly demonstrate that [they] will likely succeed on the merits,” rather than present a mere “grave or serious question for litigation.” Real Truth About Obama, Inc., 575 F.3d at 346–47. But, plaintiffs “need not establish a ‘certainty of success.’ ” Di Biase v. SPX Corp., 872 F.3d 224, 230 (4th Cir. 2017) (quoting Pashby v. Delia, 709 F.3d 307, 321 (4th Cir. 2013)).

Of course, it is not enough merely to meet the Fed. R. Civ. P. 12(b)(6) standard of Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007), and Ashcroft v. Iqbal, 556 U.S. 662, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009). Allstate Ins. Co. v. Warns, CCB-11-1846, 2012 WL 681792, at *14 (D. Md. Feb. 29, 2012). However, where a plaintiff asserts multiple claims, the court need only find that a plaintiff is likely to succeed on one of his claims in order for this factor to weigh in favor of a preliminary injunction. PFLAG, Inc. v. Trump, ––– F. Supp. 3d. ––––, BAH-25-337, 2025 WL 510050, at *12 (D. Md. Feb. 14, 2025); Nat'l Council of Nonprofits v. Off. of Mgmt. & Budget, ––– F. Supp. 3d. ––––, No. 25-239 (LLA), 2025 WL 368852, at *9 (D.D.C. Feb. 3, 2025); Profiles, Inc. v. Bank of Am. Corp., 453 F. Supp. 3d 742, 747 (D. Md. 2020).

“To establish irreparable harm, the movant must make a ‘clear showing’ that it will suffer harm that is ‘neither remote nor speculative, but actual and imminent.’ ” Mountain Valley Pipeline, LLC v. 6.56 Acres of Land, Owned by Sandra Townes Powell, 915 F.3d 197, 216 (4th Cir. 2019) (quoting Direx Israel, Ltd. v. Breakthrough Medical Group, 952 F.2d 802, 812 (4th Cir. 1991)). In other words, the plaintiffs must show that harm is not just a mere possibility, but that harm is truly irreparable and cannot be remedied at a later time with money damages. “[T]he harm must be irreparable, meaning that it ‘cannot be fully rectified by the final judgment after trial.’ ” Mountain Valley Pipeline, LLC, 915 F.3d at 216 (quoting Stuller, Inc. v. Steak N Shake Enters., 695 F.3d 676, 680 (7th Cir. 2012)).

Irreparable harm “is suffered when monetary damages are difficult to ascertain or are inadequate.” Multi–Channel TV Cable Co. v. Charlottesville Quality Cable Operating Co., 22 F.3d 546, 551 (4th Cir. 1994) (quoting Danielson v. Loc. 275, Laborers Int'l Union of N. Am., AFL-CIO, 479 F.2d 1033, 1037 (2d Cir. 1973)). A plaintiff may also establish irreparable harm when its costs are unrecoverable due to the government's sovereign immunity. See Wages & White Lion Invs., L.L.C. v. U.S. Food & Drug Admin., 16 F.4th 1130, 1142 (5th Cir. 2021); City of New York, 913 F.3d at 430; see also Portée v. Morath, No. 1:23-CV-551-RP, 683 F.Supp.3d 628, 636 (W.D. Tex. July 21, 2023) (“[C]laims for money damages against state entities and officials are generally barred by sovereign immunity, which makes Portée's harm irreparable for purposes of seeking preliminary injunctive relief.”); Texas v. U.S. Dep't of Homeland Sec., 700 F. Supp. 3d 539, 546 (W.D. Tex. 2023).

“ ‘There is generally no public interest in the perpetuation of unlawful agency action.’ ” Louisiana v. Biden, 55 F.4th 1017, 1035 (5th Cir. 2022) (quoting Texas v. Biden, 10 F.4th 538, 560 (5th Cir. 2021)). To the extent an agency's acts facilitate rather than prevent unlawful conduct, such acts implicate the “substantial public interest ‘in having governmental agencies abide by the federal laws that govern their existence and operations.’ ” Texas v. United States, 40 F.4th 205, 229 (5th Cir. 2022) (quoting League of Women Voters of U.S. v. Newby, 838 F.3d 1, 12 (D.C. Cir. 2016)). Indeed, “the ‘public undoubtedly has an interest in seeing its governmental institutions follow the law․’ ” Roe v. Dep't of Defense, 947 F.3d 207, 230–31 (4th Cir. 2020) (quoting district court).

When a preliminary injunction will “adversely affect a public interest ․ the court may ․ withhold relief until a final determination of the rights of the parties, though the postponement may be burdensome to the plaintiff.” Weinberger v. Romero–Barcelo, 456 U.S. 305, 312–13, 102 S.Ct. 1798, 72 L.Ed.2d 91 (1982). In fact, “courts ․ should pay particular regard for the public consequences in employing th[is] extraordinary remedy.” Id. at 312, 102 S.Ct. 1798.

In addition to the public interest determination, the balance of equities must tip in favor of the movants in order for a preliminary injunction to be granted. Winter, 555 U.S. at 20, 129 S.Ct. 365. Courts must weigh any potential harm to the nonmoving party, and also any potential harm to the public if relief is granted. Continental Group Inc. v. Amoco Chems. Corp., 614 F.2d 351, 356–57 (3d Cir. 1980).

These final two factors—balance of the equities and weighing the public interest—“merge when the Government is the opposing party.” Nken, 556 U.S. at 435, 129 S.Ct. 1749. But, a court “may not collapse this inquiry with the first Winter factor.” Maryland, et al. v. United States Dep't of Agriculture, et al., 2025 WL 800216; see USA Farm Lab, Inc. v. Micone, 2025 WL 586339, at *4 (4th Cir. Feb. 24, 2025) (explaining that it is “circular reasoning” to argue that a government “program is against the public interest because it is unlawful” and that such argument “is nothing more than a restatement of their likelihood of success argument”).

“Crafting a preliminary injunction is an exercise of discretion and judgment, often dependent as much on the equities of a given case as the substance of the legal issues it presents.” Trump v. Int'l Refugee Assistance Project, 582 U.S. 571, 579, 137 S.Ct. 2080, 198 L.Ed.2d 643 (2017); see Roe, 947 F.3d at 231. But, a court should “ ‘mold its decree to meet the exigencies of the particular case.’ ” Roe, 947 F.3d at 231 (citation omitted). Moreover, a court must ensure that the preliminary injunction is “ ‘no more burdensome to the defendant than necessary to provide complete relief to the plaintiffs.’ ” Madsen v. Women's Health Ctr., Inc., 512 U.S. 753, 765, 114 S.Ct. 2516, 129 L.Ed.2d 593 (1994) (citation omitted).

A. Likelihood of Success on the Merits 47

1. Privacy Act 48

The Privacy Act of 1974, 5 U.S.C. § 552a, “had its genesis in a growing awareness that governmental agencies were accumulating an ever-expanding stockpile of information about private individuals that was readily susceptible to both misuse and the perpetuation of inaccuracies that the citizen would never know of, let alone have an opportunity to rebut or correct.” Londrigan v. Fed. Bureau of Investigation, 670 F.2d 1164, 1169 (D.C. Cir. 1981); see also Chao I, 540 U.S. at 618, 124 S.Ct. 1204. It “was designed to provide individuals with more control over the gathering, dissemination, and accuracy of agency information about themselves.” Greentree v. U.S. Customs Serv., 674 F.2d 74, 76 (D.C. Cir. 1982). “The Act gives agencies detailed instructions for managing their records and provides for various sorts of civil relief to individuals aggrieved by failures on the Government's part to comply with the requirements.” Chao I, 540 U.S. at 618, 124 S.Ct. 1204.

In passing the Privacy Act, Congress proclaimed: “The right to privacy is a personal and fundamental right protected by the Constitution of the United States[.]” Privacy Act of 1974, Pub. L. No. 93-579, § 2(a)(4), 88 Stat. 1896. Congress also recognized: “The privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by federal agencies[.]” Id. § 2(a)(1). And, it said: “The increasing use of computers and sophisticated information technology, while essential to the efficient operations of the government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information[.]” Id. § 2(a)(2); see Tankersley, 837 F.3d at 395 (same). Therefore, “[i]n order to protect the privacy of individuals identified in information systems maintained by federal agencies,” Congress said that “it is necessary and proper for the Congress to regulate the collection, maintenance, use, and dissemination of information by such agencies.” Id. § 2(a)(5).

The identified purposes of the Privacy Act are, inter alia, “to provide certain safeguards for an individual against an invasion of personal privacy by requiring federal agencies, except as otherwise provided by law, to—․ (2) permit an individual to prevent records pertaining to him obtained by such agencies for a particular purpose from being used or made available for another purpose without his consent; ․ (4) collect, maintain, use, or disseminate any record of identifiable personal information in a manner that assures that such action is for a necessary and lawful purpose, that the information is current and accurate for its intended use, and that adequate safeguards are provided to prevent misuse of such information[.]” Id. §§ 2(b)(2), (b)(4).

To that end, the Privacy Act establishes “certain minimum standards for handling and processing personal information maintained in the data banks and systems of the executive branch, for preserving the security of the computerized or manual system, and for safeguarding the confidentiality of the information.” Id. In particular, the statute requires “every department and agency to insure, by whatever steps they deem necessary” that, inter alia, (1) “they take certain administrative actions to keep account of the employees and people and organizations who have access to the system or file, and to keep account of the disclosures and uses made of the information”; and (2) “they establish rules of conduct with regard to the ethical and legal obligations in developing and operating a computerized or other data system and in handling personal data, and take action to instruct all employees of such duties[.]” Id.

The term “record” is defined as “any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph[.]” 5 U.S.C. § 552a(a)(4). A “system of record” is “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.” Id. § 552a(a)(5).

The Privacy Act does not define “disclosure.” But, the SSA regulations define “disclosure” as “making a record about an individual available to ․ another party.” 20 C.F.R. § 401.25. In other words, disclosure of a record includes access to the record.

Under the Privacy Act, to the extent possible, agencies that collect information directly from individuals are to inform individuals of the purpose and authority for that collection. 5 U.S.C. § 552a(e)(2)–(3). The statute contains additional requirements for agencies that maintain a “system of records,” or maintain the information they collect such that information can be retrieved “by the name of [an] individual or by some identifying number, symbol, or other identifying particular.” Id. § 552a(a)(5).

For example, agencies must continuously ensure that their systems of records are accurate and complete to the degree “necessary to assure fairness to the individual[s]” whose information has been recorded. 5 U.S.C. § 552a(e)(5). Individuals maintain the right to access and review all records “pertaining to” themselves in the agency's system, id. § 552a(d)(1), and to request an amendment if they identify an error. Id. § 552a(d)(2). If a request to review relevant records or to correct a record is denied, the individual may bring suit in federal district court and obtain an injunction ordering the agency to comply. Id. §§ 552a(d)(3), (g)(1)(A)–(B), (g)(2)–(3). And, if the agency makes an adverse determination as to an individual because of an inaccuracy in its records, the Act allows the individual to sue for damages. Id. §§ 552a(g)(1)(C), (g)(2)(4).

Relevant here, the Act prohibits federal agencies from sharing records about individuals, except under certain limited circumstances. It states, in part, 5 U.S.C. § 552a (emphasis added):

(b) Conditions of disclosure.--No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be--

(1) to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties.

The Privacy Act allows disclosure for “a routine use.” 5 U.S.C. § 552a(b)(3). A “routine use” is a use of a record “for a purpose which is compatible with the purpose for which it was collected.” Id. § 552a(a)(7). And, each time an agency “establish[es] or revis[es]” a system of records, it must publish a System of Records Notice (“SORN”) in the Federal Register detailing, among other things, “each routine use of the records contained in the system, including the categories of users and the purpose of such use.” Id. § 552a(e)(4)(D).

The Act also provides for private enforcement of violations of the provisions. See Univ. of California Student Ass'n v. Carter, No. CV 25-354 (RDM), ––– F. Supp. 3d ––––, 2025 WL 542586, at *2 (D.D.C. Feb. 17, 2025). In particular, it provides a “comprehensive remedial scheme” for injuries arising from the improper dissemination of private information. Wilson v. Libby, 535 F.3d 697, 703 (D.C. Cir. 2008). But, injunctive relief is reserved for Amendment or Access Actions, not Disclosure Actions. 5 U.S.C. § 552a(g)(2), (3).

Although individual government employees are not subject to civil suit for damages, an individual “may bring a civil action against the agency” for failure “to comply with any ․ provision of” the statute if the individual suffers “an adverse effect” due to that violation. 5 U.S.C. § 552a(g)(1). Monetary damages are available only to individuals. See id. § 552a(g)(4); see also Sussman v. U.S. Marshals Serv., 494 F.3d 1106, 1122 (D.C. Cir. 2007).

The Act also establishes criminal penalties for willful violations of its requirements. See 5 U.S.C. § 552a(i). It is a federal crime for any agency officer or employee willfully to disclose a protected record “in any manner to any person or agency not entitled to receive it,” id. § 552a(i)(1), or to maintain a system of records “without meeting the notice requirements” provided in the Act, id. § 552a(i)(2). It is also a federal crime for any person to “request[ ] or obtain[ ] any record concerning an individual from an agency under false pretenses.” Id. § 552a(i)(3).

a. Need

As discussed, the Privacy Act prohibits agencies from disclosing any records contained in a system of records, unless an exception applies. 5 U.S.C. § 552a(b).⁴⁹ The Privacy Act contains thirteen exceptions to the general rule that disclosure of agency records requires consent. See 5 U.S.C. § 522a(b). Of relevance here, disclosure is permitted “to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties.” Id. § 552a(b)(1). To fall within this exception, the disclosure must be made within the agency that maintains the record. Britt v. Naval Investigative Serv., 886 F.2d 544, 547 (3rd Cir. 1989). And, the recipient must “examine[ ] the record in connection with the performance of duties assigned to him ․ in order to perform those duties properly.” Bigelow v. Dep't of Def., 217 F.3d 875, 877 (D.C. Cir. 2000).

Defendants assert that 5 U.S.C. § 552a(b)(1) applies here. They claim that the members of the DOGE Team are employees of the SSA and that the plaintiffs’ records were not disseminated outside SSA.

The Administrative Record reflects that SSA's policies regarding access decisions appear to be guided by the Agency's understanding of the requirements of the Privacy Act. The A.R. explains the Privacy Act as a “federal law that governs our collection and use of records we maintain about an individual in a system of records. It establishes safeguards against invasions of personal privacy.” ECF 86-2 at 150.

Under the Privacy Act, access to the records is permitted to Agency employees only when there is “a need for the record in the performance of their duties.” 5 U.S.C. § 552a(b)(1). As discussed earlier, the Agency's ISP provides, ECF 86-4 at 36: “Managers authorize access to SSA Information Systems based upon official business ‘Need-To-Know,’ and limited to the ‘Least Privilege’ access required for performing job functions. Whenever access is granted, it is limited access to those who have a legitimate need for these resources to perform their assigned position responsibilities.” But, the statute does not define the term “need.”

The Executive Order directs the heads of each federal agency to “establish within their respective agencies a DOGE Team of at least four employees” within 30 days. E.O. 14,158 § 3(c).⁵⁰ There are now eleven members of the DOGE Team working at SSA. ECF 113 at 5 n.1.⁵¹ Defendants concede that eight of the eleven employees have and have had access to personally identifiable information contained in SSA data systems. ECF 113 at 7. The critical question is whether access to records that SSA provided and seeks to provide to the DOGE Team complies with the Privacy Act, which requires a “need” for the data.

Defendants maintain that those employees who have access to virtually all SSA data “need” the information to perform their work. Id. at 23, 129 S.Ct. 365. However, the expressed “need” is amorphous, as I discuss, infra. And, neither side has provided the Court with any helpful discussion concerning this statutory requirement of the Privacy Act.

“[T]he need to know exception applies only to intra-agency disclosures.” Britt, 886 F.2d at 547. I shall assume that the DOGE Team members have “intra agency” status at SSA.

The Administrative Record suggests that “need” means “need to know.” See, e.g., ECF 86-4 at 36. And, cases interpreting the “need” requirement typically consider need as “need to know,” asking “whether the official examined the record in connection with the performance of duties assigned to him and whether he had to do so in order to perform those duties properly.” Doe v. U.S. Dep't of Justice, 660 F. Supp. 2d 31, 44–46 (D.D.C. 2009). These cases typically involve the disclosure of records concerning a single person or a small number of people, and not access to a massive quantity of records for untold millions of people. See, e.g., deLeon v. Wilkie, No. CV 19-1250 (JEB), 2020 WL 210089, at *8 (D.D.C. Jan. 14, 2020) (finding “need to know” exception was met in disclosure of single plaintiff's personnel records); Walia v. Napolitano, 986 F. Supp. 2d 169, 186–87 (E.D.N.Y. 2013), on reconsideration in part (Feb. 4, 2014) (finding “need to know” exception was not met in disclosure of single plaintiff's personnel records); Middlebrooks v. Mabus, No. 1:11CV46 LMB/TCB, 2011 WL 4478686, at *5 (E.D. Va. Sept. 23, 2011) (finding that “internal disclosures of plaintiff's record to key senior agency personnel were permissible”); Viotti v. U.S. Air Force, 902 F. Supp. 1331, 1337 (D. Colo. 1995) (holding that disclosure of information about acting head of political science department to “political science department staff” not improper “as a matter of law” under need to know exception); see also Covert v. Harrington, 876 F.2d 751, 752–54 (9th Cir. 1989) (determining that Inspector General's agents needed employees’ personnel files after receiving allegations that employees were falsifying their permanent residences to obtain a per diem); Howard v. Marsh, 785 F.2d 645, 648 (8th Cir. 1986) (stating that attorney and personnel specialist gathering information about a discrimination complaint against the agency needed complainant's employment records to respond to the complaint); Dinh Tran v. Dep't of Treasury, 351 F. Supp. 3d 130, 137-39 (D.D.C. 2019) (employees evaluating a detail request needed information about performance appraisal to evaluate skillset and suitability), aff'd, 798 F. App'x 649 (D.C. Cir. 2020) (per curiam).

As noted, the term “need” is not defined in the Privacy Act. This implicates principles of statutory construction, which the parties do not address.

Generally, “[w]hen faced with a statutory provision, ‘the starting point for any issue of statutory interpretation ․ is the language of the statute itself.’ ” Redeemed Christian Church of God (Victory Temple) Bowie, Md. v. Prince George's Cty., Md., 17 F.4th 497, 508 (4th Cir. 2021) (quoting D.B. v. Cardall, 826 F.3d 721, 734 (4th Cir. 2016)) (alteration in original); see Groff v. Dejoy, 600 U.S. 447, 468, 143 S.Ct. 2279, 216 L.Ed.2d 1041 (2023) (stating that “statutory interpretation must ‘begi[n] with,’ and ultimately heed, what a statute actually says”) (citation omitted) (alteration in Groff); Murphy v. Smith, 583 U.S. 220, 223, 138 S.Ct. 784, 200 L.Ed.2d 75 (2018) (“As always, we start with the specific statutory language in dispute.”); Pharmaceutical Coalition for Patient Access v. United States, 126 F. 4th 947, 953 (4th Cir. 2025) (“Statutory interpretation begins with the text of the statute.”); Williams v. Carvajal, 63 F.4th 279, 285 (4th Cir. 2023) (“As always, an issue of statutory interpretation begins with the text.”); Navy Fed. Credit Union v. LTD Fin. Servs., LP, 972 F.3d 344, 356 (4th Cir. 2020) (“ ‘As in all statutory construction cases,’ we start with the plain text of the provision.”) (quoting Marx v. General Revenue Corp., 568 U.S. 371, 376, 133 S.Ct. 1166, 185 L.Ed.2d 242 (2013)); see also McAdams v. Robinson, 26 F.4th 149, 156 (4th Cir. 2022); United States v. Bryant, 949 F.3d 168, 174–75 (4th Cir. 2020); Othi v. Holder, 734 F.3d 259, 265 (4th Cir. 2013); Ignacio v. United States, 674 F.3d 252, 254 (4th Cir. 2012).

A statute “means what it says.” Simmons v. Himmelreich, 578 U.S. 621, 136 S.Ct. 1843, 195 L.Ed.2d 106 (2016); see United States v. Cohen, 63 F.4th 250, 253 (4th Cir. 2023). “ ‘[A]bsent ambiguity or a clearly expressed legislative intent to the contrary,’ ” courts apply the “plain meaning” of the statute. United States v. Abdelshafi, 592 F.3d 602, 607 (4th Cir. 2010) (quoting United States v. Bell, 5 F.3d 64, 68 (4th Cir. 1993)); see United States v. George, 946 F.3d 643, 645 (4th Cir. 2020) (“When interpreting a statute, courts must ‘first and foremost strive to implement congressional intent by examining the plain language of the statute.’ ”) (quoting Abdelshafi, 592 F.3d at 607). A court determines a statute's plain meaning by referencing the “ordinary meaning [of the words] at the time of the statute's enactment.” United States v. Simmons, 247 F.3d 118, 122 (4th Cir. 2001); see also HollyFrontier Cheyenne Refining, LLC v. Renewable Fuels Ass'n, 594 U.S. 382, 388, 141 S.Ct. 2172, 210 L.Ed.2d 547 (2021); Wisconsin Cent. Ltd. v. United States, 585 U.S. 274, 277, 138 S.Ct. 2067, 201 L.Ed.2d 490 (2018). Courts may “not resort to legislative history to cloud a statutory text that is clear.” Ratzlaf v. United States, 510 U.S. 135, 147–48, 114 S.Ct. 655, 126 L.Ed.2d 615 (1994); see Raplee v. United States, 842 F.3d 328, 332 (4th Cir. 2016) (“If the meaning of the text is plain ․ that meaning controls.”).

Moreover, “ ‘the words of a statute must be read in their context and with a view to their place in the overall statutory scheme.’ ” West Virginia v. EPA, 597 U.S. 697, 721, 142 S.Ct. 2587, 213 L.Ed.2d 896 (2022); see Gundy v. United States, 588 U.S. 128, 141, 139 S.Ct. 2116, 204 L.Ed.2d 522 (2019) (quoting Nat'l Ass'n of Home Builders v. Defs. of Wildlife, 551 U.S. 644, 666, 127 S.Ct. 2518, 168 L.Ed.2d 467 (2007)); see also United States v. Hansen, 599 U.S. 762, 775, 143 S.Ct. 1932, 216 L.Ed.2d 692 (2023) (“When words have several plausible definitions, context differentiates among them.”); King v. Burwell, 576 U.S. 473, 486, 135 S.Ct. 2480, 192 L.Ed.2d 483 (2015); Pharmaceutical Coalition for Patient Access, 126 F. 4th at 953. Critically, however, “the text and structure” of the statute is not analyzed in “a vacuum․ Rather, [a court] must interpret the statute with reference to its history and purpose as well.” Bryant, 949 F.3d at 174–75 (4th Cir. 2020) (citing Abramski v. United States, 573 U.S. 169, 179, 134 S.Ct. 2259, 189 L.Ed.2d 262 (2014) and Gundy, 588 U.S. at 141, 139 S.Ct. 2116).

Terms of a statute that are not defined are “ ‘interpreted” in accordance with “their ordinary, contemporary, common meaning.’ ” Sandifer v. U.S. Steel Corp., 571 U.S. 220, 227, 134 S.Ct. 870, 187 L.Ed.2d 729 (2014) (citation omitted); see Holly Frontier Cheyenne Refining, LLC, 594 U.S. at 388, 141 S.Ct. 2172; George, 946 F.3d at 645; see also Tankersley, 837 F.3d at 395 (“Where Congress has not defined a term, we are “bound to give the word its ordinary meaning unless the context suggests otherwise.”) (citation omitted).

The word “need” is part of everyday parlance. But, courts may “consult dictionaries” to decipher a term's ordinary or plain meaning. In re Constr. Supervision Servs., Inc., 753 F.3d 124, 128 (4th Cir. 2014); see also Navy Fed. Credit Union, 972 F.3d at 356; Blakely v. Wards, 738 F.3d 607, 611 (4th Cir. 2013). The word “need” is defined as “a requirement, necessary duty, or obligation, or a lack of something wanted or deemed necessary,” an “urgent want, as of something requisite,” or “a condition marked by the lack of something requisite.” Random House College Dictionary at 890 (rev. ed. 1980); see also Need, American Heritage Dictionary, https://perma.cc/M32F-ZVM2 (defining “need” as “[s]omething required or wanted; a requisite” and “[n]ecessity; obligation”).

In context, and under Social Security Administration regulation 20 C.F.R. Pt. 401, App. A, discussed earlier, the term “need” refers to “need to know.” See American Federation of Teachers, et al., 2025 WL 582063, at *10. According to Black's Law Dictionary, at 1194 (12th ed. 2024), “need-to-know basis” is defined as follows: “A justification for restricting access to information to only those with a clear and approved reason for requiring access—used as a means of protecting confidential information that affects a range of interests, from national security to trade secrets to the attorney-client privilege.”

Relying on the Privacy Act, defendants assert that the DOGE Team has “a ‘need’ to access the records contained in the relevant systems to perform their official duties.” ECF 113 at 23. They assert: “In creating a framework for agency DOGE Teams and USDS collaboration, Executive Order 14,158 charged both groups with working to modernize technology and coordinating on ways to ‘[m]aximiz [sic] [e]fficiency and [p]roductivity.’ ” Id. (quoting Exec. Order 14,158 § 4) (alterations in ECF 113). In addition, the Order “instructs agency heads ‘to the maximum extent consistent with law, to ensure USDS has full and prompt access to all unclassified agency records, software systems, and IT systems,’ and in turn requires USDS to ‘adhere to rigorous data protection standards.’ ” ECF 113 at 23 (citing Exec. Order 14,158 § 4(b)). Defendants state, ECF 113 at 24: “The ‘need’ underlying the employees access here arises directly from the mandates of an Executive Order and the complex functions being performed by agency DOGE Team employees, and it would be impossible to effectively review and modernize a data system without accessing that system, including the records within it, or to investigate improper payments without reviewing payment records.”

Further, defendants posit, id.: “Nothing in the Privacy Act requires written statements from individual employees establishing their need to access information in order to perform their job duties. Nor does the statute impose the granular explanation of need that the Court suggested is required.” This requirement, defendants argue, “would call into doubt SSA's granting of access to other employees with similar access to data—as well as routine grants of access across the Federal government. It would also give litigants a carte blanche to challenge any access decision by an agency whenever the litigant dislikes or distrusts new personnel in any new administration—putting the agencies to the daunting task of papering routine access grants in anticipation of litigation.” Id.

At the TRO Motion hearing, the Court repeatedly questioned government counsel to explain the “need” for the breadth of access to SSA records that was provided to the DOGE Team. See, e.g., ECF 45 at 23, 24, 38, 84. Besides cursory, circular statements about members of the DOGE Team in need of all SSA data because of their work to identify fraudulent or improper payments, counsel provided no explanation as to why or how the particular records correlated to the performance of job duties. Nor did counsel explain why the DOGE Team was in “need” of unprecedented, unfettered access to virtually SSA's entire data systems in order to accomplish the goals of modernizing technology, maximizing efficiency and productivity, and detecting fraud, waste, and abuse. The Court asked similar questions at the P.I. Motion hearing, but obtained no further clarity. See ECF 143 at 49–53, 54–59, 60–66.⁵²

The Administrative Record contains requests for access and the reasons for the requests. I turn to review the requests.

February 19, 2025

• On February 19, 2025, Russo prepared a “Commissioner Transmittal” for Dudek's review. ECF 86-2 at 1. It states, id.: “The Office of the Chief Information Officer (OCIO) is requesting approval to grant certain OCIO employees (including detailees from other Federal agencies and Special Government Employees assigned to [SSA]) access to Enterprise Data Warehouse (EDW) copies of SSA's Numident, Master Beneficiary Record (MBR) and Supplemental Security Record (SSR) master records, as well as copies of SSA payment files that SSA transmits to the Department of Treasury, Bureau of the Fiscal Service (BFS) for payment (excluding any matched Treasury data).” Russo recommended that Dudek approve the access, explaining that this “access allows read-only access to production data and does not in any way allow modification or deletion of the underlying data.” Id.

• On the same date, February 19, 2025, Russo emailed Dudek and referenced an attached “decision memorandum,” prepared in consultation with the Office of General Counsel. The email states, in part, id. at 3: “Given the sensitive nature of our data, I'm seeking your decision on whether it is appropriate for me to grant EDW data to some new members of my team.”

• Among other things, the decision memorandum, dated February 19, 2025, states:53

• “SSA has a need to rapidly respond to concerns regarding potentially large-scale fraud and improper payments related to data issues in payment files SSA sends to BFS and concerns that those potential issues in those payment files may relate, in part, to SSNs without an associated date of death in SSA's Numident master files.” Id. at 5.

• “Within OCIO, SSA has available personnel with the skills and abilities to conduct the requisite data analysis and review to address these concerns, and this task is within their currently-assigned job duties.” Id.

• “To perform this analysis, these personnel require access to EDW copies of the Numident, MBR, SSR, and certain SSA payment files from prior months. These master records and payment files contain [PII] and, in the case of MBR and SSR, information derived from Federal Tax Information (FTI) as well. We investigated options for masked or otherwise protecting PII-containing and [federal tax information]-containing fields within these records but have not identified a solution that enables the necessary analysis to continue at the pace necessary to respond timely to the fraud and improper-payment-related concerns.” Id.

• “The personnel in question are all either SGEs of SSA, or employees detailed to SSA under the Economy Act. They have all received standard SSA training on topics including ethics, the Privacy Act, and information security. They have signed the Systems Sanctions Access Policy and Annual Reminds on Safeguarding PII.” Id. at 6.

• Dudek responded on February 19, 2025. Id. at 3. He stated, id.: “Yes, please proceed.”

February 28, 2025

• On February 28, 2025, Employee 5 sent an email to Dudek, attaching a decision memo for review. The email states, in part: “Most immediate for your attention is the proposed test to mark 100 number holders as deceased this weekend. We believe this would be a conservative test of the system and the proposed process.” Id. at 11, 129 S.Ct. 365. A “Commissioner Transmittal” was attached, which concerns the “Proposal for Death Data Improvement 100+.” Id. at 12, 129 S.Ct. 365. The stated “rationale underlying this proposal” is that “accurate death records strengthen nation-wide improper payment and identity theft prevention. It also ensures quality records management within SSA.” Id. at 13, 129 S.Ct. 365. The document also states: “SSA readily has the information, process, and resources on-hand to mark someone as reasonably deceased—we should clean up our records and share this information with other agencies authorized to receive it.” Id. But, this seems to conflict with Russo's previous assertion that DOGE Team members would receive “read-only access to production data [that] does not in any way allow modification or deletion of the underlying data.” Id. at 1.

• Dudek approved the document via email dated February 28, 2025, and reminded Employee 5 to “provide the requisite justification in accordance with statute.” Id. at 10, 129 S.Ct. 365. Employee 2 then replied, suggesting that the requisite justification could be that “it is reasonable to assume a person over the age of 119 is dead given (a) the oldest living person in America is 115 years old (cite sources) and (b) the longest documented life of a person in the USA is 117 (citation).” Id. Dudek replied on the same day, instructing the team to proceed. Id.

March 12, 2025

• On March 12, 2025, Employee 5 emailed Mickie Tyquiengco to request “access to IRON in order to look at microfiche for investigating integrity. This is for the effort to investigate the number of people beyond a reasonable age who can be marked dead.” Id. at 22, 129 S.Ct. 365. Tyquiengco sent the request to Dudek. Id. He approved the request the same day. Id.

March 14, 2025

• On March 14, 2025, Tyquiengco forwarded an access request from Employee 9 to Dudek, stating that Employee 9 “is requesting access to PSSNAP data to access identifying information about beneficiaries and their application documents.” Id. at 19, 129 S.Ct. 365. The request specifies the justification for the request, as follows: “I am investigating fraud, waste, and abuse and improper payments as part of my duties as a senior advisor for the SSA. I require SELECT access to PSSNAP to access identifying information about beneficiaries and their application documents. These are needed within the PADW environment.” Id. at 20, 129 S.Ct. 365. Dudek approved the request the same day. Id. at 19, 129 S.Ct. 365.

March 14, 2025

• The Administrative Record includes a “Commissioner Transmittal” dated March 14, 2025, from the “USDS Team (via OCIO)” to Acting Commissioner Dudek. Id. at 31. It concerns an “UPDATE – Proposal for Death Data Improvement.” Id. The document states that it is an update to “the technical approach described in the March 7, 2025 decision memo, Proposal for Death Data Improvement 120+.” Id. Dudek approved this request on March 14, 2025. Id. at 30, 129 S.Ct. 365.

March 15, 2025

• On March 15, 2025, Mogahaddassi emailed Dudek and others at SSA, asking for “USCIS SAVE access,” which he described as “absolutely critical to get detailed immigration status for non-citizen SSNs to detect fraud and improper payments.” Id. at 29, 129 S.Ct. 365. Dudek approved the request the same day. Id. at 28, 129 S.Ct. 365.

March 15, 2025

• Also on March 15, 2025, Mogahaddassi submitted a request for “SSN application process data (i.e., PSSNAP)” to “audit how fraudulent SSNs are issued.” Id. Dudek approved the request the same day. Id. at 27, 129 S.Ct. 365.

March 17, 2025

• On March 17, 2025, Tyquiengco requested access for “[Employee 11], Aram, and [Employee 9]” to “SSI claims data to understand how many people request SSI benefits.” Id. Dudek approved the request the same day. Id.

March 18, 2025

• On March 18, 2025, Employee 9 emailed Tyquiengco to request access to a “data schema that the OASI team said [he] needed to get a comprehensive look at the title 2 beneficiaries.” Id. at 26, 129 S.Ct. 365. Tyquiengco forwarded the request to Dudek, along with a justification, stating: “I am leading the Are you Alive campaign and investigating fraud waste and abuse. This schema will provide the information needed to complete the [project].” Id. at 25, 129 S.Ct. 365. Dudek approved the request the same day. Id.

March 19, 2025

• On March 19, 2025, Tyquiengco forwarded an access request from Employee 9 to Dudek, stating that Employee 9 “is requesting access to some schemas that are necessary to determine if a beneficiary is alive or not.” Id. at 21, 129 S.Ct. 365. The justification for the request is as follows: “I am requesting access to build a system to analyze how often beneficiaries interact with the SSA in order to identify users that may be dead and receiving benefits. These schemas provide insight on when users log into MySSA, Call the 1-800 Number, Call the Field office, and have an appointment in the field offices.” Id. Dudek approved the request the same day. Id.

The justifications for access are thin. Nothing in the specific requests suggests that the DOGE Team members required unlimited access to PII to perform their work.

Defendants point to a memorandum in the Administrative Record stating that SSA “investigated options for masked or otherwise protecting PII-containing and FTI-containing fields within these records but have not identified a solution that enables the necessary analysis to continue at the pace necessary to respond timely to the fraud and improper-payment-related concerns.” ECF 113 at 23–24 (citing ECF 86-2 at 5) (emphasis added). However, this does not mean the work cannot be done without PII. Rather, it suggests only that working without PII may cause the work to take longer.

At the P.I. Motion hearing defense counsel conceded that anonymization of the data is possible, but contended that it would be burdensome. ECF 143 at 66. However, the Privacy Act does not make an exception to permit employees to access PII so that they can improve their speed when a viable alternative is available to them that does not necessitate access to PII.

If need can be found, it is only in defendants’ post hoc explanations for “need,” set forth in Dudek's declarations. Dudek's declarations contain explanations about the projects on which the DOGE Team members are working. He uses the declarations to amplify the nearly nonexistent explanations in the A.R. But, even when I consider the declarations, the explanations fail to make clear why members of the DOGE Team need unfettered access to a wide variety of SSA systems of record that contain personal, sensitive, and private information of millions of Americans.

In Dudek's Declaration of March 26, 2025 (ECF 60-1), he identified, for the first time, specific efforts of the DOGE Team concerning the detection of fraud.⁵⁴ Dudek submitted another Declaration on March 27, 2025 (ECF 62-1), in which he provides information on the specific projects on which Employees 1, 5, 8, and 9 are working, and for which SSA contends that access to PII is needed. One of these is the “Are You Alive Project,” which Dudek avers is “aimed at preventing improper payments and fraud, waste, and abuse related to decedent identities.” Id. ¶ 9. Dudek states, id.: “Because Employees 1, and 9 are working on individual cases and may be reaching out to individuals in connection with those cases, data anonymization would make it impracticable for these employees to conduct the Are You Alive Project.” But, once suspicious, individual cases are identified, that would be the time for access to non-anonymized records, consistent with SSA's practice and policy.

Of note, at the hearing on March 27, 2025, Mr. Dudek stated to the Court that the Are You Alive project is “work [SSA has] never gotten around to as an agency.” ECF 73 at 10. This comment suggests that there is no justification for SSA to suddenly abandon longstanding Agency protections of PII.

Dudek refers to another project as the “Death Data Clean Up Project,” which is focused “on ensuring death records that can be updated based on information currently available in agency records, for which [SSA has] sufficient confidence that would allow us to conclude a person is deceased.” ECF 62-1, ¶ 10. He states, id.: “Because the Death Data Clean Up Project involves updates to individual-level records, anonymization is not feasible.” But, he provides no rationale for the production of non-anonymized records.

The third project Dudek describes is “direct-deposit change, new claim[s], and wage-reporting fraud detection,” or “Fraud Detection.” Id. ¶ 11. Dudek states, id.: “The Fraud Detection Project is aimed at finding new ways to identify fraud in the foregoing areas. The Project involves looking for patterns of fraud in these filings on an individual case level. Anonymization is not feasible because it could obscure information useful for identifying fraud: for instance, name matching would not be possible.”

In a Supplemental Declaration on March 28, 2025 (ECF 74-1), Dudek provided additional information about the “Fraud Detection” project, on which Employee 8 is working. He explains, id. ¶ 6: “This project is designed to respond to specific instances of known fraud in direct-deposit change (i.e., allowing an individual to change what bank account benefits payments are deposited into), new claims (e.g., claims for Supplemental Security Income (SSI) and Old-Age, Survivors and Disability Insurance (OASDI)) and wage-reporting (i.e., the amount of wages an individual reports to SSA, which directly impacts the amount of benefits the person is entitled to receive). It is also designed to identify whether we can develop new ways to identify fraud. For example, we would like to identify if a higher-than-expected number of wage reports come from extremely young and extremely old individuals, as this would be suspicious and indicative of likely fraud.”

Dudek also clarifies the type of access Employee 8 requires. He states, id. ¶ 8 (emphasis added): “Employee 8 plans to work with non-DOGE Team SSA employees in order to retrieve anonymized, aggregated data for the Fraud Detection Project, in order to look for anomalies that may be indicative of fraud. Employee 8 needs access to discrete individual data only when anomalies are identified, in order to detect fraud in specific instances.” This assertion appears consistent with SSA's practices and policies, in that there is intended exploration of non-anonymized data only with regard to discrete instances of suspected fraud.

On April 1, 2025, Dudek submitted another Declaration. ECF 80-1. He describes why he believes that anonymization is not feasible. His argument can be summarized in three points: (1) “De-identification of large data sets—such as the data sets contained in the Numident, MBR, and SSR schema—is a highly complex technical and statistical skill that takes large amounts of employee and systems resources to complete”; (2) “anonymization of large data sets would result in the removal of information relevant to the SSA DOGE Team's analysis ․”; and (3) “Even if SSA attempted to anonymize the individual level data to which the SSA DOGE Team currently needs access, the resulting dataset would almost certainly still contain” PII. Id. ¶¶ 5, 6.

Dudek's contentions about the challenges of anonymization are puzzling, given his prior statements about the way Employee 8 will conduct the Fraud Detection Project, and because of Agency practices. He does not shed light on why he changed his position, and now believes the process that he described in ECF 74-1 is no longer feasible. Nor does he explain why the procedures described in ECF 74-1 are not workable for the other projects.

Plaintiffs submitted the Declaration of Ann Lewis (ECF 77-2), who holds a degree in computer science from Carnegie Mellon and is the former Director of the Technology Transformation Services within GSA. Id. ¶ 1. She states that she reviewed Dudek's declarations and statements from the hearing of March 27, 2025. Id. ¶ 6. She opines that, based on SSA's existing fraud detection processes, the descriptions provided by Dudek “do[ ] not support the case for Employees 1, 5, 8, and 9 to get access to the high level of non-anonymized data that Mr. Dudek plans to give them, simply because they are ‘working on individual cases’ or ‘the project involves updates to individual-level records.’ ” Id. She also asserts that the SSA projects referenced by Dudek do not warrant the “intended high level of non-anonymized data.” Id. ¶ 7.

According to Lewis, a new fraud detection model requires an “Authorization to Operate (‘ATO’) review process” and a “Privacy Impact Assessment.” Id. She adds that, based on her “professional experience,” including her time at GSA, and conversations she has had “with peers familiar with SSA's data systems,” SSA's “attempt to give DOGE and its affiliates such a high level of access suggests that they are circumventing existing SSA anti-fraud mitigation, resolution, and auditing processes.” Id. ¶ 8.

Of concern, there are several access requests in the Administrative Record that do not seem to fit into the three projects identified by Dudek in the Notice. For example, the request from Employee 9 that appears on ECF 86-2 at 19 for “PSSNAP data to access identifying information about beneficiaries and their application documents” contains only the explanation that Employee 9 is “investigating fraud, waste, and abuse and improper payments as part of [his] duties as a senior advisor for the SSA,” for which he needs the information “within the PADW environment.” The specific information that Employee 9 seeks is unclear, as is how he plans to use it.

Mogahaddassi has requested “USCIS SAVE access” to get “detailed immigration status for non-citizen SSNs to detect fraud and improper payments.” Id. at 29, 129 S.Ct. 365. He requested “SSN application process data (i.e., PSSNAP)” to “audit how fraudulent SSNs are issued.” Id. at 28, 129 S.Ct. 365. But, there is no indication by Dudek of a project that is based on a suspicion that immigrants are engaging in fraud or abuse of SSNs.

Tyquiengco has requested access for Employee 9, Employee 11, and Mogahaddassi to “SSI claims data to understand how many people request SSI benefits.” Id. at 27, 129 S.Ct. 365. This appears to require only a numerical computation. It is unclear why the task requires access to PII, or even the projects for which the requests were made.

With respect to the Fraud Detection project, as discussed, Dudek at one point acknowledged that, in general, non-anonymized data is not needed. Rather, access to particular records of specific individuals would be necessary once a discrete issue emerges. See ECF 74-1, ¶ 8. But, Dudek later retracted this position. See ECF 80-1.

The Administrative Record does not establish “need” in any meaningful way, as contemplated by the Privacy Act and Agency protocols. And, even upon consideration of Dudek's declarations, the explanations are imprecise, contradictory, and insufficient. Defendants have never made clear why, contrary to Agency protocols and the Privacy Act, the DOGE Team requires unbridled access to the PII of countless Americans in order to effectuate their responsibilities.

The Privacy Act is not toothless. Defendants cannot flout the law. They are not exempt from a statute that Congress enacted to protect American citizens from overbroad and unnecessary access to their PII.

On this record, I conclude that plaintiffs have shown a likelihood of success on the merits as to their claim that the access to records that SSA seeks to provide to the DOGE Team does not fall within the need-to-know exception to the Privacy Act.

b. Routine Use

Defendants maintain that, to the extent employees of the DOGE Team cannot be considered employees of the SSA, the access they have obtained is not improper under the Privacy Act because it “fits within the routine use exception.” ECF 113 at 25 (citing 5 U.S.C. § 552a(b)(3)). The defendants’ attempt to plug the events here into the routine use exception of the Privacy Act, 5 U.S.C. § 552a(b)(3), is unavailing. It amounts to the proverbial effort to fit a square peg into a round hole.

Moreover, and of significance, the Administrative Record contains no reference to the reliance on the routine use exception. Clearly, reliance on routine use constitutes post hoc justification for SSA's access decision.

In 5 U.S.C. § 552a(b)(3), it states:

(b) Conditions of disclosure.—No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be—

* * *

(3) for a routine use as defined in subsection (a)(7) of this section and described under subsection (e)(4)(D) of this section; ․

In turn, 5 U.S.C. § 552a(a)(7) states:

(7) the term “routine use” means, with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected; ․

Relevant here, the statute also requires the agency to “publish in the Federal Register ․ a notice ․ which notice shall include ․ (D) each routine use of the records contained in the system, including the categories of users and the purpose of such use.” 5 U.S.C. § 552a(e)(4)(D). To justify the information shared with the DOGE Team, defendants point to SSA Privacy Act systems of records notices “(“SORN”), corresponding to each data system to which access has been granted. ECF 113 at 25.

These SORNs contain the following “routine use,” which defendants argue applies to the facts here: “ ‘To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for us, as authorized by law, and they need access to personally identifiable information (PII) in our records in order to perform their assigned agency functions.’ ” Id. But, defendants do not explain how this routine use applies here.

Members of the DOGE Team with access to these systems are not “student volunteers,” nor are they “individuals working under a personal services contract.” As employees of DOGE, these individuals would be considered federal employees or contractors, even if they are not employees of SSA. Thus, they are not “other workers who technically do not have the status of Federal employees.”

Even assuming these individuals fit into one of the categories outlined in the SORN, and there is no evidence to demonstrate that they do, the SORN still requires that these individuals “need access to personally identifiable information (PII) ․ in order to perform their assigned agency functions.” (Emphasis added). As discussed earlier, no such need has been proffered to justify the wholesale access of a vast quantity of PII belonging to millions of people.

For these reasons, plaintiffs are likely to succeed on their claim that SSA's provision to the DOGE Team of access to SSA systems is “not in accordance with” the Privacy Act, and therefore in violation of the APA. See 5 U.S.C. § 706(2).

2. Arbitrary and Capricious

The APA requires courts to “hold unlawful and set aside agency action, findings, and conclusions” that are “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” 5 U.S.C. § 706(2)(A). “The scope of review under the ‘arbitrary and capricious’ standard is narrow and a court is not to substitute its judgment for that of the agency.” Motor Vehicle Mfrs. Ass'n of the U.S., Inc., 463 U.S. at 43, 103 S.Ct. 2856.

But, the agency must “articulate a satisfactory explanation for its action including a ‘rational connection between the facts found and the choice made.’ ” Id. (quoting Burlington Truck Lines v. United States, 371 U.S. 156, 168, 83 S.Ct. 239, 9 L.Ed.2d 207 (1962)). Agency action is generally considered arbitrary or capricious if the agency “has relied on factors which Congress has not intended it to consider, entirely failed to consider an important aspect of the problem, offered an explanation for its decision that runs counter to the evidence before the agency, or is so implausible that it could not be ascribed to a difference in view or the product of agency expertise.” Motor Vehicle Mfrs. Ass'n of the U.S., Inc., 463 U.S. at 43, 103 S.Ct. 2856.

As discussed, defendants have not provided the Court with a reasonable explanation for why the entire DOGE Team needs full access to the wide swath of data maintained in SSA systems in order to undertake the projects. As detailed by Flick, SSA has practices in place for audits or other searches for alleged fraud or abuse. But, as discussed earlier, defendants ran roughshod over SSA protocols for proper hiring, onboarding, training, and, most important, access limitations and separation of duties. I need not repeat each instance here, but it is clear from the declarations of Russo (ECF 36-1) and Felix-Lawson (ECF 36-2; ECF 62-1), as well as from the Administrative Record, that the credentialing process of the DOGE Team at SSA was flawed and lackadaisical.

SSA hastily provided access to an enormous quantity of sensitive, confidential data to members of the DOGE Team, without meaningful explanation for why these members needed access to PII to perform their duties. Indeed, the Administrative Record is rife with examples of ambiguous explanations for why DOGE Team members sought access to PII. Not once did Dudek inquire further into why this access is needed. Nor did he ever reject any request for access. The mere utterance of the word “need” is not like the proverbial “get out of jail free card,” enabling SSA to avoid or bypass the statutory requirements of the Privacy Act.

Defendants clearly understand why guarding privacy, rather than waiting for harm to occur, is important. After all, that is precisely the reason why they have withheld the names of most of the members of the SSA DOGE Team. But, defendants have not shown the same level of care with the far more sensitive, confidential data of millions of Americans who entrusted their government with their personal and private information. The trust appears to have been violated.

Plaintiffs are likely to succeed on a claim that the conduct at issue was unreasonable and capricious. Plaintiffs have therefore shown a likelihood of success on their arbitrary and capricious claim under the APA.

B. Irreparable Harm

Plaintiffs contend that “the DOGE Team's access to plaintiffs’ members’ sensitive, personally identifiable information on a daily basis and with no proper justification constitutes irreparable injury.” ECF 110-1 at 28.⁵⁵ For example, plaintiffs contend that some of their members receive disability benefits. Id. at 28, 129 S.Ct. 365 (citing ECF 22-1, Widger Declaration, ¶ 10); ECF 22-4, Imperiale Declaration, ¶ 4); ECF 22-6, Fiesta Declaration, ¶ 18). According to plaintiffs, to receive these benefits, “members must submit extensive medical information, including details about the prescription and non-prescription medicines the applicant takes; lists of their healthcare providers and the medical conditions for which they were evaluated and treated, including mental health conditions; and other sensitive medical information.” ECF 110-1 at 29 (citing ECF 22-1, ¶ 11). Plaintiffs argue, ECF 110-1 at 29 (quoting ECF 22-1, ¶ 14): “Some of this information, including concerning ‘health conditions like HIV or other STDs, can result in stigma, social isolation, job loss, housing loss, and other harms.’ ”

Moreover, SSA conducts periodic “Continuing Disability Review.” Soc. Sec. Admin., Your Continuing Eligibility, https://perma.cc/NN9S-JVVL. Therefore, the production of health records by beneficiaries of SSA is ongoing.

“Disclosure of this information to DOGE,” plaintiffs say, “is an actual harm to Plaintiffs’ members, who did not consent to DOGE accessing their sensitive information and who face injury in the form of a privacy violation every day the department accesses their private data.” ECF 110-1 at 29. And, plaintiffs contend that “harm like this cannot be rectified by money damages down the road.” Id.

Defendants argue that plaintiffs have not established that they will suffer irreparable harm for the same reasons defendants argue that plaintiffs do not have standing—their claimed privacy injury “is not concrete.” See ECF 113 at 31. Even if plaintiffs have established a concrete injury for standing purposes, defendants posit that plaintiffs “nonetheless fail to make a clear showing of actual and imminent harm from the intra-agency disclosure of information, where employees who view that information are subject to the same confidentiality obligations that apply to other similarly situated agency employees.” Id. at 31–32, 103 S.Ct. 2856. Defendants also contend that plaintiffs’ argument fails because they “have an adequate alternative remedy to the emergency relief they seek: a private right of action under the Privacy Act.” Id. at 32, 103 S.Ct. 2856 (citing 5 U.S.C. § 552a(g)(4)).

The government cites two recent cases from the D.C. District Court denying a TRO or a preliminary injunction because the plaintiffs in each case did not establish irreparable harm. ECF 113 at 32 (citing Carter, 2025 WL 542586, at *5; Alliance for Retired Americans, 2025 WL 740401, at *20–24). But, the D.C. Circuit appears to maintain a higher bar for injunctive relief in these types of cases, as explained by Judge Kollar-Kotelly in Alliance for Retired Americans, 2025 WL 740401. There, she stated that in the D.C. Circuit, plaintiffs’ asserted injury “ ‘must be both certain and great’ ” to support a preliminary injunction. Id. (quoting Wis. Gas Co. v. FERC, 758 F.2d 669, 674 (D.C. Cir. 1985)).

And, in the context of disclosure of private information, courts in the D.C. Circuit “have consistently ‘declined to find irreparable injury ․ where the challenged disclosure is not public’ but instead is to a small number of ‘individuals obligated to keep [the information] confidential.’ ” Alliance for Retired Americans, 2025 WL 740401, at *21 (quoting Carter, 2025 WL 542586, at *5) (alteration in Alliance) (cleaned up). This is because, she noted, the court could order adequate corrective relief after the fact. See Alliance for Retired Americans, 2025 WL 74040, at *21. For example, she explained that the court “could order the small number of individuals who received the information to return or destroy it,” and the possibility that adequate relief would later be available weighed against a finding of irreparable harm. See id.

Defendants also cite Electronic Privacy Information Center v. U.S. Office of Personnel Management., RDA-25-255, 2025 WL 580596 (E.D. Va. Feb. 21, 2025), to support their argument. ECF 113 at 32. The case involved the accessing of data systems containing “ ‘Social Security numbers, dates of birth, salaries, home addresses, and job descriptions of all civil government workers, along with any disciplinary actions they have faced.’ ” Electronic Privacy Information Center, 2025 WL 580596, at *2 (citation omitted). However, the extensive data housed within the SSA's systems does not belong only to government workers. See id. Moreover, Judge Alston emphasized that the plaintiffs’ arguments about “heightened risk of exposure or exfiltration by hostile actors”; future “misuse” of private data “by arbitrarily stopping payments through access to [the Treasury Department's] system”; and risk of “future identity theft because OPM's network is regularly subject to hacking attempts,” which plaintiffs claimed were “more likely to be successful as a result of Defendants’ actions,” were “unpersuasive” and “too speculative.” Id. at *6–7.

In Bessent, Judge Richardson addressed irreparable injury. 2025 WL 1023638, at *6. Because Privacy Act violations “are a type of injury at least sometimes redressable through damages,” he was “unconvinced by the plaintiffs’ assertion that their injury is so irreparable as to merit immediate equitable relief.” Id. Moreover, he noted that the injury complained of “has already occurred,” but, “preliminary injunctions typically focus on forestalling impending events that would be difficult to reverse.” Id.

I have already addressed the matter of dicta in Chao I and Chao II; those cases appear to recognize the right to seek injunctive relief under the APA for a Privacy Act violation. Moreover, the alleged harm here is not a fait accompli. And, a second look is not legally insignificant just because there was a previous look. Although the DOGE Team was previously provided with access, the DOGE Team continues to request additional access, and the team itself continues to grow in number. Simply put, the matter is ongoing.

As Judge King recognized in his dissent in Bessent, that case involved “some of the most sensitive personal information imaginable.” Id. at *7. And, in her dissent, Judge Berner said, id. at *10: “Permitting DOGE unfettered access to the plaintiffs’ personally identifiable information lets the proverbial genie out of the bottle. Even if they ultimately prevail, the plaintiffs will already have suffered irreparable harm.” Id. at *10. The harm here can only be greater, because the SSA records contain extensive medical and mental health records, as well as records involving children.

Money damages cannot rectify this invasion of privacy of plaintiffs’ members. See, e.g., Norman-Bloodsaw v. Lawrence Berkeley Lab'y, 135 F.3d 1260, 1275 (9th Cir. 1998) (finding “the retention of [the plaintiff's] undisputedly intimate medical information [without consent] ․ would constitute a continuing ‘irreparable injury’ for purposes of equitable relief”); In re Meta Pixel Healthcare Litig., 647 F. Supp. 3d 778, 802 (N.D. Cal. 2022) (“The invasion of privacy triggered by the Pixel's allegedly ongoing disclosure of plaintiffs’ medical information is precisely the kind of intangible injury that cannot be remedied by damages.”); Hirschfeld v. Stone, 193 F.R.D. 175, 187 (S.D.N.Y. 2000) (Disclosure of data including psychiatric and medical treatment and diagnoses “is the quintessential type of irreparable harm that cannot be compensated or undone by money damages.”); Haw. Psychiatric Soc. v. Ariyoshi, 481 F. Supp. 1028, 1038 (D. Haw. 1979) (finding irreparable injury because “[t]he disclosure of the highly personal information contained in a psychiatrist's files to government personnel is itself a harm that is both substantial and irreversible”).

C. Balance of the Equities and the Public Interest

As noted, the third and fourth elements, which address whether the balance of the equities tip in the movant's favor and whether the injunction is in the public interest, merge “when the Government is the opposing party.” Nken, 556 U.S. at 435, 129 S.Ct. 1749.

In plaintiffs’ view, defendants’ conduct “violates the public interest in the protection of personal information.” ECF 122 at 14. Plaintiffs add that there is not a public interest in sustaining unlawful agency action. ECF 110-1 at 31. Further, plaintiffs contend that pausing SSA's efforts to “curb fraud ․ will result in only minor harm to the government.” ECF 122 at 15. In particular, plaintiffs observe, id.: “In a colloquy with this Court during a telephone conference, Defendant Dudek acknowledged that, far from being time-sensitive, the efforts now underway are ‘work [SSA has] never gotten around to as an agency.’ ” (Quoting ECF 73 (Tr., 3/27/25), at 10). Thus, in plaintiffs’ view, “[a]ny further delay would be incidental, and any further money lost [by the government] would be recoverable through legal action.” ECF 122 at 15.

Moreover, according to plaintiffs, an injunction would not “ ‘impinge on the President's broad authority.’ ” Id. (quoting ECF 113 at 30). Rather, it would “simply ensure[ ] that the President and his agents abide by the statutory limitations placed upon them by Congress.” ECF 122 at 15.

Defendants counter that an injunction is not in the public interest because it “would cause irreparable injuries to the government and the public.” ECF 113 at 32. Specifically, defendants assert that an injunction would harm the Agency's “operations by halting ongoing efforts to detect and eliminate fraud[ ]” and would “deprive[ ] the agency of valuable expertise and effectively stop[ ] work on projects that could otherwise reduce improper payments to the tune of millions of dollars per day that will be difficult, if not impossible, for the government recover.” Id.

More broadly, the government argues that “a preliminary injunction will impinge on the President's broad authority over and responsibility for directing agency employees” which is “ ‘an improper intrusion by a federal court into the workings of a coordinate branch of the government.’ ” Id. at 33, 103 S.Ct. 2856 (quoting Immigr. & Nat. Serv. v. Legalization Assistance Project of the L.A. Cty. Fed'n of Labor, 510 U.S. 1301, 1305–06, 114 S.Ct. 422, 126 L.Ed.2d 410 (1993) (O'Connor, J., in chambers)). Relatedly, defendants contend, ECF 113 at 33: “By instructing the government who can and cannot access the Defendant agency's data systems, Plaintiffs’ requested injunction would curtail the Executive Branch's core duty to manage the day-to-day operations of its agencies.” The government also asserts that plaintiffs’ “argument for why the equities and the public interest fall in their favor largely collapse into the merits[,]” which is improper. Id.

Logically, “[t]here is generally no public interest in the perpetuation of unlawful agency action.” League of Women Voters of United States, 838 F.3d at 12. On the other hand, there is a substantial public interest “in having governmental agencies abide by the federal laws that govern their existence and operations.” Washington v. Reno, 35 F.3d 1093, 1103 (6th Cir. 1994); see also HIAS, Inc. v. Trump, 415 F. Supp. 3d 669, 686 (D. Md. 2020) (same), aff'd, 985 F.3d 309 (4th Cir. 2021); Roe, 947 F.3d at 230–31 (citing with approval the district court's statement that “the public ‘undoubtedly has an interest in seeing its governmental institutions follow the law ․’ ”). Nonetheless, the Fourth Circuit has recently stated that it is improper to collapse “the first Winter factor—likelihood of success on the merits—with the merged balance of equities and public interest factor.” USA Farm Lab., Inc., 2025 WL 586339, at *4. Likelihood of success on the merits alone does not suffice. Id.

As addressed earlier, there is a strong public interest in maintaining the confidentiality of PII, such as medical records and financial information. Indeed, society expects as much. Defendants admit that the SSA granted DOGE personnel broad access to the PII of millions of Americans. This intrusion into the personal affairs of millions of Americans—absent an adequate explanation for the need to do so—is not in the public interest. This is especially true because SSA has long communicated to the public its commitment to privacy. See, e.g., SSA's Commitment to Protecting Privacy through Compliance, Soc. Sec. Admin, https://perma.cc/779M-XJ7H (“The first regulation we published included a commitment to the public to safeguard the personal information you entrust to us. Our commitment is as solid now as it was when Social Security began in 1935, and we include the highest level of privacy protections possible.”). And, the public is entitled to rely on the Agency's representations that it will safeguard their private information.

To be sure, rooting out possible fraud, waste, and mismanagement in the SSA is in the public interest. But, that does not mean that the government can flout the law to do so. SSA is not exempt from the statutes Congress enacted to protect American citizens from overbroad and unnecessary access to their PII.

Moreover, the government's claim of irreparable harm is not convincing. ECF 113 at 32 (claiming that an injunction “would cause irreparable injuries to the government and the public.”). As the Court pointed out in a Memorandum denying defendants’ request for a stay pending appeal (ECF 78 at 5), during an Emergency Telephone Conference held on March 27, 2025, Acting SSA Commissioner Dudek indicated that the anti-fraud related efforts of the SSA DOGE Team include matters that SSA has previously considered but had “never gotten around” to doing. ECF 73 (Tr., 3/27/25), at 10. To claim irreparable harm based, at least in part, on the desire to now perform certain actions that could have been done earlier does not carry the day. Notably, defendants also agreed to extend the TRO to the maximum time permitted by law. ECF 68 at 1. That is not consistent with a claim of irreparable harm.

In sum, the Court is satisfied that the balance of the equities and the public interest favor the issuance of a preliminary injunction.

VII. Conclusion

In general, defendants tie all three projects identified by Dudek to the mission of DOGE to root out fraud. ECF 143 at 73–74. The objective to address fraud, waste, mismanagement, and bloat is laudable, and one that the American public presumably applauds and supports. Indeed, the taxpayers have every right to expect their government to make sure that their hard earned money is not squandered.

However, the issue here is not the work that DOGE or the Agency want to do. The issue is about how they want to do the work. The DOGE Team seeks access to the PII that millions of Americans entrusted to SSA, and the SSA Defendants have agreed to provide it.

For some 90 years, SSA has been guided by the foundational principle of an expectation of privacy with respect to its records. This case exposes a wide fissure in the foundation.

In my view, plaintiffs have standing, for the reasons stated. They are also likely to succeed on their claim that the Agency's actions are arbitrary and capricious, and in violation of the Privacy Act and the APA. And, plaintiffs have demonstrated that their members will suffer irreparable harm in the absence of a preliminary injunction, the equities tip in their favor, and the preliminary injunction serves the public interest.

For the foregoing reasons, I shall grant plaintiffs’ Motion (ECF 110). A Preliminary Injunction shall issue.

VIII. Bond

Fed. R. Civ. P. 65(c) states, in relevant part: “The court may issue a preliminary injunction ․ only if the movant gives security in an amount that the court considers proper to pay the costs and damages sustained by any party found to have been wrongfully enjoined ․” The purpose of this Rule is “to provide a mechanism for reimbursing an enjoined party for harm it suffers as a result of an improvidently issued injunction ․” Hoechst Diafoil Co., 174 F.3d at 421. A “district court retains the discretion to set the bond amount as it sees fit or waive the security requirement.” Pashby, 709 F.3d at 332, abrogated on other grounds, as recognized by Stinnie v. Holcomb, 37 F.4th 977, 981 (4th Cir. 2022); see Hoechst Diafoil Co., 174 F.3d at 421 n.3; Maryland Dep't of Hum. Res. v. U.S. Dep't of Agric., 976 F.2d 1462, 1483 (4th Cir. 1992); Maryland, et al. v. United States Dep't of Agriculture, et al., 2025 WL 800216, at *26. The amount “ordinarily depends on the gravity of the potential harm to the enjoined party ․” Hoechst Diafoil Co., 174 F.3d at 421 n.3.

Plaintiffs ask the Court to “exercise its discretion to waive or set at $0 the security requirement ․ because Defendants will face no monetary injury from any relief ordered by the Court.” ECF 110-1 at 33 n.36. Defendants’ Opposition is silent on the security requirement. During the P.I. Motion hearing, however, the government requested that the Court “impose a significant bond to take into account the considerable effects that an Injunction would have on the agency's day-to-day operations and the hindrance toward the agency's policy priorities.” ECF 143 at 76.

I conclude that a nominal bond is appropriate, and plaintiffs have already paid a bond of $250 each, for a total of $750. ECF 53, ECF 54, ECF 55. No additional bond is required.

IX. Stay Pending Appeal

In its brief, the government did not request a stay pending appeal in the event of an adverse ruling. But, at the P.I. Motion hearing, it made an oral request for a stay pending appeal, in the event that they were unsuccessful. ECF 143 at 76. I ask defendants to submit a motion for stay, at their convenience. Plaintiffs may respond within forty-eight (48) hours.

ORDER

For the reasons set forth in the accompanying Memorandum Opinion, it is this 17th day of April 2025, by the United States District Court for the District of Maryland, ORDERED:

1.  Plaintiffs’ Motion for Preliminary Injunction (“PI Motion,” ECF 110) is GRANTED.

a. Pursuant to Rule 65 of the Federal Rules of Civil Procedure, and subject to the exception in ¶ 3 hereof, the United States Social Security Administration (“SSA”), Leland Dudek, and Michael Russo and/or his successor (collectively, “SSA Defendants”), and any and all of their agents and employees, and any person working in concert with them, directly or indirectly, are ENJOINED and RESTRAINED from granting access to any SSA system of record containing personally identifiable information (“PII”), as defined in paragraph 9 hereof, or PII obtained, derived, copied, or exposed from any SSA system of record, including, but not limited to, records known as the Enterprise Data Warehouse (“EDW”), Numident, Master Beneficiary Record (“MBR”), Supplemental Security Record (“SSR”), and Treasury Payment Files, to the Department of Government Efficiency (“DOGE”); the United States DOGE Service; the United States DOGE Service Temporary Organization; members of the DOGE Team established at the Social Security Administration, as defined in ¶ 11(a); Elon Musk; Amy Gleason; and/or any DOGE Affiliate(s), as defined in ¶ 11(b);

b. U.S. DOGE Service, U.S. DOGE Service Temporary Organization, Elon Musk, and Amy Gleason (collectively, “DOGE Defendants”), as well as all SSA DOGE Team members and DOGE Affiliates, shall disgorge and delete all non-anonymized PII data in their possession or under their control, provided from or obtained, directly or indirectly, from any SSA system of record to which they have or have had access, directly or indirectly, since January 20, 2025;

c. All DOGE Defendants, as well as all SSA DOGE Team members and DOGE Affiliates, are ENJOINED and RESTRAINED from installing any software on SSA devices, information systems, or systems of record, and shall remove any software that they previously installed since January 20, 2025, or which has been installed on their behalf;

d. All DOGE Defendants, as well as all SSA DOGE Team members and DOGE Affiliates, are ENJOINED and RESTRAINED from accessing, altering, or disclosing any SSA computer or software code.

2.  This Order does not preclude SSA from providing members of the DOGE Team with access to redacted or anonymized data and records of SSA. However, no data shall be provided unless and until the persons to whom access is to be provided have received all training that is typically required of individuals granted access to SSA data systems, including training regarding federal laws, regulations, and policies governing the privacy of PII; a background investigation is completed, comparable to the quality of background investigation conducted for SSA employees whose duties involve access to PII; detailing agreements are completed for any individual who is assigned to the DOGE Team from another agency; and all required Agency paperwork is completed, including execution of the SSA documents acknowledging the Systems Sanctions Policy and the duty to protect PII.

3.  SSA may provide members of the DOGE Team with access to discrete, particularized, and non-anonymized data, in accordance with the Privacy Act, and in accordance with the conditions set forth herein: SSA must first comply with the provisions in ¶ 2 of this Order and, in addition, SSA must first obtain from the DOGE Team member, in writing, and subject to possible review by the Court, a detailed explanation as to the need for the record and why, for said particular and discrete record, an anonymized or redacted record is not suitable for the specified use. The general and conclusory explanation that the information is needed to search for fraud or waste is not sufficient to establish need.

4.  On or before 5:00 p.m. on April 23, 2025, Defendants SHALL FILE a Status Report documenting the actions that they have taken to comply with this Order, and certifying the following:

a. That no DOGE Defendant, DOGE Team member, or DOGE Affiliate shall be provided with access to any SSA systems, whether or not anonymized, unless and until these persons have been provided with all training that is typically required of individuals granted access to the SSA data systems, including training regarding federal laws, regulations, and policies governing the privacy of personally identifiable information;

b. That no DOGE Defendant, DOGE Team member, or DOGE Affiliate shall have access to any SSA system of records, whether or not anonymized, unless and until a background investigation is completed, comparable to the quality of investigation for SSA employees whose duties involve access to PII, and that all required Agency paperwork is completed, including execution of the SSA documents acknowledging the Systems Sanctions Policy and the duty to protect PII;

c. As to individuals detailed to SSA from another agency, only DOGE Team members whose detail agreements are complete shall have access to any SSA records;

d. An explanation of why each DOGE Defendant, DOGE Team member, and/or DOGE Affiliate is in need of non-anonymized access to the PII in each SSA data system to which access is sought.

5.  The Court may require further Status Reports, which may, in turn, require the SSA Defendants and the DOGE Defendants to provide further detail as to their compliance activities. The Court may also enter further orders as necessary to ensure compliance with this Order.

6.  This Order applies to SSA at every and any place where record systems are located, maintained, accessed, or available.

7.  To avoid confusion or doubt, this Order expressly applies only to SSA employees working on the DOGE agenda. Employees of SSA who are not involved with the DOGE Team or otherwise involved in the work of the DOGE Team are not subject to the Order. Therefore, this Order has no bearing on the ordinary operations of SSA.

8.  The request to provide access to four DOGE Team members, as outlined in ECF 62, is DENIED, as moot.

9.  The TRO issued on March 20, 2025 (ECF 48), and extended by the Court's Order of March 27, 2025 (ECF 69), is VACATED and superseded by this Order.

10. Counsel shall meet and confer to discuss whether the government intends to file a notice of appeal or whether the Court should enter a scheduling order. The parties shall file a joint status report on these matters by 5:00 p.m. on April 29, 2025.

11. For purposes of this Order, the following definitions apply:

a. As used herein, the term “DOGE Team” refers to any person assigned to SSA to fulfill the DOGE agenda, including Executive Order 14,158. Because the members of the DOGE Team and the number of people on the DOGE Team may change, the Court has not referenced individuals by employee number.

b. “DOGE Affiliate” shall mean any employee, agent, officer, contractor, special government employee, or consultant employed by or affiliated in any way with the Department of Government Efficiency, the United States DOGE Service, the United States DOGE Service Temporary Organization, members of the DOGE Team established at the Social Security Administration; any SSA employee, contractor, special government employee, or consultant working on or implementing the DOGE agenda; anyone who has been granted access by SSA to SSA records for the purpose of implementing the DOGE agenda with respect to SSA; and any persons working, directly or indirectly, in concert with any of the above individuals;

c. “Personally identifiable information” or “PII” shall mean “information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual,” and shall include, inter alia, Social Security numbers; medical records; mental health records; medical provider information; medical and mental health treatment records; employer and employee payment records; employee earnings; addresses; bank records; tax information; family court and related records.

FOOTNOTES

1.   At the outset of the case, SSA sought to provide records access to ten people. But, the number has since increased to eleven. The government has concealed the identity of these individuals because of concern that the disclosure of their names would expose the individuals to harassment and thus invade their privacy. See ECF 36-1 (Russo Declaration), ¶ 4.At a hearing on April 4, 2025, defense counsel agreed to ask the DOGE affiliates if they would consent to disclosure of their identities. Only two have agreed to disclosure: Antonio Gracias (Employee 4) and Aram Moghaddassi (Employee 7). ECF 134. Therefore, with the exception of Gracias and Moghaddassi, I shall refer to the DOGE Team members by the employee numbers assigned to them by the government in submissions to the Court. However, where affiants or news articles have used specific names, I will do the same. This does not mean that the individuals are necessarily DOGE personnel, however.

2.   With the exception of the Table of Contents, the Court cites to the electronic pagination. However, the electronic pagination does not always correspond to the document's native numbering.

3.   Subject matter jurisdiction is founded on 28 U.S.C. § 1331 because this action arises under federal law. ECF 17, ¶ 14.

4.   Several cases have been filed throughout the country asserting similar allegations with respect to disclosure of confidential information by other federal agencies. See, e.g., American Federation of Labor and Congress of Industrial Organizations v. Dep't of Labor, No. 25-339 (JDB), 2025 WL 1129227 (D.D.C. Apr. 16, 2025), at *21 (denying motion to dismiss, except for standalone Privacy Act violation, because the cause of action does not extend to organizations); American Fed'n of Gov't Employees v. U.S. Office of Personnel Mgmt., 25cv1237 (DLC), 2025 WL 996542 (S.D.N.Y. Apr. 3, 2025) (denying motion to dismiss APA claims and granting dismissal of injunctive relief claims under the Privacy Act, “except insofar as they are a predicate to” claims under the Administrative Procedure Act); American Federation of Teachers, at al. v. Bessent, et al., DLB-25-0430, 2025 WL 895326 (D. Md. Mar. 24, 2025) (granting preliminary injunction against U.S. Department of Education, and Denise L. Carter, Acting Secretary of Education, as well as against the Office of Personnel Management and its Acting Director, Charles Ezell), but see American Federation of Teachers, et al. v. Bessent, et al., No. 25-1282, 2025 WL 1023638, at *1 (4th Cir. Apr. 7, 2025) (granting stay pending appeal); Electronic Privacy Information Center, et al. v. U.S. Office of Personal Management, et al., 25-RDA-255, 2025 WL 580596 (E.D. Va. Feb. 21, 2025) (denying preliminary injunction because plaintiffs failed to show irreparable harm); New York, et al. v. Trump, et al., 25-JAV-1144, 2025 WL 573771 (S.D.N.Y. Feb. 21, 2025) (granting preliminary injunction against U.S. Department of the Treasury and Scott Bessent, the Secretary of the Treasury); New Mexico, et al. v. Musk, et al., 25-TSC-429, 2025 WL 520583 (D.D.C. Feb. 18, 2025) (denying TRO because plaintiffs did not show irreparable harm); Univ. of California Student Ass'n v. Carter, 25-RDM-354, ––– F. Supp. 3d ––––, 2025 WL 542586 (D.D.C. Feb. 17, 2025) (denying TRO because plaintiffs did not show irreparable harm); Am. Fed'n of Lab. & Cong. of Indus. Organizations, et al. v. Dep't of Lab., et al., 25-JDB-0339, 2025 WL 542825, at *5 (D.D.C. Feb. 14, 2025) (denying TRO because plaintiffs did not show that they were highly likely to succeed on the merits).

5.   According to plaintiffs, Michael Russo has been replaced as CIO. ECF 110-1 at 4 n.3. News reports indicate that Scott Coulter is his successor. Hannah Natanson & Lisa Rein, Inside DOGE's Push to Defy a Court Order and Access Social Security Data, Wash. Post (Apr. 15, 2025), https://perma.cc/A343-RDKD; Alexandra Berzon, et al., Pushing ‘Self-Deportation,’ White House Moves to Cut Migrants’ Social Security, N.Y. Times (Apr. 10, 2025), https://perma.cc/H67G-6L2M. But, plaintiffs have not named a substitute for Mr. Russo. See Fed. R. Civ. P. 25(d).

6.   I am also mindful that on April 9, 2025, a divided panel of the Fourth Circuit granted a stay pending appeal in Maryland, et al. v. U.S. Department of Agriculture, et al., JKB-25-748, 2025 WL 973159 (D. Md. Apr. 1, 2025), involving a suit brought by nineteen states challenging the termination of federal probationary employees. There, the panel majority concluded that the government “is likely to succeed in showing the district court lacked jurisdiction over Plaintiffs’ claims, and the Government is unlikely to recover the funds disbursed to reinstated probationary employees.” Maryland v. United States Dep't of Agric., No. 25-1248, 2025 WL 1073657, at *1 (4th Cir. Apr. 9, 2025).

7.   Neither the TRO Motion nor the preliminary injunction motion addresses the Appointments Clause claim in Count VII.

8.   The transcript of the P.I. Motion hearing was docketed on the afternoon of April 16, 2025. See ECF 143. In the time available, I have done my best to cite to the transcript, where appropriate. But, due to the compressed timeline, requiring a ruling by April 17, 2025, I have not included every useful citation to the transcript.

9.   Referring to defendant Musk, plaintiffs assert: “Never before has an industry mogul with countless conflicts of interest—not to mention an undefined role in the administration—sought and gained access to protected, private data on nearly every person in the country.” ECF 17, ¶ 11.

10.   The United States Digital Service was a technology unit established in 2014 with Congressional appropriations, and housed within the Executive Office of the President.

11.   The distinctions between DOGE and USDS are not entirely clear. But, for the purpose of this Memorandum Opinion, the terms are largely interchangeable.

12.   The Executive Order defines “Agency Head” as “the highest-ranking official of an agency, such as the Secretary, Administrator, Chairman, or Director, unless otherwise specified in this order.” Exec. Order. No. 14,158, § 2(b).

13.   A Special Government Employee is a temporary “officer or employee” who is “retained, designated, appointed, or employed to perform, with or without compensation ․ temporary duties either on a full-time or intermittent basis” for up to 130 days in any 365-day period. 18 U.S.C. § 202(a). They are exempt from some of the ethics rules to which most federal employees are subject. See 18 U.S.C. §§ 203, 205, 207–209.

14.   Plaintiffs provided the permalink for all “X” posts.

15.   Various news articles have identified some of the DOGE Team members. See, e.g., Berzon, supra, https://perma.cc/H67G-6L2M.

16.   Felix-Lawson repeats some of the information in the Russo Declaration. Compare, e.g., ECF 36-1, ¶¶ 4, 7 with ECF 36-2, ¶¶ 4, 7.

17.   Russo asserts that Employee 1 was granted access to certain SSA data on February 12, 2025. ECF 36-1, ¶ 7(a). Employee 1 is a SSA special government employee. Id. ¶ 7; ECF 36-2, ¶ 5. Yet, according to Felix-Lawson, Employee 1 was not appointed until February 13, 2025. ECF 36-2, ¶ 5. Although the initial disclosure to Employee 1 consisted of anonymized data, it appears that the data was disclosed to Employee 1 before he/she was an SSA employee.

18.   At the hearing on the P.I. Motion, the government suggested that, to resolve the Motion, the Court must look to the Administrative Record, not Dudek's Declarations. ECF 143 at 53. But, as I discuss, infra, the Administrative Record is wholly inadequate to explain the need for access to the PII of countless Americans.

19.   Title II and Title XVI refer to the Social Security disability insurance program (title II of the Social Security Act) and the Supplemental Security Income (“SSI”) program (title XVI of the Act). See Soc. Sec. Admin., Disability Evaluation Under Social Security, https://perma.cc/CTM5-GLXC.

20.   In Students for Fair Admissions, Inc., 600 U.S. at 199, 143 S.Ct. 2141, the Supreme Court referred to this form of standing as “organizational” standing. It seems, however, that this doctrine is typically called “associational” standing. See, e.g., United Food & Com. Workers Union Loc. 751 v. Brown Grp., Inc., 517 U.S. 544, 552, 116 S.Ct. 1529, 134 L.Ed.2d 758 (1996); see also, e.g., Food and Drug Admin., 602 U.S. at 398–404, 144 S.Ct. 1540 (Thomas, J., concurring) (repeatedly referring to the doctrine as “associational standing”); Thole v. U.S. Bank N.A, 590 U.S. 538, 565, 140 S.Ct. 1615, 207 L.Ed.2d 85 (2020) (Sotomayor, J., dissenting) (referring to the doctrine as “associational standing”); see also People for Ethical Treatment of Animals, Inc. v. Tri-State Zoological Park of W. Maryland, Inc., 843 F. App'x 493, 495 (4th Cir. 2021); Wright & Miller, Federal Practice and Procedure, Organizational and Associational Standing, § 8345 (2d ed.) (June 2024 update). Therefore, when referring to a suit filed by an organization on behalf of its members, I shall refer to the form of standing as “associational” standing.

21.   The Supreme Court recently stayed a preliminary injunction pending appeal in Am. Fed'n of Gov't Emps., AFL-CIO v. United States Off. of Pers. Mgmt., WHA-25-01780, 2025 WL 820782 (N.D. Cal. Mar. 14, 2025). The case concerns certain federal probationary employees whose employment had been terminated. The Ninth Circuit denied the government's request for stay pending appeal. Am. Fed'n of Gov't Emps., AFL-CIO v. United States Off. of Pers. Mgmt., 2025 WL 835337 (9th Cir. Mar. 17, 2025) (denying request for administrative stay); id., 2025 WL 914823 (9th Cir. Mar. 26, 2025) (denying motion for stay pending appeal). In reversing, the Supreme Court said: “The District Court's injunction was based solely on the allegations of the nine non-profit-organization plaintiffs in this case. But under established law, those allegations are presently insufficient to support the organizations’ standing.” OPM v. AFGE, No. 24A904, ––– U.S. ––––, ––– S.Ct. ––––, ––– L.Ed.2d ––––, 2025 WL 1035208, at *1 (U.S. Apr. 8, 2025). Because that language is the extent of the Court's analysis on the issue, I cannot determine if the ruling is relevant here.

22.   “Reputational harm can be a concrete injury, but only if the misleading information was brought to the attention of a third party who understood its defamatory significance.” Fernandez, 116 F.4th at 292.

23.   Defendants dispute causation in the context of the alleged injury in fact of an increased risk of identity theft. ECF 113 at 14. In ECF 49, I rejected the claim of standing on this basis.

24.   Similarly, the panel opinion of the Fourth Circuit in Bessent is unreported. But, of course, I must consider it.

25.   Plaintiffs argued in their TRO Motion that their members faced two additional injuries in fact: (1) “exposure to an increased and non-speculative risk of identity theft”; and (2) “an increased likelihood of disruption of benefit payments.” ECF 39 at 3. I rejected these arguments. See ECF 49 at 68–70. Understandably, plaintiffs have abandoned the second theory and only mention the first theory in passing in the Reply. See ECF 110-1 at 10–13; ECF 122 at 2–4. To the extent relevant, I incorporate here my discussion in the TRO opinion pertaining to these alleged injuries in fact. ECF 49 at 68–70.

26.   The Fourth Circuit has cited to this law review article. See, e.g., Garey, 35 F.4th at 922.

27.   The Fourth Circuit has cited to this law review article. See, e.g., Bessent, 2025 WL 1023638, at *5; Garey, 35 F.4th at 922.

28.   To my knowledge, such assertions are absent in the district court's opinion in Bessent.

29.   The Garey Court determined that the group of plaintiffs seeking injunctive relief did not have standing because there was no evidence they were subject to imminent or certainly impending harm. Garey, 35 F.4th at 923. Pertinent here, the Court observed that a plaintiff can meet “ ‘the injury-in-fact requirement for prospective relief’ either by demonstrating ‘a sufficiently imminent injury in fact’ or by demonstrating ‘an ongoing injury’ ․” Id. at 922 (quoting, inter alia, Deal, 911 F.3d at 189). And, the Court agreed with the district court that plaintiffs did not show that they were “ ‘subject to any imminent harm.’ ” Id. at 922. This was because the plaintiffs “narrowed their case” to the unlawful “obtaining” of protected information, rather than using or disclosing. Id. at 923. But, the “obtaining of [plaintiffs’] personal information [was] a fait accompli,” so there was no “ongoing or imminent injury.” Id. The Court added that the “mere possibility” of a “future ‘obtaining’ violation cannot support injunctive relief. Id.; see City of Los Angeles v. Lyons, 461 U.S. 95, 103, 103 S.Ct. 1660, 75 L.Ed.2d 675 (1983) (stating that “past wrongs do not in themselves amount to that real and immediate threat of injury” needed for prospective relief).Here, plaintiffs have alleged an ongoing injury. See ECF 17, ¶¶ 2, 94, 97. This is not a “one and done” situation. Every improper exposure is an invasion of privacy. In the absence of an injunction, it is substantially likely that DOGE personnel will continue to seek and obtain access to SSA's systems of record. So, the threat of an imminent injury, in the absence of an injunction, distinguishes this case from Garey. See Food and Drug Admin., 602 U.S. at 381, 144 S.Ct. 1540 (explaining that “the injury must have already occurred or be likely to occur soon.”).

30.   Plaintiffs alerted the Court just before 10:00 p.m. on April 16, 2025, while I was working on this Memorandum Opinion.

31.   The AFL-CIO Court had previously denied two TRO motions. See AFL-CIO, 2025 WL 543938, at *5 (D.D.C. Feb. 7, 2025); AFL-CIO, 2025 WL 542825, at *5 (D.D.C. Feb. 14, 2025).

32.   The court “also recognized that the tort of ‘breach of confidence’ can serve as a common-law analogue for a harm inflicted by a statutory violation.” AFL-CIO, 2025 WL 1129227, at *9 (quoting Jefferies v. Volume Servs. Am., Inc., 928 F.3d 1059, 1064 (D.C. Cir. 2019)). That tort “ ‘lies where a person offers private information to a third party in confidence and the third party reveals that information to another.’ ” AFL-CIO, 2025 WL 1129227, at *9 (citation omitted). “Nothing beyond the ‘plaintiff's trust in the breaching party [being] violated’ must occur for the harm to be actionable. The trusted party's disclosure to a third party is sufficient.” Id. (citation omitted; alteration in AFL-CIO). Judge Bates determined that the plaintiffs “allege their members are suffering precisely that harm.” Id. “This common law analogue,” the court said, “is more like a common law twin.” Id. But, no such claim has been lodged here.

33.   Nevertheless, the court declined to issue a preliminary injunction, based on a lack of irreparable harm. Alliance for Retired Americans, 2025 WL 740401, at *24.

34.   Recently, Judge Vargas allowed one member of the DOGE Team to access Treasury systems of record, provided that he complies with certain conditions. New York v. Trump, JAV-25-1144, 2025 WL 1095147, at *12 (S.D.N.Y. Apr. 11, 2025).

35.   The government argued in its TRO Opposition that the alleged injuries of plaintiffs’ members are not comparable to the harm associated with intrusion upon seclusion because the PII has been shared only with other government employees, and not the public. ECF 36 at 13.

36.   In TransUnion the Supreme Court stated, in dicta: “Many American courts did not traditionally recognize intra-company disclosures as actionable publications for purposes of the tort of defamation.” TransUnion LLC, 594 U.S. at 434, 141 S.Ct. 2190. But, the Supreme Court was discussing the tort of “defamation,” not intrusion upon seclusion. Id. at 434, 141 S.Ct. 2190. And, as Prosser has observed, defamation and intrusion upon seclusion “have almost nothing in common ․” Prosser, supra, 48 Cal. L. Rev. at 389.

37.   Under 42 U.S.C. § 1320d-6(a), Congress provides for criminal enforcement of HIPPA violations. One who unlawfully “obtains individually identifiable health information relating to an individual” or “discloses individually identifiable health information to another person” is subject to prosecution. 42 U.S.C. § 1320d-6(a). For purposes of the statute, a person is considered to have “obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPPA privacy regulation described in section 1320d-9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.” Id.

38.   As I was working on the TRO Opinion, the news reported that the SSNs of some 200 people were included in the release of files concerning the death of President John F. Kennedy. See William Wan, et al., Social Security Numbers and Other Private Information Unmasked in JFK Files, Wash. Post (Mar. 19, 2025), https://perma.cc/C4VG-PY9F. The reaction to the disclosure is telling, and underscores the expectation of privacy associated with SSNs. “It's absolutely outrageous,” said former Trump campaign lawyer Joseph diGenova, whose information was disclosed. Id. Mary Ellen Callahan, former Chief Privacy Officer at the Department of Homeland Security, aptly stated, id.: “Social Security is literally the keys to the kingdom to everybody. It's absolutely a Privacy Act violation.”Although access here was made to the DOGE Team, and not disseminated to the public at large, I mention the reaction to the disclosure of SSNs in regard to the Kennedy files is noteworthy, because it supports the conclusion that there is an expectation of privacy with respect to SSNs. And, the access to private information here includes far more than SSNs.

39.   Defense counsel recognized at the P.I. Motion hearing that the records in issue “are admittedly very private records ․” ECF 143 at 69. Nonetheless, he claimed that “there is no reasonable expectation that the agency will not be able to access those records for purposes of antifraud or for technology improvement.” Id.

40.   The government observes in its Opposition that plaintiffs have not pled an intrusion upon seclusion count in the Amended Complaint. ECF 113 at 13. That is irrelevant. See TransUnion, 594 U.S. at 424, 141 S.Ct. 2190 (stating that a plaintiff must “identify”—not plead—a common law analog).

41.   I express no opinion as to whether plaintiffs have standing to pursue their Appointments Clause claim. That issue has not been raised by either side.

42.   The requirement of final agency action applies to plaintiffs’ APA claims, but not to their ultra vires claim or Privacy Act claim in Count II. As Judge Bredar noted in Dep't of Agriculture, 2025 WL 800216, at *11 n.4, “the right of action for an ultra vires claim flows from the federal courts’ equity jurisdiction, not from the APA.”

43.   It would be difficult to characterize the arrival of the DOGE Team at SSA, pursuant to an Executive Order, as “day-to-day operations.”

44.   Doe submitted the Declaration under a pseudonym, for fear of retaliation. ECF 77-1, ¶ 2.

45.   The court had previously determined that the plaintiff had standing because it had demonstrated “a substantial probability that the alleged disclosure policy will harm its concrete and particularized interest in retaining the confidentiality of protected information.” Venetian Casino Resort, L.L.C. v. E.E.O.C., 409 F.3d 359, 367 (D.C. Cir. 2005).

46.   In Bessent, 2025 WL 1023638, Judge Richardson addressed the factors that a court must consider in granting injunctive relief. Id. at *4 (citing Winter, 555 U.S. at 20, 129 S.Ct. 365). And, he stated that plaintiffs “had to show their likelihood of success was not just high but extremely high ․” Id. at *4 (emphasis in original). But, no authority is cited for that proposition, and this Court is unfamiliar with that burden. In Winter, for example, the Supreme Court merely stated that a plaintiff must show “that [they are] likely to succeed on the merits” and “likely to suffer irreparable harm in the absence of preliminary relief ․” Winter, 555 U.S. at 20, 129 S.Ct. 365 (emphasis added).

49.   At the P.I. Motion hearing, the government argued that, under the Economy Act of 1934, DOGE is not an agency. ECF 143 at 34. And, for the first time, the government argued that DOGE is an “instrumentality” of the Executive Branch because it is “a component of EOP.” Id. But, the government cited no cases to support the assertion.The government acknowledged that its claim that DOGE is not an agency has not met with success in any court. ECF 143 at 35. Curiously, as recently as yesterday, Judge Bates observed that in his case the government does not contest that DOGE is an agency for purposes of judicial review or APA review. AFL-CIO, 2025 WL 1129227, at *22 n.19. The position of the government here appears to be inconsistent.In any event, I addressed the government's agency contention in ECF 49, and rejected the claim. ECF 49 at 112–14. I renew that ruling, for the reasons previously stated.

50.   Special Government Employees are exempt from some of the ethics rules that apply to most federal employees. See 18 U.S.C. §§ 203, 205, 207–209.

51.   The prior Memorandum Opinion (ECF 49) references only ten employees. Id. at 115–18. The Court learned of the eleventh member of the DOGE Team after it issued the TRO on March 20, 2025.

52.   As noted, on April 11, 2025, I asked for Acting Commissioner Dudek to attend the P.I. Motion hearing on April 25, 2025. ECF 127. I told counsel that his testimony at the hearing “may be helpful as to the various SSA projects that Mr. Dudek has referenced in his declarations, and for which he claims the DOGE Team requires access to PII.” Id. at 2.When Mr. Dudek participated in the telephone hearing on March 27, 2025, there was no time to carefully review the government's submission that prompted the need for the hearing. In making my request, I was also mindful of Judge Agee's comment regarding “relevant evidence,” mentioned earlier. See ECF 83 at 3. But, as is the government's right, the government chose to “stand on the record in its current form.” ECF 138. The result, however, is that the clarification has not been provided. I made that point at the hearing. See, e.g., ECF 143 at 19.

53.   The “Analysis” section of the decision memorandum is redacted and unavailable for my review. ECF 86-2 at 6–8.

54.   In Dudek's Declaration of March 26, 2025 (ECF 60-1), he states: “The SSA DOGE team partners with SSA's anti-fraud offices to address fraud costing taxpayers and Social Security beneficiaries up to $521 billion annually,” citing the Government Accountability Office (“GAO”). Id. ¶ 4; see also id. at 2 n.1. The statement appears to be inaccurate.Notably, the report from the GAO reflects that the entire federal government, not SSA alone, “loses between $233 billion and $521 billion annually to fraud, according to GAO's government-wide estimates based on data from fiscal years 2018 through 2022.” Government Accountability Office, Fraud & Improper Payments, https://www.gao.gov/fraud-improper-payments (last visited Apr. 14, 2025). Moreover, SSA does not even appear on the chart illustrating the government programs with the largest percentage of government-wide improper payment estimates for fiscal year 2024.

55.   Plaintiffs also argue that their members are “irreparably harmed by the now-increased risk that their information is more easily accessible by bad actors.[ ]” ECF 110-1 at 29–31. The Court understands plaintiffs’ concerns, but that risk is too speculative to constitute irreparable harm. See ECF 49 at 68–70.

Ellen Lipton Hollander, United States District Judge