Learn About the Law
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
NEW YORK, et al., Plaintiffs, v. Donald TRUMP, et al., Defendants.
OPINION AND ORDER
Nineteen states (collectively, the “States” or “Plaintiffs”) have brought this suit pursuant to, inter alia, the Administrative Procedure Act (“APA”), 5 U.S.C. §§ 551 et seq., challenging the access to the payment systems of the Bureau of Fiscal Services (“BFS”) provided to members of the Department of Government Efficiency (“DOGE”) team established at the U.S. Department of Treasury (“Treasury DOGE Team”). Plaintiffs claim that this access violated, inter alia, the Privacy Act, 5 U.S.C. § 552a, and section 208 of the E-Government Act of 2002, 44 U.S.C. §§ 101 et seq. Plaintiffs also contend that Defendants’ actions were arbitrary and capricious. On February 21, 2025, this Court granted Plaintiffs’ motion for a preliminary injunction. ECF No. 76 (“PI Order”). The PI Order enjoined Defendants from providing members of the Treasury DOGE Team access to the BFS payment systems. In doing so, the Court held that Plaintiffs had established a likelihood of success with respect to their claim that Defendants’ actions were arbitrary and capricious. In contrast, the Court determined that Plaintiffs were unlikely to succeed on the merits of their statutory APA claims, as they could not satisfy the zone of interests test.
Currently pending before the Court are Defendants’ motion to partially dissolve the preliminary injunction to allow a new member of the Treasury DOGE Team to access BFS payment systems and Plaintiffs’ motion to reconsider the portions of the PI Order that held that the States were unlikely to succeed on their Privacy Act and E-Government Act claims.
For the reasons stated herein, the Court DENIES Plaintiffs’ motion for reconsideration and GRANTS Defendants’ motion to partially dissolve the preliminary injunction.
BACKGROUND
Familiarity with the Court's PI Order is presumed. As relevant here, on January 20, 2025, President Donald Trump issued Executive Order 14,158, Establishing and Implementing the President's “Department of Government Efficiency” (the “E.O.”). Exec. Order No. 14,158, 90 Fed. Reg. 8441 (Jan. 29, 2025). The E.O. established DOGE, with the stated purpose of “implement[ing] the President's DOGE Agenda, by modernizing Federal technology and software to maximize governmental efficiency and productivity.” E.O. § 1. The E.O. also created the United States DOGE Service (“USDS”) within the Executive Office of the President. Id. § 3(a). The E.O. calls for the creation of DOGE Teams within each executive agency. Id. § 3(c). Agency Heads are required to consult with the USDS Administrator in selecting the members of the DOGE Team. Id. Additionally, Agency Heads are required to coordinate their work with USDS, and DOGE Team Leads are to “advise their respective Agency Heads on implementing the President's DOGE Agenda.” Id.
On January 23, 2025, a DOGE Team was formed at the Treasury Department. PI Order at 7. Thomas H. Krause, Jr. was appointed as the DOGE Team Lead and Marko Elez was the Treasury DOGE Team's technical specialist. Id.
Upon the DOGE Team's arrival at the Treasury Department, its members sought access to the BFS payment systems, including its source code, applications, and databases. Id. at 11. The BFS is an operational bureau within the Treasury Department that oversees the federal government's accounting, central payment systems, and public debt, and functions as the central payment clearinghouse for all payments to and from federal agencies. Id. at 3. Its payment systems utilize payment files that contain confidential personally identifiable information, including Social Security and bank account numbers. Id. at 4. The Treasury DOGE Team ostensibly sought access to the payment systems in order “to identify data gaps that could make the systems work more efficiently,” and “identify opportunities to advance payment integrity and fraud reduction goals.” Id. at 11 (quoting ECF No. 32 ¶ 6). BFS developed an “engagement plan” pursuant to which the Treasury DOGE Team would be provided such access, subject to certain mitigation efforts. Id.
The States are each recipients of significant amounts of federal funds, which are processed through BFS. Id. at 16. In order to receive funds through BFS payment systems, the States provide the Treasury Department with their wiring and bank account information. Id. Additionally, the sensitive, confidential information of State residents, including social security numbers, bank account information, and federal tax return information, is also contained in the BFS payment systems. Id.
In seeking a preliminary injunction, the States alleged that the Treasury Department had violated federal law by permitting the Treasury DOGE Team to access data in the BFS payment systems. Id. They pointed to potential security risks, including the possibility of cyber attacks and identity theft. Id. at 17. In their Complaint, the States also raised concerns that this new policy had been implemented as a mechanism to block payments to States that they were entitled to under federal law. Id. at 17; see also ECF No. 1 ¶¶ 15, 141, 174, 189.
The Court granted the motion for a preliminary injunction. The Court held that Plaintiffs had standing because they had adequately alleged that, by granting the Treasury DOGE Team access to the BFS payment systems under the engagement plan, Defendants had created a realistic danger of future unauthorized disclosures of the States’ financial information. Id. at 27-30. The Court further held that Plaintiffs were more likely than not to prevail on their claim that the Treasury Department had “acted arbitrarily and capriciously by failing to adequately consider the numerous privacy and security problems associated with the Engagement Plan.” Id. at 33. Noting that the “inexplicable urgency and time constraints under which [BFS staff] operated all but ensured that the launch of the Treasury DOGE Team was chaotic and haphazard,” the Court found that the Treasury DOGE Team should have been appointed, onboarded, trained, and provided with access to the BFS payment systems “in a measured, reasonable, and thoughtful way.” Id. at 50, 52.
The Court further held that Plaintiffs had sufficiently demonstrated a “substantial risk of future harm where the data access protocols in place do not satisfactorily vet the employees with access and rigorously train them in data security measures.” Id. at 59 (quotation marks omitted). Deciding that the balance of equities and the public interest in preventing the “catastrophic” consequences of a possible cybersecurity breach weighed in favor of a preliminary injunction, the Court granted the motion. Id. at 61.
While the Court held that Plaintiffs had established a likelihood of success on their arbitrary and capricious APA claim, the Court concluded that Plaintiffs were unlikely to succeed on their statutory APA claims. In particular, the Court held that there was a “clear disjunct between the harm alleged by the Plaintiffs—the disclosure of their own financial data—and the statutory violation that they assert under the Privacy Act” and the E-Government Act. Id. at 37. The Court noted that the Privacy Act and the E-Government Act were enacted to protect information regarding individuals, such as Personally Identifiable Information (“PII”); “the security of financial data belonging to states does not even arguably fall within the zone of interests that Congress intended to protect through the Privacy Act” or the E-Government Act. Id. at 36.
The Court ordered the Treasury Department to certify that the Treasury DOGE Team members had undergone the proper training to receive access to BFS payment systems, provide clarity about the vetting and security clearances process followed for members of the Treasury DOGE Team, explain the mitigation procedures in place to minimize disclosure risks from the expansion of data access to the Treasury DOGE Team, provide the legal authority pursuant to which each DOGE Team member was employed or detailed to the Treasury Department, and provide the reporting chains governing the DOGE Team members, USDS/DOGE, and Treasury Leadership. Id. at 63-64. The Court indicated that, upon receipt of such certifications, the Court would determine whether the Treasury Department had adequately redressed the violations of the APA found in its PI Order, so as to justify the termination or modification of the preliminary injunction.
PROCEDURAL HISTORY
On March 7, 2025, Plaintiffs filed a motion pursuant to Local Rule 6.3 asking the Court to reconsider its holding that they were unlikely to succeed on their APA claims based upon the Privacy Act of 1974 and the E-Government Act of 2002. ECF No. 106 (“Reconsideration Br.”) at 1. Plaintiffs argue that the Court overlooked statutory language and legislative history in determining that the States’ asserted harm did not fall within the zone of interest of either statute. Id.
On March 10, 2025, Defendants submitted a motion to partially dissolve the preliminary injunction in effect as to Ryan Wunderly, a member of the Treasury DOGE Team who was appointed on February 19, 2025, as Special Advisor for Information Technology and Modernization. ECF No. 112 (“Gov't Br.”) at 4. In support of their motion, Defendants submitted (1) two declarations from David Ambrose, BFS's Chief Security Officer/Chief Privacy Officer/Acting Chief Information Security Officer, ECF Nos. 116-1 (“First Ambrose Decl.”), 126 (“Second Ambrose Decl.”); (2) two declarations from Kari Mencl, Chief of Personnel Security in the Office of Security Programs in the Office of Intelligence and Analysis for the Department of the Treasury, ECF Nos. 98-4 (“First Mencl Decl.”), 121 (“Second Mencl Decl.”); (3) the Declaration of Daniel Katz, Chief of Staff of the Department of the Treasury, ECF No. 98-1 (“Katz Decl.”); (4) the Declaration of Joseph Gioeli III, Deputy Commissioner for Transformation and Modernization in BFS, ECF No. 98-2 (“Gioeli Decl.”); (5) the Declaration of Michael J. Wenzler, Associate Chief Human Capital Officer for Executive and Human Capital Services at the Departmental Offices of the Department of the Treasury, ECF No. 98-3 (“Wenzler Decl.”); (6) the Declaration of Nathaniel Reboja, the Assistant Commissioner for Information and Security Services and Chief Information Officer for BFS, ECF No. 116-2 (“Reboja Decl.”); (7) the Declaration of Vona S. Robinson, Deputy Assistant Commissioner for Federal Disbursement Services at BFS, ECF No. 122 (“Robinson Decl.”); (8) the Declaration of Mark Vetter, Deputy Assistant General Counsel (Ethics) at the Department of the Treasury and the Treasury's Designated Agency Ethics Official, ECF No. 123 (“Vetter Decl.”); (9) the Declaration of Janice Benjamin, Deputy Director in the Office of Human Resources at the Departmental Offices of the Department of the Treasury, ECF No. 124 (“Benjamin Decl.”); and (10) the Declaration of Sandra R. Paylor, Assistant Commissioner for Fiscal Accounting at BFS, ECF No. 125 (“Paylor Decl.”). Plaintiffs were granted the opportunity, on consent from Defendants, to submit a surreply brief to respond to the six supplemental declarations Defendants submitted on March 17, 2025.
Having considered the parties’ submissions, the Court now addresses both motions in this Opinion and Order.
LEGAL STANDARD
It is “black letter law” that a motion for reconsideration cannot “advance new facts, issues or arguments not previously presented to the Court, nor may it be used as a vehicle for relitigating issues already decided by the Court.” Davidson v. Scully, 172 F. Supp. 2d 458, 461 (S.D.N.Y. 2001) (citing Shrader v. CSX Transp. Inc., 70 F.3d 255, 257 (2d Cir. 1995)). The party seeking reconsideration “is not supposed to treat the court's initial decision as the opening of a dialogue in which that party may then use such a motion to advance new theories or adduce new evidence in response to the court's rulings.” Polsby v. St. Martin's Press, Inc., No. 97-cv-690 (MBM), 2000 WL 98057, at *1 (S.D.N.Y. Jan 18, 2000) (quotations and citations omitted); see also Analytical Surveys, Inc. v. Tonga Partners, L.P., 684 F.3d 36, 52 (2d Cir. 2012). Indeed, a motion for reconsideration “is an extraordinary remedy to be employed sparingly in the interests of finality and conservation of scarce judicial resources.” Drapkin v. Mafco Consol. Group, Inc., 818 F. Supp. 2d 678, 695 (S.D.N.Y. 2011) (citations and quotations omitted). “A request for reconsideration under Rule 6.3 must demonstrate controlling law or factual matters put before the Court in its decision on the underlying matter that the movant believes the Court overlooked and that might reasonably be expected to alter the conclusion reached by the court.” Anwar v. Fairfield Greenwich Ltd., 950 F. Supp. 2d 633, 637 (S.D.N.Y. 2013).
The Court has “sound discretion” to grant or deny a motion for reconsideration, Bennett v. Watson Wyatt & Co., 156 F. Supp. 2d 270, 271-72 (S.D.N.Y. 2001) (citation omitted), and such motions will “generally be denied unless the moving party can point to controlling decisions or data that the court overlooked,” Analytical Surveys, 684 F.3d at 52 (quoting Shrader, 70 F.3d at 257).
DISCUSSION
I. THE STATES’ MOTION FOR RECONSIDERATION OF THE PRELIMINARY INJUNCTION ORDER
The States ask that the Court revisit its holding that the States’ asserted harm does not fall within the zone of interests protected by the Privacy Act of 1974 and the E-Government Act of 2002. Reconsideration Br. at 1. They argue that the Court “overlooked” key aspects of the statutes and their legislative history in reaching its decision. Id. at 2-3. The Court declines to revisit its zone of interests holding, as Plaintiffs improperly seek to raise new arguments on a motion for reconsideration. Moreover, even were the Court to reconsider its decision, it would nonetheless deny the motion on the merits.
A. Plaintiffs Impermissibly Raise New Arguments
First, Plaintiffs ask the Court to “accord appropriate weight to the statutory language and legislative history” that purportedly demonstrate that “Congress intended to promote the States’ interests in Federal Records protecting their residents’ PII.” Id. at 1. Plaintiffs say that the Court “may have overlooked the legislative history, including [sections] 5 and 7” of the Privacy Act because the Court supposedly narrowed its examination to only section 3. Id. at 4. Plaintiffs then ask the Court to “compare under the zone-of-interests test the States’ interests in protecting its own financial information with the States’ interest in protecting Federal Records containing the PII of their residents collected under cooperative federalism programs.” Id. at 1.
Yet the Court did not “overlook” these supposedly relevant statutory provisions and legislative history. Rather, at no point did the States argue that sections 5 and 7 of the Privacy Act had any bearing on the Court's analysis. These provisions were mentioned nowhere in the States’ motion papers, nor referenced at the Preliminary Injunction Hearing. Nor did the States argue that either the Privacy Act or the E-Government Act evinced a congressional intent to confer upon States a role in protecting the integrity and security of federal records.
Plaintiffs concede that they failed to raise these arguments in support of their motion for a preliminary injunction. They suggest that they were not required to do so because “the issue of Congress’ intent when passing the Privacy Act and E-Government Act was not an ‘adversarial issue’ in contention since Defendants failed to challenge the presumption of prudential standing.” ECF No. 119 at 2. Yet the States bore the burden of proving a reasonable likelihood of success on the merits of their APA claims. See Moore v. Consol. Edison Co. of New York, 409 F.3d 506, 510 (2d Cir. 2005). This included showing that their claims fell within the zone of interests of the statutes on which their APA claims were based.
Indeed, it is clear that the States understood as much. In support of their preliminary injunction motion, Plaintiffs contended that they satisfied the zone of interests test under the Privacy Act because the statute protected the PII of individuals, and they were seeking to protect “from improper disclosure” the PII of state residents “entrusted to BFS.” ECF No. 51 at 10. They reiterated this point at the Preliminary Injunction Hearing, arguing that
under [t]he Zone of Interests Test, we can, indeed, rely on the PII of individual residents who reside within these states and whose information the states provide through portals to the Treasury in order to obtain certain types of funding like Medicaid, where the states are the conduit through which the funds are disbursed. So our argument is that we have prudential standing to raise a Privacy Act claim because we do, indeed, forward on, as the stewards and trustees of our residents, private information, including Social Security numbers and all sorts of other forms of PII that we then upload through these secure portals in order to obtain those types of fundings where the states are the conduit. So we do think that we satisfy that requirement and can, unlike for Article III standing, we can rely on the fact that access was granted to the PII of our residents.
ECF No. 68 (“Hearing Tr.”) 28:23-29:14.
Similarly, in their moving papers, the States argued that they fell within the “zone of interests” of section 208 of the E-Government Act, not because the statute protected a state interest in data integrity, but because the statute was intended to protect the personal information of individuals and the States “are required to include the Medicaid beneficiaries’ PII, along with confidential medical information, as part of the data uploaded to the BFS systems.” ECF No. 51 at 12-13.
A motion for reconsideration looks “only to already-considered issues; new arguments and issues are not to be considered.” Morales v. Quintiles Transnat'l Corp., 25 F. Supp. 2d 369, 372 (S.D.N.Y. 1998). Plaintiffs’ supposedly “new” theory, that the statutes evince a Congressional intent to protect the States’ interest in the “security and integrity” of federal records, is a forbidden “second bite at the apple.” Drapkin, 818 F. Supp. 2d at 696-97. It was Plaintiffs’ responsibility to raise these arguments in its prior briefing. They failed to do so. Accordingly, the Court denies Plaintiffs’ motion for reconsideration.
B. Plaintiffs’ Motion for Reconsideration Fails on the Merits
Although Plaintiffs did not meet the stringent standard for reconsideration of the PI Order, the Court holds, in the alternative, that even if it were to reconsider its prior decision, Plaintiffs’ arguments that their concern regarding the security of State financial data falls within the zone of interests of the Privacy Act or the E-Government Act are without merit.
1. Privacy Act of 1974
Plaintiffs submit that the Court, in focusing on Section 3 of the Privacy Act, overlooked other provisions of the statute, namely Sections 5 and 7, that “manifest Congress’ intent to promote the interests of state governments in safeguarding Federal records.” Reconsideration Br. at 4. Plaintiffs also point to a report by the Senate Committee on Government Operations on the bill that became the Privacy Act (“Senate Committee Report 93-1183”), that they claim supports their position. Id. at 4-5. This argument fails on a number of fronts.
In its PI Order, the Court concluded that the States’ asserted interest in the protection of its own financial data did not fall within the zone of interests of 5 U.S.C. § 552a, the specific statutory provision upon which the States’ APA claim is based. The States now argue that the Court erred in focusing solely on section 552a in assessing the relevant zone of interests, and did not properly place section 552a in the “overall context” of the statute. Reconsideration Br. at 3 (quoting Clarke v. Sec. Indus. A'ssn, 479 U.S. 388, 400-01, 107 S.Ct. 750, 93 L.Ed.2d 757 (1987)). But the Supreme Court has made clear that “the zone-of-interests test is to be determined not by reference to the overall purpose of the Act in question ․ but by reference to the particular provision of law upon which the plaintiff relies.” Bennett v. Spear, 520 U.S. 154, 175-76, 117 S.Ct. 1154, 137 L.Ed.2d 281 (1997) (emphasis added); see also Lujan v. Nat'l Wildlife Fed'n, 497 U.S. 871, 883, 110 S.Ct. 3177, 111 L.Ed.2d 695 (1990) (“[T]he plaintiff must establish that the injury he complains of ․ falls within the ‘zone of interests’ sought to be protected by the statutory provision whose violation forms the legal basis for his complaint.” (emphasis added)).
“It is appropriate to draw on the ‘overall context’ of a statute only when doing so is helpful to understand the meaning of the specific provisions at issue.” Moya v. United States Dep't of Homeland Sec., 975 F.3d 120, 131 n.7 (2d Cir. 2020). Sections 5 and 7 of the Privacy Act do little to add to the Court's understanding of section 552a. If anything, these provisions merely reinforce the Court's holding that the focus of the Privacy Act is the protection of information belonging to individuals, and not an abstract concern with the integrity of all data contained in federal record systems writ large.
Plaintiffs’ argument that the Privacy Act evinces a Congressional intent to confer upon states the authority to protect the integrity of federal records finds little support in the statutory language. There is nothing in the Act that grants any rights or protections to state governments or empowers state governments to take any action to protect data, let alone data in federal records.
Section 7 of the Act prohibits “any Federal, State or local government agency [from denying] to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number.” Pub. L. 93-579, § 7(a)(1). A prohibition on state government action hardly suggests that Congress intended state governments to have a role in protecting data found in federal records.
Section 5 of the Privacy Act created a “Privacy Protection Study Commission” for the purpose of conducting a study of “data banks, automated data processing programs and information systems of governmental, regional, and private organizations, in order to determine the standards and procedures in force for the protection of personal information, [and] recommend to the President and the Congress the extent, if any, to which the requirements and principles of [the Privacy Act] should be applied to the information practices of those organizations by legislation, administrative action, or voluntary adoption of such requirements and principles ․” Pub. L. 93-579, § 5(b), Dec. 31, 1974, 88 Stat. 1896 (as amended by Pub L. 95-38, June 1, 1977, 91 Stat. 179). The Commission, which finished its work in 1977 with the publication of its final report, Personal Privacy in an Information Society (July 12, 1977) (the “Commission Report”), available at https://www.ojp.gov/pdffiles1/Digitization/49602NCJRS.pdf, focused largely on “protections for personal privacy in the public sector,” id. at 1. Although one of the many topics that the Commission was directed to examine was the extent to which “governmental and private information systems affect Federal-State relations or the principle of separations of powers,” Pub. L. 93-579, § 5(C)(3)(B), this was largely in the context of determining the extent to which the federal government should impose requirements on state or local governments’ handling of information derived from federal records, as well as the division of responsibility between states and the federal government for protecting information. Commission Report at 487-95.
Senate Committee Report 93-1183 similarly does not add anything to the States’ argument. All the Report says is that the Privacy Act's protections were intended as a “complement” to state laws that protect personal privacy. S. Rep. No. 93-1183, at *6932 (1974). It is prudent for state and local governments to supplement federal efforts to protect individual data, including laws that regulate state records and private parties, but that does not suggest that section 552a was intended to confer upon states a role in the protection of data in federal record databases. Accordingly, this legislative history does not alter the Court's determination that Plaintiffs’ asserted harm does not fall within the zone of interests of the Privacy Act. See Power Authority of State of N.Y. v. Tug M/V Ellen S. Bouchard, 433 F. Supp. 3d 477, 480 (S.D.N.Y. 2019).
2. E-Government Act
For much of the same reasons, Plaintiffs’ asserted harm does not fall within the zone of interests of section 208 of the E-Government Act. Plaintiffs argue that the Court erred in focusing on section 208 of Title II of the E-Government Act and overlooking Title I of the statute, Reconsideration Br. at 7, but as stated supra at ––––, the zone of interests test requires this Court to assess the array of interests protected by the specific statutory provision alleged to have been violated. Section 208's purpose is clear. In the express language of the statute, “[t]he purpose of this section is to ensure sufficient protections for the privacy of personal information as agencies implement citizen-centered electronic Government.” Pub. L. 107-347, § 208(a), 116 Stat. 2899 (2002) (“E-Government Act”). An examination of Title I is therefore unnecessary to aid the Court's understanding of section 208. Moya, 975 F.3d at 131.
In contrast to section 208, Title I, which is codified at 44 U.S.C. § 3601 et seq., largely sets forth internal mechanisms for federal government policymakers to assess improvements to information technology across the federal government. It calls for the creation of an Office of Electronic Government within the Office of Management and Budget, 44 U.S.C. § 3602(a), establishes the Chief Information Officers Council as “the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, operation, sharing, and performance of Federal Government information resources,” id. § 3603(d), and allocates funding to promote the use of the technology, including the internet, within and across federal agencies, id. § 3604. This is consistent with the stated Congressional purposes in enacting this legislation, which included “provid[ing] effective leadership of Federal Government efforts to develop and promote electronic Government services and processes,” “promot[ing] use of the Internet and other information technologies to provide increased opportunities for citizen participation in Government,” “mak[ing] the Federal Government more transparent and accountable,” and “provid[ing] enhanced access to Government information and services in a manner consistent with laws regarding protection of personal privacy ․” Pub. L. 107-347, § 2.
Plaintiffs’ attempt to recast the E-Government Act as evincing a Congressional “intent that state and federal partnerships have a shared interest in protecting sensitive data systems,” Reconsideration Br. at 7, is devoid of support in the language of the statute. Section 2 of the Act, which sets forth Congress's statement of the purposes of the E-Government Act, nowhere mentions state governments. Pub. L. 107-347, § 2. And although Title I alludes to federal-state dialogue with respect to such things as determining “best practices and innovative approaches in acquiring, using, and managing information resources,” 44 U.S.C. § 3602(f)(9)(A), this is consistent with Congress's intent to “transform agency operations by utilizing, where appropriate, best practices from public and private sector organizations,” Pub. L. 107-347, § 2(a)(10). That the federal government sought input from states and local governments in its efforts to improve its information technology practices hardly suggests that Congress intended for the State's own information to be protected by section 208.
The references to state government in Title I are too insubstantial to show that the E-Government Act seeks to protect the interests, not just of individuals, but also of state governments. Accordingly, the States cannot establish that their interest in the integrity of federal records falls within the zone of interests protected by section 208 of the E-Government Act.
II. THE GOVERNMENT'S MOTION TO PARTIALLY DISSOLVE THE PRELIMINARY INJUNCTION
The decision whether to modify a preliminary injunction “involves an exercise of the same discretion that a court employs in an initial decision to grant or deny a preliminary injunction.” Weight Watchers Int'l, Inc. v. Luigino's, Inc., 423 F.3d 137, 141 (2d Cir. 2005). In its Preliminary Injunction Order, the Court invited the Government to promptly move to modify or terminate the preliminary injunction once Defendants had an opportunity to address and remediate the procedural concerns identified by the Court. The Court noted that, “in determining the appropriate scope of the injunction, the Court is mindful that the usual remedy in an APA case is to remand to the agency in order to provide it with an opportunity to cure the identified deficiency. Such a course is particularly appropriate where, as here, the issues identified by the Court largely have to do with the processes followed by the agency, and not with the substance of its decisions.” PI Order at 62.
A. The Government's Submissions Regarding Wunderly
Animating the Court's determination that the process surrounding the grant of access to the Treasury DOGE Team was problematically haphazard and chaotic were concerns regarding the training received by Treasury DOGE Team members; the lack of clarity regarding the vetting and security clearance process employed; the lack of clear reporting lines; the confusion regarding the hiring authorities relied upon by Defendants; and the insufficiency of the mitigation measures that were put into place. The Government's extensive submissions, set forth in 12 declarations spanning 54 pages, largely alleviate those concerns.
In opposing the motion, Plaintiffs argue that the Court should conduct a more searching inquiry into the Government's internal processes. But under the “narrow standard of review” applicable in a claim that an agency acted arbitrarily and capriciously, “a court is not to substitute its judgment for that of the agency.” FCC v. Fox Television Stations, Inc., 556 U.S. 502, 513, 129 S.Ct. 1800, 173 L.Ed.2d 738 (2009) (internal quotation marks omitted). The Court should assess only whether the agency's decisionmaking is reasonable, that is, whether “there has been a clear error of judgment.” Dep't of Homeland Sec. v. Regents of the Univ. of California, 591 U.S. 1, 16, 140 S.Ct. 1891, 207 L.Ed.2d 353 (2020). The APA is not an invitation for the Court to micromanage the minutiae of the Treasury Department's day-to-day operations in the manner suggested by Plaintiffs.
1. Training
The Preliminary Injunction Order required Defendants to “certify[ ] that the Treasury DOGE Team members have been provided with all training that is typically required of individuals granted access to BFS payment systems, including training regarding the federal laws, regulations, and policies governing the handling of personally identifiable information, tax return information, and sensitive financial data, and maintaining the integrity and security of Treasury data and technology, and attesting that any future Treasury DOGE Team member will be provided with this same training prior to being granted access to BFS systems.” PI Order at 63.
The Government has submitted declarations detailing the types of training that all BFS employees and contractors with access to BFS data systems are required to complete. See, e.g., Gioeli Decl., ¶¶ 10, 14; Wenzler Decl., ¶¶ 18-28; Katz Decl., ¶ 8. The Government's declarations further establish that, other than hands-on training in the various BFS payment systems, Wunderly has been required to complete all training required by other Treasury employees granted access to BFS systems. See Wenzler Decl., ¶ 22; Reboja Decl., ¶¶ 2-5; Katz Decl., ¶ 8; Vetter Decl., ¶¶ 4-8; Benjamin Decl., ¶ 4; Paylor Decl., ¶ 6; First Ambrose Decl., ¶ 6; Second Ambrose Decl., ¶¶ 4-11.
The States argue that Wunderly's failure to complete the hands-on training should preclude modification of the preliminary injunction. ECF No. 118 (“Opp. Br.”) at 11; ECF No. 133 (“Surreply”) at 4-5. Yet the only reason Wunderly has not undergone such hands-on training is because the existing preliminary injunction prohibits him from accessing the BFS payment systems. Robinson Decl., ¶ 8; First Ambrose Decl., ¶ 8. This issue is easily addressed by requiring, as part of the modification of the Preliminary Injunction Order, that Wunderly undergo such hands-on training for each BFS system prior to being given additional access.
Plaintiffs also contend that Wunderly has not “complied with the additional ethics requirements he must meet as a Schedule C appointee.” Opp. Br. at 11; Surreply at 3. Specifically, Plaintiffs point to the fact that, although Wunderly received all required training regarding the federal financial disclosure regulations and, at the time of the Government submission, was current with all of his ethics requirements, Vetter Decl., ¶¶ 6-8, Wunderly's OGE 278 Financial Disclosure Report had not yet been submitted or reviewed. Surreply at 3-4. Plaintiffs argue that “Wunderly should not have access to BFS's systems and data until he has actually cleared the ethics conflicts check based on his completed OGE 278.” Id. at 4.
The financial disclosure requirements of the Ethics in Government Act of 1978 and the implementing regulations generally require covered employees at federal agencies to submit a New Entrant Financial Disclosure Report within 30 days of their appointment, as well as periodic financial transaction reports within 30 days of a qualifying financial transaction, and annual Financial Disclosure Reports by May 15 of each year. See 5 C.F.R. § 2634.201. These reports then undergo an internal review by the agency, which can take several months. See id. § 2634.605. Wunderly's OGE 278 was due on March 21, 2025. Vetter Decl., ¶ 7.
While conditioning Wunderly's access to BFS systems on his satisfaction of the reporting requirement is appropriate, requiring him to wait until his OGE 278 is adjudicated by the agency is not reasonable. The Court is aware of no authority, and Plaintiffs do not point to any, that suggests that federal employees are routinely precluded from performing their job duties while their financial disclosure reports are pending review by the agency. Indeed, it cannot be the case that all federal employees who are subject to the Ethics in Government Act's financial disclosure requirements are precluded for several months of each year from performing their job duties while their employing agency reviews their financial disclosure reports. It is certainly not arbitrary and capricious for the Treasury Department to determine that Wunderly should not have greater restrictions placed upon him than are imposed upon any other Treasury employee with access to BFS payment systems.
2. Vetting
The Court next asked the Government to provide information regarding “the vetting and security clearances processes that members of the Treasury DOGE Team have undergone, and how that vetting process compares with the processes undergone by career employees who have previously been granted access to the BFS payment systems.” PI Order at 63. The Government's extensive declarations make clear that Wunderly has undergone the same vetting and security clearance process that applies to any other Treasury Department employee provided with access to BFS payment systems.
Specifically, the Chief of Personnel Security in the Treasury Department's Office of Security Programs (“OSP”), who oversees Treasury's background vetting programs, First Mencl Decl., ¶ 2, attested that “at Treasury, all career federal employees and political appointees, regardless of the level of the position (e.g., public trust, national security sensitive, secret/top secret clearance), undergo the same overall vetting process, which includes a background investigation and an adjudication in accordance with national standards and guidelines,” id. ¶ 10. Under that process, OSP first checks the National Vetting Databases for the applicant's current clearance and access level, to determine if a background check is required. Id. “If an applicant has already undergone a background investigation that has been favorably adjudicated by a federal government agency and it is in-scope per the federal investigative standards, and if there are no facts indicating that the individual does not continue to meet eligibility standards, then the individual does not need to undergo additional vetting. In these instances, OSP revalidates the prior background investigation, confirms that it meets the scope required for the new position at Treasury and that it was favorably adjudicated, and reciprocally accepts the other federal agency's determination.” Id. ¶ 7. If a background investigation is required, then OSP's Personnel Security Branch will send the applicant's e-Application and fingerprints to the Office of Personnel Management and the Defense Counterintelligence Security Agency (“DCSA”) to initiate a background check. Id. ¶ 10.
OSP conducted the national security clearance vetting process for Wunderly in the same manner used for career employees seeking access to classified Treasury information. Id. ¶ 11. On February 8, 2025, OSP received Wunderly's new hire package. Id. ¶ 13. On February 10, 2025, the National Vetting Database checks were completed. Id. It was determined that no background investigation was required because a qualifying background check had already been completed by the DCSA in March 2021. Id.; Second Mencl. Decl., ¶ 3. On February 28, 2025, Wunderly was granted a Top-Secret clearance with SCI access after completion of his security briefings and his signing of the non-disclosure agreements. First Mencl. Decl., ¶ 13.
Plaintiffs complain that Treasury did not conduct its own “independent background investigation” of Wunderly. Opp. Br. at 4. But as described above, Treasury does not conduct an “independent” background investigation for any of its employees. Rather, it submits information regarding the applicant to the DCSA and other federal agencies, which then conduct the relevant background investigations. In the case of Wunderly, DCSA had previously completed a background check. In accordance with the procedures that it follows for all employees, OSP therefore granted Wunderly a security clearance. The Treasury Department is not required to employ a different and sui generis process for vetting DOGE Team members than it does for other employees granted access to the BFS payment systems.
3. Hiring Authority
In the Preliminary Injunction Order, the Court expressed concern regarding the validity of the temporary hiring authorities utilized by the Treasury Department, and accordingly the extent to which the Treasury DOGE Team could lawfully access Treasury payment systems. PI Order at 51. The Government's declarations adequately address those concerns with respect to Wunderly. Those declarations establish that Wunderly has been hired by the Department of the Treasury as a temporary transitional Schedule C employee pursuant to 5 C.F.R. § 213.3302. Wenzler Decl., ¶ 12. Section 213.3302 permits federal agencies to create positions “necessary to assist a department or agency head during the 1-year period immediately following a change in presidential administration.” 5 C.F.R. § 213.3302(a). Plaintiffs have not raised any challenge to the legality of Wunderly's Schedule C appointment, nor have they demonstrated that Schedule C employees are legally prohibited from accessing BFS payment systems. Plaintiffs instead argue that Defendants have not provided detail regarding Wunderly's “anticipated work or assignments.” Opp. Br. at 7. But the record establishes that Wunderly was hired to perform largely the same tasks as Elez, to conduct “special and confidential studies on a variety of strategies and issues related to Treasury's information technology,” as well as to make recommendations as to how to “strengthen Treasury's hardware and software.” Wenzler Decl., ¶ 9. The Court does not require more granular information regarding Wunderly's contemplated day-to-day activities.
4. Reporting Chain
The Government also provides more detail regarding the reporting chains that govern the relationship between Wunderly, USDS, and Treasury leadership. Specifically, Daniel Katz, the Chief of Staff of the Treasury Department, attests that his office and the Office of the Secretary are responsible for overseeing the Treasury DOGE Team. Katz Decl., ¶ 6. Katz states that, although the Treasury Department and the Treasury DOGE Team coordinate with the White House and with USDS to set “high-level policy direction and priorities,” no one at USDS supervises the members of the Treasury DOGE Team. Id.
Plaintiffs point out that Defendants’ declarations “provide no explanation as to how Katz's supervision ․ will suffice to provide the appropriate safeguards to prevent the access issues encountered with Elez.” Opp. Br. at 9. While the issue of proper supervision is relevant to the Treasury Department's mitigation efforts, Plaintiffs misapprehend why the Court asked for additional information regarding the reporting lines for the Treasury DOGE Team. See PI Order at 51-52 (noting that the “uncertainty” the DOGE Team's hybrid nature “creates as to their status as Treasury employees, calls into question their authority to access Treasury record systems”); see also 5 U.S.C. § 552a(b)(1) (restricting access to information protected by the Privacy Act “to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties” (emphasis added)). Whether members of the Treasury DOGE Team can properly be considered employees of the Treasury Department bears on whether they have the legal authority to access PII contained in BFS payment systems.
Plaintiffs’ additional argument that Krause, the DOGE Team Lead, “appears to be a DOGE employee in all but name,” Opp. Br. at 10, is more on point, although of less applicability to Wunderly. Plaintiffs cite the decision in CREW v. United States DOGE Service, which found that the “embedding” of DOGE Teams within each agency suggest that USDS is exercising “substantial independent authority” and can therefore be considered an agency under the Freedom of Information Act. No. 25-cv-511 (CRC), ––– F.Supp.3d ––––, ––––, 2025 WL 752367, at *12 (D.D.C. Mar. 10, 2025). Notwithstanding the additional information that has been provided by the Government, Plaintiffs are correct that there is much that remains opaque regarding the lines of authority between DOGE Team Members and USDS, and the extent to which the DOGE Team Members provide information to, and take direction from, USDS.
5. Mitigation
Finally, the Court asked the Government to describe “the mitigation procedures that have been developed to minimize any threats resulting from increased access by members of the Treasury DOGE Team to BFS payment systems.” PI Order at 63-64. In response, the Government states that it will “implement the same mitigation procedures” that it implemented with respect to Elez, “as well as any other appropriate mitigation measures.” Gioeli Decl., ¶ 19. Perhaps more pertinently, the Government represents that, in addition to the training Wunderly received on BFS's cybersecurity and PII practices, Wunderly also received a briefing that specifically addressed Elez's violation of BFS policies. Ambrose Decl., ¶ 12.
Although Plaintiffs argue that “more robust mitigation measures are clearly needed” because the previously adopted measures were “patently insufficient,” Opp. Br. at 12, they do not identify any specific manner in which the existing mitigation measures are insufficient, nor do they make any concrete suggestions as to any mitigation practices that Defendants should adopt. Moreover, at the PI Hearing, Plaintiffs did not adduce any evidence on cybersecurity issues. Many of the issues that the Court identified with respect to the Treasury Department's original mitigation measures occurred because of their hasty implementation and gaps in training. For example, Elez was erroneously provided with read/write access to one of the BFS databases. PI Order at 13. There was also internal confusion as to whether or not he was provided access to a separate database. Gioeli Decl., ¶ 17. Based on the existing record, the Court finds that the described mitigation procedures, if properly implemented, coupled with the training and vetting procedures set forth in the Government's submissions, are adequate to satisfy its concerns.
B. The Change-in-Position Doctrine
Plaintiffs alternatively urge the Court to keep the preliminary injunction in place, even if the Court finds that its procedural concerns are adequately addressed. Plaintiffs contend that the injunction should be maintained because Defendants “fail to provide an adequate explanation for the abrupt change in longstanding Treasury policy brought about by their implementation of the Engagement Plan.” Opp. Br. at 15; see also id. at 15-21; ECF No. 135. This argument is easily disposed of.
“Agencies are free to change their existing policies as long as they provide a reasoned explanation for the change.” Encino Motorcars, LLC v. Navarro, 579 U.S. 211, 221, 136 S.Ct. 2117, 195 L.Ed.2d 382 (2016). This so-called change-in-position doctrine ensures that agencies “take[ ] into account” the “serious reliance interests” of regulated parties who were guided by an agency's previously-stated position. Id. at 221-22, 136 S.Ct. 2117.
The change-in-position doctrine only applies, however, if “an agency changed existing policy.” Food & Drug Admin. v. Wages & White Lion Invs., L.L.C., ––– U.S. ––––, 145 S.Ct. 898, 918, ––– L.Ed.2d –––– (2025). The agency action at issue here is the grant of access to BFS payment systems by individuals who were ostensibly Treasury employees but associated with the newly-created DOGE. Such internal personnel actions are not properly characterized as agency “policy,” let alone the type of policy that creates reliance interests. As the Supreme Court explained in its recent decision in Wages & White Lion Invs., for an agency position to constitute a “policy” within the meaning of the change-in-position doctrine, it must typically have been set forth in some “formal” manner, such as a regulation, a guidance memorandum, or an agency enforcement action. 145 S.Ct. at 918 n.5 (“We have traditionally applied the change-in-position doctrine when an agency shifts from a position expressed in a more formal setting.”). There is no allegation that the Treasury Department had a pre-existing policy expressed in a guidance document or in some other formal fashion that was altered by the grant of access to the Treasury DOGE Team.
To the extent that Plaintiffs argue that the “policy” that was arbitrarily changed was the manner “by which Treasury would flag and pause payment requests” that flowed through the BFS payment systems, Opp. Br. at 17, this is not the agency action upon which the Court based its grant of the preliminary injunction. Indeed, the States have repeatedly affirmed that they are not challenging any blocking of funds in this litigation. PI Order at 54. Thus, whether the Treasury Department acted arbitrarily and capriciously in automating the process for pausing payment requests is not before this Court.
C. Modification of the Preliminary Injunction
The Court hereby modifies the PI Order to permit Defendants to grant Ryan Wunderly access to Treasury Department payment records, payment systems, and any other data systems maintained by the Treasury Department containing personally identifiable information and/or confidential financial information of payees, PROVIDED THAT (i) Wunderly first completes any hands-on training in such systems that is typically required of other Treasury employees granted commensurate access; and (ii) that Wunderly first submits his OGE 278 Financial Disclosure Report.
CONCLUSION
For the reasons stated herein, the Government's motion to partially dissolve the preliminary injunction is GRANTED, and the Plaintiffs’ motion for reconsideration is DENIED.
SO ORDERED.
JEANNETTE A. VARGAS, United States District Judge:
Thank you for your feedback!
As the largest network of trusted legal brands, we help firms build authority across the platforms consumers and AI systems rely on most. Our network helps attorneys strengthen visibility, credibility, and preference where legal decisions begin.
Docket No: 25-CV-1144 (JAV)
Decided: April 11, 2025
Court: United States District Court, S.D. New York.
Search our directory by legal issue
Enter information in one or both fields (Required)
Harness the power of our directory with your own profile. Select the button below to sign up.
Learn more about FindLaw’s newsletters, including our terms of use and privacy policy.
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Search our directory by legal issue
Enter information in one or both fields (Required)