Trump and Elon Musk’s joint takeover of USAID came as a huge shock to the senior staffers inside the U.S. Agency for International Development. They raised objections, citing that since Congress funded the foreign aid programs, there were proper procedures to follow before halting the payments. However, Matt Hopson, the then-chief of staff, told the staffers that the White House wasn’t planning on resuming most of the projects anyway. According to Alter Net, he added that “Trump could not have a higher tolerance for legal risk.”
At that time, the staff understood that his administration was willing to defy the law and bend the rules to get their way first, followed by legal battles.
According to ProPublica, several legal experts commented that the president may have broken rules already. Two USAID officials reportedly revealed that the IT department of USAID was asked to transfer their entire digital network to Musk’s DOGE engineers. Following that, the Department of Government Efficiency gained access to the agency’s financial system.
“They had complete access to everything you could think of…The keys to the kingdom,” An USAID official commented, shockingly revealing how DOGE also got access to employees’ personal information, files, and emails. According to ProPublica, Elon Musk‘s engineers also got ahold of various information, including credit histories and Social Security numbers noted during clearance background checks.
According to experts, by handing over this information access, USAID likely violated the 1974 Privacy Act. Donald Trump‘s administration is required to collect those individuals’ consent before transferring their private information, regardless of whether the DOGE engineers were already government employees at that time. Defying this law can result in a minimum $1000 fine for each violation and additional civil penalties if the victims can prove the damages suffered.
John Davisson, one of America’s pivotal authorities on the Privacy Act, commented, “It is a catastrophic privacy and information security violation for a band of some government and some nongovernment personnel to barge into an agency and take over systems that contain personal information.”
NEW: How did the Trump administration disembowel USAID in less than three weeks? The first step was seizing control of the agency’s IT system — including the personal data of all its employees. This, we were told, may have violated federal law. 1/
— Brett Murphy (@BrettMmurphy) February 9, 2025
However, it is to be noted that there are a few exemptions to the Privacy Act. If those acquiring employees’ personal files are allowed to conduct routine USAID business or at least have proper authorization, including special training, things will be different. But, ProPublica reported that it was not such a case.
“The Privacy Act stands at the fountainhead of all this,” Davisson noted, emphasizing that the Congress-passed law exists to prevent high office figures from abusing their power and gaining access to the records of their political plans. In addition to this, some experts noted that Trump administration may have broken some more laws. Since they have failed to notify Congress before the shutdown, they may have violated the Administrative Procedure Act. On the other hand, halting Congress funds appropriated for foreign aid may have transgressed the Impoundment Control Act.
Last Thursday, federal worker groups filed lawsuits against the administration, accusing the president of violating the Constitution. The very next day, a Trump-appointed judge approved an injunction temporarily halting his efforts. The president’s side argued that he acted according to his authority.
USAID was founded by President John F. Kennedy in 1961, and later, in 1998, Congress passed a bill to transform it into an “independent establishment.” However, before Donald Trump, no other POTUS had unilaterally dismantle an agency formally protected by law.
