12 PRACTICAL STEPS TO PROTECT YOUR DATA FROM THE MUSK-TRUMP CHAOS
DOGE staffers have their hands on federal data. Here’s how to protect yourself.
ANNOUNCEMENTS:
The Trump Administration is directly attacking the media on a daily basis. Doing this work is more important to me than ever. Please consider becoming a subscribing member so that I can keep growing this independent platform.
Don’t forget to share this newsletter with your friends.
I want to bring more voices onto this newsletter. Let me know in the comments who you would like to see me chat with here on substack.
A lot of our activism energy has been focused on Congress for the last couple weeks. As of right now, the only things Congressional Democrats can do are slow things down (some), message and investigate. (When we get to the budget negotiations, there will be legislative opportunities). Any meaningful pushback to Musk and Trump must come through either the courts or public pressure.
On the litigation front my people, the lawyers, are going strong. Organizations like Democracy Forward and many more are doing great work. You can find lists of all ongoing litigation at both Just Security and Court Watch. If you want to see how the cases connect to Trump’s Executive Orders, you can find that here.
There are a lot of questions about what Musk and the DOGE team are up to and a lot of questions about how it could impact private citizens. After 19 state Attorney Generals sued, a judge recently put a block on the DOGE boys ability to directly mess with the Treasury payments system, two of them were allowed read-only access. One of those two was forced to resign over a history of racist posts, but because ‘boys will be boys’ it seems he’s likely to get re-hired by Musk.
DOGE has visited the CDC and they are using AI to sort through Education Department data including personally identifiable information. Elizabeth Warren says “DOGE staffers have gained access to federal student loan data, which includes personal information for millions of borrowers.” They also have access to OPM personnel data. Kristi Noem says that the DOGE team has access to federal disaster aid recipients’ data. This access to data, something we know that tech companies covet about us, is no small thing. There is currently no system of checks and balances to police what they will do with anything they find.
The DOGE team is also working with people at the Center for Medicare and Medicaid services. They are turning to Department of Labor after a judge declined to prevent them from accessing the data. And there’s so much more.
One federal contractor with experience working on classified government information-security systems told The Atlantic that this is "The largest data breach and the largest IT security breach in our country's history — at least that's publicly known."
What’s clear is the Trump administration is not following security protocol. They sent an unclassified email with a list of CIA agents to the White House. Who is to say Elon wouldn’t hand over a data bank to Michael Flynn for analysis? Who is to say foreign actors won’t gain access to something under these new lax standards?
I think that we need to be able to talk about preparing for increased risk without implying everyone should do a run on the banks. I’m not saying that! Turning up the temperature is a critical component of igniting action. However, I do think that there is a serious increased risk to your Personal Private Information (PPI) because of the actions of DOGE.
On an individual level, here are some things you can proactively do to protect yourself:
Freeze your credit: Because of federal regulations, credit freezes are free! They don’t affect your credit score. You need to lift them if you are applying for credit. More info here, or just go to the 3 credit bureaus.
Freeze your child’s credit: this is a little bit harder than doing it for yourself. Instructions can be found here.
Be aware of fraud: You can also set up fraud alerts through the three credit reporting agencies. Contact any one of the three credit bureaus — Equifax, Experian, and TransUnion. You don’t have to contact all three. The credit bureau you contact must tell the other two to place an initial fraud alert on your credit report.
Protect your information and passwords: Make sure you have two factor authentication set up on all your accounts. Consider using a password manager (my friends recommend 1password)
Have your social security records in hand: Log in to your social security account and print off your social security statement. (I didn’t actually know you could do this and it is pretty cool, to be honest)
Keep info on your student loans: Save a copy (pdf or screenshot) of all your student loan payment records, your student loan dashboard and download your raw data file. See more details here.
Protect Your Tax Info: The online IRS system was down last week. It’s back now, but who knows for how long. Make sure to get an IRS pin to better protect your identity when completing your taxes. If you pre-paid taxes last year make sure to print out physical copies of all of those receipts.
Use secure banking: Make sure you are comfortable with the security of the bank you are using and their commitment to protecting your PPI (private personal information). Consider spreading your banking out to multiple FDIC-backed banks. One action item I've heard suggested that I think is a good idea is to call your credit unions, banks, financial institutions and ask them what they are doing to protect your data from a possible Musk/Trump data breach. Let them know you are concerned.
Consider who owns your data: If you aren’t paying for your email service, you don’t own your emails. Yes, if you use a Gmail address, Google owns your email. My friends recommend Proton Mail which uses end-to-end encryption. Because the company is based out of Switzerland, they abide by Swiss privacy laws. Erase your Google search history on a regular basis or completely switch to a safer browser like Brave. Download and use an encrypted messaging app like Signal.
Delete period tracking apps: Many period tracking apps collect and store sensitive health data on external servers, not on users' phones. This data is often not protected by federal health privacy laws like HIPAA, leaving it vulnerable to sharing or misuse.
Take your personal identifying information off the Internet. I used DeleteMe (affiliate link) and here is a workbook to DIY.
Set up a VPN: A VPN is like having a bodyguard for your internet activity - they make sure nobody can peek at what you're doing online. To set up a VPN:
a. Pick a trusted VPN company - my friends recommend ProtonVPN or ExpressVPN who promise not to keep records of what you do online.
b. Get the VPN app - download it to your computer or phone and set it up (it's usually pretty easy, like installing any other app).
c. Start using it - pick which country you want your connection to go through, and turn on extra safety features that stop your internet if the VPN stops working.
Become a paid subscriber to join us in the comments and get advice from the EYP community!
I like to think I’m a strong millennial woman who gets shit done, but really I couldn’t do much without you holding my hand through these processes, Emily! Thank you so much for all your work!!!
Thank you Emily for measured and actionable steps we can take. Appreciate what you do!!!