Trump administration accused of creating illegal citizenship database

A coalition led by the League of Women Voters filed a class action lawsuit this week in the U.S. District Court for the District of Columbia accusing the Trump administration of quietly building a national data bank that links the most sensitive records of American citizens.

The 66-page lawsuit alleges that the Department of Homeland Security (DHS), working with the Social Security Administration (SSA), the Department of Justice (DOJ), and the White House’s Department of Government Efficiency (DOGE), has consolidated vast personal datasets into centralized “interagency data systems” without following the safeguards of the Privacy Act of 1974, the E-Government Act of 2002, or the Federal Information Security Modernization Act.

The suit comes just days after the Senate Committee on Homeland Security and Governmental Affairs’ minority staff released the report of their investigation into DOGE. The report indicates that DOGE has been intimately involved in sketching out the outline of a far-reaching and intrusive national surveillance capability.

Biometric Update has regularly reported on DOGE’s penetration of government databases.

The lawsuit asks the court to declare the consolidation of databases unlawful, to be shut down, erase improperly pooled data, and compel agencies to issue the statutorily required notices in the Federal Register

The flashpoint of the case is the government’s overhaul of the Systematic Alien Verification for Entitlements program (SAVE), a tool traditionally used to check immigration status for benefits eligibility.

Until this year, SAVE was limited to non-citizens and some naturalized citizens, and queries were case-by-case.

In April and May, U.S. Citizenship and Immigration Services (USCIS) announced it had “optimized” SAVE to allow agencies to input Social Security numbers, verify U.S.-born citizens against SSA records, and submit bulk uploads—potentially millions of names at a time.

DHS framed the change as a modernization to stop “entitlement and voter fraud.” But for plaintiffs, SAVE is now being used to query SSA’s Master Files of SSN holders, effectively linking DHS and SSA data systems without public notice or congressional approval

The plaintiffs argue that this violates both the letter and intent of the Privacy Act, which was enacted to prevent “interagency computer data banks” that could be weaponized for surveillance. They cite the SSA’s own warnings that its citizenship data is incomplete and unreliable, especially for naturalized citizens and U.S.-born individuals whose records predate 1981

Yet, according to reporting by NPR, more than 33 million voters had already been run through the overhauled SAVE system by September.

The risk is not theoretical. In Louisiana, the secretary of state announced in May that the state was the first to use the new SAVE-powered voter list maintenance database. By September, her office claimed “preliminary findings” of non-citizen voting after uploading voter rolls into SAVE, a process civil-rights groups warn is based on flawed inputs

Virginia and Texas have also begun integrating the new system. For the individual plaintiffs in the case – naturalized citizens in Virginia, Louisiana, and Texas whose SSA files incorrectly list them as non-citizens – the danger is disenfranchisement and even criminal investigation for lawful voting

Beyond SAVE, the complaint describes a broader “USCIS Data Lake” pooling records across agencies. According to whistleblower accounts and reporting earlier this year, DOGE operatives have been embedding across agencies copying databases and funneling them into centralized DHS systems.

Records swept into the data lake reportedly include Social Security numbers, biometric data, IRS tax filings, medical and disability files, Department of Labor employment records, and child welfare case files.

These records were collected for discrete statutory purposes like tax collection, benefits administration, and child protection, and not to be integrated into a multi-agency surveillance platform

For critics, the USCIS data lake looks like a backdoor attempt to create the very kind of national data bank that lawmakers warned against when passing the Privacy Act in the 1970s.

While Congress did not explicitly outlaw such databases in the 1988 Computer Matching and Privacy Protection Act, it did impose new procedural checks and oversight requirements on how agencies share and compare records.

The amendments were designed to slow down interagency pooling of sensitive data, not to categorically ban it, underscoring the plaintiffs’ claim that today’s consolidation pushes past the legal boundaries Congress intended.

The role of DOGE has been a recurring subject of scrutiny. Created by executive order in January and initially led by Trump ally Elon Musk, DOGE was billed as a bureaucracy-cutting initiative but quickly became a shadow apparatus with operatives embedded in multiple agencies.

Congressional letters revealed that DOGE staff carried “backpacks full of laptops” to access and combine agency networks. In August, a whistleblower complaint by the SSA’s Chief Data Officer Charles Borges alleged that DOGE personnel created a live cloud copy of the entire Numerical Identification Files (NUMIDENT) Social Security database without security oversight, exposing the personal data of 300 million Americans

The lawsuit cites these disclosures as evidence that DOGE, DHS, and USCIS have been consolidating data secretly, without required system of records notices, privacy impact assessments, or congressional notifications. It argues that the government is deliberately ignoring statutory guardrails by acting quickly, “hoping the speed, audacity, and opacity of their work will render all legal constraints meaningless”

The implications for voting rights are immediate. In July, Senators Alex Padilla, Gary Peters, and Jeff Merkley wrote to DHS demanding documentation for the SAVE overhaul, noting that DHS had issued none of the required notices. As of September, they had not received a response

Meanwhile, states are running voter files through SAVE in bulk. If SSA records incorrectly mark a naturalized citizen as foreign-born, that person can be flagged for removal.

A 2017 Government Accountability Office audit had already found that most agencies using SAVE failed to follow the required additional verification steps when the system returned a non-match. Now, with states uploading millions of voter records at once, the margin of error could disenfranchise hundreds of thousands.

Election-law scholar Rick Hasen called Trump’s March elections executive order a “usurpation” that risks depriving citizens of their vote. Other experts warn that treating SAVE-SSA non-matches as evidence of non-citizenship ignores the mundane realities of administrative data.

The lawsuit also connects to broader patterns in the administration’s biometric and data-infrastructure agenda. Over the past nine months, DHS has accelerated contracts and regulatory changes to expand identity systems and mobilizing visa fee revenue, expanding Customs and Border Protection’s (CBP) Traveler Verification Service, awarding ICE sole-source iris recognition contracts, and building new biometric exit and entry systems.

DOGE’s role has been to break down agency silos, but in practice it has created unregulated pipelines linking health, tax, labor, and voter data to immigration enforcement and election administration.

The danger is not just disenfranchisement but also cybersecurity. By centralizing sensitive records that were once compartmentalized, DHS and DOGE have created what one CISO called “a bullseye for hackers.”

Biometric Update reported this week in the matter of the breach of CBP and the Federal Emergency Management Agency that experts stressed that interlinked federal systems without proper segmentation magnify the risk of lateral movement across networks. The USCIS data lake, as described by whistleblowers, could be just such a target.

The court will now have to weigh whether DHS’s interagency data systems constitute “systems of records” under the Privacy Act, whether they were lawfully established, and whether the executive orders and SSA-DHS letter agreement suffice as legal authorization.

Plaintiffs argue that Congress prohibited national data banks, required notice and comment, and never authorized the SAVE overhaul.

Article Topics

biometric database  |  DHS  |  digital government  |  digital identity  |  DOGE  |  lawsuits  |  U.S. Government