Trump and Elon Musk’s sudden takeover of USAID shocked many senior staff members at the U.S. Agency for International Development. They objected, arguing that since Congress funds foreign aid programs, there were official steps to follow before stopping payments. However, Matt Hopson, who was the chief of staff at the time, told them that the White House had no plans to restart most of the programs anyway. According to Alter Net, he added that “Trump didn’t care about legal risks.”
At that point, the staff realized that Trump’s administration was willing to ignore the law and push forward with their plans, dealing with legal consequences later.
According to ProPublica, several legal experts suggested that Trump may have already broken the rules. Two USAID officials claimed that the agency’s IT department was ordered to hand over its entire digital network to Musk’s team of DOGE engineers. After that, the Department of Government Efficiency was given access to USAID’s financial system.
“They had complete access to everything… the keys to the kingdom,” said a USAID official, shocked by how DOGE engineers even gained access to employees’ personal information, emails, and files. ProPublica also reported that Musk’s team obtained sensitive details like credit histories and Social Security numbers from background checks.
Experts say that by giving away this kind of access, USAID likely violated the 1974 Privacy Act, which requires the government to get consent before sharing personal data. Even if DOGE engineers were government employees at the time, failing to follow this rule could result in a minimum fine of $1,000 per violation, plus other legal penalties if victims prove they were harmed.
John Davisson, a leading expert on privacy laws, called this a major security breach. He said, “It’s a huge privacy and security violation for a mix of government and non-government workers to take over an agency and access personal records.”
A major step was seizing control of USAID’s IT system, which included employees’ private data. Brett Murphy, a journalist, reported that this may have violated federal laws.
There are some exceptions to the Privacy Act—for example, if those accessing personal files have proper training and authorization to handle USAID’s work. But ProPublica reported that this was not the case here.
“The Privacy Act is at the heart of this,” Davisson explained, saying that the law was designed to stop powerful officials from misusing government records for their own agendas. Some legal experts also believe Trump’s administration broke additional laws, such as:
- The Administrative Procedure Act, for failing to notify Congress before shutting down USAID programs.
- The Impoundment Control Act, for halting funds that Congress had approved for foreign aid.
Last Thursday, federal worker groups sued the administration, accusing Trump of violating the Constitution. The next day, a judge he had appointed issued a temporary order to stop his actions. Trump’s legal team argued that he acted within his presidential authority.
USAID was created by President John F. Kennedy in 1961. In 1998, Congress passed a law making it an “independent establishment.” However, before Trump, no other president had ever taken apart a government agency that was legally protected.
