Login
You're viewing the mstdn.social public feed.
  • Jun 28, 2026, 8:25 PM

    A 2002 federal law,
    the E-Government Act,
    requires any federal agency that collects personal information through a website to first publish a written privacy impact assessment
    explaining what it collects and where the information goes.

    The Privacy Act of 1974 requires a separate, parallel public notice,
    a “system of records notice”,
    describing the records the agency keeps.

    A 2010 office of management and budget memorandum extended both requirements to federal agencies’ use of commercial
    web-tracking tools, including the kind that PostHog provides.

    The Guardian could find no such filings for the studio’s web-tracking layer.

    None of the four sites carry a privacy impact assessment naming PostHog or describing the IP addresses and on-site activity the tool collects.

    None of the four are covered by a system of records notice that addresses what is collected or where it goes.

    The one published privacy instrument that relates to any of the four programmes,
    a treasury notice for the Trump Accounts programme,
    describes how the children’s-investment programme is administered
    but does not name PostHog and does not describe the tracking on trumpaccounts.gov at all.

    Davisson, the EPIC attorney,
    called the studio’s failure to publish such a notice
    “a pretty clearcut violation of section 208” of the E-Government Act,

    adding: “There’s just no suggestion that they’re trying to comply in good faith with any of their obligations when it comes to the collection of personal information.”

    It’s not known what data was collected from users of the government websites while the tools were live,
    whether it was retained
    and who has custody of the data.

    #posthog #JoeGebbia #nds #doge #tracking #surveillance

    💬 1🔄 4⭐ 1

Replies

  • Jun 28, 2026, 8:37 PM

    Some of the NDS’s work is even more opaque,
    including an apparent redesign of the federal government’s voting registration hub.

    A sign-in page run by the studio on a White House-controlled web address carries the title
    “Log in to vote.gov preview”.

    Above the password field is a notice: “For official use only. Actions will be recorded in accordance with applicable law.”

    Vote.gov is a federal voter registration website.

    By law it belongs to the Election Assistance Commission (EAC),
    an independent, bipartisan body that Congress established in 2002 after the disputed 2000 election.

    Congress created the commission specifically so no sitting president would control the federal voter-registration system.

    The studio’s version has been live on White House systems since
    17 September 2025, according to public records of secure web addresses.

    Late last year, the NDS began presenting its system to state election directors.

    The first such briefing, on 17 October, was on a call of the National Association of State Election Directors (NASED).

    Call notes summarising the meeting record members representing states of both parties expressing
    “serious concerns with this project not complying with state law”
    and noting that
    “the developers do not seem to want to spend the time to understand election official concerns”.

    Brianna Schletz,
    the Election Assistance Commission’s executive director,
    reportedly told state directors on the same call that the conversations were “informal”,
    and that commissioners would later vote on whether to stay involved.

    No record of any such vote has since appeared in the commission’s public proceedings.

    Asked for comment by the Guardian,
    a NASED spokesperson, Amy Cohen,
    confirmed by email that
    “NASED held a call in October joined by representatives from the National Design Studio and members of the EAC leadership team”.

    Cohen added:
    “NASED does not have a position on this project.

    NASED has had no further communication with the National Design Studio on this or any other project;

    both NASED as an organization and our members in their individual capacities engage with the EAC regularly about a variety of different topics and projects.”

    Six days after the
    17 October meeting,
    on 23 October,
    a National Design Studio engineer, Akash Bobba,
    reportedly briefed the system on a recorded conference call organised by the
    National Association of Secretaries of State.

    Under the studio’s design, voters would be required to verify their identity through Login.gov,
    the federal sign-in gateway,
    and to have their citizenship checked against a database run by the Department of Homeland Security.

    Asked on the call what the federal government would retain of the personal information voters entered into the system,
    Bobba reportedly said that
    “clear data retention policies” would be given to states ahead of implementation,
    but conceded:
    “I don’t know what they retain and what they are logging.”

    The Election Assistance Commission has been part of the discussions.

    Its chair, Donald Palmer, reportedly said the commission was
    “facilitating discussion with state election officials on modernizing an accessible tool to provide a verifiable digital registration option”.

    The Guardian contacted the Election Assistance Commission for comment but received no response.

    The EPIC’s Davisson said:
    “With vote.gov, that’s the province of the Election Assistance Commission.

    But if you’re centralizing that in the White House, the White House is going to have sort of access to that backbone of data.

    He added:
    “Doing that outside of the appropriate channels,
    I think, is definitely going to
    – it’s dangerous
    and it’s going to erode trust.”

    The Help America Vote Act of 2002 put
    voter-registration administration under an independent bipartisan commission,
    structurally outside the reach of any sitting president.

    The studio’s version appears to collapse this arm’s-length arrangement.

    The Guardian has not seen what is on the other side of the sign-in,
    but published Cisa records show who runs the system it lives on,
    which is under White House control.

    The commission Congress put in charge of vote.gov has not decided to formally participate in the initiative.

    The build itself is on White House systems.

    #posthog #AkashBobba #nds #doge #tracking #surveillance

    💬 2🔄 5⭐ 3
  • Jun 28, 2026, 8:44 PM

    The White House's National Design Studio has also built or taken control of websites that belong,
    by law or by convention,
    to other federal agencies.

    The sites handle some of the most sensitive personal information Americans give to the government.

    Passports.gov is now run from inside the White House,
    not from the state department.

    The state department operates US passport services through its existing site at travel.state.gov.

    The studio’s version collects identity information from people applying for passports.

    It carries no privacy notice.

    Developer test code was left running on the live page.

    In response to a request for comment,
    a state department spokesperson wrote:

    “The Department of State is working closely with the White House to deliver the best possible service for our passport customers
    while safeguarding US national security.”

    They added:
    “US passport books and passport cards
    – and the programs and websites that support them
    – represent the gold standard in secure international travel documents,
    underpinned by state-of-the-art security and technology.”

    They referred additional questions to the White House.

    Trumpaccounts.gov is the federal website for the children’s investment programme created in last summer’s tax legislation.

    The treasury department, which administers the programme,
    is the registrant of record for the site.

    But the site itself runs through the same White House-controlled commercial account as the studio’s own sites:

    ndstudio.gov,
    the prescription-drug site trumprx.gov,
    the food-policy site realfood.gov
    and others.

    The treasury department did not respond to a request for comment.

    Login.gov is the federal sign-in gateway that more than 150 million Americans use to access services from social security to tax filing.

    The studio’s preview of vote.gov,
    described in the previous post,
    uses Login.gov to verify the identities of visitors.

    The Guardian contacted the General Services Administration (GSA), which operates Login.gov, for comment.

    A spokesperson replied in an email:
    “Login.gov is committed to the highest standards of privacy, transparency, and security.

    Our Privacy Impact Assessment was most recently reviewed in March 2026.

    All personnel supporting Login.gov,
    including detailees,
    are required to comply with applicable GSA policies, security requirements, privacy controls, and governance processes.”

    The NDS, meanwhile, seems to be expanding its footprint across more government websites.

    In late May, three new addresses tied to the NDS appeared in the public records:
    chat.staging.ndstudio.gov,
    onboarding.ndstudio.gov
    and upload.ndstudio.gov.

    #posthog #nds #doge #tracking #surveillance

    theguardian.com/us-news/2026/j

    💬 0🔄 14⭐ 8
  • Jun 28, 2026, 8:45 PM

    @cdarwin It’s great the Guardian is reporting on this, but where are all the US media outlets? are they paying attention—like at all?

    Sure, sure, the reflecting pool is ridiculous, but I read the other day that something like 67% of Americans don’t know who Pete Hegseth is.

    Hm….maybe because there’s so little actual news coverage of our most important issues.

    💬 1🔄 0⭐ 0
  • 💬 0🔄 0⭐ 0