OPM asks judge to dismiss federal workers’ lawsuit, files privacy assessment of email system

The Office of Personnel Management (OPM) on Wednesday asked a judge to dismiss a lawsuit filed by federal workers who say the Trump administration violated the law by using a new email  server without first performing a privacy impact assessment (PIA).

Along with the motion to dismiss, OPM submitted a newly drafted PIA to the court even though its lawyers held the PIA was not legally required. 

The lawsuit stems from “test” email blasts that the administration sent to all federal employees en masse in late January, asking them to reply to ensure a new government-wide email system was working.

A day after the lawsuit was filed the administration sent another email blast — the now-infamous “Fork in the Road” message — using the same new government-wide system to encourage federal employees to resign and receive pay until September. 

On Tuesday, the federal workers behind the lawsuit asked a judge for a temporary restraining order to stop OPM from continuing to use the server. That development was first reported by Wired.

Trump administration lawyers said in their filing with a District of Columbia federal court that OPM did not violate the E-Government Act — as alleged by the plaintiffs — because PIAs are not required when a system “applies only within the government and does not include members of the public.”

“The balance of equities also tips sharply in favor of not disrupting email communication with the entire federal workforce.”

The PIA's assertions

OPM declined to comment for this story, pointing to a social media post saying that reports about a private server “being brought into OPM are FALSE … Get the facts.” The post linked to the PIA, dated February 5, now appearing on the OPM website. It asserts that allegations that a commercial server was used to send the government-wide email are incorrect. 

The new email system operates “entirely on government computers and in Microsoft mailboxes,” the PIA said. “OPM uses this system to communicate with federal employees, a capacity which is within its statutory authority.” 

Signed by OPM’s chief information officer Greg Hogan, the PIA defends the use of the new government-wide email system developed by the Trump administration, saying it “increases efficiency and transparency.” 

It notes that the only information stored in the Government-Wide Email System (GWES) created by the new administration is federal employees’ names, email addresses and voluntary email responses.

Information housed inside the GWES is only available to a “handful” of OPM staff, the PIA says.

“The GWES is subject to existing OPM security plans and the data is stored in secure mailboxes or on government computers requiring PIV (Personal Identity Verification) access,” it says.

The PIA asserts that email systems are not “generally” subject to the Privacy Act, a law protecting individuals’ personal information held by the government. It also notes that the names and email addresses of many federal employees are already public.

The risk of unauthorized users obtaining workers’ names and emails is mitigated by the fact that very few people have access to the GWES, the PIA states.

Employee contact information will be retained indefinitely and information stored in the GWES may be shared with employees’ agencies, it says.

The GWES also records and tracks emails, which the PIA says can be reviewed by leadership.

“All actions taken by a user in the mailbox system are logged, monitored and accessed by those with a need to know,” it says.