A secretive White House office staffed by DOGE veterans quietly rebuilt some of the most sensitive websites the American government operates, then installed commercial tracking software on them, apparently in violation of federal privacy law. The sites handle passport applications, voter registration, prescription drug pricing, and children's savings accounts. The office removed the tracking software after The Guardian started asking questions.
Meet the Office Nobody Told You About
Donald Trump created the National Design Studio by executive order on August 21, 2025. Its stated mission was to improve how federal websites look and work. Noble enough, on paper. In practice, according to a Guardian investigation published June 28, what it actually built was a parallel shadow infrastructure for some of the most sensitive transactions Americans conduct with their government, sitting almost entirely outside the oversight systems that normally govern federal agencies.
The studio is led by Joe Gebbia, co-founder of Airbnb, who somehow went from being a longtime Democratic donor to a Trump true believer in the span of a few years. He also joined the Tesla board in September 2022, which should tell you something about how he spent that transition period. The rest of the staff came largely from DOGE. You know, the same operation that has spent the last year treating federal data like a frat house treats a keg.
Here is the structural detail that should make your eye twitch. The NDS operates as a 'temporary organization' inside the executive office of the president. That designation puts it outside the Senate confirmation process, outside the financial disclosure system that applies to most federal appointees, and outside inspector general jurisdiction. No contracts appear in USAspending, the federal contracting database. There is no public record of how this office spends money at all.
What They Built and Why It Matters
The Guardian found the NDS built and now operates four public federal websites: ndstudio.gov, trumprx.gov, realfood.gov, and trumpaccounts.gov. Those names alone should give you pause. A federal website called 'trumprx.gov' is covering prescription drug pricing. 'Trumpaccounts.gov' handles children's savings accounts. These are not vanity projects. Real people are putting real personal data into these sites.
But the NDS didn't stop there. It also built White House-controlled versions of services Congress legally assigned to other agencies. There is a passport application portal that routes around the State Department's existing site. There is a copy of Login.gov, the sign-in gateway that more than 150 million Americans use to access federal services. And there is a copy of vote.gov, the federal voter registration site that by law belongs to an independent bipartisan commission.
That last one deserves its own moment of stillness. A voter registration system, built inside the White House, with identity and citizenship verification routed through systems the current administration controls. The Cybersecurity and Infrastructure Security Agency's own public ownership records list the executive office of the president as the registrant for passports.gov and the vote.gov copy. The White House controls those domains. Think about what that means six weeks before a midterm election, or six months before a presidential one.
The Tracking Software They Quietly Removed
Here is where the story gets genuinely alarming rather than just structurally disturbing. The Guardian's analysis of the underlying source code found that at least two of the NDS websites installed a commercial tool called PostHog, which tracks in granular detail what every visitor does on a site. A second tool, apparently built in-house, was sending user data to a destination not visible on the public internet. Both tools were apparently configured to evade the privacy tools many users install in their browsers.
None of the four NDS websites carry the public privacy filings required under the Privacy Act of 1974 or the E-Government Act of 2002. Those are not obscure bureaucratic technicalities. Those laws exist specifically because the government has coercive power over people and should not be secretly collecting data on how they interact with it.
The Guardian sent detailed questions to the White House on June 4. By June 17, the tracking software had been removed. White House spokesperson Liz Huston eventually responded that all NDS personnel 'comply with all legal requirements in their important work.' The fact that they removed the software after getting caught is not the same thing as having complied with legal requirements. A bank robber who returns the money after the cops show up has still robbed the bank.
What Legal Experts Are Actually Saying
John Davisson, senior counsel at the Electronic Privacy Information Center, told The Guardian this approach risks creating what he called a 'whole sort of second skunk-works version of the federal government with all these shady tracking technologies and outside of the parameters of normal federal privacy laws.' A skunk works, for those unfamiliar, is a term for an experimental unit that operates outside normal organizational rules. Davisson's point is that the NDS appears to be building a shadow government digital infrastructure with none of the legal guardrails the real one is supposed to have.
The implications for voter registration data specifically are significant and not theoretical. A White House-controlled system that processes who is registering to vote, or checking their registration status, in the weeks before an election creates an obvious and serious conflict of interest for any incumbent administration. The Guardian's investigation corroborates and advances earlier reporting done by the Drey Dossier, a YouTube investigative outlet that had already been pulling on these threads. Big outlets ignoring a story until a smaller outlet breaks it open is a whole separate conversation worth having.
The Dingo Take
Let's just be precise about what happened here. A DOGE-staffed office with no public spending records, no inspector general oversight, and no Senate-confirmed leadership quietly took control of websites where Americans apply for passports, register to vote, pick up prescription drug pricing information, and open savings accounts for their children. It installed tracking software configured to evade privacy tools. It hid who was collecting the data and where it was going. It did all of this apparently in violation of federal privacy laws that have been on the books since 1974. And it only removed the tracking software after a newspaper started asking about it.
The White House's response was that everyone 'complies with all legal requirements.' They said this after removing the software that appeared to violate those requirements. That is not a denial. That is a non-answer delivered with the confidence of someone who has never faced a consequence. Joe Gebbia, a man who made billions helping people rent out their spare rooms, is now the Chief Design Officer of the United States, running an office that has no public budget, and his email address isn't even listed anywhere. Great system.
The voter registration piece should be the loudest alarm in this story and it is not getting nearly enough attention. If the White House controls the infrastructure through which Americans verify their identity to register to vote, that is not a design problem. That is not an efficiency issue. That is the architecture of something much darker. The question is not whether this looks bad. The question is why anyone with actual power to do something about it is treating it like a footnote.
