Trump Built A New Passport.gov Website

The investigation uncovered that passports.gov is not a State Department portal but a site registered to the Executive Office of the President. Built by the newly created National Design Studio—an office launched under Trump’s “America by Design” executive order and staffed by former Doge engineers—the domain runs on private servers owned by the studio. Because the site falls under presidential records law rather than the Privacy Act, its data can be sealed for decades, bypassing standard FOIA audits and inspector‑general oversight. This parallel digital infrastructure raises serious questions about data sovereignty and the government's reliance on private contractors for sensitive citizen information.

Even the official State Department passport portal, travel.state.gov, is riddled with commercial tracking code. A quick inspection revealed Facebook, Reddit, Pinterest, Amazon, Google and The Trade Desk pixels embedded in the page, none of which appear in the agency’s privacy policy—indeed the linked policy returns a 404 error. While government analytics are permissible, the presence of third‑party ad networks on a site that handles passport applications violates the higher privacy standards expected of federal services. The lack of transparency means millions of Americans are silently profiled while seeking one of the most critical identity documents.

Login.gov, the government’s single sign‑on platform used by roughly 150 million citizens, recently added a “proofing agent” that lets approved outside organizations submit biometric data—name, SSN, DOB, address, even passport details—for verification. This effectively outsources identity proofing to third parties, expanding the attack surface and eroding the platform’s promise of secure, government‑controlled authentication. Coupled with the upcoming “Freedom 250” celebrations on July 4 2026, the timing suggests a broader push to embed surveillance tools across federal digital services. Stakeholders must demand clear oversight, enforceable privacy safeguards, and a return to agency‑owned infrastructure to protect personal data.