Deputies of Elon Musk have sought access to massive amounts of information across the federal government, much of it personal and highly revelatory in its insights into the lives of everyday Americans.
They justify their work for the U.S. DOGE Service as a dogged quest for government efficiency. But people with deep knowledge of federal data systems and cybersecurity say they’re skirting guardrails meant to protect sensitive data from misuse.
Before DOGE launched, most of the records at issue were kept in the hands of a select few officials to preserve privacy and avoid crossing legal red lines. Now Musk’s group is seeking often unfettered access, citing suspicion of fraud and waste. In addition to concerns about exposing private information, some critics fear handing all the data to DOGE could enable bad actors to leak sensitive information to compromise political adversaries, act on personal vendettas or stir up online mobs against opponents.
This article is based on interviews with more than a dozen current or former government employees and officials with knowledge of government databases and systems, many of whom spoke on the condition of anonymity for fear of retribution.
Representatives for the White House did not return multiple requests for comment.
Musk presides over DOGE from a command center in a room of the old Secretary of War’s suite in the Eisenhower Executive Office Building, where rainbow-colored lights emanate from the tower and keyboard of the powerful gaming computer he uses to conduct government business. A “Make America Great Again” hat and a placard reading “D.O.G.E.” sit on a large wooden desk, and cords snake across the carpet into a surge protector.
Within the White House complex, the WiFi permissions — meant to bolster security by prompting users to log in frequently — were recently changed to allow guests to remain logged in for a year, up from seven days, because so many personal devices are newly in use.
Already, DOGE associates have been granted access to sensitive material, having targeted federal payment portals and other massive datasets on government expenditures. That included Treasury payment systems, which green-light federal dollars headed out of government accounts, and highly guarded systems at the IRS and Social Security Administration, which include detailed financial and medical information.
Last week, the lead engineer for a government text-messaging service resigned over a DOGE ally’s request for access to data including personal identifying information about many Americans. On Tuesday, 21 staffers of the U.S. DOGE Service, the entity formed as the U.S. Digital Service under President Barack Obama and renamed in Trump’s Day 1 executive order establishing DOGE, announced their resignations in protest. The group — consisting of engineers, designers, product managers and IT and operations staff — said they had been subjected to questions about “political loyalty” as part of a DOGE interview process that introduced “significant security risks.” DOGE’s actions, they wrote, have included “mishandling sensitive data” and “breaking critical systems” in ways that are incompatible with the original USDS mission."
“We will not use our skills as technologists to compromise core government systems, jeopardize Americans’ sensitive data, or dismantle critical public services,” the departing staffers said in the letter, written on official letterhead and addressed to White House Chief of Staff Susie Wiles. "We will not lend our expertise to carry out or legitimize DOGE’s actions.”
Among its initial actions, DOGE has posted classified information on its website, sharing the budget and staffing level of the National Reconnaissance Office spy agency.
Just allowing Musk and his team to see some records isn’t illegal. Because they’re designated as “special government employees” and many are senior advisers at Cabinet agencies, they are entitled to much of the access they have sought, and some judges have declined to kick them out while hearing more evidence.
But they need a reasonable basis to peruse files and databases, experts said, and a procedure for ensuring precautions are followed. And the people with access must be vetted and trained, said Brad Moss, an attorney representing plaintiffs in one of more than a dozen lawsuits contesting DOGE’s handling of data.
Limiting entry to sensitive systems guards against any one federal worker gaining too much access, protecting both the data and the overall system, said Terry Lutes, who served as IRS associate chief information officer from 2003 to 2006. Lutes said even the most experienced employees are given only segments of access to the IRS’s Integrated Data Retrieval System, or IDRS.
DOGE sought access to that system last week, which would have provided the ability to see, and in some cases edit, detailed records — including bank accounts, payment balances, Social Security and other personal identification numbers and, in some instances, medical information — for virtually every individual, business and nonprofit in the country.
“If anybody actually understood how all these pieces work together, we’d have to shoot them. They’d be too dangerous,” Lutes said. “And I’m only halfway joking.”
Access to the IDRS, in particular, would pose a massive risk, Lutes said. Entry to the system is so protected “I would have fired anyone who tried to give me access.”
An agreement between the White House and the Treasury Department limited DOGE to anonymized data, the same visibility that some academic researchers get.
Concerns about how Musk’s team could use data stretch beyond the IRS and into other agencies that collect information that workers fear could be exploited.
One employee of the U.S. Digital Service, the Obama-era White House office that President Donald Trump re-designated the U.S. DOGE Service on his first day in office, started seeing his work differently once Musk took the reins.
The person, who was involved in a government program that includes a database of addresses, has been grappling with the implications of work he felt proud of — which he suddenly fears could be used to go after people for purposes such as immigration enforcement.
“Now I feel like a little bit of an enabler,” said the person, speaking on the condition of anonymity to discuss sensitive information. “I feel like I’ve been a part of creating a trap for people.”
Clashes over DOGE’s requests for access have also prompted resignations. At the Treasury Department, the highest-ranking career official left in late January after a dispute over access to payment systems. Earlier this month, the Social Security Administration’s acting commissioner departed after a disagreement over DOGE’s attempts to access sensitive data.
At the IRS, taxpayers whose information is wrongfully disclosed or even inspected are entitled by law to monetary damages. Social Security employees who violate privacy laws could face stiff fines and jail time.
DOGE could use protected personal information at Social Security — including the world’s largest repository of medical information — to search for improper payments, but it wouldn’t amount to much return on investment, according to former senior agency officials, who spoke on the condition of anonymity to discuss internal conversations.
For years, officials there have studied the threshold at which detecting improper payments becomes unprofitable. The agency has repeatedly explored building more robust systems to ferret out over- and underpayments, which accounted for 0.3 percent of the more than $1.3 trillion in payments in the 2024 fiscal year, adding up to roughly $4 billion, according to federal data. But it could cost more than that to track all the money down, the former officials said.
The prospect of highly protected information being misused is alarming some people outside government.
Kristofer Goldsmith, an Iraq War veteran who tracks and reports violent right-wing extremists, said he has grown worried for his safety since learning that some of the DOGE members had frequented internet groups popular with criminal hackers or espoused extremist views.
After letting his guard down, he said, he has gone back to wearing a gun in his own home.
“I’m very concerned that the entire federal government is being compromised by people who want to target, harass and maybe even kill me,” Goldsmith said. He is a plaintiff in a lawsuit over DOGE’s access to personal records that led to a temporary restraining order Monday against the government.
Researchers have raised red flags about some of DOGE’s team. They include Edward Coristine, a 19-year-old former Musk company intern who posted in channels associated with the Com, a loose network including many young criminals. An online handle he used once solicited an illegal denial-of-service attack. Coristine now has an email address at the Cybersecurity and Infrastructure Security Agency, which is in charge of defending federal agencies and essential private industries from cyberattacks. Coristine didn’t respond to emailed requests for comment.
Another DOGE worker, Gavin Kliger, who sought access to records at the IRS, has retweeted white nationalist Nick Fuentes and written of being inspired by media criticism from a Holocaust denier. “I am Jewish and any insinuation of support for ‘white nationalism’ or ‘anti-semitism’ is false and defamatory,” Kliger told The Washington Post.
Musk has a track record of violating privacy norms. When he took over X, then known as Twitter, his deputies publicly posted some private communications of former employees, alleging that they were proof of a liberal censorship conspiracy inside Twitter.
A group of FBI agents who investigated the Jan. 6, 2021, attack on the Capitol has also sued, arguing that government records showing what they did in those cases could be used for harassment.
Moss, their attorney, is trying to stop further dissemination of their names, arguing that any list being compiled would be not to probe wrongdoing but “to dox and expose the identities of federal officials, which would ordinarily be respected.”
Moss and others say sweeping Washington agencies for data runs afoul of the Privacy Act, the Watergate-era reform law that limits what officials can do with information on Americans, not just federal workers.
Searching for fraud, waste and abuse, as well as trying to develop more efficient government systems, could be valid reasons for DOGE to access the data, several lawyers opposing DOGE say. Feeding data into artificial intelligence programs, which The Post and others have reported the Education Department is doing, and is suspected by employees elsewhere, may also be legal if the move involves closely guarded, in-house programs.
But such actions increase the chances of inappropriate access, intentional or not, said Alan Butler, executive director of the Electronic Privacy Information Center, a nonprofit based in D.C. that advocates for privacy protections.
“It’s pretty clear they want to use matching type systems to find payments they claim are fraudulent, and matching against datasets or key terms would be anathema to the Privacy Act if done on a whim or without limits,” said Butler, whose group is suing DOGE and the Office of Personnel Management claiming privacy and data security violations on behalf of itself and an unnamed federal employee.
No comments:
Post a Comment