Operatives working for Elon Musk have gained unprecedented entry to a swath of U.S. authorities departments — together with companies chargeable for managing information on hundreds of thousands of federal workers and a system that handles $6 trillion in funds to Individuals.
In the course of the first three weeks of Trump’s second administration, Musk’s group of representatives — a presidential advisory board often known as the Division of Authorities Effectivity, or DOGE — has taken management of high federal departments and datasets, regardless of questions on their safety clearances, their cybersecurity practices, and the legality of Musk’s actions.
Whether or not a feat or a coup (which relies upon totally in your viewpoint), a small group of mostly young, private-sector employees from Musk’s companies and associates — many with no prior authorities expertise — can now view and, in some instances, management the federal authorities’s most delicate information held on hundreds of thousands of Individuals and the nation’s closest allies.
The entry by Musk’s DOGE crew represents the widest-known compromise of federal government-held information by a non-public group of people — and little has gotten of their means.
DOGE has acknowledged few particulars about its ongoing actions. That activity has been left to the media, which has reported questionable cybersecurity practices and the breakdown in long-standing cybersecurity norms that danger delicate authorities information from being accessed by nefarious actors.
A lot of DOGE’s work is avoiding oversight and transparency, leaving open questions round whether or not cybersecurity and privateness practices are being adopted. It’s unclear whether or not DOGE staffers are following the procedures to maintain this information from being accessed by different individuals, or if another steps are being taken to guard the delicate information on Individuals.
To this point, the proof means that safety is just not high of thoughts.
For instance, a DOGE staffer reportedly used a personal Gmail account to access a government call, and a newly filed lawsuit by federal whistleblowers claims DOGE ordered an unauthorized e mail server to be related to the federal government community, which violates federal privateness regulation. DOGE staffers are additionally mentioned to be feeding delicate information from not less than one authorities division into AI software.
Whether or not DOGE staffers are unhealthy actors misses a part of the purpose. Acts of subterfuge, espionage, or ignorance might produce the identical suboptimal end result: publicity or lack of the nation’s delicate datasets.
For now, it’s price taking a look at how we obtained right here.
Questionable safety clearances
The convenience through which DOGE took over the departments and their huge shops of Individuals’ information took profession officers and U.S. lawmakers without warning, who proceed to hunt solutions from the Trump administration.
Musk’s efforts to take management of the nation’s information shops additionally privately alarmed cybersecurity professionals, a few of whom have spent their careers in authorities devoted to securing Individuals’ most delicate programs and information.
Questions stay about what stage of safety clearance the DOGE employees have and whether or not their interim safety clearance provides them the authority to demand entry to restricted federal programs. On returning to workplace, Trump signed an executive order permitting administration officers to grant “high secret” and compartmentalized safety clearance to people on an interim foundation with little to no substantial vetting, a pointy departure from long-established protocols.
The confusion over DOGE employees clearances has led to transient standoffs between a number of profession officers at federal departments in current days. On the U.S. Company for Worldwide Growth (USAID), senior officers had been placed on go away after standing in the best way of DOGE employees to guard categorised data, according to the Associated Press. DOGE subsequently gained entry to the categorised facility at USAID, which reportedly contained intelligence stories.
Katie Miller, an adviser for DOGE, mentioned in a post on X that no categorised materials was accessed by DOGE “with out correct safety clearances,” although particulars of the crew’s clearance remains unspecified, together with how many individuals had been granted the interim secret clearances.
A number of senior lawmakers of the Senate Select Committee on Intelligence mentioned Wednesday that they had been nonetheless searching for solutions about DOGE and what clearance its members have.
“No data has been supplied to Congress or the general public as to who has been formally employed underneath DOGE, underneath what authority or rules DOGE is working, or how DOGE is vetting and monitoring its employees and representatives earlier than offering them seemingly unfettered entry to categorised supplies and Individuals’ private data,” the senators wrote.
DOGE’s takeover of the federal authorities
Inside per week of President Trump’s inauguration — and his executive order establishing DOGE — Musk’s staffers started infiltrating quite a lot of federal companies. The U.S. Treasury’s delicate funds programs, which include private data of hundreds of thousands of Individuals who obtain funds from the federal government, from tax refunds to Social Safety checks, was among the many first.
DOGE has additionally gained access to the Workplace of Personnel Administration, the federal government’s human sources division that features databases on the non-public data of all federal employees, and USAJOBS, which has data on candidates who utilized for a federal job.
Officers on the OPM mentioned they’d no visibility or oversight into Musk’s crew’s entry to its programs. “It creates actual cybersecurity and hacking implications,” they instructed Reuters.
DOGE’s exercise has led to widespread opposition, together with from some Republicans.
Senator Ron Wyden (D-OR), who serves as essentially the most senior Democrat on the Senate Finance Committee, referred to as Musk’s entry to delicate federal funds programs a nationwide safety danger, given the battle of curiosity over his in depth enterprise operations in China. A bunch of senior Democrats later mentioned in a letter to the Treasury that DOGE’s entry to delicate authorities information “might irreparably injury nationwide safety.”
In a put up on Bluesky, former Republican strategist Stuart Stevens called the takeover of the Treasury’s programs “essentially the most important information leak in cyber historical past,” including: “Non-public people within the information enterprise now have entry to your Social Safety data.”
The Treasury defended its move to grant access to the department’s sensitive payments systems, confirming in an unattributed response to Democratic lawmakers that Musk’s DOGE crew has entry to the Treasury’s banks of private data on Individuals. Tom Krause, the chief govt of Cloud Software Group, which owns Citrix and several other different know-how firms, is now a senior Treasury worker serving as assistant secretary and has management over trillions of {dollars} in public funds.
DOGE has since gained entry to a number of delicate inside programs on the Division of Schooling, together with datasets containing the personal information on millions of students enrolled in financial aid. The Washington Publish stories that DOGE staffers fed sensitive employee and financial data from the division into an AI system to probe the company’s spending. DOGE employees additionally demanded “access to all” systems at the Small Business Administration, together with contracts, funds, and human sources data.
Musk’s crew also reportedly has access to cost programs throughout the U.S. Division of Well being and Human Companies, and access to data on the U.S. company that administers Medicare and Medicaid.
DOGE can also be accessing personnel systems on the Nationwide Oceanic and Atmospheric Administration (NOAA) and plans to access aviation systems on the Federal Aviation Administration after Transportation Secretary Sean Duffy granted DOGE access. Musk mentioned in a post on X that DOGE plans to “make speedy security upgrades to the air site visitors management system,” with out offering specifics.
Later, DOGE gained access to the Division of Power’s IT programs, regardless of reported considerations by officers on the lack of a typical background examine on a DOGE staffer. Musk’s staffers additionally reportedly have read-only access to data throughout the federal client watchdog, the Shopper Monetary Safety Bureau.
Home and world ramifications
There are untold safety dangers that come from granting entry to the interior information core of the U.S. authorities to a gaggle of unelected and personal people with spurious vetting.
To call simply a few issues that might go incorrect: Accessing the federal government community from a non-approved pc harboring malware can compromise different gadgets on the federal community and permit the theft of delicate authorities data, no matter whether or not it’s categorised. And the mishandling of private data on gadgets or cloud environments that haven’t met the requirements of the federal government’s high safety specs, or use the strongest safety controls, places that information susceptible to additional compromise or leak.
These will not be unlikely eventualities; these sorts of breaches occur on a regular basis.
Final 12 months alone noticed a few of the largest information breaches in historical past brought on by malicious entry gained by the non-public gadgets of firm workers, who by chance put in malware by downloading knock-off software program onto their private computer systems and never utilizing correct safety protections like multi-factor authentication. Any compromise of the crew’s credentials or entry, or any improper dealing with of delicate databases might consequence within the irretrievable loss, theft, or misplacement of delicate authorities information.
Maybe most troubling is DOGE, and its actions, are working exterior of public scrutiny.
Officers and lawmakers tasked with authorities oversight reportedly don’t have any perception into what information DOGE has entry to throughout the authorities or what its cybersecurity controls or protections are — if any in any respect. The departmental professionals who’ve spent a lot of their careers defending entry to the info saved in these programs can not do a lot however stand by and watch as non-public people with little to no prior authorities expertise raid their most delicate datasets.
Know-how and privateness lawyer Cathy Gellis, writing in Techdirt, argues Musk and his DOGE crew are doubtless “personally liable” underneath the U.S. federal hacking regulation, often known as the Pc Fraud and Abuse Act, which covers the accessing of federal programs with out the right authorization. A courtroom would nonetheless finally have to find out DOGE’s exercise as “unauthorized entry” and due to this fact unlawful, wrote Gellis.
There may be additionally the query of how U.S. state governments will reply to the compromise of their residents’ information on the federal stage. U.S. states have information breach legal guidelines requiring the safety of their residents’ information, even when the federal authorities doesn’t. A coalition of greater than a dozen Democratic state attorneys normal mentioned they’ll file a lawsuit to dam DOGE accessing delicate federal authorities cost programs containing private information on Individuals, with out offering a timeline.
The entry additionally places relationships with the US and its diplomatic allies on shaky floor. Allied nations may not want to share intelligence with the U.S. government in the event that they suppose the data might leak, spill into the general public area, or in any other case get misplaced on account of the breakdown in cybersecurity practices geared toward defending delicate data.
In actuality, the cybersecurity penalties of DOGE’s ongoing entry to federal departments and datasets is probably not recognized for a while.
Contact Zack Whittaker on Sign and WhatsApp at +1 646-755-8849. You too can share paperwork securely with TechCrunch by way of SecureDrop.
First printed on February 5, 2025.