I. Clarification Regarding Timeframe of Compliance with TRO.
Lambert here: “Clarification” is doing more work than a simple noun should be expected to do.
On March 24, 2025, SSA submitted a declaration executed by then-Commissioner Dudek to accompany Defendants’ Status Report and Certification of Compliance with the Court’s March 20, 2025, TRO. ECF 56, 56-1. Mr. Dudek stated in his Declaration: “As of Monday, March 24, 2025, SSA revoked all SSA DOGE Team members’ access to SSA systems containing personally identifiable information (PII) or systems of record[.]” ECF 56-1 ¶ 4 (footnote omitted). SSA believed that statement to be accurate at the time it was made. SSA has now determined that, during the morning (Eastern Time) of Monday, March 24, 2025, one member of the then-SSA DOGE Team ran PII searches on SSA’s copy of the Numident (SSA System of Records Notice 60-0058)…
Lambert here: Wait. “SSA’s copy?” So there are other copies running around?
…. within the Enterprise Data Warehouse (“EDW”), with the last search occurring on or about 9:30am ET. DOGE Team members’ access to all PII within SSA systems was terminated on or about Noon that same day on March 24, 2025, before the filing of the declaration at ECF 56.
II. DOGE Team Member’s Possible Transmission of SSA PII to U.S. DOGE Temporary Organization Employee.
Mr. Dudek’s March 24, 2025, declaration also stated that: “The DOGE Defendants have never had access to SSA systems of record.” ECF 56-1 ¶ 4. SSA believed that statement to be accurate at the time it was made, and SSA believes it to be accurate today. However, SSA has determined that on March 3, 2025—three weeks prior to entry of the TRO—an SSA DOGE Team member copied Mr. Steve Davis, who was then a senior advisor to Defendant U.S. DOGE Temporary Organization, as well as a DOGE-affiliated employee at the Department of Labor (“DOL”), on an email to Department of Homeland Security (“DHS”). The email attached an encrypted and password-protected file that SSA believes contained SSA data. Despite ongoing efforts by SSA’s Chief Information Office, …
Lambert here: That would be DOGE-affiliated Aram Moghaddassi, CIO (Core Business Functions), and DOGE-affiliated Michael Russo, CIO (Technology and Customer Products).
… SSA has been unable to access the file to determine exactly what it contained. From the explanation of the attached file in the email body and based on what SSA had approved to be released to DHS, SSA believes that the encrypted attachment contained PII derived from SSA systems of record, including names and addresses of approximately 1,000 people. It is unclear if the password to access the file was shared with Mr. Davis or the DOL DOGE employee.
IV. Systems of Record to Which SSA DOGE Team Members Had Access.
SSA has now determined that the following additional systems access was in effect as of March 12, 2025, but terminated on or before March 24, 2025….
a. Three DOGE Team members were granted access to a system containing SSA employee records for agency personnel for workforce initiatives.
b. Two DOGE Team members were granted access to a system containing personnel access information to ensure terminated employees were unable to badge into the building or to access IT systems with their PIVs.
c. Six DOGE Team members were granted access to shared workspace that would have allowed DOGE Team members to share data to which the employees had separately been granted access for fraud or analytics reviews.
d. Two DOGE Team members had access to a data visualization tool that could connect to other data sources, which could provide access to PII.
e. Two DOGE Team members had access to additional EDW schemas beyond those reported as of March 12, 2025.
V. Scope of SSA DOGE Team’s Work.
Also in his March 12 declaration, Mr. Russo attested that, “[t]he overall goal of the work performed by SSA’s DOGE Team is to detect fraud, waste and abuse in SSA programs and to provide recommendations for action to the Acting Commissioner of SSA, the SSA Office of the Inspector General, and the Executive Office of the President.” ECF 36-1 ¶ 5; see also, e.g., id. ¶¶ 7(d), 7(e), 8–14. Further, in Defendants’ TRO Opposition (ECF 36), Defendants argued that the SSA DOGE Team had a need to access SSA records because “the DOGE Team exists under Executive Order 14,158 to modernize technology and to ‘maximize efficiency and productivity’” within SSA. SSA believed those statements to be accurate at the time they were made, and they are largely still accurate.
Lambert here: Oh? What does “largely” mean?
However, SSA determined in its recent review that in March 2025, a political advocacy group contacted two members of SSA’s DOGE Team with a request to analyze state voter rolls that the advocacy group had acquired. The advocacy group’s stated aim was to find evidence of voter fraud and to overturn election results in certain States.
In connection with these communications, one of the DOGE team members signed a “Voter Data Agreement,” in his capacity as an SSA employee, with the advocacy group. He sent the executed agreement to the advocacy group on March 24, 2025.
Lambert here: “[I]n his capacity as an SSA employee”…. March is early for DOGE to have started metastasizing into the civil service, so I wonder who this was.
VI. Noncompliance with SSA Security Policies.
However, SSA has learned that, beginning March 7, 2025, and continuing until March 17 (approximately one week before the TRO was entered), members of SSA’s DOGE Team were using links to share data through the third-party server “Cloudflare.” Cloudflare is not approved for storing SSA data and when used in this manner is outside SSA’s security protocols. SSA did not know, until its recent review, that DOGE Team members were using Cloudflare during this period. Because Cloudflare is a third-party entity, SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server.
A review of the SSA DOGE Team’s actions is ongoing.
Lambert here: Indeed!
Add new comment