Lambert here: Worth reading in full.
Starting in late January, DOGE personnel gained extensive access to government systems containing Americans’ sensitive personal data [1]. For example, at the Treasury Department they obtained access to payment systems that process trillions of dollars in government transactions. DOGE employees gained both “read” and, in at least one case, temporary “edit” access as well [2]. This means that they were able to both see and alter the data. At the Consumer Financial Protection Bureau, DOGE employees gained “read access” to sensitive financial data [3]. DOGE also gained access to health information, social security numbers, military records, and more from the Center for Medicare and Medicaid Services and from Veterans Affairs. DOGE accessed data [4] at many other major agencies including the Office of Personnel Management and Departments of Commerce, Education, Energy, Labor, Health and Human Services, and Transportation. (This period is discussed in more detail in Appendix A, “Understanding DOGE and Your Data.”)
Since January, DOGE has transformed from an agency to a more integrated program across agencies as many DOGE personnel and affiliates have moved into official roles within the government. In this new capacity, DOGE affiliates (who are no longer constrained in their data access by court orders or inter-agency agreements) have become widely embedded across agencies including Office of Personnel Management, the General Services Administration, Treasury, Health and Human Services, and many more.
At these organizations, they are overseeing a transformation of data practices that follows a common “DOGE approach” with 4 distinguishing features:
1. Data consolidation: Exfiltrating and connecting the massive US databases to create a single pool of data that covers all people in the United States. This has long been a goal among some tech leaders: in fact, Oracle started as a CIA project, and aimed to create a database covering everyone in the US. Toward this end, DOGE affiliates are working to connect databases across many agencies, including highly sensitive data sets like IRS taxpayer returns which have been kept separate to encourage trust and tax compliance among the public.
2. Reduced security protocols: DOGE affiliates have consistently removed access controls and audit logs, created unmonitored copies of data, exposed highly sensitive data to cloud-hosted tools, sought maximally permissive data access waivers, and omitted previously required security protocols for vetting staff.
3. AI training and processing: Processing this data with AI tools, which exposes data outside carefully monitored environments.
4. Outsourcing: Transferring control over data access to private companies, especially Palantir.
DOGE’s approach is making the risks of weaponization more real and the potential impacts more devastating.
Pooled sensitive data with weak cybersecurity protections creates significant risks to elected officials, national security, and the public as a whole. Some of the most serious risks come from the potential for access to this data because it can be more easily attained by both criminals and nation states. By combining vast amounts of data, and bypassing or disabling industry standard security protocols, DOGE affiliates have started to amass an irresistibly tempting honeypot for adversaries who want leverage over them.
In a castle or an office building, one way to prevent access by thieves is to include multiple layers of access controls: key cards, keys, pass codes, a security guard, and more. This is known as defense in depth. As discussed above, DOGE and its affiliates have avoided many components of access control.
But another key component of cybersecurity is compartmentalization: once inside the metaphorical building, each person’s key only opens their own office. This limits the downside risk of any given breach. DOGE has been focused on combining data sets to create individual level profiles of each person in the United States. Instead of stocking each person’s metaphorical office with only the data they need, they propose to combine all the data rooms into a single large space which many government agencies can access. After consolidation, stealing credentials (an office key) doesn’t merely give access to one person’s office, but to the entire stash. This creates an incredibly tempting target with many access points for any adversary. Any leaked or compromised data accessed by American adversaries can help adversarial actors identify people who may be able to offer them increased access. As the government increases its engagement with companies like Palantir, both federal agencies and those companies in turn become targets. In the meantime, opportunities for control and harassment by this administration or by future administrations are unprecedented, especially since the increase in AI capabilities allows vast amounts of data to be processed in real time.
Because DOGE and its affiliates have bypassed standard security practices, there is almost no way to do an audit on what data was copied or who has it. That ship has sailed.
Add new comment