The access by Musk’s DOGE team represents the widest-known compromise of federal government-held data by a private group of individuals — and little has gotten in their way.
Much of DOGE’s work is avoiding oversight and transparency, leaving open questions around whether cybersecurity and privacy practices are being followed. It’s unclear whether DOGE staffers are following the procedures to keep this data from being accessed by other people, or if any other steps are being taken to protect the sensitive data on Americans.
So far, the evidence suggests that security is not top of mind.
For example, a DOGE staffer reportedly used a personal Gmail account to access a government call, and a newly filed lawsuit by federal whistleblowers claims DOGE ordered an unauthorized email server to be connected to the government network, which violates federal privacy law. DOGE staffers are also said to be feeding sensitive data from at least one government department into AI software.
Whether DOGE staffers are bad actors misses part of the point. Acts of subterfuge, espionage, or ignorance could produce the same suboptimal outcome: exposure or loss of the nation’s sensitive datasets.
Questions remain about what level of security clearance the DOGE staff have and whether their interim security clearance gives them the authority to demand access to restricted federal systems. On returning to office, Trump signed an executive order allowing administration officials to grant “top secret” and compartmentalized security clearance to individuals on an interim basis with little to no substantial vetting, a sharp departure from long-established protocols.
There are untold security risks that come from granting access to the inner data core of the U.S. government to a group of unelected and private individuals with spurious vetting.
To name just a couple of things that could go wrong: Accessing the government network from a non-approved computer harboring malware can compromise other devices on the federal network and allow the theft of sensitive government information, regardless of whether it is classified. And the mishandling of personal information on devices or cloud environments that have not met the standards of the government’s top security specifications, or use the strongest security controls, puts that data at risk of further compromise or leak.
These are not unlikely scenarios; these kinds of breaches happen all the time.
The access also puts relationships with the United States and its diplomatic allies on shaky ground. Allied nations may not want to share intelligence with the U.S. government if they think the information could leak, spill into the public domain, or otherwise get lost as a result of the breakdown in cybersecurity practices aimed at protecting sensitive information.
In reality, the cybersecurity consequences of DOGE’s ongoing access to federal departments and datasets may not be known for some time.
Add new comment