Letter From Ranking Member Gerald E. Connolly, Committee on Oversight and Government Reform

By lambert
Headline
Letter from Ranking Member Gerald E. Connolly, Committee on Oversight and Government
Reform
URL
https://oversightdemocrats.house.gov/sites/evo-subsites/democrats-oversight.hou…
URL (Archive)
https://archive.is/4ykQa
Pubdate
One-liner
"Information obtained by the Committee, however, indicates that DOGE is carrying out its work in a manner that disregards important cybersecurity and privacy considerations, potentially in violation of the law."
Timeline
DOGE
Document Type
Legislative Document
Venue
House Committee on Oversight and Government Reform (Venue)
Byline
Gerald Connolly
Report Excerpt

The Committee has also received reports about troubling, fumbling efforts by DOGE to combine sensitive information held by SSA, the IRS, HHS, and other agencies into a single cross-agency master database. Improving how federal agencies share data to improve outcomes and customer service is a longstanding and bipartisan goal in Congress. Information obtained by the Committee, however, indicates that DOGE is carrying out its work in a manner that disregards important cybersecurity and privacy considerations, potentially in violation of the law.

In an apparent attempt to sidestep network security controls, the Committee has learned that DOGE engineers have tried to create specialized computers for themselves that simultaneously give full access to networks and databases across different agencies.17 Such a system would pose unprecedented operational security risks and undermine the zero-trust cybersecurity architecture that prevents a breach at one agency from spreading across the government.18 Information obtained by the Committee also indicates that individuals associated with DOGE have assembled backpacks full of laptops, each with access to different agency systems, that DOGE staff is using to combine databases that are currently maintained separately by multiple federal agencies.19

Federal law places limits on how data collected by one federal agency can be shared with another. Under the Privacy Act [here], federal agencies must obtain written consent from individuals before disclosing certain data collected by them to another federal agency.20 There are limited exceptions under which individually identifiable data may be transferred to another agency without prior written consent, and these exceptions typically require the releasing agency to publish and document this disclosure in the Federal Register or the requesting agency to submit a written request for the relevant records.21 I am concerned that DOGE is moving personal information across agencies without the notification required under the Privacy Act or related laws, such that the American people are wholly unaware their data is being manipulated in this way.

Kicker
Data Exfiltration
Legislation (Federal)
The Privacy Act of 1974
People
Gerald Connolly
Government Entity
Department of Health and Human Services
Internal Revenue Service
Social Security Administration
Tags
sternly worded letter

Add new comment

About text formats
You have the option to tag the comment. When you start typing in the "Comment Tags" field, a dropdown with existing tags will appear; use these if possible. You can create tags that do not appear in the dropdown, but please remember that this is a family blog.