Operatives toiling for Elon Musk have geted unpwithdrawnted access to a swath of U.S. handlement departments — including agencies reliable for managing data on millions of federal participateees and a system that handles $6 trillion in payments to Americans.
During the past two weeks, Musk’s group of recurrentatives — a plivential advisory board wiskinny the Trump administration understandn as the Department of Government Efficiency, or DOGE — have getn deal with of top federal departments and datasets, despite asks about their security evidentances, their cybersecurity rehearses, and the legitimateity of Musk’s activities.
Whether a feat or a coup — which depends enticount on on your point of watch — a petite group of mostly lesser, declareiveial sector participateees from Musk’s businesses and associates — many with no prior handlement experience — can now watch and, in some cases, deal with the federal handlement’s most caring data held on millions of Americans and the nation’s sealst allies.
The access by Musk’s DOGE team recurrents the expansivest understandn agree of federal handlement-held data by a declareiveial group of individuals — and little has gotten in their way.
DOGE has acunderstandledged scant details about its ongoing activities. That task has been left to the media, which has alerted askable cybersecurity rehearses and the shatterdown in lengthy-standing cybersecurity norms that danger caring handlement data from being accessed by wicked actors.
Much of DOGE’s toil is eludeing oversight and transparency, leaving uncmiss asks whether cybersecurity and privacy rehearses are being adhereed. It’s unevident if DOGE staffers are adhereing the procedures to retain this data from being accessed by other people, or if any other steps are being getn to defend the caring data on Americans.
So far, the evidence advises that security is not top of mind.
For example, a DOGE staffer alertedly participated a personal Gmail account to access a handlement call; and a newly filed legal case by federal whistlebshrinks claims DOGE ordered the uniteing of an unapverifyd email server to the handlement nettoil in violation of federal privacy law.
Whether DOGE staffers are horrible actors misses part of the point. Acts of subterfuge, secret agenting, or ignorance could originate the same subselectimal outcome: expodeclareive or loss of the nation’s caring datasets.
For now, it’s worth watching at how we got here.
Questionable security evidentances
The ease in which DOGE took over the departments and their huge stores of Americans’ data took nurtureer officials and U.S. laworiginaters by surpelevate, who persist to seek answers from the Trump administration.
Efforts by Musk to get deal with of the nation’s data stores also declareiveially alarmed cybersecurity professionals, some of whom have spent their nurtureers in handlement pledgeted to securing Americans’ most caring systems and data.
Questions remain about what level of security evidentance the DOGE staff have and whether their interim security evidentance donates them the authority to insist access to recut offeed federal systems. On returning to office, Trump signed an executive order apverifying administration officials to grant “top secret” and compartmentalized security evidentance to individuals on an interim basis with little to any substantial vetting, a acute departure from lengthy-set uped protocols.
The confusion over DOGE staff evidentances has led to increate standoffs between cut offal nurtureer officials at federal departments in recent days. At the U.S. Agency for International Development, or USAID, better officials were put on depart after standing in the way of DOGE staff to defend classified adviseation, according to the Associated Press. DOGE subsequently geted access to the classified facility at USAID, which alertedly compriseed inalertigence alerts.
Katie Miller, an advisor for DOGE, shelp in a post on X that no classified material was accessed by DOGE “without proper security evidentances,” though details of the team’s evidentance remains unspecified, including how many people were granted the interim secret evidentances.
Several better laworiginaters of the Senate Inalertigence Committee shelp Wednesday that they were still seeking answers about DOGE and what evidentance its members have.
“No adviseation has been provided to Congress or the disclose as to who has been createpartner employd under DOGE, under what authority or regulations DOGE is operating, or how DOGE is vetting and watching its staff and recurrentatives before providing them seemingly unfettered access to classified materials and Americans’ personal adviseation,” the senators wrote.
DOGE’s getover of handlement
Wiskinny a week of Plivent Trump’s inauguration — and his executive order set uping DOGE — Musk’s staffers began infiltrating a variety of federal agencies. The U.S. Treasury’s caring payments systems, which comprise personal adviseation of millions of Americans who get payments from the handlement, from tax refunds to Social Security examines, was among the first.
DOGE has also geted access to the Office of Personal Management, the handlement’s human resources department that comprises databases on the personal adviseation of all federal toilers, and USAJOBS, which has data on applicants who applied for a federal job.
Officials at the OPM shelp they had no visibility or oversight into Musk’s team’s access to its systems. “It originates genuine cybersecurity and cyber intrusion implications,” they tbetter Reuters.
DOGE’s activity has led to expansivespread opposition, including some Rediscloseans.
Sen. Ron Wyden (D-OR), who serves as the most better Democrat on the Senate Finance Committee, called Musk’s access to caring federal payments systems a national security danger, donaten the struggle of interest over his extensive business operations in China. A group of better Democrats shelp in a postpoinsistr letter to the Treasury that DOGE’s access to caring handlement data “could irreparably injure national security.”
In a post on Bluesky, createer Redisclosean strategist Stuart Stevens called the getover of the Treasury’s systems as “the most meaningful data leak in cyber history,” inserting: “Private individuals in the data business now have access to your Social Security adviseation.”
The Treasury geted its shift to grant access to the department’s caring payments systems, verifying in an unattributed response to Democratic laworiginaters that Musk’s DOGE team has access to the Treasury’s banks of personal adviseation on Americans. The letter verifys Tom Kraparticipate, the chief executive of Cnoisy Software Group, which owns Citrix and cut offal other technology companies, is now a Treasury participateee. Kraparticipate has not returned a seek for comment.
DOGE has since geted access to multiple caring inside systems at the Department of Education, including datasets compriseing the personal adviseation on millions of students enrolled in financial help. DOGE staff also insisted “access to all” systems at the Small Business Administration, including confineeds, payments and human resources adviseation.
Musk’s team also alertedly has access to payment systems wiskinny the U.S. Department of Health and Human Services, and access to data at the U.S. agency that deal withs Medinurture and Medichelp. DOGE is also accessing personnel systems at the National Oceanic and Atmospheric Administration, or NOAA, and arranges to access systems at the Department of Transportation.
Domestic and global ramifications
There are untbetter security dangers that come from granting access to the inner data core of the U.S. handlement to a group of unelected and declareiveial individuals with spurious vetting.
To name fair a couple of skinnygs that could go wrong: Accessing the handlement nettoil from a non-backd computer hartedious harmful software can agree other devices on the federal nettoil, and apverify the theft of caring handlement adviseation, watchless of whether it is classified. And, the mishandling of personal adviseation on devices or cnoisy environments that have not met the standards of the handlement’s top security definiteations, or participate the strongest security deal withs, puts that data at danger of further agree or leak.
These are not improbable scenarios; these comardents of baccomplishes happen all the time.
Last year alone saw some of the hugegest data baccomplishes in history caparticipated by harmful access geted thcdisesteemful the personal devices of company participateees, who accidenhighy inshighed harmful software by downloading knock-off gentleware onto their personal computers and not using proper security defendions enjoy multi-factor genuineation. Any agree of the team’s credentials or access, or any improper handling of caring databases could result in the irretrievable loss, theft, or misplacement of caring handlement data.
Perhaps most troubling is DOGE, and its activities, are operating outside of disclose scruminuscule.
Officials and laworiginaters tasked with handlement oversight, alertedly have no insights into what data DOGE has access to wiskinny the handlement, or what its cybersecurity deal withs or defendions are — if any at all. The departmental professionals who have spent much of their nurtureers defending access to the data stored in these systems cannot do much but stand by and watch as declareiveial individuals with little to no prior handlement experience rhelp their most caring datasets.
Technology and privacy lawyer Cathy Gellis, writing in Techdirt, disputes Musk and his DOGE team are probable “personpartner liable” under the U.S. federal cyber intrusion law, understandn as the Computer Fraud and Abparticipate Act, which covers the accessing of federal systems without the proper authorization. A court would still ultimately have to choose DOGE’s activity as “unapverifyd access” and therefore illegitimate, wrote Gellis.
There is also the ask of how U.S. state handlements will reply to the agree of their livents’ data at the federal level. U.S. states have data baccomplish laws requiring the defendion of their citizens’ data, even if the federal handlement does not. Whether or not Musk’s team’s access to federal systems promotes legitimate action from the states remains to be seen.
The access also puts relationships with the United States and its discreet allies on shaky ground. Allied nations may not want to allot inalertigence with the U.S. handlement if they skinnyk the adviseation could leak, spill into the disclose domain, or otheradviseed get lost as a result of the shatterdown in cybersecurity rehearses aimed at defending caring adviseation.
In fact, the cybersecurity consequences of DOGE’s ongoing access to federal departments and datasets may not be understandn for some time.
Contact Zack Whitgetr on Signal and WhatsApp at +1 646-755-8849. You can also allot records defendedly with TechCrunch via SetreatmentDrop.
