DOGE and its handling of federal data - Click Here

Summary6 min read

Click Here Podcast Episode: "DOGE and Its Handling of Federal Data"

Release Date: May 13, 2025
Host: Dina Temple Rastin
Collaborator: Jen White, Host of 1A (NPR and WAMU)
Episode Focus: Examination of the Department of Government Efficiency (DOGE) and its impact on federal data handling, privacy, and government operations.

1. Introduction to DOGE and Its Mission

In the inaugural episode of the Cyber Mondays series, host Dina Temple Rastin delves into the controversial establishment of the Department of Government Efficiency (DOGE), spearheaded by Elon Musk following an executive order signed by President Trump in January. DOGE's primary mission, as outlined by the executive order, is to enhance government efficiency by granting "full and prompt access to all unclassified agency records, software systems, and IT systems" while adhering to "rigorous data protection standards" (00:58).

Notable Quote:

Jen White (01:25): "This is 1A. I'm Jen White. For the first installment of our new series, Cyber Monday, we're pulling back the curtain on DOGE and answering your questions about federal data privacy."

2. Data Privacy Concerns and Mismanagement

Despite the commitment to data protection, DOGE has raised significant alarms regarding privacy and data misuse. Dina Temple Rastin highlights that DOGE lacks the deliberative approach typically associated with robust data protection, leading to unauthorized data sharing and potential privacy breaches.

Key Points:

IRS and ICE Data Sharing: DOGE facilitated an agreement allowing the IRS to share tax information with Immigration and Customs Enforcement (ICE), undermining strict confidentiality rules traditionally safeguarding sensitive taxpayer data (03:14).

Notable Quote:

Dena (03:14): "Under this new setup, the sensitive information about undocumented immigrants, including their tax filings, could now be used to help DHS with, say, deportations."
Social Security Administration Access: Previously restricted to fewer than 50 individuals with stringent access protocols, DOGE expanded access to Social Security data, enabling not only viewing but also altering sensitive information without proper oversight (04:44).

Notable Quote:

Dina Temple Rastin (14:07): "A court found that not only had DOGE's young staffers been given that access, some were given that access before their background checks were even completed."

3. Technical Risks and System Vulnerabilities

DOGE's intervention in legacy federal systems, particularly those built on outdated programming languages like COBOL, has introduced significant technical risks. The lack of comprehensive understanding of these systems among DOGE staff has led to unauthorized code alterations, jeopardizing the stability and functionality of critical government services.

Key Points:

COBOL System Challenges: Government systems reliant on COBOL are fragile; minor code changes can cause widespread failures akin to a “Jenga” tower collapsing (07:36).

Notable Quote:

Dena (07:54): "This is why it's so important. If you change one little tiny piece of code, it's like a Jenga, right? You pull out one thing, the whole thing falls down."
CrowdStrike Incident: A minor code error during an update led to a nationwide outage affecting various sectors, including air traffic control, illustrating the potential catastrophic impact of DOGE's hasty modifications (07:48).

4. Impact on Federal Agencies and Personnel

DOGE's rapid restructuring has led to significant staff reductions and disruptions within federal agencies. The US Digital Service (USDS), once a cornerstone of federal technology support, experienced a mass exodus of skilled personnel, undermining its ability to maintain and repair essential government systems.

Key Points:

Mass Firings at USDS: DOGE's takeover resulted in over a third of USDS staff being dismissed, severely impacting the agency's operational capacity (19:01).

Notable Quote:

Unknown Speaker (19:56): "They did not fire the FAFSA team, but they fired lots of other teams that support the FAFSA, including, I think, they fired close to two thirds of the technology office."
FAFSA System Outage: Following the layoffs, the Free Application for Federal Student Aid (FAFSA) website experienced significant outages, affecting hundreds of users and highlighting the fragility introduced by DOGE's actions (19:50).

5. Legal and Constitutional Challenges

The episode underscores the legal ambiguities surrounding DOGE's authority and Elon Musk's role within the agency. Constitutional experts question the bypassing of established protocols and the absence of Congressional approval for DOGE's expansive powers.

Key Points:

Constitutional Authority: DOGE's classification as a "super agency" raises questions about its adherence to checks and balances, specifically regarding Congressional oversight and Senate confirmations for principal officers (33:10).

Notable Quote:

Elon Musk (31:29): "It's fundamental, I think, to so many of these lawsuits. What is this agency and who is the head of it?"
Scope of Authority: DOGE's actions extend beyond traditional auditing processes, with performance audits allegedly being conducted without the thorough, methodical approach required by governmental standards (23:00).

6. Future Implications and Ongoing Concerns

The consolidation of federal data under DOGE's control poses long-term threats to data security and privacy. Potential vulnerabilities include unauthorized data access and the possibility of data being exploited by foreign actors.

Key Points:

Dark Web Vulnerabilities: Although no significant data leaks have been reported yet, the established access pathways present opportunities for cybercriminals to exploit sensitive information (33:31).

Notable Quote:

Dena (33:31): "We have a lot of people who are in systems who didn't go through the same hoops that traditionally government workers do to get access to systems."
Whistleblower Potential: The episode anticipates an increase in whistleblowing as more individuals become aware of DOGE's internal practices, potentially leading to greater public scrutiny and accountability (34:55).

7. Conclusion and Ongoing Developments

As legal battles continue and DOGE's influence within federal agencies grows, the episode emphasizes the need for vigilant oversight and transparent auditing practices. The collaboration between Click Here and 1A aims to keep the public informed and engaged with these critical issues affecting national security and personal privacy.

Notable Quote:

Dena (35:51): "I think the data privacy part of it is the part that we really need to focus on now."

Key Takeaways:

DOGE's Unchecked Access: The Department of Government Efficiency has been granted extensive access to sensitive federal data with minimal oversight, leading to significant privacy and security concerns.
Technical Instability: Unauthorized changes to legacy systems pose risks of widespread outages and system failures, undermining essential government services.
Legal Ambiguities: The establishment and operational scope of DOGE raise constitutional questions regarding authority, oversight, and adherence to established governmental protocols.
Future Risks: Potential for increased data breaches and exploitation by foreign hackers exists due to the vulnerabilities introduced by DOGE's management of federal data systems.
Need for Transparency: Ongoing legal challenges and potential whistleblower revelations highlight the necessity for transparent and accountable practices within DOGE and affiliated federal agencies.

Additional Content: Listeners interested in further discussions on the constitutional implications of DOGE's actions and their personal data privacy can anticipate an upcoming segment featuring constitutional law expert Corey Bretscheider from Brown University.

Stay Informed: For those who missed the episode or wish to revisit specific discussions, the full episode is available on Click Here and various podcast platforms.

Note: Timestamps correspond to specific points in the transcript for reference.

Loading summary

Transcript143 lines

[00:03]
Dina Temple Rastin
From Recorded Future News and prx, this is Click Here.
[00:16]
Dena
Hey there, it's Dena.
[00:18]
Dina Temple Rastin
Last week I sat down with Jen White, the host of 1A. It's a daily news magazine from NPR and WAMU and, and we've been working with them on a series of five shows we call Cyber Mondays. Every Monday for five Mondays, we'll be on 1A for an hour, taking a deep dive into one of our Click Here episodes and then taking calls from listeners. And for the first installment, we focused on Elon Musk's so called Department of Government Efficiency, or doge, and we talked about how it's reshaping the federal government in ways that go way beyond the massive cuts you're hearing about in the news. Members of DOGE are quietly bringing together the data the government has been collecting.
[00:59]
Dena
On you and it's using it in.
[01:01]
Dina Temple Rastin
New ways that no one has before with very little oversight. And the effort has raised big questions about privacy and control and what exactly DOGE intends to do with all this information it's vacuuming up. We thought we'd give you a chance to listen to the show in case you missed it. So what follows is a condensed version. The first voice you'll hear is from Jen White, the host of 1A. Take a listen.
[01:26]
Jen White
This is 1A. I'm Jen White. For the first installment of our new series, Cyber Monday, we're pulling back the curtain on DOGE and answering your questions about federal data privacy. Who should be allowed to access Americans private information and for what reasons? How are doge's actions challenging legal protections around data privacy? Here to help us make sense of it all is Dina Temple Rastin. She's the host and managing editor of Click Here. Dina, it's always great to have you.
[01:52]
Dina Temple Rastin
Thank you so much.
[01:53]
Jen White
So in January, when President Trump created DOGE by executive order, he outlined that DOGE teams at each agency would have, quote, full and prompt access to all unclassified agency records, software systems and IT systems, end quote, and that it would also, quote, adhere to rigorous data protection standards. What's actually happening?
[02:14]
Dena
Well, it doesn't seem like they're focused on rigorous data protection standards. I mean, one of the things about data protection standards is that they're slow and they're deliberative. And if there are two things we know about doge, it's not slow and it's not particularly, particularly deliberative. And this is worrying people. You know, one of the biggest examples involves, for example, the IRS and ice. There have been all kinds of reporting about how DOGE has struck an agreement that allows the IRS tax information to be shared with Immigration and Customs Enforcement, or ice. Now think about that for a second. Think about what the IRS has that you would prefer people not know. How much you make, your Social Security number, all kinds of things about you. And having this be shared with ICE is a major shift. Normally, the IRS data is protected under pretty strict confidentiality rules. And under this new setup, the sensitive information about undocumented immigrants, including their tax filings, could now be used to help DHS with, say, deportations.
[03:15]
Jen White
And we should note that people in the country without legal status have been encouraged to pay taxes. And part of that agreement is that your private, your data privacy is, is, it's protected by the irs. So that's, there's a sort of a commitment made to people to encourage them to pay taxes with the understanding that that data will remain private. Now fewer than 50 people have access to the Social Security Administration's databases. What training is usually required to access this type of data? Who gets to see it?
[03:44]
Dena
It's not just training, but it's also how long you've been in the Social Security Administration. You have to sign up to get this information. You, you have to explain why you're getting the information. In the same way, you can't just go and search somebody's house. You need a warrant. You need a predicate for that warrant. It's the same thing when it comes to searching information in the Social Security Administration. So this is very worrisome. Also think about the kind of information that they have about you. How much checks if you're retired, what they're sending you, how much you're making. It's again, this idea. It's not just privacy. It's the stuff you hold dear that you had been told was going to keep sacred.
[04:24]
Jen White
In March, a federal judge in Maryland temporarily blocked DOGE from accessing the data of millions of union members in a lawsuit against the Office of Personnel Management, the Treasury Department, and Education Department. In a separate case in March, a US District Judge from Maryland blocked doge's access to Social Security data. Last month, the US Appeals Court ruling help upheld that block. Now, the Privacy act limits how the federal government can share personal information. It requires agencies to justify their access to that data. But what reasons, if any, has DOGE provided to justify needing access to this.
[04:58]
Dena
Information in all these cases? What we're hearing right now is this is all about trying to get undocumented workers and people who are here illegally out of the country. And this has been their single mission. When they talk about these kinds of information sharing operations, the problem is once you sort of open that door, do we know it's just going to stop at undocumented workers? And particularly this administration has shown a propensity to sort of target people who are or have disagreed with it or they're displeased with. So what stops them from making that next step once this sharing actually happens? I think that's the really big concern.
[05:39]
Jen White
We got this question from Scott in Ann Arbor, who writes, I read that according to a whistleblower, within hours of DOGE gaining access to NLRB computers, Russian hackers had their account passwords and were trying to log in and were only detected because they tried to do it directly from Russia. Could Russian hackers be piggybacking on Doge's access to other systems like Social Security and Medicare?
[06:00]
Dina Temple Rastin
Yes.
[06:00]
Dena
We've been reporting about this from the beginning, when DOGE first came in and started going into these different agencies. And we understand that in the beginning a lot of these DOGE people were using their own computers and they're changing code. We know there's been code that's been changed. That's scary too. So all of this basically provides an amazing portal for Chinese or Russian or Iranian or North Korean hackers who want precisely this kind of information.
[06:30]
Jen White
And when you talk about changing code, what's scary about that for the average American? What should we be concerned about?
[06:38]
Dena
So our systems within the government are very old. They were built a really long time ago. A lot of them were built on a computer language known as COBOL. And do you remember hearing all about the 150 year olds who were. Yes. Well, what they didn't know when they kept saying there was all this fraud in the Social Security administration, was that Cobol, when you have a blank field, it defaults to 150. So this was actually announced during the State of the Union address. And in fact, it wasn't fraud. It wasn't all these 150 year olds. It was a blank sort of little piece of information. So the reason why that's important is because basically they've been using duct tape and COBOL to keep all the systems together in government and to make them work. So if you change one little tiny piece of code, it's like a Jenga, right? You pull out one thing, the whole thing falls down. Now let me give you an example. This isn't a hypothetical. Do you remember the CrowdStrike problem? They sent out an update, the update had a little Tiny problem in the code. Very, very small. And it basically put everybody in a blue screen from airplanes to, you know, air traffic control, everything.
[07:49]
Jen White
I was traveling when that happened.
[07:51]
Dena
Yes. So you understand. So this is why it's so important.
[07:55]
Karen Meronsky Chapman
Code.
[07:55]
Dena
Typically, when you're going to change something, you have to go through a very rigorous process. You take it out of the system, you sort of play with it in what's called a sandbox to make sure it doesn't do something you weren't expecting. And as far as we know, none of that is going on.
[08:10]
Jen White
Well, it's not just Doge's access to federal data that's being called into question. The agency is also leading the effort to share information across government agencies in ways that we haven't seen before. And you mentioned sharing, for instance, IRS data with ice. What else are you seeing?
[08:26]
Dena
We're only seeing the beginning of this. That's the one that we know about because there was actually a memorandum of understanding between the two of them. What we don't know is if there are other agencies that have said, sure, come on in. We're not, you know, we trust you. We realize you're trying to find waste, fraud, and abuse, or at least that's what the intention is, allegedly. And so we don't know who has stood in the way of these other projects. And it's very possible that there are other memorandums of understanding that we don't know about yet. They haven't been very transparent.
[08:58]
Jen White
And so when we talk about longtime civil servants at places like the irs, people who maybe tried to block Doge's access because they had questions about the ethics of allowing this group to come in and access sensitive data. What's happened to those people who tried to stand in the way of Doge's actions?
[09:17]
Dena
We don't know for certain. We know that there are some people who have stood in the way in various agencies, and they suddenly get, you know, a fork in the road email. But even more than that, there are people who've been there forever who understand how the systems work. And because they didn't go in with the scalp, they went in with a chainsaw. Those people are gone, so they can't help.
[09:36]
Jen White
We're talking to Dina Temple Rast, and she's the host and managing editor of Click Here. It's a weekly cyber and tech news podcast from Recorded Future News. Coming up, the US Digital Service is a team of data scientists who fix government websites when they break. When we return, Click Here goes behind the scenes to explore what happened when DOGE staffers took over the agency. That's just ahead. This is one a.
[10:11]
Unknown
Most of our media are owned by a handful of tech billionaires, but there's one place that still operates like the Internet was never invented. On the new season of the divided dial from OnTheMedia, we're excited exploring shortwave radio where prayer and propaganda coexist with news and conspiracy theories and where an existential battle for the public airwaves is playing out right now. Listen to on the Media wherever you get your podcasts.
[10:43]
Dena
From.
[10:43]
Dina Temple Rastin
Recorded Future News, this is Click Here. Today on Click Here, we're bringing you an episode from our friends at 1A, a daily talk show from NPR and WAM. They had me on last week for a conversation about Doge and data privacy, and they featured a story we first brought you last month. Here's 1A host Jen White this is 1A.
[11:08]
Jen White
I'm Jen White. We're discussing Doge and data privacy with Dena Temple Rastin. She's the host and managing editor of Click Here. That's a weekly cyber and tech news podcast from Recorded Future News. Recently, Click Here spoke with a former employee at the US Digital Service after DOGE swept through the agency and brought a host of data privacy concerns along with it.
[11:29]
Dina Temple Rastin
When President Trump signed the executive order.
[11:31]
Dena
Creating something called doge, it made headlines.
[11:34]
Dina Temple Rastin
Really big ones. But buried deep in the fine print was something hardly anyone noticed. It didn't actually create a new agency. It just took an old one, the United States Digital Service, and gave it a new name, doge.
[11:50]
Unknown
I expected there to be a doge. I expected DOGE to want to work with us. I did not expect DOGE to co opt us.
[12:00]
Dina Temple Rastin
The truth is, when Karen Moronsky Chapman first heard whispers about a new Department of Government efficiency, she didn't recoil. She actually leaned in because she'd seen the problems up close. The broken workflows, the patchwork of systems, efficiency. It sounded refreshing, even necessary. The day after the inauguration, Karen and her colleagues were summoned one by one, pulled into a room where a Doge administrator sat waiting. And then came the questions.
[12:36]
Unknown
What makes you exceptional? What are you the best in the world at? What's something exceptional you've done here? Who are the exceptional people at usds? And then the very last question was, what do you think of doge? I said something about like, I can get behind efficiency. And then I was like, based on my experience in government, here are three areas you could focus on.
[12:59]
Dina Temple Rastin
After that, though, there was silence. No follow up, no directives, no Strategic planning. The only word they got about Doge's plans for the government's digital infrastructure, they got the way the rest of us did. Through all those headlines.
[13:19]
Jen White
Doge'S newest Diversity.
[13:22]
Dena
Equity and Inclusion at the Department of Education.
[13:25]
Dina Temple Rastin
DOJ is expected to make job cuts at the Department of Homeland Security.
[13:29]
Dena
And the federal appeals court cleared the way for DOGE to continue shutting down usaid. But I want, I don't want to.
[13:36]
Karen Meronsky Chapman
See this kind of death by a thousand cuts that we're witnessing now.
[13:43]
Dina Temple Rastin
Karen understood what was at stake, not in some abstract academic sense, but in a direct, real world way. If the news reports were accurate, and she had no reason to think they weren't, Doge wasn't just challenging policy. It was bypassing the protocols designed to protect the personal data of American citizens. And that, to Karen, was the real danger.
[14:07]
Unknown
There are very complex agreements to be able to share data across government agencies.
[14:13]
Dina Temple Rastin
There's a reason why what the IRS knows about you is siloed off from what Social Security, privacy. That data is so sensitive, it's shared very, very sparingly.
[14:25]
Unknown
We were only given access to things we needed to do our job. We didn't just get willy nilly access to systems. And as a citizen, I feel good about that. You shouldn't have access to data that you don't have a justifiable reason to have access to it.
[14:44]
Dina Temple Rastin
For a long time, actually fewer than 50 people had full access to Social Security data. That is until Doge came to Washington. A court found that not only had Doge's young staffers been given that access, some were given that access before their background checks were even completed. And it wasn't just access to view the data, it was also in some cases access to change it.
[15:10]
Unknown
I remember when I heard that they had right access to Treasury, I was like, oh my gosh, like you can.
[15:15]
Dina Temple Rastin
Break things and not small things, trillions of dollars worth of things like Social Security and tax refunds.
[15:23]
Unknown
The majority of folks I see having been hired into Doge are very junior. These systems are not going to be anything like anything that they have seen before.
[15:33]
Dina Temple Rastin
Take the Social Security system. It was built in the 60s and 70s and it runs on Cobol, a programming language that is two or even three times older than some of the Doge staffers.
[15:44]
Unknown
They clearly don't understand COBOL. When they were like, oh, there's 150 year olds at Social Security.
[15:51]
Dina Temple Rastin
Elon Musk talked about that during an interview on Fox.
[15:54]
Karen Meronsky Chapman
Cursory examination of Social Security and we've got People in there that are 150 years old now.
[16:00]
Elon Musk
Do you know anyone?
[16:01]
Karen Meronsky Chapman
150? I don't.
[16:03]
Dina Temple Rastin
Okay. And Musk said it was proof of fraud, except Karen says it actually wasn't.
[16:10]
Unknown
And it's like, no, that's the default date for cobol. Like if the field is missing just the default date. That's why there's all these 150 year olds.
[16:19]
Dina Temple Rastin
These 150 year olds weren't getting checks. They just didn't have a birth date in the system. And Karen said she would have told the Doge people as much if they'd.
[16:28]
Dena
Only asked, but they never did.
[16:30]
Dina Temple Rastin
They just assumed they knew better.
[16:33]
Unknown
They have been given the keys to the kingdom without really understanding what they have keys to.
[16:38]
Dina Temple Rastin
We reached out to the White House and doged a comment about this and they didn't get back to us.
[16:44]
Unknown
You really need people who have been doing this for a while. They know how to fix things. They know how things can work more efficiently. But our leadership was getting shut out.
[16:54]
Dina Temple Rastin
Some of these systems are held together with the computer equivalent of duct tape and baling wire. And every update over the years, years added to this complexity. And if you weren't familiar with it, you couldn't possibly know what might happen if something got tweaked. Small changes can have huge ripple effects.
[17:12]
Unknown
Doge is pulling out pieces and we're like, okay, it's in the fallover, things are fine. But one of like, there's no way you can play Jenga where it doesn't eventually crumble. And at some point they're going to pull out a piece and something's going to topple and we may not be able to put it back.
[17:37]
Dina Temple Rastin
Just weeks after Doge took over usds, Karen received one of those Fork in the Road emails. It was a buyout offer.
[17:45]
Unknown
The Fork in the Road had a FAQ that was like, we want you to leave your low productivity public sector jobs to go to high productivity private sector jobs. That is so insulting. I work way harder in this job than I ever did in any private sector job. I was often working 80 hours, you know, a week. I did it because the work matters so much. And to say to these people, well, you're lazy. Like, go do something productive. It's just dehumanizing.
[18:19]
Dina Temple Rastin
Karen didn't take them up on the offer, but by Valentine's Day, a lot of others weren't given a choice.
[18:25]
Unknown
Around 7pm, people started getting emails that they were fired. And we're all connected on chat, so you just hear, oh, my Gosh, I just got fired. It's like someone was in the office, like, copying and pasting these and sending them out one by one instead of, like, all at once. And so, like, every few minutes it would be like, oh, my gosh, I was fired. Oh, my gosh, I was fired. So for two hours, I'm sitting on my phone, hitting refresh. Am I fired? Am I fired? And it just seemed like our supervisors did not even know who was being fired. They were checking in with us, like, are you still here?
[19:01]
Dina Temple Rastin
By the end of the purge, a full third of USDS staffers were given the ax. Karen survived, but it wasn't entirely clear why. One reason might have been because she worked on fafsa, a Trump administration priority. That's the form college students use to apply for federal financial aid.
[19:21]
Unknown
They did not fire the FAFSA team, but they fired lots of other teams that support the fafsa, including, I think they fired close to two thirds of the technology office, including the engineering team that supports FAFSA. And lo and behold, within 24 hours, the FAFSA site had an outage. Hundreds of FAFSA users reported an outage over the last 24 hours.
[19:50]
Karen Meronsky Chapman
The outage came after the US Department.
[19:52]
Dena
Of Education announced their plan to lay off 1300 employees.
[19:57]
Unknown
That's just one example of you can't just delete parts of a system and expect things to just continue working, especially when you don't take the time to understand that system. And they're not. They're not. We're seeing as they're pulling things out, everything just crumbling around it because they all depend on each other.
[20:18]
Dena
Does it feel like a hostile takeover or something?
[20:21]
Unknown
Oh, my gosh, yes. The whole thing feels like a hostile takeover.
[20:26]
Dina Temple Rastin
Looking back on it, we should have known that President Trump was going to start firing federal workers en masse. He hinted at it during an audio conversation on X with Musk in August 2024.
[20:37]
Elon Musk
I mean, I think it would be great to just have a government efficiency commission that takes a look at these things and ensures that the taxpayer money is spent in a good way. And I'd be happy to help out on such a commission.
[20:50]
Unknown
Well, you're the greatest cutter. I mean, I look at what you do, you walk in and you just say, you want to quit?
[20:57]
Elon Musk
They go on strike.
[20:58]
Unknown
I won't mention the name of the company, but they go on strike, and you say, that's okay, you're all gone.
[21:03]
Dina Temple Rastin
But back when he originally said it, it seemed like a kind of fever dream. Something one businessman might say to another. But then, just a few weeks later, Trump turned from talking about Elon Musk's past business practices to what Elon could do like that in the future in government. And it started to formalize and morph into a kind of campaign promise that.
[21:24]
Unknown
The suggestion of Elon Musk I will create a government efficiency commission tasked with conducting a complete finance.
[21:32]
Dina Temple Rastin
But here's the thing. What Trump was allegedly promising the federal government had already been doing for more than a hundred years. The United States has a sort of auditor in chief, the Comptroller General of the United States, and he runs the Government accountability office, or GAO, which is staffed by more than 3,000 professionals who've built guidelines for doing audits without breaking the systems they're trying to help. Lots of guidelines.
[21:59]
Karen Meronsky Chapman
If you have trouble falling asleep.
[22:03]
Unknown
Go.
[22:04]
Karen Meronsky Chapman
To GAO's website, and government auditing standards is readily available.
[22:10]
Dina Temple Rastin
That's Gordon Craig. He's an assistant professor of accounting now at Milgard School of Business at the University of Washington. But for more than two decades, he did a special kind of audit.
[22:22]
Karen Meronsky Chapman
I joined Milgard after retiring from the U.S. army Audit Agency, where I was a civil service internal auditor for the Department of the Army.
[22:34]
Dina Temple Rastin
Gordon would be the first to tell you that government waste exists and that it should be rooted out. But he'll also tell you this audits are only helpful when they're done right.
[22:45]
Dena
What we're seeing right now going on, say, at the U.S. digital Service, or we're seeing go on at CISA or the treasury or all these other DOGE things we're seeing, are those performance audits?
[23:00]
Dina Temple Rastin
No.
[23:02]
Dena
Why do you say that so emphatically?
[23:04]
Karen Meronsky Chapman
I mean, they can call it an audit if they want to. I can't stop them from doing that. But what standards are they following? They're not anything close to what I followed for 30 years. And I'm also a certified internal auditor and certified fraud examiner. If I were releasing stuff like this, I would lose my license. It's malpractice.
[23:38]
Dina Temple Rastin
Gordon says true government audits come in three flavors. Financial audits that check if the numbers are accurate, attestations which basically look at whether the system is meeting standards. And finally, performance audits. Are we achieving what we say we are? And there's a process to how to do it right. A typical performance audit takes about 10 months and lots of learning.
[24:01]
Karen Meronsky Chapman
We suspend our judgment until we have talked to management, sometimes to line workers. And, you know, if we think there's something odd or wrong, we're going to get you know the perspectives of all the stakeholders that we can before coming to conclusions.
[24:32]
Dina Temple Rastin
The goal isn't to simply embrace the status quo. Auditors want to challenge it, but they want to do so thoughtfully. Because, as both Gordon and Karen have said, you can't just walk in and start pulling out wires because of what might look like waste at first. Plush might be a legacy system, and what looks like fraud might be a COBOL default value.
[24:54]
Karen Meronsky Chapman
There it is, going in effectively with a battering ram.
[24:59]
Dina Temple Rastin
A federal judge called it hitting a fly with a sledgehammer.
[25:06]
Dena
So even though they're calling this an audit, you as an expert in this for decades, just don't think this is an audit at all.
[25:15]
Dina Temple Rastin
This seems like something completely different.
[25:17]
Karen Meronsky Chapman
It's something completely different. I'm going to go out on a limb here and maybe beyond the scope of what you brought me on is to me, it looks like a domestic terrorist attack on the US Government by people who figure that they're not going to get their way through the rule of law.
[25:41]
Dina Temple Rastin
While Karen Meronsky Chapman might not use those exact same words, she says she has seen the same thing.
[25:48]
Unknown
Their stated mission was to improve efficiency and to modernize government systems. But if you were genuinely trying to fix things, why would you fire most of the technologists in government? Why would you do that? And for me, if things were truly about efficiency, you would want data. You would want even better data than what we currently collect.
[26:10]
Dina Temple Rastin
So why cut the people who understand the data best?
[26:13]
Unknown
Good data leads to accountability and transparency, and I think that's why they're cutting these things. Zena, the only reason I can think of that you would fire all these technologists is you don't want people who know enough to call out what you are doing.
[26:29]
Dina Temple Rastin
All of this reminded me of a recent conversation I had with General Paul Nakasone, the former director of NSA and US Cyber Command. He said the real danger isn't just broken systems. It's losing the people who know how to fix them.
[26:43]
Gordon Craig
My concern always is, you know, losing really good talent. As a former commander, as a former director, I want the best talent. I don't want something that's going to disrupt that. I don't want something that calls into question whether or not this is a good place to work. And so that's my concern.
[26:58]
Dina Temple Rastin
Because bad press demoralizes and confusion drives people away. And when systems fail, it won't be Musk or Trump who fixes them. It'll be people like Karen, and Karen won't be there.
[27:11]
Unknown
What I was seeing DOGE do was dismantle government services. They're not being thoughtful about how their actions are impacting real people. And I could not in good faith be a part of an organization that was purposefully harming Americans, particularly some of the most vulnerable Americans.
[27:38]
Dina Temple Rastin
That's why in late February, Karen and 20 of her colleagues drafted a letter of resignation, and it read, we will.
[27:45]
Unknown
Not use our skills as technologists to compromise core government systems, jeopardize Americans sensitive data, or dismantle critical public services.
[27:56]
Dina Temple Rastin
We will not lend our they sent in their letter on February 25, and since then, USDS has lost more than half its workforce. So if DOGE pulls out too many pieces and the Jenga puzzle of government services does fall apart, it's not clear who will be left to fix it.
[28:14]
Jen White
That's from the latest episode of Click Here. It's a weekly cyber and tech news podcast from Recorded Future News, hosted by Dina Temple Rastan. You can find it wherever you get your podcasts. Still to come, a constitutional law expert weighs in on the future of DOGE and what the agency's access to sensitive data could mean for you. That's just ahead. This is 1A.
[28:42]
Unknown
Looking for more of the cybersecurity and intelligence coverage you get on Click Here? Then check out our sister publication the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London, and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record Media.
[29:07]
Dena
This is Click Here.
[29:13]
Dina Temple Rastin
The DOGE team has taken aim at virtually every agency of the federal government and has been gaining access to sensitive data systems. And that's raised some serious constitutional questions. And to discuss that one, a brought in Corey Bretscheider, a professor of constitutional law and politics at Brown University. And then we took listener questions. Here's Jen White. Again.
[29:36]
Jen White
We heard from Aleta in Illinois, who writes, the whole idea of DOGE and what is what it's doing has been justified in a legally rickety way. Trump won the election, therefore the voters have given him the right to invent and empower a government office. Therefore, the office is allowed to take over other legitimate US Agencies, shut down programs, delete their funding, and do unknown things with people's private data. Here's the flaw the voters never gave him the right to invent and empower a government office that can overrun every other part of the government. I mean, Dina, what legal questions are there around Elon Musk's role at DOGE and The scope of his authority.
[30:11]
Dena
Well, technically he's only supposed to have 130 days in charge of Doge, cause he's a special government employee. What we've heard from him is that he is going to be sort of wrapping up his full time work and he's going to maybe come in a day or two a week to sort of work on Doge. And what that allows him to do is spread, go way beyond that 130 days because he would be sort of.
[30:33]
Dina Temple Rastin
A part time employee or some such.
[30:35]
Dena
So I think that is what the next shoe to drop is, is who's he going to put in charge when he's not here and whether or not they're basically going to move from the massive cutting operation that they've had for the first hundred days into what is much more worrisome on a broader scale, which is a data privacy issue in which they start trying to link building APIs to make different systems talk to each other. And there are silos of information in the United States for really good reason. And it's because we really want our privacy protected. And as soon as those silos get broken down, then all kinds of bad things can happen. And I think that that's what the legal community is worried about. I think it's what journalists are worried about. I think the average citizen should be.
[31:21]
Dina Temple Rastin
Worried about it too.
[31:21]
Jen White
Corey, I'd love your thoughts on this as well, about the legal questions around not just Musk's role at Doge, but the scope of his authority.
[31:30]
Elon Musk
Yes, I mean, whether Musk is there or not, there are really two questions about the constitutionality of DOGE as a whole. The first is if it's a. What kind of agency is this? Is it a cabinet agency? If it is, and it seems to have that go beyond just a normal agency, as your listener pointed out, that it's telling other agencies what to do. It's kind of a super agency. Well, if that's right, then as a lot of the lawsuits argue, then we need a creation of this agency by Congress. That's the understanding of how so much of this works. And then the leader of this agency, what kind of officer are they? And now this is a constitutional issue, fundamental constitutional issue, that if it's a cabinet agency and the head of it is a cabinet official or the equivalent of it. Well, there has to be confirmation by Congress. What the Constitution says is that principal officers, I should say by the Senate, have to be confirmed by the Senate. And the idea of that goes back to the fundamental checks and balances in our system that we don't allow kings in the system. We have a president who's supposed to be subjected by the rule of law. And one way to enforce that, that the framers envisioned at the core of the Constitution is the confirmation process. I mean, imagine him trying to just appoint a Supreme Court judge justice. Without confirmation. That would never fly. And this is a similar point. It's fundamental, I think, to so many of these lawsuits. What is this agency and who is the head of it? Is it a principal or inferior officer?
[33:11]
Jen White
Well, you have questions about your data, Marian, in Maryland emails. I am infur that Musk and his band of vandals were given access to our data. I never agreed to share my data. They should be jailed for their reckless vandalism. I keep wondering how much of our data is now on the Dark Web or something similar. Where is all our data now, Dina? Do we know?
[33:31]
Dena
We don't know. Although when data appears on the Dark Web, there are lots of cybersecurity companies that are combing through the dark web all the time looking for big data dumps. And we haven't heard anything like that yet. And that doesn't mean we won't. There's a possibility of, you know, say, building a backdoor into systems. Right. We have a lot of people who are in systems who didn't go through the same hoops that traditionally government workers do to get access to systems. As a result, that creates a vulnerability. That's what our podcast is all about, is how easy it is to create a vulnerability. So you have these DOGE people who've gone in, some with their personal computers, and, you know, we as journalists are naming them as they. As we've discovered them. Right, because it was so secret. Well, as we name them, I am sure you have Chinese hackers and Russian hackers and Iranian hackers going, cool, now I know who I need to look for. And it's just created these vulnerabilities that we've just never seen before. We don't see it yet, but we don't know if somebody's just sort of hanging out in a system waiting for a rainy day when they can wreak havoc.
[34:37]
Jen White
Dina, I want to talk a little bit about time, because Doge has already made these moves. Yes, there are lawsuits, there are legal challenges. Those take time to work through the court system. So between now and when we have decisions on these cases, what could happen? What are you watching for?
[34:56]
Dena
The big thing we're watching for is more people who come out after leaving the government telling us what they saw Doge do. When we talked to Karen Maranski Chapman, we were really interested in knowing the nuts and bolts of what Doge was up to. And I think they're going to be more whistleblowers. More people come out to tell us, hey, we saw them grabbing this or we saw them changing code on that, or we were concerned that this would happen. I think that's the next shoe to drop is this next outflux of people talking about what actually has been going on. And I think the data privacy part of it is the part that we really need to focus on now. I think the cuts were one thing, and the data privacy in a lot of ways has a much longer tail.
[35:51]
Dina Temple Rastin
That was part of my conversation with Jen White, the host of 1A from NPR and WAMU. You can hear the full segment with more listener calls and questions over@wamu.org we'll be right back with the news.
[36:17]
Unknown
If you're looking for a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up the day's most interesting and important cyber stories from our sister publication the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to TheRecord Media and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.
[36:46]
Dina Temple Rastin
Here are some of the top cyber and intelligence stories we're following this week, from accountability for a spyware company and election meddling to a cyber cage match and a new Pope. It's Tuesday, May 13th.
[37:03]
Elon Musk
This is a historic ruling this morning.
[37:05]
Dena
In a sense that it's an American.
[37:06]
Dina Temple Rastin
Judge has decided that NSO Group, the Israeli spyware company behind Pegasus, has to pay some $168 million in damages to WhatsApp. The decision was some six years in the making. WhatsApp sued NSO in 2019, accusing the company of breaking into its servers and spying on more than 1400 users across 20 countries. NSO responded by saying it was helping law enforcement. The court said that wasn't enough. The ruling has privacy advocates punching the air, though NSO is expected to appeal, the presidential campaign in Poland is in full swing, and so is disinformation. In Poland. It's election season, but the political force trying to wield the most influence isn't on the ballot. And that's Russia, Poland's digital affairs minister says in an unprecedented effort to disrupt the elections, Russia is launching cyberattacks on power grids, water systems and government websites. He even alleges Russian operatives are recruiting Polish citizens on the dark web to amplify Kremlin talking points. It's not just paranoia. Last year, Romania annulled its own presidential election results after a Russian backed hack seemed to be putting its thumb on the scales. Russia, for its part, is denying everything. Meanwhile, back in Washington, a budget hearing turned into a kind of cyber cage match.
[38:36]
Gordon Craig
You have illegally gutted spending for cybersecurity. As we speak, Russian and Chinese hackers are having a field day attacking our nation.
[38:43]
Dina Temple Rastin
Senator Chris Murphy, a Connecticut Democrat, slammed DHS Secretary Kristi Noem over the administration's plans to slash CISA's budget by nearly half a billion dollars. He called it dangerous. Others are saying it's sabotage. But the administration, for its part, insists they're just tweaking priorities, essentially less disinformation and election security in exchange for more infrastructure. Critics call it a death blow to the nation's cyber readiness at a time when foreign threats are multiplying and finally, white smoke. For the first time in the Catholic Church's 2,000 year history, the Pope is American. Chicago's Robert Prevost will be known as Pope Leo xiv, a name that gives a nod to labor rights and economic upheaval. The original Leo faced down the Industrial Revolution, so some people are saying if Francis was the people's pope, then Leo may be the workers. Click Here is a production of Recorded Future News and prx. I'm Dina Temple Roston. Our producers are Megan Dietrich, Sean Powers, Erica Gaeda and Zach Hirsch.
[40:13]
Dena
Special thanks thanks this week to one.
[40:15]
Dina Temple Rastin
A host, Jen White and producer Lauren Hamilton. Click Here is edited by Karen Duffin, Fact Checked by Darren Ancrum and contains original music by Ben Levingston with some other music from Blue Dot Sessions. Our staff writer is Lucas Reilly and our illustrator is Megan Gough. Martin Peralta and Jesse Nismonger are our sound designers and engineers.
[40:38]
Dena
Tune in on Friday for Mic Drop.
[40:39]
Dina Temple Rastin
Which features our favorite interview of the week. I'll see you then.
[40:59]
Unknown
Looking for more of the cybersecurity and intelligence coverage you get on? Click Here. Then check out our sister publication, the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record Media.