Did DOGE take sensitive labor data? - Consider This from NPR

Summary5 min read

Podcast Summary: "Did DOGE Take Sensitive Labor Data?"

Podcast: Consider This from NPR
Host: Mary Louise Kelly
Episode Release Date: April 15, 2025

Introduction: The Arrival of DOGE

The episode opens with Mary Louise Kelly recounting an alarming incident involving DOGE, a newly established federal cost-cutting unit led by billionaire Elon Musk, who serves as a Trump advisor.

Mary Louise Kelly [00:00]: "It was a Friday afternoon in February when Daniel Baroulis got a call from his boss. DOGE would be arriving soon."

Daniel Baroulis, a cybersecurity officer at the National Labor Relations Board (NLRB), receives an unexpected directive indicating that DOGE agents would be accessing their systems, sparking immediate concerns about data security.

Unprecedented Access and Red Flags

DOGE's access to the NLRB's systems raised immediate red flags for Baroulis and his team due to the blatant disregard for standard security protocols.

Daniel Baroulis [00:15]: "Do not log the accounts, don't log the access, and stay out of our way."

Baroulis highlights that DOGE's instructions violated fundamental security practices, such as logging access and maintaining oversight.

Daniel Baroulis [01:25]: "That was a huge red flag. That's something that you just don't do. It violates every core concept of security and best practice."

Whistleblower Disclosure and Evidence of Data Breach

Following DOGE's access, Baroulis investigated and documented suspicious activities, leading to a whistleblower disclosure to Congress. The evidence suggests that DOGE obtained high-level access, exfiltrated significant data, disabled security measures, and attempted to mask data transfers as routine web traffic.

Mary Louise Kelly [01:33]: "There is clear evidence DOGE got the highest level access to the system, that a big chunk of data left the agency's internal case management system..."

Baroulis discovered attempts to access the NLRB's systems from a Russian IP address using DOGE-created credentials, indicating potential vulnerabilities.

Mary Louise Kelly [02:00]: "...someone with an IP address in Russia started trying to log into the NLRB's system using a username and password that DOGE had created."

Institutional Responses and Contradictory Claims

The NLRB officially denied authorizing DOGE's access, stating there was no record of such a request and dismissing the possibility of a breach after an internal investigation.

Sharon Block [04:19]: "The NLRB tells NPR the agency did not authorize DOGE to access their systems and that there's no record of DOGE requesting it."

However, Baroulis counters these claims by emphasizing the intentional nature of the security breaches.

Daniel Baroulis [04:36]: "Why was that done? And that's a purposeful effort that doesn't just happen. Logs don't just disappear."

Expert Analysis and Credibility of Claims

Ten cybersecurity experts reviewed Baroulis's claims, unanimously finding the activities suspicious and inconsistent with legitimate user behavior. They likened DOGE's tactics to those used by cybercriminals from China and Russia.

Sharon Block [04:48]: "They say the shadowy tactics described in the disclosure are the kinds of things criminals and hackers from China and Russia like to do."

Labor law experts echoed concerns, arguing that DOGE had no legitimate reason to access or remove sensitive labor data.

Unnamed Labor Expert [05:36]: "There is nothing that I can see about what DOGE is doing that follows any of the standard procedures for how you do an audit..."

Potential Implications and Conflicts of Interest

Sharon Block, director of the Harvard Law School Center for Labor and a Just Economy, highlighted the mismatch between DOGE's stated mission of cutting government waste and their questionable actions.

Sharon Block [06:09]: "The concerns aren't limited to just cybersecurity or exposure of union data."

Furthermore, ongoing investigations into Elon Musk's companies raise fears of conflicts of interest, as unauthorized access to sensitive data could be exploited for competitive advantage or personal gain.

Sharon Block [07:37]: "Musk or anyone else who gets this data could use lists of union leaders to blacklist people or fire them. They could spy on competitors."

Labor experts caution that DOGE's access could compromise critical cases against Musk, potentially undermining legal proceedings.

Unnamed Labor Expert [07:16]: "If they really did get everything, then he has information about the case that the government is building against him."

Broader Concerns and Call for Accountability

Baroulis revealed that DOGE's mishandling of sensitive data extends beyond the NLRB, affecting Social Security databases and treasury payment systems. Multiple whistleblower reports suggest ongoing unauthorized data exfiltration for unclear purposes.

Daniel Baroulis [08:07]: "I believe with all my heart that this goes far beyond just case data."

Sharon Block expressed the need for greater scrutiny and accountability, advocating for independent investigations to verify the extent of DOGE's data access and potential misuse.

Sharon Block [08:44]: "Baroulis hopes to inspire others to speak up."

Conclusion: The Road Ahead

The episode concludes with Baroulis and his colleagues pushing for a thorough investigation into DOGE's activities, emphasizing the moral imperative to protect sensitive labor data from unauthorized access and potential exploitation.

Mary Louise Kelly [09:15]: "It's Consider This from NPR the story that you just heard from Daniel Baroulis."

Key Takeaways

Unauthorized Access: DOGE accessed sensitive NLRB data without proper authorization or logging, raising significant security concerns.
Whistleblower Revelations: Daniel Baroulis's disclosures highlight potential data breaches and unauthorized data exfiltration by DOGE.
Expert Consensus: Cybersecurity and labor law experts agree that DOGE's actions are suspicious and lack legitimate justification.
Conflict of Interest Risks: Access to sensitive data by Elon Musk's associated entities poses risks of conflicts of interest and misuse of information.
Call for Investigation: Ongoing whistleblower reports and expert analyses advocate for independent investigations to ensure data protection and accountability.

Notable Quotes

Daniel Baroulis [00:15]: "Do not log the accounts, don't log the access, and stay out of our way."
Daniel Baroulis [01:25]: "That was a huge red flag. That's something that you just don't do. It violates every core concept of security and best practice."
Sharon Block [06:27]: "The mismatch between what they're doing and what we know, the established professional way to do... gives away the store that they are not about actually finding more efficient ways for the government to operate."
Unnamed Labor Expert [07:16]: "If they really did get everything, then he has information about the case that the government is building against him."

This comprehensive summary encapsulates the critical discussions and insights from the NPR Consider This episode, providing a clear understanding of the potential security breaches involving DOGE and the broader implications for data protection and governmental integrity.

Loading summary

Transcript29 lines

[00:01]
Mary Louise Kelly
It was a Friday afternoon in February when Daniel Borulis got a call from his boss. Doge would be arriving soon.
[00:08]
Daniel Baroulis
I was working on a spreadsheet for some budgeting stuff, and I got a call from my boss saying, hey, it's possible Doge will show up.
[00:16]
Mary Louise Kelly
Doge is the new federal cost cutting unit, effectively led by billionaire Trump advisor Elon Musk. The following week, according to his official disclosure to Congress, Baroulis and his colleagues watched a black SUV with a police escort into the parking garage of the National Labor Relations Board in southeast Washington, D.C. the small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, such as private legal notes in ongoing labor investigations or confidential lists of union organizers. Most of that data lives on the cloud, a virtual computer system that can be accessed remotely. It is Baroulis job to watch over the cloud, to make sure no single user has access to data or systems they don't need. But for Doge, those policies and guidelines didn't seem to apply, Baroulis says. They had a very specific request.
[01:19]
Daniel Baroulis
Do not log the accounts, don't log the access, and stay out of our way.
[01:23]
Mary Louise Kelly
That was just the start. For Baroulas and his colleagues.
[01:26]
Daniel Baroulis
That was a huge red flag. That's something that you just don't do. It violates every core concept of security and best practice.
[01:34]
Mary Louise Kelly
After his suspicions were raised, Baroulas was able to hunt down a few details about what took place while Doge had access. Baroulas put them all in a whistleblower disclosure to Congress. Now, there's a ton of complicated technical detail, but here's what it says. There is clear evidence Doge got the highest level access to the system, that a big chunk of data left the agency's internal case management system, followed by another chunk of data leaving the agency itself. And that whoever had done those things had turned off security tools and network monitoring logs. They deleted records and appeared to try to disguise the chunks of data, leaving the agency as routine Web traffic. And after the Doge accounts were created, someone with an IP address in Russia started trying to log into the NLRB's system using a username and password that Doge had created. Even though the attempts were blocked, Baroula says that made him worried the system was more vulnerable. Now consider this. Elon Musk's government entity known as Doge, says it's searching for savings throughout the government. But is the data being accessed valuable in other ways? From npr, I'm Mary Louise Kelly.
[03:03]
Jenna McLaughlin
Support for NPR and the following message come from Betterment, the automated investing and savings app. CEO Sarah Levy shares how Betterment utilizes tech tools powered by human advice.
[03:15]
Sarah Levy
Betterment is here to help customers build wealth their way and we provide powerful technology and complete human support where technology can deliver ease of use and affordability and the people behind that technology can provide advantage advice and guidance.
[03:33]
Jenna McLaughlin
Learn more@betterment.com Investing involves risk performance not.
[03:37]
NPR Announcer
Guaranteed 99% of the US population lives within listening range of at least one public media station and everyone can listen to NPR podcasts free of charge. That means you get completely unpay walled access to stories, prize winning reporting and shows that represent the voices in every corner of the country. Hear the bigger picture every day on npr.
[04:07]
Mary Louise Kelly
It's Consider this from NPR the story that you just heard from Daniel Baroulis. He shared it with my NPR colleague Jenna McLaughlin. She picks up from here with what happened next.
[04:19]
Sharon Block
The NLRB tells NPR the agency did not authorize DOGE to access their systems and that there's no record of DOGE requesting it. They also said there was a recent internal investigation that ruled out a breach. However, the disclosure includes forensic evidence and records of communications that seem to tell a different story.
[04:37]
Daniel Baroulis
Why was that done? And that's a purposeful effort that doesn't just happen. Logs don't just disappear. Tools don't just turn themselves off randomly. Everything in a computer has a cause and effect. That means it has to have a trigger.
[04:48]
Sharon Block
NPR has talked to 10 outside cybersecurity experts embedded in companies, government agencies and the private sector who reviewed Baroulis claims. They say the activity is suspicious and that there's no reason a legitimate user would act this way or remove data that is protected by multiple federal laws, including the Privacy Act. They say it is hard to definitively prove what happened without further access to the NLRB systems or without an investigation by agencies with more resources like the FBI. But from what they can see, none of this behavior is normal. They told NPR the shadowy tactics described in the disclosure are the kinds of things criminals and hackers from China and Russia like to do. Meanwhile, several labor law experts who spoke to NPR say they believe there is no possible reason why DOGE should have had access to or removed NLRB's sensitive labor data.
[05:37]
Unnamed Labor Expert
There is nothing that I can see about what DOGE is doing that follows any of the standard procedures for how you do an audit that has integrity and that's meaningful and that will actually produce results.
[05:55]
Sharon Block
Sharon Block is the director of Harvard Law School center for labor and a just economy. She has held key labor policy jobs in multiple administrations, including as a member of the National Labor Relations Board. She said she thinks Doge's statements about cutting waste and its behavior don't match.
[06:09]
Unnamed Labor Expert
Up that mismatch between what they're doing and what we know, the established professional way to do, what they say they're doing, that just kind of gives away the store that they are not about actually finding more efficient ways for the government to operate.
[06:27]
Sharon Block
The concerns aren't limited to just cybersecurity or exposure of union data. For Block and others, one of the most troubling things is that the NLRB has multiple ongoing investigations into Elon Musk's companies, including SpaceX and Tesla. In a recent interview with Fox News Sean Hannity, President Trump and Musk said business interests wouldn't pose a conflict.
[06:47]
Donald Trump
I mean, I haven't asked the president for anything ever. Obviously, I'm getting sort of a daily proctology exam here. You know something? I'll be getting away from something in the dead of night.
[06:55]
Sharon Block
Neither the White House nor Doge responded to NPR's request for comment. But so far, neither Trump nor Musk has provided evidence of any firewall between Musk and the data Doge has access to. Musk or anyone else who gets this data could use lists of union leaders to blacklist people or fire them. They could spy on competitors. It could give them big advantages in court or in business.
[07:17]
Unnamed Labor Expert
It's not just that he's a random person who's getting access to information that a random person shouldn't have access to, but that if they really did get everything, if that possibility is accurate, then he has information about the case that the government is building against him.
[07:37]
Sharon Block
After Baroulis dug through the agency records, he alerted his colleagues. According to his disclosure, many of them shared his concerns, and they decided they'd launch a breach investigation and call in experts from other agencies to help. The NLRB says those concerns were investigated and it was determined there was no breach. But Baroulas disclosure makes clear that it's the possibility of an insider threat that warrants a closer look. It's the removal of evidence of potentially suspicious activity that concerns him. That's part of the reason he decided to speak up.
[08:07]
Daniel Baroulis
At the end of the day, even if it's logically not the right choice, if it morally compels me, I feel I wouldn't be able to live with myself otherwise, to know that this data was out there. It's going to impact these cases. It's going to cost people their real livelihoods.
[08:20]
Sharon Block
There are now over a dozen court cases revealing how Doge has mishandled sensitive data from Social Security databases to treasury payment systems. A source working on Capitol Hill who requested anonymity to discuss ongoing sensitive investigations says their staff has multiple other whistleblower reports about Doge exfiltrating sensitive data for unknown reasons.
[08:40]
Daniel Baroulis
I believe with all my heart that this goes far beyond just case data.
[08:45]
Sharon Block
In other words, it could be Social Security numbers, private addresses, health care data, immigration status, you name it. Baroulis hopes to inspire others to speak up.
[08:55]
Mary Louise Kelly
That was NPR's Jenna McLaughlin. This episode was produced by Audrey Wynne and Alejandra Marquez Hanse. It was edited by Brett Neely. Our executive producer is Sammy Yinigan. It's Consider this from npr. I'm Mary Louise Kelly.
[09:15]
Jenna McLaughlin
NPR informs and connects communities around the country, providing reliable information in times of crisis. Federal funding helps us fulfill our mission to create a more informed public and ensures that public radio remains available to everyone. Learn more about safeguarding the future of public media, visit protectmypublicmedia.org want to hear this podcast without sponsor breaks? Amazon prime members can listen to Consider this sponsor free through Amazon Music. Or you can also support NPR's vital journalism and get consider this plus@ +npr.org that's +npr.org.