Lawfare Daily: Andrew Bakaj on the Whistleblowing and DOGE’s Activities at the NLRB - The Lawfare Podcast

Summary5 min read

The Lawfare Podcast: Andrew Bacai on Whistleblowing and DOGE’s Activities at the NLRB
Released on April 30, 2025

Overview

In this episode of The Lawfare Podcast, hosts Kevin Frazier and Andrew Bacai delve into a significant whistleblowing case involving Doge Daniel Baroulis at the National Labor Relations Board (NLRB). Daniel Baroulis, a cybersecurity professional, has raised serious concerns about irregular activities conducted by DOGE (Department of Government Efficiency) within the NLRB. The discussion explores the nature of the whistleblower's allegations, the implications for national security and data protection, and the broader impact on government accountability and transparency.

Setting the Scene: Introduction to the Case

Kevin Frazier introduces the episode by summarizing the case: Daniel Baroulis made a formal whistleblower disclosure alleging that DOGE engaged in unauthorized access and potential data exfiltration within the NLRB.

Andrew Bacai emphasizes the importance of protecting national and data security, stating, “We want to ensure that that's protected. And the only way to know what to do is if you have people who can conduct an independent investigation” (02:15).

DOGE’s Involvement at the NLRB

Kevin Frazier asks Andrew to provide a high-level summary of DOGE’s activities at the NLRB.

Andrew Bacai explains that DOGE entered the NLRB unofficially in early March 2025, aiming to identify inefficiencies and streamline government services. He notes, “They were going through and creating user accounts for themselves, usernames, passwords” and operating without proper oversight (04:11). Bacai highlights red flags such as the installation of external containers to obscure DOGE's activities and multiple unauthorized login attempts from Russian sources, indicative of potential hacking attempts (05:07).

Whistleblower’s Discovery of Irregularities

Kevin Frazier probes into how Daniel discovered the irregular activities.

Andrew Bacai details that Daniel noticed anomalies like the unauthorized data leaving the agency at odd hours and excessive data access privileges granted to DOGE. He states, “There is a lot of smoke” suggesting significant wrongdoing (06:41). Bacai underscores the gravity of data exfiltration, noting that ten gigabytes of text data is equivalent to an entire encyclopedia, posing substantial risks (09:58).

NLRB’s Official Response and Broader Implications

Kevin Frazier inquires about the NLRB’s official stance on the allegations.

Andrew Bacai explains that the NLRB claims DOGE was not present officially during their initial infiltration but acknowledges their ongoing presence. He expresses concern that this incident might be just the “tip of the iceberg” with similar issues potentially occurring across other agencies (13:33).

Motivations and Desired Outcomes of Whistleblowing

Kevin Frazier asks about Daniel’s motivations and hopes for the outcome.

Andrew Bacai reveals that Daniel seeks a thorough investigation to either exonerate or confirm the allegations, ensuring that government systems are secure moving forward. He emphasizes the necessity of bipartisan oversight to address and rectify the vulnerabilities exposed by DOGE’s actions (16:39).

Whistleblower Protections and Legal Framework

Kevin Frazier requests an explanation of the legal protections underpinning whistleblowing activities.

Andrew Bacai outlines the legal framework protecting federal employees who expose wrongdoing, citing Title 5, Section 2302, which safeguards against retaliation. He also mentions additional protections for intelligence community members and the importance of statutes that protect whistleblowers from intimidation and threats (25:00).

Personal Ramifications for the Whistleblower

Kevin Frazier inquires about Daniel’s personal experience following his disclosure.

Andrew Bacai shares that Daniel has faced threats and intimidation, including personal messages targeting his family. Despite these challenges, Daniel remains steadfast, aiming to set an example and encourage others to come forward, either publicly or anonymously (27:48; 28:08).

Barriers to Whistleblowing and Encouraging Transparency

Kevin Frazier questions why more individuals do not follow Daniel’s lead in whistleblowing.

Andrew Bacai identifies fear of retaliation as the primary barrier. He stresses the importance of providing clear pathways and protections for those who witness wrongdoing, encouraging them to report issues without fear of professional or personal repercussions (31:24).

Criteria for Whistleblowing and Thresholds for Action

Kevin Frazier seeks clarification on what constitutes actionable wrongdoing versus personal grievances.

Andrew Bacai explains that whistleblowing crosses into actionable territory when there is a “reasonable belief that something's happening wrong,” such as violations of laws, fraud, or significant data breaches. He differentiates between disagreeing with policies and exposing illegal activities (32:42; 33:12).

Next Steps and Future Oversight

Kevin Frazier asks about the potential next steps following Daniel’s whistleblowing.

Andrew Bacai hopes for bipartisan congressional oversight and independent investigations to assess the extent of DOGE’s activities and secure government systems. He emphasizes the need for expert-led inquiries to address both immediate and systemic security concerns (34:57; 35:17).

Conclusion

The episode underscores the critical role of whistleblowers in maintaining government accountability and the protection of sensitive national data. Andrew Bacai advocates for robust legal protections and independent investigations to address and prevent unauthorized activities within federal agencies. The conversation highlights the delicate balance between fostering transparency and ensuring national security in governmental operations.

Notable Quotes

Andrew Bacai (02:15): “We want to ensure that that's protected. And the only way to know what to do is if you have people who can conduct an independent investigation.”
Andrew Bacai (06:41): “There is a lot of smoke,” suggesting significant wrongdoing.
Andrew Bacai (09:58): “It's the equivalent of an entire encyclopedia that was exfiltrated from the NLRB.”
Andrew Bacai (16:39): “He wants an investigation... to ensure that our government systems are operating in a secure manner.”
Andrew Bacai (25:00): “Title 5, Section 2302... prohibits retaliation through adverse personnel actions.”
Andrew Bacai (31:24): “The chief barrier to more folks following Dan's lead ... is fear.”

Key Takeaways

Whistleblowing Significance: Daniel Baroulis’s case exemplifies the crucial role whistleblowers play in exposing potential government misconduct and safeguarding national security.
DOGE’s Unauthorized Activities: DOGE’s unofficial infiltration of the NLRB raised significant concerns about data security, unauthorized access, and potential foreign interference.
Legal Protections: Federal laws provide robust protections for whistleblowers, yet fear and intimidation remain substantial barriers to individuals coming forward.
Need for Independent Investigations: Comprehensive, bipartisan investigations are essential to address and rectify the vulnerabilities within government systems exposed by this case.
Encouraging Transparency: Creating a supportive environment for whistleblowers is vital for enhancing government accountability and ensuring the protection of sensitive data.

For more detailed insights and ongoing coverage of national security and lawfare issues, visit www.lawfareblog.com. To support the podcast and gain access to exclusive content, consider becoming a supporter at patreon.com/lawfare.

Loading summary

Transcript48 lines

[00:01]
Kevin Frazier
The following podcast contains advertising to access an ad free version of the Lawfare Podcast.
[00:08]
Andrew Bacai
Become a material supporter of lawfare@patreon.com lawfare.
[00:15]
Kevin Frazier
That'S patreon.com Lawfair also check out Lawfare's.
[00:20]
Andrew Bacai
Other podcast offerings, Rational Security Chatter, Lawfare, no Bull and the Aftermath Picture this. You're halfway through a DIY car fix tools scattered everywhere, and boom. You realise you're missing a part. It's okay, because, you know, whatever it is, it's on ebay. They've got everything. Brakes, headlights, cold air intakes. Whatever you need. And it's guaranteed to fit. Which means no more crossing your fingers and hoping you've ordered the right thing thing all the parts you need at prices you'll love. Guaranteed to fit every time Ebay Things.
[01:01]
Unknown Advertiser
People Love if you're a parent or share a fridge with someone Instacart is about to make grocery shopping so much easier. Because with family carts, you can share a cart with your partner and each add the items you want, since between the two of you, odds are you'll both remember everything you need. And this way, you'll never have to eat milkless cereal again. So minimize the stress of the weekly shop with family carts, download the Instacart app and get delivery in as fast as 30 minutes. Plus enjoy. $0 delivery fees on your first three orders. Service fees apply for three orders in 14 days. Excludes restaurants.
[01:44]
Andrew Bacai
There's a lot of red flags in terms of why is this data leaving the agency effectively in the middle of the night? Why are these containers here? To obfuscate what's actually happening, and how is it that somebody or something from Russia is trying to log in with all the correct credentials?
[02:01]
Kevin Frazier
It's the lawfare podcast. I'm Kevin Frazier, the AI Innovation and Law fellow at the UT Austin School of Law and a contributing editor at lawfare, joined by Andrew Bacai, chief legal counsel at Whistleblower Aid.
[02:15]
Andrew Bacai
You know, when it comes to the security, our national security, but also data security of American citizens, I think we can all agree on. We want to ensure that that's protected. And the only way to know what to do is if you have people who can conduct an independent investigation and those who know how to conduct an investigation in this space.
[02:37]
Kevin Frazier
Federal whistleblower laws provide a critical, legally protected channel for employees to expose potential government misconduct, waste or abuse. Today we're examining such a case, originating from the National Labor Relations Board, involving allegations against Doge Daniel Baroulis, a cybersecurity professional at the NLRB recently made a formal whistleblower disclosure supported by a declaration under penalty of perjury, alleging significant irregularities involving the Department of Government Efficiency, better known as doge, and access to sensitive NLRB data. These allegations have prompted inquiry from members of Congress and broad concern from the American public. So with the understanding that you're serving as Mr. Boulous counsel, we're not going to go through the full timeline of the declaration that he provided. For listeners who are keen to go through the TikTok of that, we will include a link in the show notes for you to get into those weeds. But still, Andrew, if we could start with a high level summary of the nature of the events that gave rise to this declaration. So let's just set the scene. Doge, we know, is going agency by agency, looking for inefficiencies, looking for opportunities to streamline government services, purportedly, and they show up at the nlrb. Can you walk us through a little bit about Doge's stated purpose in coming to the NLRB and perhaps the extent to which there was notification or lack thereof or collaboration with NLRB staffers?
[04:11]
Andrew Bacai
Absolutely. So basically the high level is that in late February of this year, Doge came to nlrb, as I understand it, unofficially. Right. So what happened was, and I'm looking at, just to refresh my own recollection, looking at Dan's declaration, so it was during the week of February 24th to the 28th, is that management at NLRB basically said, look, you're going to have to all come back. People have to be back in their chairs because DOGE is coming in again unofficially then, in early March of 2025 is when representatives of DOGE came into the agency. And so what they did was they, well, ahead of time, ahead of their arrival, they wanted to know exactly what types of systems NLRB uses internally, like software, computer hardware, etc. I think it's primarily software, though. I'm not a tech person. So if I get into the tech speak wrong, I'm the lawyer.
[05:07]
Kevin Frazier
I won't hold it against you. I won't hold it against speaking as a lawyer guy myself. So, yeah, let's stick with the law and we will give you some grace on the technical side of things.
[05:15]
Andrew Bacai
Thank you. Thank you. So what they did was when they finally came into the agency, they were going through and creating user accounts for themselves, usernames, passwords. Folks within the tech side of the NLRB were told to stay out of Doge's way, let them do what they need to do, don't monitor, don't record or notate what's actually happening. And what was really interesting was that they brought in something called a container and a container in the tech world. In this world, it's effectively an external computer or hard drive where they can actually process activities in a way that prevents others from within the agency to see exactly what's happening in full transparency. Now, Doge comes in saying that like you said, they want to go in and see whether or not government agencies are operating effectively and efficiently. And I think that from a high level perspective, we all want the government to be running in an effective and efficient manner. Side note, that's why we have offices of Inspector General or Inspectors General. Right. Which the President has effectively removed most of them. And so they're going in under the guise of we want to see whether or not you're operating effectively and efficiently. So the question then becomes, why are they looking at the internal systems where cases are being saved and processed within nlrb?
[06:42]
Kevin Frazier
And just to clarify one point, when you say that folks like Daniel were being told not to exercise extensive oversight or get involved in Doge's work, that was coming from current NLRB agency leadership. Just to clarify, there it would be.
[06:57]
Andrew Bacai
The leadership within Dan's office. So you have NLRB leadership and then you have folks within the IT department where Dan works. So that's where they said, look, this is what Doge has asked us to do, and this is what you're supposed to do. So then what Dan was doing was he was looking to see what was going on to the extent that he could. Right. Because he saw certain anomalies. First you've got the container being brought in, which is really questionable. You have user accounts being created, which is okay, they're creating their own usernames, password, login information. Right. But what was really troubling was that on multiple occasions, I believe over 20 times, somebody or something from Russia try to log in even within 15 minutes, which in the tech world is basically near simultaneous, try to log in with the correct username and the correct password and a hack. By the way, as I understand it, there is a longer tail to that for somebody to get hacked. So there's a lot of questions in terms of what did or didn't happen. And so when Dan saw that, when he saw that in the middle of the night, there was a large amount of data leaving the agency. And we're not talking about data, that's talking about the efficiency and effectiveness of nlrb, we're talking about data from databases where There is case information, cases involving union activities or the formation of unions. The NLRB handles cases where you have complaints, if you will, filed against corporations such as Tesla, as I understand it. So, you know, there's, you know, there's a lot of red flags in terms of why is this data being leaving the agency effectively in the middle of night. Why are these containers here? To obfuscate what's actually happening. And how is it that somebody or something from Russia is trying to log in with all the correct credentials, which were, by the way, because there's a final human check to that Dan and the team blocked that access.
[08:57]
Kevin Frazier
Right. So. And what's striking too, is reading through Dan's declaration, you'll also see the level of access granted, quote, tenant owner, end quote, level access is not the standard you would suspect, per Dan, for this sort of auditing of agency performance. If you were merely seeking to review files or workflows, you wouldn't need that extensive of a reach when it comes to access. And I think it's also worth noting as you flagged that there were clear instructions for the NLRB folks not to suspect that there would be any logging or record keeping of the DOGE activity. And then finally, as you noted, there was this data exfiltration event. And I want to stick on this for a second. So Dan points out that there may have been 10 gigabytes of data that were exfiltrated. Can you give us a sense of where that may have gone? How much is 10 gigabytes? Is 10 gigabytes a lot? A little. Why is this significant?
[09:59]
Andrew Bacai
So it's significant because we don't know exactly where that data went. And it is actually a lot of data. So for some, you can talk to some folks and say, well, is 10 gigs a lot? Well, it isn't if there are videos or pictures, because that's heavy data. Right. But if we're talking about documents, just text, which is, this is what it was, it is a lot of data because it's the equivalent of an entire encyclopedia that was exfiltrated from the NLRB out. So that's where it really matters is the type of data that was exfiltrated. And therefore that amount does underscore the fact that this was significant. This wasn't 10 gigs of pictures, which, that's one thing. 10 gigs of text, that's a lot.
[10:50]
Kevin Frazier
And thinking through the response of Dan when Doge leaves, Dan's now back at the desk going through thinking, huh, that was a bit strange. Doge comes in, Doge Leaves what was the nature of his discovery of this data exfiltration, this level of access, this account creation? Was this a NLRB sanctioned review of saying, okay, let's go back and all hands on deck, let's track what Doge had done or to what extent was this largely Dan's self initiated review of internal processes and login functions?
[11:23]
Andrew Bacai
My understanding, I would have to defer to Dan, but it's basically he saw something and he that was anomalous, right? And he looked into it because again, he's a trained cybersecurity expert for the government. He has worked previously in very sensitive areas, ensuring that our cybersecurity is, you know, not going to be penetrated by foreign adversaries, et cetera. So when he saw these anomalies, he, as I understand it, did raise it up his chain of command. And there was an effort to conduct a formal review or at least elevated to an entity that can conduct an investigation. The thing that I want to underscore about what Dan did and is doing is that he's not going out and saying that, you know, I know X, Y and Z happened. This is where the data went. What he's saying is there is a lot of anomalies here and a lot of problems. And you can maybe say if one or two things happen, well, maybe there's a fluke. But when all these things start lining up simultaneously, there's something, there's a lot of smoke. Which is why Dan, in his disclosure, has made it clear he was clear about what he saw. He created the timeline, which is really important because that can help investigators assess what did happen and what happened when. And then he says, this is what I am concerned happened. Somebody needs to investigate, somebody who has, frankly, better tools than Dan and LRB have internally.
[12:56]
Kevin Frazier
And thinking about this act of whistleblowing and getting this information out, I think it's also worth flagging. For our more technical folks who want to look at that declaration. There's screenshots of activity that Dan took. He's very extensive with respect to who he was communicating with, what sort of technical red flags he was raising. And all of that leads me to the question of how is NLRB officially responded. Dan's been making the rounds. You have been making the rounds, sharing this declaration, sharing these concerns. What's NLRB's official line? Any concerns here? Anything to be worried about?
[13:34]
Andrew Bacai
So the NLRB's official line is what they've been putting out publicly, which is they're saying that Doge wasn't there officially at this particular time. They're really hanging on the term officially, because that's the thing is that as I understand it from other folks who work within other government agencies, where DOGE has come in, they weren't coming in an official capacity. They didn't necessarily come in signing in the roster or the guestbook, if you will, when they walked into the agency. So they're putting out there that this, you know, didn't happen. But now you've got DOGE coming into NLRB officially, and they're going to be working remotely there for a number of months. And that is a concern. It's what are they doing now? Are they cleaning up mistakes that they made? We don't know. But that's why ultimately somebody needs to go in and conduct an investigation, by the way, not just at the nlrb, but at other agencies. I do believe this is the tip of the iceberg, so to speak. Right. And it is happening in other agencies. And somebody needs to take this seriously. And, you know, I also know that for whistleblowers, that this is a difficult thing to do. A prospective whistleblowers or folks working in these agencies to come forward. Dan did this. He wasn't behind a screen, shall we say. He's out there by name and he has done interviews. And so he wants to basically create and encourage others to do the same. And by the way, anybody who's thinking about coming forward in other federal agencies or even within nlrb, I've represented clients who have done this completely anonymously. So there is a way to do it. But Dan took that extra step not for himself, but to try and encourage others. And one of my colleagues at Whistleblower Aid, for example, she has this phrase that is courageous, contagious. And I do believe that. And you know, Dan, here is an example of somebody who did the right thing for the right reasons.
[15:40]
Kevin Frazier
And thinking through Dan's motives, one, I suspect, is to have some remedy here or some additional step. What is Dan hoping for? So you pointed out there's some degree of uncertainty about just how much data was exfiltrated, what type of data was exfiltrated, how sensitive that information is. By chance, it could be something that was pretty innocuous or it could be incredibly sensitive. So what is he hoping in terms of outcome here? And if you could also add, how is Congress now getting involved? We saw dozens of Democratic members of the House, led by the Congressional Labor Caucus, raise some red flags in a letter to the nlrb, which will include in the show notes expressing similar concerns based off of Dan's declaration. So what are we hoping for here? Is this going to be an exercise bringing the data back? Is this going to be something about limiting Doge's activities? What may we see?
[16:39]
Andrew Bacai
I think the first thing that, you know, I'm being repetitive here, but he wants an investigation, and frankly, Dan wants to be mistaken. Like, the ideal is that an investigation comes forward, says, no, there wasn't a compromise, or no, X, Y and C didn't actually happened. There was a lot of smoke. But there were other things in place that did or didn't happen. We can't undo what's been done. I do believe Dan is correct, and I've talked to other folks who stressed us this. You can't undo what's been done, but what we can do is we can ensure that going forward, whether it's Doge or anybody else, that our government systems are operating in a secure manner. Right? So that way, whether it's, you know, a hacker, as Donald Trump would say, you know, sitting on his bed, or a foreign nation state, can't access internal, sensitive government databases. We also, it's important that if something did go wrong with, and somebody did intentionally engage in criminal misconduct, that at some point that they're going to be held accountable. And, you know, I do think, and this is my opinion, is that, you know, at some point there will have to be a rebuilding of our structures here in our government. And knowing what happened will go a long way in fixing all of this. One day in the future.
[18:11]
Unknown Advertiser
This Mother's Day, show the moms in your life just how much they mean to you. With a stunning bouquet from 1-800-flowers.com for almost 50 years, 1-800-flowers has set the standard for high quality bouquets. Right now, order early from 1-800-FLOWERS and save up to 40% on gorgeous bouquets. And one of a kind arrangements guaranteed to make her day. Save up to 40% today at 1-800-flowers.com acast. That's 1-800-flowers. Com. Acast, the official florist of Mother's Day.
[18:41]
Dr. Patrick McGrath
What if I told you that right now millions of people are living with a debilitating condition that's so misunderstood, many of them don't even know that they have it. That condition is obsessive compulsive disorder, or OCD. I'm Dr. Patrick McGrath, the chief clinical officer of NOCD. And in the 25 years I've been treating OCD, I've met so many people who are suffering from the condition in silence, unaware of just what it was. OCD can create overwhelming anxiety and fear around what you value most, make you question your identity, beliefs and morals, and drive you to perform mentally and physically draining compulsions or rituals. Over my career, I've seen just how devastating OCD can be when it's left untreated. But help is available. That's where NOCD comes in. NOCD is the world's largest virtual therapy provider for obsessive Compulsive disorder. Our licensed therapists are trained in exposure and response prevention therapy, a specialized treatment proven to be incredibly effective for OCD. So visit nocd.com to schedule a free 15 minute call with our team. That's nocd.com work management platforms, endless onboarding.
[19:45]
Andrew Bacai
IT bottlenecks, admin requests but what if things were different?
[19:53]
Kevin Frazier
Monday.com is different.
[19:55]
Andrew Bacai
No lengthy onboarding, beautiful reports in minutes, custom workflows you can build on your own, easy to use prompt, free AI, huh? Turns out you can love a work management platform.
[20:07]
Kevin Frazier
Monday.com the first work platform you'll love to use. Thinking Just to play devil's advocate for a second, we've noted repeatedly that there's some degree of uncertainty here. We've noted also that DOGE has been at a lot of agencies and been doing allegedly similar efforts and probes across the federal government. So if everyone were to mirror Dan, we could see the gumming up of the works of doge, which is for, for all intents and purposes, very much something that the President has endorsed, signed off on. So just to play devil's advocate for a second, how do you decide if you're thinking about now at a theoretical level, the pros and cons of whistleblowing, of having folks speak out, but speak out, for lack of a better phrase, at the right level. Right. You don't want everyone to scream, the sky's falling. But at the same time, you want to make sure there are investigations of events like this. So how do you draw that line? Or what factors do you think about?
[21:10]
Andrew Bacai
So the first thing is, you know, when, when somebody's considering whistleblowing, which is not an easy thing to do, the prospective whistleblowers will have to at least, you know, come forward and be able to articulate, like Dan did in a sworn declaration what happened factually, what they saw or what others have seen, et cetera. Right. And be specific about I saw X or I heard from somebody that X, Y and Z happened. That's important to set the stage to tell the story. Also, what's very important is to have at least some of the receipts, you know, images of what is or isn't happening on those systems, on those databases. And, you know, there are things that cases that I brought forward where we've taken them to specific congressional offices and committees as well as within the executive branch for investigation. And, you know, not everything needs to be public all at once. That's the other thing. Some of our work it does, you know, getting the information out there in a responsible manner educates the public and it informs Congress in a public way. But we've done things at times, you know, more behind the scenes where we. I shouldn't say behind the scenes, but rather file a formal complaint without going to the media per se. But there may be a proper time to do that, to have that discussion like we're doing today. So, you know, bottom line, if you see something, it goes back to what happened post 9 11, right? If you see something, say something, know who to say it, to be able to provide at least some evidence. And, you know, I've always told whistleblowers in the past that really it's not up to you to conduct a full investigation, one that's a way to potentially put yourself in professional jeopardy. Because the question that will become, why are you doing A, B or C or X, Y or Z? But rather take the information that you have and let's turn it over to the proper authorities for investigation for an independent review. And that's where this is going to get really complicated. Because right now, a lot of the government, the federal executive branch agencies, may not necessarily have the willingness to conduct a comprehensive investigation. I'm hopeful that some will or someone will. Right. I still believe in the system. And the system is created by human beings. So. Right. We live in a flawed world. We're flawed people ourselves. But hopefully the system will work. And Congress, unfortunately, because how things are politicized here in Washington, it's really unfortunate. But I'm hopeful that the folks on both sides can agree that we can't allow our sensitive data to be exfiltrated or to be maintained in such a way that somebody can hack into it. Because here's the thing, and I've had this conversation with a number of folks. I worked in the national security field for most of my career. Right. And if you were to ask somebody, you know, do you support national security? Their answer is obviously going to be yes. But national security is really an amorphous thing. Right. And you know, to a lot of folks, it may not touch them personally. What's been interesting about this case, and you Know, and stuff that we've seen about treasury or the Social Security Administration, the press, I've not worked in any of those matters, not yet. Is that those things are touching people personally. Right. And so, you know, we, you know, if there's data that's going out with Social Security numbers or personal tax information like this, this is. This is your potentially going to affect every one of us on a personal level. And so we want to make sure that for the sake of all Americans, that our data is protected.
[25:00]
Kevin Frazier
When you mentioned earlier that you think that whistleblowing is obviously a important function of the government doing well, of having a heightened degree of accountability, having the right level of transparency, while also not blending or blurring the line between doing your job and making sure you're implementing policies and following best practices and things like that. Can you walk us through for listeners who maybe aren't familiar with the whistleblowing protections? What's the actual law undergirding the activities of Daniel and others? Obviously, I think a lot of folks have heard of the Pentagon Papers or other instances of famous whistleblowing, but what gives folks like Daniel the authority to actually come forward, step up and say, hey, this is an issue, and I think everyone, including and especially the government, needs to know about it.
[25:51]
Andrew Bacai
Yeah, no, absolutely. So the first thing is that all federal employees have a positive obligation to disclose something when they see wrongdoing. The laws that protect whistleblowers from retaliation, if you're in the civil service, if you're a federal employee, in most agencies, it's Title 5, Section 2302. That's a section that prohibits retaliation through adverse personnel actions. So you can't be fired, demoted, experience a significant change in duties, responsibilities, or working conditions, among others, because of your whistleblowing. Now, that's from an employment standpoint. And for members of the intelligence community and those who have security clearances, you have Title 50 and the Presidential Policy Directive PPD 19, that protects whistleblowers in the intelligence community and those who have security clearances to where their clearances are being suspended or revoked in retaliation for their whistleblowing. Again, personnel actions. Right. Which is significant. But then we also go into the area of, you know, witness protection or tampering with witnesses, which is not your typical whistleblower protection framework, really, you know, because this is now going beyond the employment issue. But it's really important because we're living now in a day where, you know, personal threats are being directed at federal employees, government contractors, whistleblowers. We've seen, you Know, for example, Elon Musk name people personally, specifically on X early on in the administration. I think this was in January, if my memory serves me correctly. And we need to come into a place where, you know, unfortunately, we're going to have to rely on those other statutes to protect our clients from intimidation, from threats. And that's. That's where we are today. But we do have those levers on our side.
[27:48]
Kevin Frazier
And just to personalize this a little bit for the audience, can you explain how's this experience been going for Dan so far? Obviously, you mentioned you can whistleblow and remain anonymous. Dan made the choice to identify himself with this declaration. What have the ramifications been? How have things been going on a kind of personal level for Daniel?
[28:09]
Andrew Bacai
Yeah, no, you know, from my perspective, you know, I don't want to speak for Dan, but it's not been easy. Obviously he's, you know, experienced threat threats in the past. But, you know, I do believe from speaking with him that he is empowered and he feels empowered because he can become an example for others to come forward. And. And that's really what he wants. He wants others to feel confident and comfortable knowing that there is a path forward to do this lawfully, meaning not, you know, properly handling the sensitive data by going to Congress, etc. And then you don't have to take the specific path that Dan took. You can do this anonymously. So Dan's doing pretty well. He's hopeful that he is a good example of how to do the right thing for the right reasons. And also somebody, you know, who just wants what we were discussing at the beginning, which is an investigation for somebody to look, find out what happened and fix it.
[29:09]
Kevin Frazier
And two things to drill down on in terms of. Just to touch on Dan's experience for a second. He has been received some. Some threatening messages. Right. Even photos of his home and family, notices of named loved ones, if. If I'm correct.
[29:24]
Andrew Bacai
Yes.
[29:24]
Kevin Frazier
Right. I think when you assess the experience of someone like Dan, what additional protections would you like to see, perhaps for whistleblowers or perhaps are there. Are there state equivalents that perhaps afford greater protection for folks like Dan or other jurisdictions that may be a model so that folks could feel a little bit more shielded from that sort of backlash.
[29:47]
Andrew Bacai
You know, I wish that there was a way to have whistleblowers be physically protected from all sorts of retaliation. The state and federal governments don't necessarily provide that. That's typically something that's reserved for, you know, witnesses and major criminal investigations, you know, like the mob, as we've seen in movies and whatnot. Right. The witness protection programs. But, you know, we at Whistleblower8 and other organizations as well are looking at ensuring that prospective whistleblowers are protected and have a good and healthy path forward. I don't want to dissuade anybody from coming forward. I know that this is a difficult decision to make, but that's why there are ways in which we can do this without even having somebody be publicly identified about being the whistleblower. Right. And also, you know, there is, you know, in some respects, safety numbers. You know, the more that something is known, commonly within an agency or a lot of people know about, it'll be harder to identify who the whistleblower may be. And so, you know, but it just takes one individual to be able to come forward with the receipts, if you will, and bring it to somebody's attention for investigation. And, you know, there's a way to do this that is effective. It gets it. We get it to the right people, and then our clients are able to pivot and move on with their lives. And I know it's a difficult time for federal employees now, you know, federal sector wide, but know that you're not alone and you can do it.
[31:25]
Kevin Frazier
We've noted also that this isn't the first alleged incident of doge misconduct at a specific agency. What do you think from your experience at Whistleblower aid is the chief barrier to more folks following Dan's lead or doing so even anonymously? What are the main barriers? When we see kind of the. The scholarship in this area, why aren't more folks coming forward?
[31:48]
Andrew Bacai
On the aggregate, I think in this particular. On this particular issue, it's fear. I think people are genuinely afraid to come forward. You know, when you have your colleagues losing their jobs because of riffs and, you know, 30% cuts within agencies and you have a mortgage and, you know, kid with kids, whatever life to pay for, it's. It's not an easy thing to do. But at the same time, you know, sitting by and watching these things happen, if you see it right and know that it's happening, not scuttlebutt, but actually see something going wrong, there is a way to come forward, and there is a way to come forward in a way that protects you through anonymity. And so some clients are comfortable being out there in full name, like Dan. I've represented many clients who have done this anonymously, and we've done it successfully.
[32:43]
Kevin Frazier
And when you say, I've seen something, say something or See something, document something, Is there a threshold for which someone can receive whistleblower protection in terms of, oh, I may be uneasy with something politically and that rubs me the wrong way, whereas I see something that may be going against either a federal regulation or federal law, how do you clarify that difference? For folks who are thinking, huh, maybe I should be reaching out to Andrew, what's the gulf between those two?
[33:13]
Andrew Bacai
So if you're a federal employee and you disagree with the policies of an administration, that's not for us to you to determine. You're there to serve the nation regardless of who the president is. And, you know, if you disagree with a particular policy decision, say, ok, that's one thing. But if you see somebody who is engaging in potential violations of law, rule or regulation, fraud, waste or abuse, and you see that, that's where you've crossed into the threshold of there being potential wrongdoing, right? So if you see somebody, for example, intentionally mishandling classified information or engaging in contract fraud, which has happened, that's why we have IGs conducting these investigations, or like in Dan's case, you see the questionable exfiltration of data and the manner in which that DOGE appears to have conducted itself violates various laws with respect to systems protection, et cetera. That's something that's actionable. And the threshold for, for that is that you have a reasonable belief that something's happening wrong. You know, a lot of folks, over time, whenever they attack whistleblowers, they usually do attack whistleblowers in two ways. One, they say that they're disgruntled employees, one or two, that they're wrong. And by the way, you want people to come forward, you know, and like Dan said, you know, he hopes that he's wrong. I don't. He doesn't think he is. I think he's, he's got, he's, he's got, you know, what he saw was really concerning. But, you know, the idea is to come forward, have somebody take an independent look, mitigate the problem and fix it.
[34:58]
Kevin Frazier
So before we let you go back to all the important work you're taking on right now, what should we be tracking in this declaration? What should we be expect to happen next? Are we looking for Congress to maybe formally declare that it wants to launch an investigation? Should we be paying attention to the nlrb? What's next? What may we see?
[35:18]
Andrew Bacai
What I hope is, is that whether it's at the executive branch, that there is an investigation, you know, there can be different agencies looking at the same fact pattern from different vantage points. Right. One agency may be looking to see whether or not there was criminal misconduct. Another agency may be looking at determining whether or not there were any flaws within the systems that can allow for a data breach to occur, not just because of what happened, but going forward, are the systems secure? Congress needs, in my opinion, should be conducting oversight of all of this in a bipartisan manner, determine what is and isn't happening. Because, you know, when it comes to the security, our national security, you know, again, the amorphous term, national security, but also data security of American citizens, I think we can all agree on. We want to ensure that that's protected. And the only way to know what to do is if you have people who can conduct an independent investigation and those who know how to conduct an investigation in this space. Right. So, for example, when I served previously in the federal government, I was an investigator, but I would not be the best person to conduct an investigation of highly technical things. That's why I have subject matter experts do that. So you want to have an independent investigation run by folks who know how this stuff needs to be looked at. And that's what we need to call for. And again, I'm hoping that this is going to be a bipartisan issue. I know that unfortunately politics is the way it is, but it doesn't have to be that way.
[36:54]
Kevin Frazier
Well, Andrew, thank you so much for joining us. We'll have to leave it there and best of luck.
[36:59]
Andrew Bacai
Thank you so much. Thank you for having me on.
[37:04]
Kevin Frazier
The Lawfare podcast is produced in cooperation with the Brookings Institution. You can get ad free versions of this and other Lawfare podcasts by becoming a Lawfare material supporter at our website, lawfairmedia.org support. You'll also get access to special events and other content available only to our supporters. Please rate and review us wherever you get your podcasts. Look for our other podcasts, including Rational Security, the Aftermath and Escalation. Our latest Lawfare Presents podcast series about the war in Ukraine. Check out our written work@lawfairmedia.org the podcast is edited by Jen Pacha. Our theme song is from Alibi Music. As always, thank you for listening.
[37:55]
Andrew Bacai
If you like detailed and immersive audio storytelling, you might like Canadian True Crime. Praised by listeners as thoughtful, well researched and empathetic, Canadian True Crime began as a passion project by Aussie Canadian host Christy Lee. With curiosity and a keen eye for detail, Christie carefully unravels the full stories of some of Canada's most compelling cases, going beyond the superficial to uncover the real story behind the crime. Find Canadian True Crime. Wherever you listen to podcasts.
[38:35]
Unknown Advertiser
This Mother's Day show the moms in your life just how much they mean to you with a stunning bouquet from 1-800-flowers.com for almost 50 years, 1-800-flowers has set the standard for high quality bouquets. Right now, order early from 1-800-FLOWERS and save up to 40% on gorgeous bouquets and one of a kind arrangements guaranteed to make her day. Save up to 40% today at 1-800flowers.com acast. That's 1,800flowers.com acast, the official florist of Mother's Day.