Podcast Summary: "A Whistleblower Takes on DOGE"
Up First from NPR
Release Date: April 27, 2025
Introduction
In the April 27, 2025 episode of NPR's Up First, the focus is on a groundbreaking story uncovered by NPR reporter Jenna McLaughlin. The episode delves into the revelations of Daniel Baroulis, a whistleblower from within the federal government, who exposes concerning activities of the Department of Government Efficiency (DOGE) at the National Labor Relations Board (NLRB). Hosted by Ayesha Rascoe, along with contributions from Jenna McLaughlin and Stephen Fowler, the episode provides an in-depth analysis of the potential threats to sensitive government data and the broader implications for federal cybersecurity.
The Whistleblower: Daniel Baroulis
Background and Motivation
Daniel Baroulis, an experienced cybersecurity specialist at the NLRB, shares his journey leading up to the whistleblowing event. He recounts a pivotal moment in February when he received an unexpected call from his boss about DOGE’s impending visit:
[00:23] Daniel Baroulis: "I remember the moment vividly. I was at home and I got a call from my boss saying, hey, my boss wants us to come in next week. It's possible DOGE will show up on Monday."
Baroulis, driven by a strong sense of public service and a desire to protect sensitive labor data, became increasingly alarmed by DOGE's actions during their visit.
Professional Background
Baroulis has a longstanding career in cybersecurity, previously working as a technical consultant specializing in auditing corporate systems. His role at the NLRB involves securing cloud-based systems, managing access controls, and safeguarding against potential cyber threats.
DOGE's Access and Red Flags
Unusual Access Protocols
During DOGE’s visit to the NLRB, Baroulis observed several irregularities that raised immediate concerns:
[04:49] Daniel Baroulis: "The instructions given were very specific, and that was do not log the accounts, don't log the access, and stay out of our way."
[05:49] Daniel Baroulis: "Global admin account and not log or not track their activities or access. That's keys to the kingdom. I'm going to close my eyes now and trust you. That's something that you just don't do."
Baroulis noted that DOGE staffers were instructed to avoid logging their activities, a highly unusual request for legitimate operations. Experts interviewed by NPR corroborated that such an omission in logging is a significant security violation, typically indicative of malicious intent or an attempt to conceal unauthorized actions.
Suspicious Activities and Data Extraction
Baroulis identified further concerning activities, including the use of containers to execute and delete code without leaving traces:
[16:18] Aisha Roscoe: "And the thing that was really important to Baroulis is he saw this giant spike of data leaving the agency. That was one of the biggest red flags that he saw."
[16:41] Daniel Baroulis: "I saw that there was a good 10 gigabyte spike within the manner of maybe two hours that lined up Right about the time that they had their access accounts, it would represent data that was being copied from within our system to outside of our system."
Baroulis captured evidence of a significant data exfiltration event, where approximately 10 gigabytes of data were transferred out of the NLRB’s systems within a short timeframe. This data included highly sensitive information related to ongoing labor disputes, union members, and corporate investigations.
Potential Risks and Implications
Threats to Sensitive Data
The unauthorized access and potential data breach pose severe risks:
- Privacy Violations: Personal information about union members, employees, and ongoing cases could be exposed, leading to harassment or retaliation.
- Chilling Effect on Union Activities: Fear of data leaks may deter individuals from organizing or participating in union activities.
- Corporate Espionage: Companies under investigation by the NLRB might gain unfair advantages if sensitive case information is leaked.
- National Security Concerns: Combining the leaked data with other sources could allow adversaries to build detailed dossiers on American citizens.
Expert Insights
Stephen Fowler emphasizes the historical context of the Privacy Act of 1974, which was designed to prevent unauthorized access to personal data by government entities:
[06:50] Stephen Fowler: "Congress decided 50 years ago that there shouldn't be this so called God mode in government... there is so much that we entrust to the federal government... now there are people affiliated with DOGE that have access to that information..."
This unauthorized access undermines decades-old safeguards intended to protect citizens' privacy and data integrity.
Responses and Repercussions
NLRB and Government Reactions
The NLRB has officially denied any authorized access by DOGE:
[06:37] Jenna McLaughlin: "...the NLRB told NPR that they had no official record of DOGE visiting, that they'd never authorized DOGE accessing their systems..."
Despite these denials, forensic evidence and internal communications suggest otherwise, indicating potential internal complicity or oversight failures.
Surveillance and Threats Against Baroulis
In retaliation for his whistleblowing, Baroulis received a threatening letter at his home:
[20:20] Aisha Roscoe: "...he found a printed letter in an envelope taped to his door at home, a place he had only been living for two months. And that included a ton of sensitive personal information."
This act of intimidation not only endangers Baroulis but also highlights the risks faced by whistleblowers within the federal government.
Broader Governmental Impact
Stephen Fowler highlights that DOGE's activities are not isolated to the NLRB. Multiple federal court cases reveal DOGE's extensive access across various agencies, raising alarms about potential data misuse on a national scale.
Ongoing Investigations and Future Implications
Calls for Accountability
Top Democrat Gerry Connolly of the House Oversight Committee is advocating for a comprehensive investigation into DOGE’s activities at the NLRB to ensure accountability and transparency.
Whistleblower Support and Future Reporting
Baroulis remains employed at the NLRB and continues to advocate for systemic changes to protect sensitive data and support whistleblowers. NPR reporters Jenna McLaughlin and Stephen Fowler indicate ongoing efforts to track and expose further activities of DOGE across federal agencies.
[32:35] Stephen Fowler: "There are still so many questions unanswered... this is a full court press from this team and from the entire NPR newsroom."
Public and Expert Reactions
Cybersecurity experts warn of the broader implications of DOGE's unchecked access, suggesting that without stringent oversight, the integrity of federal data and national security could be compromised. The episode underscores the necessity for robust cybersecurity measures and the protection of whistleblowers to maintain governmental accountability.
Conclusion
The episode "A Whistleblower Takes on DOGE" sheds light on significant vulnerabilities within federal agencies, exemplified by DOGE’s unauthorized access to the NLRB’s systems. Through Daniel Baroulis’s courageous actions and NPR’s meticulous reporting, the public gains insight into the potential threats posed by inadequate oversight of government efficiency departments. As investigations continue, the story serves as a crucial reminder of the importance of safeguarding sensitive data and supporting those who come forward to expose governmental malfeasance.
Notable Quotes:
- [00:23] Daniel Baroulis: "I remember the moment vividly..."
- [05:49] Daniel Baroulis: "Global admin account and not log or not track their activities or access..."
- [06:50] Stephen Fowler: "Congress decided 50 years ago that there shouldn't be this so called God mode in government..."
- [20:20] Aisha Roscoe: "It's terrifying. Honestly. He doesn't know..."
- [32:35] Stephen Fowler: "There are still so many questions unanswered..."
For More Information:
To stay updated on this developing story and NPR’s investigative reporting, visit nlrb@npr.org.