Whistleblower says DOGE officials copied Social Security numbers
npr.orgMy deep suspicion, given some of the players involved in DOGE, is that most of this information is being exfiltrated for the purposes of training AI models. They'll likely be used for social and political manipulation of groups and possibly even individuals. There's a big market for "pre-crime" solutions which will also rely heavily on this type of data and are already being deployed by various state-level law enforcement agencies.
The coming of the "digital caste" society powered by "social credit" scores seems to be the end game. This is a battle of the rich and powerful against the average citizen and they want to reduce all of us back into fiefdom. We can no longer trust a large federal or even state government with these tools.
Is there talk about DOGE working to combine various government databases as a new data project for the government?
Oh Boy. Saw the links today—Maybe it’s the National Design Studio?
I worked in marketing during Web 1.0–the brochureware era. I know all too well the difference between then and the modern web today.
What’s the point if it’s not to unify design AND data?!
This is a realistic concern. I can't understand why peopleare downvoting it.
There are at least two reasons:
First is Hanlon’s Razor; “Never attribute to malice that which is adequately explained by stupidity”. It appears to be especially applicable here.
Second is that this kind of information (with far richer data) is already accessible to and used by corporations at scale; think credit bureaus, background checkers, etc.
>First is Hanlon’s Razor
Those "razors" (Occam's, Hanlon's, etc) are just heuristics, not axioms. At what point you're supposed to stop assuming root cause is just stupidity? given the priors one can perfectly asume malice right away.
I agree with Hanlon’s Razor to some extent but it does fail to provide accountability, “they aren’t cruel, just incompetent so the behavior is okay.”
Discussion (123 points, 16 hours ago, 54 comments) https://news.ycombinator.com/item?id=45026372
Link in case the pro-DOGE brigade brings it down: https://www.npr.org/2025/08/26/nx-s1-5517977/social-security...
Perhaps it is time that the US stops relying on SSNs being “secret”…
Doesn't change the fact that DOGE are criminal scumbags with root access who did illegal things nobody should ever do. It doesn't matter at all if SSNs were replaced by something decent when young naive and impressionable scumbags with root access and no morals whatsoever will simply steal the data anyway. Quite the contrary even, secure SSN as data loot is even more valuable to the thieves.
They should be considered unique (public) usernames
My understanding is that they're not even guaranteed to be unique.
Yup. They get reused, and people can get new ones or sometimes multiple at the same time...
Source? From what I can gather they're supposed to be unique and they don't reuse them. If two people have the same number then it's a mistake.
> From what I can gather they're supposed to be unique and they don't reuse them. If two people have the same number then it's a mistake.
Yes, it is a mistake for two people to be issued the same number and it is unusual for multiple to be issued to the same person.
However given the very large volume and the conditions under which things have happened (not just currently but back to 1936!) both mistakes and unusual conditions exist in numbers that cannot be ignored.
"Under a few rare circumstances, SSA may legitimately issue a new SSN to a person with a prior SSN. The conditions are highly restrictive."
Why? Are they stupid?
Yes. The whole idea is very flawed. It would be good if we got rid of it entirely but most people can't mentally/emotionally/financially handle that so we end up with a lot of bad compromises.
ED25519 keys being short and quick to generate makes this state of affairs infuriating whenever it turns up - SSNs, credit card numbers etc.
Copied from one secure S3 bucket to another secure S3 bucket, both inaccessible from the internet, both on SSA infrastructure.
What exactly is the problem?
> However, according to the complaint, the copied data had far fewer security measures in place to protect it than the SSA's standard protocols typically require.
> According to Andrea Meza, an attorney with the Government Accountability Project who represents Borges, the cloud environment appeared to be set up for DOGE-affiliated Social Security staffers, but it "lacks independent security, monitoring and oversight." She said Borges "has serious concerns about the vulnerability it causes for nearly every American's data."
Not all applications of "secure" are equal.
It may be secure enough for being on S3, but that's not the whole definition of secure for government / SSNs, where there's (presumably) sheaves of paperwork explaining what exactly the storage needs to conform to and, more importantly, what paperwork and procedures need to be in place.
There are processes for copying data around. The person who works the front desk at Google doesn't have access to all of Gmail, for example.
It's about as secure as you can get and there are still complaints about it.
All from the same people that said we had the most secure election in history in 2020 while ignoring the voting machine hacks at Defcon for the last decade.
Wrong political party involved in doing it?
Surely this is ragebait.
It'd hard to believe anything NPR reports about the current administration because they defunded them.
That seems to be a self-fulfilling strategy: punish your enemies, and then they can no longer be trusted when they say negative things about you.
"punish your enemies, and then they can no longer be trusted when they say negative things about you."
This was done to the Republicans for 4 years. I suppose he's just using the same strategy?
NPR wouldn't report on things that would actually hurt the Biden administration, like the laptop, so why should I believe them now? I haven't trusted them for years...the fact that my tax dollars aren't paying for it anymore is only a bonus.
This is why they can't be trusted: Non-biased reporting will report bad things about a politician they support, even if it helps the person they don't support.
In addition to this, the actual article is a nothingburger. They moved secure information from one non-Internet connected server to another. If this is the standard for security reporting, the violations found during the 2020 election should have been front-page news for weeks...but they were strangely silent..............
Same admin that opposes any real reporting on what they're doing except for entities that report glowingly on them. Trump Admin has loudly clashed with any and all legit journalistic entities (bad news: Newsnation and Zero Hedge are conservative hacks) so no reporting can be believed except ones approved by the state/Trump admin.