Whistleblower claims ex-DOGE member says he took Social Security data to new job
washingtonpost.comAlso relevant: The DOGE team set up a Starlink satellite at the White House [1].
DOGE staff installed the terminal on the Eisenhower Executive Office Building roof in February 2025 without notifying White House communications or cybersecurity teams, ignoring their prior warnings [2]. The resulting "Starlink Guest" Wi-Fi used only a password—no usernames or two-factor authentication—unlike standard networks requiring full VPN tunneling and device logging.
This allowed devices to evade monitoring, transmit untracked data outside secure channels, and potentially enable leaks or hacks, as noted by former officials and experts like ex-NSA hacker Jake Williams. A confrontation ensued with Secret Service when DOGE accessed the roof unannounced [3].
[1] https://www.nytimes.com/2025/03/17/us/politics/elon-musk-sta...
[2] https://www.washingtonpost.com/technology/2025/06/07/starlin...
> This allowed devices to evade monitoring, transmit untracked data outside secure channels, and potentially enable leaks or hacks
Pretty sure that was the point
The intelligence agencies should already have taps into Starlink and should be able see the data. Whether do anything is another story.
Or Starlink uses an encryption scheme somewhere in the network only the big boys can break.
They don't "just have taps" in whatever isp you come across. And they certainly, and i cannot be clear enough on this, they don't just spy on Americans. It's literally the one thing they expressly forbidden from doing
I’m not sure there was ever a time when they didn’t have taps, but this is definitely not true.
https://en.wikipedia.org/wiki/Room_641A
Even in the days of telegrams, FDR was opening and reading millions of American’s telegrams to use the information therein to target his political enemies.
You can’t build centralized systems that enable spying and not expect people to do the “forbidden” thing. We have to build systems that make this impractical.
Organised crime is illegal, thus mafia is fixtion.
I’m sure you thought GSM was secure too. They absolutely have taps, just search for YouTube videos then cross reference the exact places and situations they talk about.
> The intelligence agencies should already have taps into Starlink and should be able see the data.
By "data" you mean seemingly random stream of 0s and 1s of bunch of TLS channels?
The films upset over Clinton's personal email address must have had their heads explode over this!
This comes on the heels of the AHA and other parties in the suit against the government posting the video depositions of some of the DOGE people to youtube [1], which are fascinating to watch.
Justin Fox not being able to say what DEI is really tells you everything you need to know about how grants were cancelled.
He says it just fine. It's about "females" and "elevating the voices of marginalised groups" that he thinks is clearly "discriminatory". Don't think for a second that these people are dumb, they knowingly support this, just refuse to incriminate themselves further in front of people who can hold them accountable. It's no accident that he tries to sound like Musk.
Exactly. By repeatedly saying "the definition is exactly what the EO said," he’s essentially deflecting responsibility and shifting the accountability upstream.
It’s both “exactly what the EO says” and “I can’t remember what the EO said”. He’s blatantly lying
A little later, he explicitely says that documentary about WWII jewish female slaves is "inherently discriminatory" because it "amplifies marginalized voices".
Imo, he knew exactly what he means. Imo, he was told by a layer that is better to look like idiot then say what it means to him.
I think it's both. The Right excels at grooming and propaganda and has effectively trained its flock that DEI is Affirmative Action v2, and that its goal is to take away jobs from white people who are the ones that deserve them, because white.
What I hate about it is that I listen to that and hear not so much actual brazen idiocy, as yet another example of flaws in an obviously defective process being exploited to deflect accountability. The meta for depositions at this point is such that the ideal witness is a lot like someone who has just experienced severe head trauma. They can sound insane, idiotic, clueless, lazy, forgetful, obtuse, anything in the world except liable.
Its almost like the worst people among us have discovered that in high-trust societies if you have no morals you can engage in any behavior you wish.
And they are succeeding.
Challenge it and they escalate.
What’s the solution?
Well, the solution to the paradox of tolerance is to utterly void the social contract with those violating it as they have already seen fit to void it themselves. So the response is to immediately see their escalation and escalate beyond all reasonable measures. The wrath of a good man is not to be tempted and the fury of a patient man is to be avoided at all costs. Both wrath and fury are the appropriate response to one side of a social contract breaking said contract.
These folks will push until the dam breaks. When it does, all will be washed away by wrath and fury.
The way I think about it is that no system can survive unchecked bad-faith internal actors.
The problem is that wrath and fury of ordinary men will be countered by fascists with more power. And it can go to the very top. The entire system is designed to keep the chain of command, it doesn't give a shit about what you think your "social contract" is. Go figure how many criminals Trump has pardoned.
But America isn't a high-trust society. Roughly half of Americans proudly assert that their government must be small, gridlocked, and incompetent, and that's by design, because if the government becomes too efficient it will infringe upon Americans' freedom.
So instead Americans keep electing people who say "The government can't do anything right! Elect me and I'll prove it to you!"
Not exactly a mark of a high-trust society, whatever that means.
> The Post is not naming the former DOGE member or company because it has not independently confirmed the accusations in the complaint.
Why not? Shouldn't the public be allowed to learn who all the DOGE employees were? Federal employees are public record, are they not?
They're not naming them because they haven't been able to confirm the wrongdoing, not because they can't publish the names of DOGE employees.
DOGE was headhunting me late July through end of December.
Their recruiters are all anonymous when they reach out as they do not provide their names. I constantly questioned to myself and them directly if they were legit even if their email address showed as RecruitingUSDS@doge.eop.gov (their public email address seen on USDS). The first recruiter I demanded a video call with and asked him to bob and weave his head (lol). He never gave me his last name (all his emails came from that public address and they signed their emails with first name only) but I found him on Linkedin. He was late 20s to late 30s. From there I was asked to do/turned in a case study and after the govt shutdown I was invited to interview with a DOGE employee whom then her email showed her full name. I didnt make it past her as there was another step in their process which is an in person interview at USDS's office or within another govt agency DOGE working at.
The public is...unintelligent, and generally incapable of differentiating between an accusation and a conviction.
Something DOGE relied on when publicizing all those 300 year old people claiming benefits.
Who turned out not to exist.
Or when they put loshed that website full of their savings.
Which turned out not to exist.
Every DOGE member is complicit, and every single name should be published. They knew what they were getting into.
Not like the current admin and AI companies are helping with that at all. Also, anyone in that department has brought great harm to the entire country and their employment should be public knowledge.
There are two stories here. One is the alleged wrongdoing. The second is the fact that the Washington Post has a name of a former DOGE employee. I'm far more interested in the second story than the first.
Asking for a list of all DOGE employees is different than asking for the name of the single accused employee. It wouldn't make any sense for the media to publish a list of every DOGE employee in the context of this story.
Right, because indiscriminately hoovering data about people and their activities and affiliations for the benefit of someone else is clearly immoral.
Oh, wait.
Oh wow! I hadn't seen that. That's really great! All of them should be listed there, and should have been public all along.
Where can I see a list of all other government employees?
It’s an allegation, and the names of alleged perpetrators of crimes are rarely protected like this. Certainly feels like special treatment.
If the Post named you as someone who did something, and you didn't do that thing, and that thing harmed you in some way, you would sue them. That would cost the Post money, and they obviously don't want to spend money on anything that their staff does.
Because in a civilized society, everyone is presumed innocent until proven guilty and the accused are given some level of privacy until that happens.
We no longer live in a civilized society
But we are in the USA, where the majority of convicted criminals were never proven guilty because the system relies on coercing them into not going to trial.
Civilized societies don't shut down the paths for people to air their grievances.
"civilized" implies that everybody is playing by the rules. Those clowns were not playing by the rules.
Say who? Literally the entire news media loves airing trials before they're proven innocent or guilty.
Which is one reason why the legacy news media is disregarded/disrespected by the general public. People have caught into the games that they play such as trying to paint people as pre convicted
Depends who it benefits
Someone should tell that to the people who publish the gas station mugshot magazines.
Typically you prevent publishing the names of minors accused of a crime /s
That said there is a list by propublica: https://projects.propublica.org/elon-musk-doge-tracker/
Such information would purely be used for harassment.
This admin has no problems doxxing people for harassment, listing their personal home address on official social media posts: https://x.com/dhsgov/status/1912567112733753563?s=46. So why the double standard?
The court filing provides more information than just giving ammo to harassers so I do not see them as directly equivalent. I also do not agree with the premise that if one person does something bad it would justify someone else in doing so.
The publicly available filing does not include the home address of the individual. See https://casesearch.courts.state.md.us/casesearch/inquiryByCa... and search for case 0502SP019272021.
Plus - you’re telling me that highlighting an individual and posting their home address on an official government account is not “giving ammo to harassers”?
Not "just".
What other purpose did that unredacted post serve?
How does it feel to experience cognitive dissonance this hard?
Ex-employee alleges data copied to a flashdrive.
Agency: "Social Security initially denied Borges’s allegations and said the data referenced in his complaint is stored in a secure environment walled-off from the internet."
Ah walled of the internet, so no one can get there and copy the data to a flashdrive. Move on, move on!
You can't make that up.
The only way someone could get that data is if they demanded physical access and fired anyone who stood in the way. An impossible task if you ask me!
If I recall, that was exactly what happened early on in DOGE's tenure. Senior personnel were explicitly directed to grant admin access to DOGE personnel, and auditing/logging were disabled. This was widely reported at the time. I don't remember whether there were threats of termination, but it would not surprise me.
The "fun" thing was when some agencies started then seeing access attempts from Russian IPs sometimes as soon as 15 minutes after this happened, using credentials that were valid and created by/for DOGE people...
Honest question. Why isn't stuff like this a bigger deal? Why isn't anyone being held accountable for what is undeniably a national security incident?
I can understand why the administration would try to bury it. But I wouldn't have heard of most of the shitty stuff Doge employees have done were it not for HN. Why isn't this getting more media coverage?
Right? And many of the DOGE people who were outed were shown/known/had convictions for being involved in cybercrime gangs and such. I get it, in a controlled manner, for some cybersecurity jobs, but even at face value, that was nothing about what was DOGE was doing.
Yes, that's the joke
Sorry. I started switching off of coffee this week...
> You can't make that up.
Unfortunately it seems quite believable. This is the same outfit that fired a bunch of people responsible for overseeing the US Nuclear Arsenal. [0] The combination of arrogance and stupidity was breathtaking.
[0] https://thebulletin.org/2025/04/doges-staff-firing-fiasco-at...
> secure environment
> copied to a flashdrive
Both of these cannot be true. A secure environment does not allow trivial data exfiltration over USB.
Contemporaneous reporting was that DOGE people demanded root-level access across multiple systems (disallowed by federal policy, so political appointees had to demand the access) and without background checks or onboarding, after which they extracted protected data and shoved it in some S3 buckets. Just blew a hole right through the entire federal data protection model; you can't plan for "the President orders everyone to ignore all privacy and security controls" as a threat model.
True, but you can at least correctly label it and no longer refer to it as a "secure environment".
It was absolutely a secure environment prior to DOGE laying waste to all the layers of security in place. Presumably those safeguards are now back in place post-DOGE razing.
Not unless they rebuild all of the infrastructure from scratch. Far too believable that something nefarious was left behind.
After you know someone already had root access to everything?
There's absolutely no way to guarantee that ever again.
Was it though? Haha
You sound like the guys I know who work at banks, talking about all this policy, how secure they are.
Indeed. The story should be that DOGE compromised these environments (at the direction of President), which allowed data to be exfiltrated by randos.
That would be an admission of culpability, sadly.
Maybe it wasn't trivial?
While it's hard to overestimate the clownishness of this administration, I'd want to see the original wording of this denial before concluding that they said something that stupid, versus the author of this article paraphrasing it in a stupid manner. I'm not sure if this is what they're referring to, but the only response from the SSA that I found with a brief search doesn't say anything so foolish: https://dailycaller.com/2025/09/02/social-security-administr...
Nothing nerve wrecking like that but come on. They claim "the information could not have been stolen because the security practices" but "evidence has been published online, is now available to anyone and therefore it is dangerous" is a clown situation. It doesn't matter how it happened, it happened. Them trying to dispute the method is a clown camp.
The agency's statement says that PII is secure but that the complaint included internal emails and documents with info about the agency's systems and employees. That's not contradictory.
I suspect the whistleblower is correct, but I don't think it's proven to the point where we can confidently state that "it happened." SSA isn't trying to dispute the method, they're trying to dispute the fundamental claim.
It might be worth waiting for the outcome of the investigation before trying to dispute anything in public statements.
Kristi Noem doesn't operate like that either. It's a pattern.
I mean technically a flash drive could be "a secure environment walled-off from the internet"
An intranet could be a secure environment walled off from the internet
Hard disagree. How can it be “walled off” from the internet if it’s not connected? Despite the jokes, cutting access on its own is not the same as air gapping or a firewall. As soon as it’s plugged in there are zero controls.
Technically they could claim it’s a backup
An unplanned, decentralized, public backup?
And it is not connected to the internet, the internet is connected to it (I’m not in here with you, you’re in here with me)
The US has laws to handle stuff like this. The real problem is that the pardon power is completely broken and it needs to be removed.
In principle, flagrant abuse of the pardon power is blocked by Congress's ability to impeach and remove a President who engages in such abuse.
In practice, that has always been an ineffective threat against Presidents who are within days of leaving office anyway. And more importantly, the framers of the Constitution seemed to have entirely failed to imagine a party like today's Republicans who value strict personal loyalty to the President over every other principle of government.
I wonder how anomalous this presidency really is. Trump is not the first strong man bullheaded president who engaged in cronyism and systemic corruption. Most people don’t know the history of presidents though especially from centuries past. Maybe this broken state of the office we observe today has always been a viable option for people who payed attention enough to see it and are also evil enough to use it. Maybe this power has been specifically maintained intentionally for some time. Like a big open secret for those tasked with approving laws.
Please enlighten us: which former presidents have been similar strong man caricatures engaging in anywhere near the level of cronyism and systemic corruption as the current administration? What precisely did they do which demonstrates such behavior?
We've certainly had some colorful presidents in the past, but the current president is engaged in a lot of blatantly impeachable behavior, and as far as I know, we've never had such a passive and complicit Congress before.
I’d probably guess there were plenty of bad eggs. Andrew Jackson for example. Who learns about him in school though? Who talks about his administration today? And he probably isn’t the only one either. 1700s government was still in flux with plenty of cases of selfish infamous people and behavior. 1800s worldview among people in power was pretty notoriously ruthless. 1900s not much different. FDR was certainly a strongman above norms too, luckily many of the things he did with his share of political power had great benefits to people.
Who are you to quote laws to those carrying swords?
The pen is mightier than the sword if the sword is very short, and the pen is very sharp.
- Terry Pratchett
Don't know why this is getting downvoted, it's well known that DOGE had goons to forcibly remove people that stood in their way.
> Don't know why this is getting downvoted
Paul Graham and Garry Tan were both big cheerleaders of DOGE, so, keep that in mind.
A shocking number of the biggest stories about DOGE over the past year were flagged here, probably including the stories about goons physically removing people.
Posts questioning this suppression/censorship were flagged.
Some people like to argue that since any story about Musk becomes toxic - for some reason - it 'makes sense' to flag every story about anything to with him. You know, like Israel, or US torture, or Assange, or Snowden, or Epstein, etc.
For we are but naive children here in the tech industry, and must have a safe space to discuss PCB specs and the meaning of 42 without too much 'current affairs', lest the site 'lose its focus'.
It's not like almost the entire top of the industry is neck-deep in collaboration with all this or anything, right?
... Anyway, if people here don't know much about DOGE, the massive flagging that's gone on here is probably a big factor as to why.
“Shocking number” being “pretty much all of them” to the point I discovered https://news.ycombinator.com/active which shows topics where discussions are happening even if they’re flagged.
That’s the only way I browse HN now because this place is clearly brigaded to bury certain topics.
Yeah, I only use active and new; for the same reason.
Idk if there's anything anyone here can do about it. There's zero transparency, or less; so most people don't even know there's a problem.
I wrote an extension that lets me tag users, similar to Reddit Enhancement Suite, and it's interesting seeing the intellectual dishonesty from certain actors, yet because they produce "valuable" discussion the moderators take no action.
Interesting! I bet I'd recognize some of those names.
And I also would bet that saying them 'out loud' here would result in a ban for 'harassment'.
I watched this happen and I'm still pretty mad about it. It was so clearly an important tech topic of discussion and it was just buried.
The rich have known they're in a class war since at least Occupy Wall Street.
Yeah, you can't rely on HN to get important information. It will be flagged to death. There could be a holocaust going on and it'd get flagged for being "controversial".
Usually the opposition party, once it gains power.
Sadly, the Sicilians and Marians definitely did not regain power after Pompey said that to them. They did get purged though.
The Feds love to wait. I doubt the next president will be as lenient with pardoning. Maybe there’s a market I can bet on pardoning.
Many of us would like you to be right about that.
However, the people of the USA voted for Trump. Twice.
I fear things have changed and Trump'ism is here to stay.
> I fear things have changed and Trump'ism is here to stay.
The first time they got Trump lite. They didn't like him, and ditched him after one term.
The next president has the misfortune to get elected during a worldwide recession. They liked the recession even less than they liked Trump lite. So they re-elected Trump lite.
But they've now found the person they re-elected was Trump heavy. He's doubled down on all the things they disliked about Trump lite, and will probably land them in a recession entirely of his own making.
I'd be stunned if Trump heavy or anybody following in his footsteps won an election for a decade or two. Memories will have to fade.
Guess we'll find out at the midterms if you're right, I certainly hope so. We're at the point where even the major policy differences between Democrats and Republicans are insubstantial compared to just getting people in office that aren't openly mustache twirlingly corrupt.
I would have LOVED to have a Polymarket bet when Biden said he will NOT Pardon his son.
If you have a problem with that, you must be incredibly upset about the current administrations admission of pardons for blatantly corrupt reasons!
I didn't say I had a problem with that. I said I would have LOVED to have a polymarket bet on it!
I mean enforcing the laws on the books would be a good start. Corruption quickly breeds more and more corruption if it isn't rooted out and punished. Everyone who isn't corrupt starts losing and the benefits of not being corrupt evaporate
Cool. Investigate it. If they really did take data off a government system without permission, charge them with the most serious thing you can find in a district where they're likely to be convicted. Then send them to prison to delete years or decades off their lives.
See if Musk was in any way involved, or acted with such reckless disregard for known security standards that he could be civilly or criminally liable. Do the same as above for him.
The only way this stops is if consequences are introduced.
Federal charging will be countermanded from the top, or pardoned. Got to wait at least four years.
That doesn't mean don't file them. Don't allow evil deeds to be done merely by threat - force immoral people to take the immoral action in public if they want to behave that way.
Then do state or local charges.
Unfortunately, consequences have been largely absent for anyone in this administration since the last time they were in power. That's part of why this round they've been flaunting it so egregiously.
explain to me the incentives for the trump administration to do a complete 180 of crimes? why would they stop now?
Removal of their personal freedom for months, years, or decades.
Did this joker take things from a computer that they weren't supposed to while in a state that has laws against that sort of thing? If so, have a local prosecutor build up a case, and arrest and charge them.
The Supremacy Clause should be tested in this way.
Distract from crimes of those currently in favor?
It would be lovely if they did that. I very much doubt it will happen in this administration, if at all
Can any of the administration's defenders explain to me how this is actually a good thing and not the exact thing people were warning about a year ago?
No they cannot. They don't offer real arguments, they make pre-textual arguments and they bullshit. (bullshit in the formal Harry G. Frankfurt sense of the word.) If an argument they make suits them, they will stand by that argument. If an argument ends up not suiting them, they will readily discard and fabricate a different justification.
So many years of dealing with this administration, and people are still attempting to point our hypocrisy and hold people to standards with regard to principle, past statements, character, etc. None of it will work here.
I agree. I'm not trying to point out the hypocrisy, it is obvious to anyone watching. I am more interested in testing the limits of how people will justify actions to themselves and others. It is fascinating to see the twisting happen in real time.
> “Never believe that anti-Semites are completely unaware of the absurdity of their replies. They know that their remarks are frivolous, open to challenge. But they are amusing themselves, for it is their adversary who is obliged to use words responsibly, since he believes in words. The anti-Semites have the right to play. They even like to play with discourse for, by giving ridiculous reasons, they discredit the seriousness of their interlocutors. They delight in acting in bad faith, since they seek not to persuade by sound argument but to intimidate and disconcert. If you press them too closely, they will abruptly fall silent, loftily indicating by some phrase that the time for argument is past.” ― Jean-Paul Sartre
Anyone know where I can buy/borrow an ebook version of "Anti-Semite and Jew: An Exploration of the Etiology of Hate"? Can't find it anywhere.
Openlibrary has a scanned copy in French and English it seems:
https://openlibrary.org/works/OL1161327W/R%C3%A9flexions_sur...
amazon sells a kindle version for ~$6. looks like deadtree copies retail under $10 online (or ~$17 from PRH). IA has it but it's covered under their stupid pseudo-library false scarcity bargain so you might have to get in line. if you're okay with physical, i bet your local library has it.
otherwise... can't check from work, but perhaps anna's archive/slsk has you covered?
Your local library can get it through ILL.
"Musk says he'll fix the corrupt Democrat-run government and reduce two trillion in spending and given his track record I have no reason not to believe him."
Real quote from a friend when this whole thing was going down.
> A young programmer asked if he should go work for DOGE, or whether it would end in disaster. I told him that it would at least be interesting, and that if he was worried it would end in disaster, that was all the more reason to take the job. Maybe he could help prevent that.
https://xcancel.com/paulg/status/1888555241055948981
I guess this aged like Windows Me
Given his track record of raising ever more money on idealistic claims only to deliver less and less... I think he delivered exactly as expected
Your friend is a prick
Americans love their conmen.
People can be wrong or caught up in a movement. That's fine.
It's the way they react when proven wrong that's the most relevant. What does your friend say when confronted with the reality of DOGE and the general amateurism and incompetence of the Trump admin?
What does he say now?
Musk's goal was never to reduce government spending or waste. It was to get unrestrained access to government spending data to serve his own goals.
It's a conspiracy theory - I don't have any real evidence to support it, but I tend to believe it.
Musk's primary goal was to kneecap the federal agencies investigating him and his companies:
- himself: SEC, FEC
- Tesla: NHTSA, EEOC, NLRB
- Xitter: CFPB
- Neuralink: FDA
- SpaceX: DOD, DOJ, EPA, NASA, FAA
[0] https://www.latimes.com/business/story/2025-03-27/elon-musk-...
Given his track record, spending should be at four trillion now, right?
I'd switch friends.
I’m not sure the unsanctioned actions of an individual are the best attack that someone could make on the Trump administration.
I don’t believe anyone here if they say that is honestly a standard that they held through previous administrations.
I think there are plenty of ways to criticize Trump without abandoning my own principles.
The Trump administration is 100% responsible for setting up the conditions where this kind of breach is effectively inevitable. They created "DOGE", staffed it with (among other specimens) teenage hackers with established records of malfeasance and names like "Big Balls"---presumably without any serious attempt at checking backgrounds and/or responding appropriately to any findings---and (by many accounts I've seen) granted them the authority to demand root level access to government systems without auditable logging or any other record of their actions. There appears to have been effectively zero oversight within "DOGE" itself, and the organization evidently failed to accomplish its stated goals by an enormous margin. AFAIK The Trump administration never publicly acknowledged any of this or took any visible steps to investigate the allegations.
If I was aware of any remotely comparable precedent in any recent administration, I would certainly criticize them for it. But the "DOGE" episode was so far beyond the pale that I can't think of anything else like it.
That person's actions were only possible because the administration explicitly decided to put that much unchecked power into poorly vetted individuals.
> poorly vetted individuals.
Interesting choice of words and application when discussing gripes against entire administrations.
Why is it interesting?
Why does this admin get a pass from you for their employees actions?
You wouldn't hold a Democrat admin responsible for the broad competence of their appointees and direct hires?
I would. I’m saying, that you didn’t.
SO you're not defending the administration, you're just attacking everyone who does attack it. Nice.
If you enable reckless behavior, you are even hyping it I believe you are responsible for this behavior too.
> If you enable reckless behavior, you are even hyping it I believe you are responsible for this behavior too.
Are the people mad at ICE complaining that immigration was perhaps a little too lax under Biden’s admin, and possibly creating a situation where so many people felt inclined to vote for the Mass Deporations Guy?
Is there retroactive anger for Biden Admin? Note that I’m talking about a conservative voter’s right or wrong stance on the popular-at-the-time migrant caravans and not the actions of a specific person in a mid level position.
Not that I’ve seen, ymmv.
From my point of view, people are angry at ICE not mainly because deportations exist, but because of the methods being used, and those methods are clearly encouraged from above. Who else would be responsible, if not the policymakers themselves?
You can argue about whether immigration was a real problem or mostly fearmongering. In that case, any realistically achievable level of deportations under the previous administration would probably have been dismissed as insufficient anyway so the outcome would the same. But if policymakers deliberately loosen rules, they can be blamed for the consequences.
It is no different from weakening medicine purity standards and then acting surprised when people die. In that case, responsibility clearly falls on the people who made the policy too.
It may sound blunt, but assigning blame is a normal part of politics. Politicians are there to make decisions, and they should be praised or blamed for the results.
> the best attack that someone could make on the Trump administration.
It doesn't need to be, nor should we measure things against eachother by their ability to be used as an attack. We should measure this on it's own, based on what has happened.
In this case, an agency created by the President's Executive Order, that reports directly to the President made significant personnel and security access changes. There have been many security issues coming from that new personnel and department. If this doesn't fall on the administration, what does?
oh lol, yet another article on this site flagged to death by the Muskites on this forum
This is probably a good time to mention that they court-martialed Chelsea Manning for exfiltrating Army documents.
I have a sinking suspicion this engineer won't see the inside of a jail cell.
I've always wondered what the endgame of that farce was. Cost-cutting was clearly always a pretense and a bad one at that. There's made up claims about 300 year olds getting Social Security but I think this only proves that the SSA database was an explicit goal and that was cover.
But why? The only conclusion I can come to is "stealing elections". I'll include this partial list I made of Republican voter suppression efforts going back decades [1].
I believe out there someone is collecting all this data into an AI model to predict how people will vote, something that Cambridge Analytica was a toy version of. But it goes beyond how people will vote but whether they will vote. Likewise, data will be constructed to strike off people from voter rolls if the system believes they won't vote how you want. We've seen efforts like this where similar-sounding names of felons in other states are used to strike off people from voter rolls. And that's a real problem because people might not know they're no longer registered to vote and in some states you have to register 30 or more days before the election.
There is essentially infinite money available to fund Republicans stealing elections because it results in public funding cuts to give even more tax breaks to billionaires.
You can't directly use the SSA databsae obviously so any effort must be small enough to not draw attention, involve part or all of the computing done overseas to avoid legal scrutiny and/or "washing" that data through data provider services. I would bet if you started exhaustively looking at various companies in or adjacent to these spaces, you'd find some pretty dodgy stuff.
I think it's simpler than that. I believe (as some others do) that DOGE was a useful piece of theater to distract the media while the Administration got down to business implementing a huge number of executive orders to roll back social protections and establish control over the civil service. This would have been a lot more controversial without Musk acting as a lightning rod for press coverage.
I think a lot of these people are literally dumb. Or so naive or Twitter-brained that they're effectively dumb.
https://www.onthewing.org/user/Bonhoeffer%20-%20Theory%20of%...
Fraud as governance. Cool.
Americans are about to find out why data protection laws exist in the EU, and why even the government has to follow it.
Nobody should have permission to query 70M Americans, it's a huge security flaw for the average citizen. But Pentagon has been doing this for a while a la Snowden, and the average american doesn't seem to be worried. With Snowden becoming a menace rather than a hero.
Once private government data from Americans starts being heavily used to mess up elections, or even worse, persecute people with a different opinion than the ruling party...
Americans will finally wake up that GDPR doesn't stiffle innovation, but rather protect its citizens from an evil actors.
But it may be too late, like when NSDAP started chasing jews and migrants. There was nothing they could do other than to flee to survive.
Unlikely. Also it doesn't work well where it needed in the EU.
If we need to sum up the state of gov now I would pick the following quote:
He told another colleague, who refused to help him upload the data because of legal concerns, that he expected to receive a presidential pardon if his actions were deemed to be illegal, according to the complaint.What kind of job would you realistically take this data to? What company would even so much as look at data procured in this manor. I can think of one that's evil enough and probably have the protection of the US government, but it's not like they could acquire the data directly, if it was necessary.
If I had to make a wild guess, xAI. The article states they took a job at a government contractor.
It’s interesting (horrifying) to think of the implications actually. People wouldn’t buy this data directly, it’s too obviously illegally procured. But laundered through an LLM to provide “insights” without citation? That’s plausible deniability.
Also meta or any other data broker.
In addition to all the other answers here, foreign governments would fall over themselves to get this kind of data.
My understanding is stats canada gets offered a lot of money for this data after being anonymized. A lot of employers might not ask questions if someone had really good data they could use to help market their product. Especially politically aligned think tanks
Maybe not under the current administration, but that's the kind of risk that could kill your company, if you got caught. It might be why I'm not rich, but that seems like a massively irresponsible risk to take.
Ad Tech, I would bet its ad tech.
If this goes within the Ad Tech industry and knowing how Ad tech industry is, I don't feel quite surprised if we might see foreign adversarial nation buying the Social Security data from Ad tech/ (this Doge person in general either directly or through multiple layers) even in secretive manner at this point.
Either way this data is definitely going to spread behind closed doors.
Nobody in Ad Tech is going to risk jailtime for a slightly higher CPM.
I think you are more correct than you realize
I disagree - it's 100% a factor of how much money you have to pay in legal fees.
Zuck would be happy to take that data, and because he's worth a cool $350 billion, he'll do whatever the fuck he wants with that data, and we'll thank him by cutting his taxes.
You think Donald Trump would put him in jail?
You have no idea what you are talking about.
Nobody wants to fuck with PII, platforms will blackball you in a second if they think you have sensitive data. If you haven't worked in adtech, be quiet and do even the most trivial research before spouting nonsense.
> If you haven't worked in adtech, be quiet and do even the most trivial research before spouting nonsense.
if you have, i won't take ethically-compromised advice from you.
You can’t just donate these tables to the Republican Party; they’re evidence. You need to repack them for deniability. These will be used to cross-check if voters can be ruled vaguely ineligible.
"What kind of job would you realistically take this data to?"
Banks
Sales/Marketing
Healthcare
Palantir
xAI
Any social security scammers
Etc.
Previously: https://news.ycombinator.com/item?id=47327367
looking at https://doge.gov seems to be defunct for around 7 months now? Also a little bit of review made me learn that doge.gov/spend is wrong lol.
Makes sense. IMO it was always a wank operating as a smoke screen while access was given to private parties that couldn't get it through legal/traditional means. This story increases the probability quite a bit.
I knew it. I was saying from the instant they started we'd have a scandal like this. Bunch of tech bros walking into the government with personal MBPs and administrative authority to demand data from anyone and everyone was a privacy crisis happening in real time.
Yet here on HN, what have we been arguing about? Big tech. Google and Meta have been allowed to become boogeymen in this community out of all proportion to the actual threat they posed[1].
While the actual boogeyman stealing our data to exploit in the market? It was us.
[1] I mean, lets be honest, while everyone has abstract complaints the truth is that they've actually been remarkably benign stewards of our data over the past 20 years. Much, much, MUCH more responsible than the glibertarian dude in the cubicle next to you, as it turns out.
Yep, and we're only hearing about this because in this case there was a whistleblower. Call me cynical but I'm sure that there is plenty of data DOGE workers exfiltrated from SSA and other places that we'll never directly know about.
Posts predicting this were apparently flagged as "political". For example, Bruce Schneier's warning [0]. For a site called Hacker News, DOGE unfortunately attracted a different priority of notoriety than, say, the numerous merger and acquisition and VC maneuvers reaching the front page. If hacker punks nominally subvert the established order by flaunting laws and authorities, then DOGE was very much hacking. Tina Peters is an unsophisticated hacker punk, She doesn't live up to the social engineering chops of Kevin Mitnick, but her plan did involve a Geek Squad uniform. Legendary but too "political". Attracts too much noise, not enough signal. That's why you didn't see an elevation of the developed thoughts you're talking about.
Since the beginning of DOGE, it has not been especially bold to predict:
- DOGE will cost more than it saves. The seminal errors, mistaking $ millions for $ billions, world-write permissions on their Drupal site, etc. convinced us that we can't expect deliberate professionalism.
- The very first whistleblower, out of NTSB, convinced us that exfiltration was the goal. This is within the top 5 whistleblower stories here. The critical detail was their instruction that access logs be scrubbed.
- And the general public smelled it, too. No one doubts that threats against Tesla dealerships were civil libertarian radicals, not recently-fired USAID bean counters.
- When Peter Theil's FBI handler, Johnathan Buma, went whistleblower a few months into DOGE, it wasn't about Theil. He saw a Russian active measure influencing Musk's inner circle. One of Kash Patel's first acts as FBI director was to order Buma arrested.
So, the commentary worrying about "big tech" was commentary within Y Combinator's sphere.
i dunno. NSA letters are a real thing and i have no reason to believe there's not at least some exfiltration of personal data from "big tech" to other actors.
> have no reason to believe there's not at least some exfiltration
Is it genuinely your opinion that that activity (just look at all the equivocation!) constitutes a risk at the same level as alleged by the linked article?
This is exactly what I'm talking about. HN has a tunnel vision disease on this subject. "Yes yes, DOGE bros stole the SSA database, but let's please talk about how awful Google is." It's clinical at this point.
yes, 641A being the prime example, but i suppose it depends on how wide a net you cast to define "risk". plus: https://www.eff.org/deeplinks/2026/03/targeted-advertising-g...
i'm not saying it's not like these big tech firms don't have their hands legally tied by NSA letters, but that's entirely divorced from whether i trust them to steward my data.
And I repeat: you are refusing to engage with the privacy crisis right in front of our eyes and insisting instead we treat with your personal crusade against a threat that is almost entirely theoretical. That's just not rational discourse, it's a vendetta. And you're hardly alone.
i don't understand your combative tone. i'm not for DOGE twerps stealing PII.
Society can only support so many sociopaths (~ 1 in 5) before it starts to collapse. We may have reached the tipping point.
Heil Elon lol
It's probably safe to assume any non-classified information you provide to the government is for sale on the dark web.
Like the stolen-art market, I wonder if anyone with a large zip file of fake data could sell it as the "DOGE files" and make mucho crypto.
I mean, recently it's pretty safe to assume any classified information the government has is stored in a fucking bathroom and is for sale.
I feel like when I was a twenty- something I would have been at risk of exfiltrating data like this not for any specific nefarious purpose or money-making scheme but just out of data hoarding.
Anymore I have zero desire to keep any copy of work code or other data on any personal device. Nope, never gonna need it, don't want it, just a potential legal headache with no upside.
But when I was younger? I could totally imagine getting a big juicy dataset like that and wanting a copy for myself. It'd make me feel special, having information no one else had.
It may not have been your intent, but this comment seems to downplay the crime here. It's a crime to take the data even if he wasn't shopping it around as alleged. and the fact that he was 'young and stupid' makes the circumstances of how this happened much more important for an investigation by the IG (ie why was an immature person given so much power?)
I think it’s a great reaction to news stories to imagine how you could have made the same bad decisions. Furthermore this public confession of being able to imagine making bad decisions might encourage a similarly minded to 20-something to wonder why an older version of themself is so afraid of even having such a dataset. It might even prompt someone to destroy some long forgotten cache of data they exfiltrated a long time ago.
I don’t think there’s a risk that it will influence a rare person in power to enforce the rules to go lighter. I just think it encourages people to be less reckless with hoarding data who might otherwise put themselves in danger.
Over and above the fact that everyone should already know that the SSN database is extremely sensitive, DOGE had to strong-arm people out of the way to gain access to it in the first place. Even a fresh twenty-something should have known better than to download the entire thing onto a flash drive and carry it around, let alone take it home with them, and especially not to share with a future employer.
The idea that could be done accidentally and innocently lacks any sort of credulity. It's so far out of the ordinary that I don't think applying Hanlon's Razor can be done in good faith.
yeah. ignorantia juris non excusat applies to both the speed limit and passive data theft
So like Harold T. Martin who took 50 terabytes of data from the NSA because he was a data hoarder and was sentenced to nine years in prison?
> "Martin reportedly stole the information simply by walking out of his various secure workplaces with it in his possession"
"secure" eh?
"Secure" workplaces means that you have to have the appropriate clearances and background checks to be allowed in and out. I'm sure there are more secure workplaces, but the security of your average SCIF largely depends on the people allowed inside of it not being bad actors.
Outside of strip searches upon arrival and leaving I'm not sure how you could eliminate that risk.
> zero desire to keep any copy of work code or other data on any personal device
Same. I won't even have Teams or Authenticator on my phone unlike most others here (though wrt Teams, that is at least as much about not wanting work to bother me as it is about the danger of data seepage). I need the authenticator to do the job, but I have an old factory-reset phone that has that (and, just in case, Teams) on it.
> But when I was younger? I could totally imagine getting a big juicy dataset like that and wanting a copy for myself.
I'm pretty sure I never would have done. I've always resisted knowing credentials and personal information that aren't mine (so if anything untoward happens with/using that information there is no way it can be my fault/doing, as well as the less selfish reasons) despite people falling over themselves to do things like tell me their passwords & such when they were wanting some for of tech support.
But I think there is a different attitude to data risk in that age group today. They've grown up in a world where very little is really private, and every app and its dog has wanted their contact details and other information (and all too often information about their friends & family), do the idea that data is a free-for-all is dangerously normalised in their heads.
I find older people are similarly very lax with their own data, in fact often being rather too trusting of others generally, but not so much with other peoples. There are a lot more people who are appropriately careful (or even paranoid) in their 30s/40s/50s (I'm late 40s myself) - I think we are lucky to be in the middle, being exposed to information dangers enough to not have that “naivety or age” and not desensitised by having lax information security pushed at us from an early age.
Check out FreeOTP if you want an alternative to Google Autheticator.
This is MS's authenticator, integrated with all our Azure gubbins, not something I get a choice about.
> But I think there is a different attitude to data risk in that age group today. They've grown up in a world where very little is really private, and every app and its dog has wanted their contact details and other information
Counterpoint from a UK/EU perspective.....
Anybody new being onboarded is given (company compulsory) GDPR training if their role involves any handling or processing of personal data whatsoever. Data security and privacy is being treated quite seriously here; though unfortunately not seriously enough IMO.
Counterpoint also from a UK perspective: unfortunately a lot of people give no more than lip service to that training, and there are a great many people who have been in that sort of role who have avoided taking part in it at all. It sometimes worries me how seriously some people don't take the matter, and how many see that sort of regulation as pointless “innovation” preventing inconvenience. Heck, I know one fool who gave “the overreach manifest in GDPR” as one of his reasons for voting for brexit.
My DayJob company, and most of the people working here, do have the right attitude, as do most of our clients (if only because of the potential punishments, both in terms of fines and a slapping from the court of public opinion, if something done wrong has signifiant repercussions), but I do worry about how many people and companies seem to not care at all.
To be fair, it is apparent the tide is turning and awareness of data privacy is growing; even if this is unfortunately due to the increasing damage data breaches are causing.
Even in your twenties would you have then taken that data and attempted to share it with a future employee?
I don't think I would have offered to sell it or accepted an offer to buy it, but I think I could have easily been talked into sharing it, in a "I think my boss is a cool guy and I want him to like me and/or impress him" situation.
I'm not doing anything wrong! It's not like I'm selling it! I'm just showing off the cool data no one else has! I'm saving the day, probably, by letting us solve a problem with my cool data that would be impossible otherwise.
This is why we normally have hiring standards for USG.
I had access to insane amounts of highly sensitive data as an early 20-y/o and never once felt inclined to share it or brag about it with anyone.
Hiring processes around these roles should distinguish between past-me and past-you.
Eh, over time I've come to believe having systems that manage insider risk is more important than expecting to be perfect in hiring.
Like, any system will fail if too many of its members don't care about maintaining it, but you're going to hire the wrong person from time to time.
It's important to design your systems to minimize access, both in terms of not allowing everyone access to everything and to only allow people as much access as then need to do their jobs, to require multiple people to sign off on temporary access grants, to create audit trails and to actually audit them and have consequences for violating the rules.
(Which, in this case, DOGE purposefully dismantled.)
It doesn't just protect the data from nefarious villains, it also protects young idiots from themselves, who don't realize you can cause harm just by being curious.
Sure, I'm not proposing that we shouldn't have systems to mitigate insider risk.
I'm proposing that we both have systems to mitigate insider risk and we try to avoid hiring ideologically motivated and ethically compromised goobers to highly sensitive government jobs.
And I'm proposing that we don't write this off as, "welp he's a kid!"
Hum... The buck still has to end at some point. Somebody will have the power to override process or access things directly.
At DOGE, those somebodies were a bunch of red-piled barely adults that worshiped Musk.
Wow you’re dumb as hell
Personally, I like to think I just was dumb as hell, and now am only kind of stupid.
I don't think you deserve downvotes; I think it's totally plausible that some people would steal this data just to feel special.
But:
1) That's why we have traditionally had the safeguards that we have had, to protect against this sort of crime, and
2) The allegation in this case is that he later approached coworkers to do something with this data, even if they ultimately didn't help him do it. So it doesn't appear to be hoarding just for the sake of it here.
> I don't think you deserve downvotes
Speaking of things that have changed from my 20s, I also take internet points way less seriously than when I was sitting in a computer lab at 3am.
Now, I just double-check to make sure I didn't say anything I didn't want to and take it as a signal for how to be more clearly understood in the future; in this case a lot of people seemed to take what I wrote as a hypothesis about the motivation of the accused or a call for leniency, which wasn't what I was going for, but eh, live and learn.
The way I'm different from in my 20s is I'm more likely to assume charitable interpretations. I kinda guessed you meant it like you just stated, but wanted to add more context.
How would you get it in the first place?
I mean, insider risk is insider risk.
In the DOGE case, they specifically broke all the controls that existed to manage insider risk and keep people from making copies like this, but (especially 20-30 years ago) I've been on plenty of networks that just had no concept of insider risk and everything was just open for anyone to access (or protected by shared passwords everyone knew).
So you're saying that if you worked there you would also steal the social security data? What am I supposed to be taking away from this besides the fact that you would make poor choices and lack ethics? Didn't seem like it was a problem for people who worked in gov't prior to DOGE existing, so I'm not really getting any other takeaway here.
Steal?
Oh no no no no no, not once, not ever.
But look around the network, see what file shares are world readable, maybe see if there's any FTPs or Telnet servers with no username/password (or at least, no password stronger than "guest")? That's just being curious. And if I see any interesting files, and I make a copy to look at later, that's not a crime, is it?
I'd like to think my younger self, if he'd been hired at the SSA or somewhere similar, would see the difference between "the personal data of hundreds of millions of people" and the networks I actually had access to at the time. I know I wouldn't be trying to sell the data or trying to otherwise leverage it for financial gain, but I don't really have such a high opinion of my younger self's judgement that I would completely rule out making a copy for objectively dumb reasons.
> they specifically broke all the controls
Is there a reference or citation for this? I didn't see in the article.
I don't know about this person specifically, but the news from when DOGE was active was full of "employee of department fired for trying to prevent DOGE employees from directly accessing system no one is allowed to directly access".
And further, I would absolutely leverage it to get myself a job.
Oh, wait. No I would never have done that. That's just insane.
> having information no one else had
A broken logic. Of course the people who you would have stolen the data from, had it. A question pops up, though... what's in your possession you should not be in the possession of.
I'm pretty sure you can adjust the logic from "no one else" to "very very very few" and the logic just works the same...
Yeah, I'm pretty sure.
-Overall, we rate the New York Times Left-Center biased based on wording and story selection that moderately favors the left.
- Overall, we rate The Washington Post as Left-Center biased based on editorial positions that moderately favor the left. Due to a few failed fact checks, they earn a Mostly Factual rating.
- Wired: These media sources have a slight to moderate liberal bias. They often publish factual information that utilizes loaded words (wording that attempts to influence an audience by using appeal to emotion or stereotypes) to favor liberal causes. These sources are generally trustworthy for information but may require further investigation.
https://youtu.be/tRq-vVptMOk?si=t6xzvtqdhOZm80un ↑ Victor Davis Hanson: The Left’s Rage is a Symptom of a Movement in Decline
https://profrjstarr.com/the-psychology-of-us/the-need-to-be-...
"this too shall pass"