“DOGE isn’t making government more efficient—it’s putting Americans’ sensitive information in the hands of completely unqualified and untrustworthy individuals,” said Gary Peters, a Democratic US senator from Michigan and ranking member of HSGAC, in a statement on Thursday. “They are bypassing cybersecurity protections, evading oversight, and putting Americans’ personal data at risk. We cannot allow this shadow operation to continue operating unchecked while millions of people face the threat of identity theft, economic disruption, and permanent harm. The Trump Administration and agency leadership must immediately put a stop to these reckless actions that risk causing unprecedented chaos in Americans’ daily lives.”
When visiting the GSA offices, committee investigators saw “cloud infrastructure and enterprise network infrastructure diagrams” drawn on a whiteboard, but GSA officials blocked their view “with their bodies,” the report says.
The report also claims that GSA officials “refused to show staff Starlink infrastructure,” telling them to schedule a follow-up visit and then denying the request to do so. The GSA installed terminals from Starlink, the satellite company Musk owns, about a month after inauguration. At the time, GSA staff warned that this posed a significant security risk and voiced concern that the terminals could allow DOGE to siphon data out of the agency. According to the report, GSA officials “could not even confirm that the Starlink terminal was configured with basic security settings recommended by Starlink itself,” making staffers “concerned that any data sent or received over the Starlink device at GSA and other locations could be an easy target for foreign adversaries.”
Starlink terminals have also been installed at the White House.
This was not the only apparent effort to circumvent government policies and protections around data. One former OPM employee alleged in an interview with investigators that “even before the inauguration, the incoming administration expressed a ‘strong interest’ in government-wide email servers and centralizing communications.” According to the employee, Greg Hogan, the incoming CIO, “had asked OPM staff whether they could deploy an AI system in an off-cloud environment, an environment that would allow for less agency oversight and fewer safeguards.” (The anonymous OPM spokesperson declined to comment on anything that happened before the inauguration. “The CIO asked many technical questions as part of his role,” they said in response to a question about Hogan. “All his work at OPM complied with the agency’s security and regulatory requirements.”)
At the SSA, investigators found that access to the areas DOGE worked out of were controlled by armed guards. It was a measure taken, according to Dan Callahan, assistant commissioner for building and facilities management, because the DOGE members were “concerned for their safety.” Upon further inquiry, investigators found that this concern stemmed from “communication with an SSA employee that ‘included cursing.’”
At the GSA, “armed guards controlled access to work and living spaces [and] rooms were locked,” the report says, while the investigators’ visit to OPM was carried out under armed guard. (“The ‘armed guards’ were the normal security teams that provide security for the OPM office,” said the anonymous OPM spokesperson, citing purported “misbehavior” by the investigators as they visited other agencies. “They accompanied the visit when entering secure areas with sensitive information.”)
As a result of the investigation, the report calls on the Trump administration to end all DOGE activities, revoke all access its representatives maintain over personally identifiable information, and require agencies to provide evidence that the access is compliant with existing privacy regulations. The investigators also demand that SSA shut down the cloud environment to which DOGE uploaded NUMIDENT data.
The White House, GSA, and SSA did not immediately respond to requests for comment from WIRED.
Disclaimer: This news has been automatically collected from the source link above. Our website does not create, edit, or publish the content. All information, statements, and opinions expressed belong solely to the original publisher. We are not responsible or liable for the accuracy, reliability, or completeness of any news, nor for any statements, views, or claims made in the content. All rights remain with the respective source.