The Social Security Administration has responded to a letter from the Chairman of the Senate Finance Committee concerning the whistleblower complaint of Charles Borges concerning DOGE usage of sensitive Social Security databases. Here are a couple of key quotes and my response:
… The location referred to in the whistleblower allegation is actually a secured server in the agency’s cloud infrastructure which historically has housed this data and is continuously monitored and overseen—SSA’s standard practice. … What would have been the point of making a copy of Social Security’s databases elsewhere within Social Security’s own cloud if you weren’t doing something sneaky? Who had access to this copy of the databases? Why were multiple Social Security employees, not just Borges, going to DEFCON 1 over this if it was innocuous?
All employees are required to go through a vetting process prior to being granted access to SSA information systems. Based on their job functions, employees are granted the appropriately permissions to perform their work. Access to resources within the AWS environment is governed by the agency’s established Systems Access Management protocols. … Sure, that’s what’s supposed to happen but we know that DOGE employees were given access to sensitive Social Security databases long before they could have completed training.
You can get by with half truths and fibs as long as the Committee Chairman doesn’t really care to delve into the matter and you’re only looking to survive the day. This isn’t a great long term plan but long term planning isn’t something the Trump Administration even tries to do.
3 comments:
A lot of vague weasel words and apparent lies.
"The location referred to in the whistleblower allegation is actually a secured server in the agency’s cloud infrastructure which historically has housed *this data*"
Which data? Numident data? No, it hasn't.
"SSA never transferred the Numident database to a private cloud server within SSA's AWS
cloud. SSA does not have a private cloud within its secure AWS."
Borges' whistleblower complaint quotes a request for the data to be transferred to “their own Virtual Private Cloud (VPC, “cloud”) within the SSA Amazon Web Services – Agency Cloud Infrastructure (AWS-ACI)."
So, unless the DOGE boys never carried out their plan, it would appear that Frank is fibbing.
Anyone catch the Wired article yesterday on Microsoft’s Entra ID Vulnerabilities and how they could have allowed bad actors to breach ALL Azure accounts in the cloud?! SMH.
So many news stories about SSA including age changes and revoking all reasonable accommodations based on telework. Anyone care to start a new SSA blog where we don't censor comments so we can chat about these issues?
Post a Comment