How SSA’s Databases Will Be Misused — Even Leland Dudek Says So

      From Pro Publica: 

This year, when states began using an expanded Department of Homeland Security system to check their voter rolls for noncitizens, it was supposed to validate the Trump administration’s push to harness data from across federal agencies to expose illicit voting and stiffen immigration enforcement. 

DHS had recently incorporated confidential data from the Social Security Administration on hundreds of millions of additional people into the tool, known as the Systematic Alien Verification for Entitlements, or SAVE, system. The added information allowed the system to perform bulk searches using Social Security numbers for the first time. ...

Experts say adding Social Security data to SAVE could help election officials verify, en masse, if voters are U.S. citizens, but it shouldn’t be used to make final determinations that people aren’t citizens.  

That’s because multiple audits and analyses have shown that SSA’s citizenship information is often outdated or incomplete, especially for people who became naturalized citizens. With the 2026 midterms about a year away, Caren Short, director of legal and research for the League of Women Voters of the United States, said she fears the expanded use of SAVE will lead to errors. ...

Still, Leland Dudek, acting SSA commissioner until early May, told ProPublica he doesn’t trust that DHS will accurately flag noncitizens as officials try to cross-match data and files from multiple systems. 

“They are probably going to make some massive mistakes,” he said. ...

Doing The Right Thing

     From the Washington Post:

Charles Borges, then chief data officer for the vast Social Security Administration, was alarmed last when he learned that members of Elon Musk’s U.S. DOGE Service had copied a mainframe database containing the personal information of hundreds of millions of Americans, including names, birthdays, addresses and more.

The discovery prompted Borges to file a whistleblower complaint in August, telling Congress and the Office of Special Counsel that the cloud server where the database was uploaded had little oversight and was vulnerable to attacks by bad actors. 

The result: He said the Trump administration’s reaction to his complaint caused him to feel isolated and subject to a hostile work environment, prompting him to resign and give up a decades-long government career and dream job. … 

Borges is not the only Social Security official to raise concerns about the safety of data under the U.S. DOGE Service, which was launched by billionaire Elon Musk to cut costs across the government. 

Former acting Social Security commissioner Leland Dudek — who was elevated to that role by the Trump administration after showing loyalty to DOGE — said in an interview that Borges’s worries, as documented in his whistleblower report, are both “appropriate” and “accurate.” Dudek, who said he is on paid administrative leave pending a full separation from Social Security, said the type of cloud server that DOGE used is not sufficiently protected for such personal information and has been a well-known problem for years. 

“That absolutely has been the problem with that environment since I’ve been with the agency, that it is too little secured,” Dudek said. Borges, he continued, is “absolutely right.” …

The DOGE Chaos

      From the New York Times (emphasis added):

At the height of its power, the Department of Government Efficiency was operating out of headquarters that had become a haphazard scene of armed guards, makeshift bedrooms, children’s toys and windows obscured with garbage bags, according to a new report from Senate Democrats that accuses President Trump’s federal cost-cutting operation of putting Americans’ data security at risk. 

Staff members for Senator Gary Peters of Michigan, the top Democrat on the Homeland Security and Government Affairs Committee, reported that young DOGE aides living and working on the sixth floor of the General Services Administration building sat at workstations eight or 10 laptops deep, where they were able to operate on Starlink networks that could have allowed them to work without being tracked. … 

In one instance, the report cites whistle-blower disclosures alleging that Jon Koval, a former DOGE employee at the Social Security Administration, asked about the possibility of uploading data to the cloud so that it could be retrieved by the Department of Homeland Security, but was rebuffed. One whistle-blower also said that data from Social Security’s numerical identification system, called Numident, did show up at the Homeland Security Department in a strange format, suggesting that it was not shared via a normal interagency process. …

    And from the report itself:

... An internal SSA risk assessment determined that the likelihood of a data breach with “catastrophic adverse effect” is between 35 and 65 percent. ...

During agency site visits, staff observed each DOGE workspace cordoned off with armed guards, providing an unusual layer of protection to their activities. Staff were not provided clear reasons why this was needed. Beyond security, DOGE workspaces were either completely or largely empty as their staff were able to work remotely at their discretion (despite strict in-office requirements for regular federal employees, in many cases without adequate office space).  ...

A Response

     The Social Security Administration has responded to a letter from the Chairman of the Senate Finance Committee concerning the whistleblower complaint of Charles Borges concerning DOGE usage of sensitive Social Security databases. Here are a couple of key quotes and my response:

… The location referred to in the whistleblower allegation is actually a secured server in the agency’s cloud infrastructure which historically has housed this data and is continuously monitored and overseen—SSA’s standard practice. … What would have been the point of making a copy of Social Security’s databases elsewhere within Social Security’s own cloud if you weren’t doing something sneaky? Who had access to this copy of the databases? Why were multiple Social Security employees, not just Borges, going to DEFCON 1 over this if it was innocuous?

All employees are required to go through a vetting process prior to being granted access to SSA information systems. Based on their job functions, employees are granted the appropriately permissions to perform their work. Access to resources within the AWS environment is governed by the agency’s established Systems Access Management protocols. … Sure, that’s what’s supposed to happen but we know that DOGE employees were given access to sensitive Social Security databases long before they could have completed training.

     You can get by with half truths and fibs as long as the Committee Chairman doesn’t really care to delve into the matter and you’re only looking to survive the day. This isn’t a great long term plan but long term planning isn’t something the Trump Administration even tries to do. 

4th Circuit Hears DOGE Case En Banc After SCOTUS Leaves Them In A Quandry

      From Courthouse News Service:

An en banc Fourth Circuit debated the role of appellate courts during a testy hearing Thursday concerning an attempt to stop Department of Government Efficiency employees from accessing Social Security data.

A federal judge blocked DOGE from accessing the systems in March, questioning why officials needed large quantities of sensitive information on Social Security recipients. The Fourth Circuit denied the government’s attempt to stay the injunction ruling on the side of labor unions and retirees.

“The crux of this case and the crux of plaintiffs’ position is that government cannot grant itself an all-access pass to confidential, sensitive information merely by boldly asserting the word ’need’ or even the word ‘fraud,’” attorney Alethea Swift of the Democracy Forward Foundation, representing the unions, said.

The Supreme Court issued a June order reversing the Fourth Circuit’s conclusion and implemented a stay on a 6-3 vote. The high court majority said President Donald Trump was likely to succeed in the litigation and would be injured if the justices didn’t intervene, but did not issue an opinion to explain their reasoning.

Eye rolls and sighs dominated the day as the judges fiercely debated their role at this juncture, with Republican-appointed judges arguing the court should simply affirm the Supreme Court’s decision. In contrast, Democrat-appointed judges viewed the appellate court’s role as one requiring deeper analysis. …

     Here’s another report on the oral argument. 

What The Wistleblower Reported

    From a post on X:

               

    The Data Foundation, a nonpartisan think tank, is calling for an independent investigation into the matter 

Chief Data Officer Resigns Over Misuse Of Agency Data

    I guess it's a coincidence this happened on the Friday afternoon before Labor Day. From the New York Times:

The Social Security Administration’s chief data officer, Charles Borges, has resigned, three days after submitting a whistle-blower complaint that alleged members of the Department of Government Efficiency had uploaded the confidential personal information of hundreds of millions of Americans to an insecure cloud server.

In his resignation letter, Borges said that he was quitting in part because he could not “verify that agency data is being used in accordance with legal agreements or in compliance with federal requirements.”

Click on image to view full size

 

Whistleblower Complains Of Data Security Risk -- How Long Until He's Fired?

      From the New York Times:

Members of the Department of Government Efficiency uploaded a copy of a crucial Social Security database in June to a vulnerable cloud server, putting the personal information of hundreds of millions of Americans at risk of being leaked or hacked, according to a whistle-blower complaint filed by the Social Security Administration’s chief data officer.

The database contains records of all Social Security numbers issued by the federal government. It includes individuals’ full names, addresses and birth dates, among other details that could be used to steal their identities, making it one of the nation’s most sensitive repositories of personal information.

The account by the whistle-blower, Charles Borges, underscores concerns that have led to lawsuits seeking to block young software engineers at the agency built by Elon Musk from having access to confidential government data.  …

     See also an article in the Washington Post on the whistleblower complaint. 

     The biggest question in my mind is why? Getting a copy of this vital database out of Social Security seems to have been an overriding priority for the Trump Administration. They had to have known they were doing something dangerous and probably illegal. Why the urgency? What did they want to do with the data? What are they doing?

     

Sounds Sinister

 

    NPR is reporting that the Trump Administration is combining data from several agencies, including the Social Security Administration, to create a searchable database of U.S. citizens, something which has not been done heretofore. One expert described it as a “hair on fire” moment. The immediate purpose of the database is to verify citizenship for voter registration but I’d say there’s zero chance it would stop there. Apparently, there’s been no effort to comply with government privacy rules requiring notices about the creation of new databases and data exchanges.

Palantir Sounds Scary

      From the New York Times:

In March, President Trump signed an executive order calling for the federal government to share data across agencies, raising questions over whether he might compile a master list of personal information on Americans that could give him untold surveillance power.

Mr. Trump has not publicly talked about the effort since. But behind the scenes, officials have quietly put technological building blocks into place to enable his plan. In particular, they have turned to one company: Palantir, the data analysis and technology firm. …

Representatives of Palantir are also speaking to at least two other agencies — the Social Security Administration and the Internal Revenue Service — about buying its technology, according to six government officials and Palantir employees with knowledge of the discussions. …

Some current and former Palantir employees have been unnerved by the work. The company risks becoming the face of Mr. Trump’s political agenda, four employees said, and could be vulnerable if data on Americans is breached or hacked. Several tried to distance the company from the efforts, saying any decisions about a merged database of personal information rest with Mr. Trump and not the firm.

This month, 13 former employees signed a letter urging Palantir to stop its endeavors with Mr. Trump. Linda Xia, a signee who was a Palantir engineer until last year, said the problem was not with the company’s technology but with how the Trump administration intended to use it. …

Palantir representatives have also held talks with the Social Security Administration and the Department of Education to use the company’s technology to organize the agencies’ data, according to two Palantir employees and officials in those agencies.

The Social Security Administration and Education Department did not respond to requests for comment. …

     Really, what are the patterns that Palantir could legitimately seek to discover at Social Security? Claims for benefits such as Disabled Adult Child and Parents benefits that should have been taken but weren’t?  Do you really think that Social Security would do business with Palantir for this? The important  trends at Social Security aren’t hidden. They’re easy to spot.

The Database Threat

      From the Washington Post:

The U.S. DOGE Service is racing to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that often violates or disregards core privacy and security protections meant to keep such information safe, government workers say. ...

 At several agencies, DOGE officials have sought to merge databases that had long been kept separate, federal workers said. For example, longtime Musk lieutenant Steve Davis told staffers at the Social Security Administration that they would soon start linking various sources of Social Security data for access and analysis, according to a person briefed on the conversations, with a goal of “joining all data across government.” ...

 But DOGE has also sometimes removed protections around sensitive information — on Social Security numbers, birth dates, employment history, disability records, medical documentation and more. ...

 “Separation and segmentation is one of the core principles in sound cybersecurity,” said Charles Henderson of security company Coalfire. “Putting all your eggs in one basket means I don’t need to go hunting for them — I can just steal the basket.” ...

 The current administration and DOGE are bypassing many normal data-sharing processes, according to staffers across 10 federal agencies, who spoke on the condition of anonymity out of fear of retribution. For instance, many agencies are no longer creating records of who accessed or changed information while granting some individuals broader authority over computer systems. DOGE staffers can add new accounts and disable automated tracking logs at several Cabinet departments, employees said. Officials who objected were fired, placed on leave or sidelined. .

..