A Response

     The Social Security Administration has responded to a letter from the Chairman of the Senate Finance Committee concerning the whistleblower complaint of Charles Borges concerning DOGE usage of sensitive Social Security databases. Here are a couple of key quotes and my response:

… The location referred to in the whistleblower allegation is actually a secured server in the agency’s cloud infrastructure which historically has housed this data and is continuously monitored and overseen—SSA’s standard practice. … What would have been the point of making a copy of Social Security’s databases elsewhere within Social Security’s own cloud if you weren’t doing something sneaky? Who had access to this copy of the databases? Why were multiple Social Security employees, not just Borges, going to DEFCON 1 over this if it was innocuous?

All employees are required to go through a vetting process prior to being granted access to SSA information systems. Based on their job functions, employees are granted the appropriately permissions to perform their work. Access to resources within the AWS environment is governed by the agency’s established Systems Access Management protocols. … Sure, that’s what’s supposed to happen but we know that DOGE employees were given access to sensitive Social Security databases long before they could have completed training.

     You can get by with half truths and fibs as long as the Committee Chairman doesn’t really care to delve into the matter and you’re only looking to survive the day. This isn’t a great long term plan but long term planning isn’t something the Trump Administration even tries to do. 

4th Circuit Hears DOGE Case En Banc After SCOTUS Leaves Them In A Quandry

      From Courthouse News Service:

An en banc Fourth Circuit debated the role of appellate courts during a testy hearing Thursday concerning an attempt to stop Department of Government Efficiency employees from accessing Social Security data.

A federal judge blocked DOGE from accessing the systems in March, questioning why officials needed large quantities of sensitive information on Social Security recipients. The Fourth Circuit denied the government’s attempt to stay the injunction ruling on the side of labor unions and retirees.

“The crux of this case and the crux of plaintiffs’ position is that government cannot grant itself an all-access pass to confidential, sensitive information merely by boldly asserting the word ’need’ or even the word ‘fraud,’” attorney Alethea Swift of the Democracy Forward Foundation, representing the unions, said.

The Supreme Court issued a June order reversing the Fourth Circuit’s conclusion and implemented a stay on a 6-3 vote. The high court majority said President Donald Trump was likely to succeed in the litigation and would be injured if the justices didn’t intervene, but did not issue an opinion to explain their reasoning.

Eye rolls and sighs dominated the day as the judges fiercely debated their role at this juncture, with Republican-appointed judges arguing the court should simply affirm the Supreme Court’s decision. In contrast, Democrat-appointed judges viewed the appellate court’s role as one requiring deeper analysis. …

     Here’s another report on the oral argument. 

What The Wistleblower Reported

    From a post on X:

               

    The Data Foundation, a nonpartisan think tank, is calling for an independent investigation into the matter 

Chief Data Officer Resigns Over Misuse Of Agency Data

    I guess it's a coincidence this happened on the Friday afternoon before Labor Day. From the New York Times:

The Social Security Administration’s chief data officer, Charles Borges, has resigned, three days after submitting a whistle-blower complaint that alleged members of the Department of Government Efficiency had uploaded the confidential personal information of hundreds of millions of Americans to an insecure cloud server.

In his resignation letter, Borges said that he was quitting in part because he could not “verify that agency data is being used in accordance with legal agreements or in compliance with federal requirements.”

Click on image to view full size

 

Whistleblower Complains Of Data Security Risk -- How Long Until He's Fired?

      From the New York Times:

Members of the Department of Government Efficiency uploaded a copy of a crucial Social Security database in June to a vulnerable cloud server, putting the personal information of hundreds of millions of Americans at risk of being leaked or hacked, according to a whistle-blower complaint filed by the Social Security Administration’s chief data officer.

The database contains records of all Social Security numbers issued by the federal government. It includes individuals’ full names, addresses and birth dates, among other details that could be used to steal their identities, making it one of the nation’s most sensitive repositories of personal information.

The account by the whistle-blower, Charles Borges, underscores concerns that have led to lawsuits seeking to block young software engineers at the agency built by Elon Musk from having access to confidential government data.  …

     See also an article in the Washington Post on the whistleblower complaint. 

     The biggest question in my mind is why? Getting a copy of this vital database out of Social Security seems to have been an overriding priority for the Trump Administration. They had to have known they were doing something dangerous and probably illegal. Why the urgency? What did they want to do with the data? What are they doing?

     

Sounds Sinister

 

    NPR is reporting that the Trump Administration is combining data from several agencies, including the Social Security Administration, to create a searchable database of U.S. citizens, something which has not been done heretofore. One expert described it as a “hair on fire” moment. The immediate purpose of the database is to verify citizenship for voter registration but I’d say there’s zero chance it would stop there. Apparently, there’s been no effort to comply with government privacy rules requiring notices about the creation of new databases and data exchanges.

Palantir Sounds Scary

      From the New York Times:

In March, President Trump signed an executive order calling for the federal government to share data across agencies, raising questions over whether he might compile a master list of personal information on Americans that could give him untold surveillance power.

Mr. Trump has not publicly talked about the effort since. But behind the scenes, officials have quietly put technological building blocks into place to enable his plan. In particular, they have turned to one company: Palantir, the data analysis and technology firm. …

Representatives of Palantir are also speaking to at least two other agencies — the Social Security Administration and the Internal Revenue Service — about buying its technology, according to six government officials and Palantir employees with knowledge of the discussions. …

Some current and former Palantir employees have been unnerved by the work. The company risks becoming the face of Mr. Trump’s political agenda, four employees said, and could be vulnerable if data on Americans is breached or hacked. Several tried to distance the company from the efforts, saying any decisions about a merged database of personal information rest with Mr. Trump and not the firm.

This month, 13 former employees signed a letter urging Palantir to stop its endeavors with Mr. Trump. Linda Xia, a signee who was a Palantir engineer until last year, said the problem was not with the company’s technology but with how the Trump administration intended to use it. …

Palantir representatives have also held talks with the Social Security Administration and the Department of Education to use the company’s technology to organize the agencies’ data, according to two Palantir employees and officials in those agencies.

The Social Security Administration and Education Department did not respond to requests for comment. …

     Really, what are the patterns that Palantir could legitimately seek to discover at Social Security? Claims for benefits such as Disabled Adult Child and Parents benefits that should have been taken but weren’t?  Do you really think that Social Security would do business with Palantir for this? The important  trends at Social Security aren’t hidden. They’re easy to spot.

The Database Threat

      From the Washington Post:

The U.S. DOGE Service is racing to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that often violates or disregards core privacy and security protections meant to keep such information safe, government workers say. ...

 At several agencies, DOGE officials have sought to merge databases that had long been kept separate, federal workers said. For example, longtime Musk lieutenant Steve Davis told staffers at the Social Security Administration that they would soon start linking various sources of Social Security data for access and analysis, according to a person briefed on the conversations, with a goal of “joining all data across government.” ...

 But DOGE has also sometimes removed protections around sensitive information — on Social Security numbers, birth dates, employment history, disability records, medical documentation and more. ...

 “Separation and segmentation is one of the core principles in sound cybersecurity,” said Charles Henderson of security company Coalfire. “Putting all your eggs in one basket means I don’t need to go hunting for them — I can just steal the basket.” ...

 The current administration and DOGE are bypassing many normal data-sharing processes, according to staffers across 10 federal agencies, who spoke on the condition of anonymity out of fear of retribution. For instance, many agencies are no longer creating records of who accessed or changed information while granting some individuals broader authority over computer systems. DOGE staffers can add new accounts and disable automated tracking logs at several Cabinet departments, employees said. Officials who objected were fired, placed on leave or sidelined. .

..