The American Civil Liberties Union (ACLU) has raised significant concerns regarding the actions of Elon Musk’s Department of Government Efficiency (DOGE), asserting that it has gained unauthorized control over several federal computer systems that manage sensitive data protected by federal law. In a recent communication to federal lawmakers, the ACLU emphasized that unauthorized handling of this data not only has legal implications but could also contravene constitutional protections.
Reportedly, DOGE operatives have infiltrated various federal agencies tasked with overseeing personnel records for nearly two million federal employees, as well as agencies responsible for providing essential software and IT services to the government. The ACLU argues that any unauthorized use of sensitive personal information, particularly if it’s aimed at removing ideologically divergent staff members, could violate federal laws, including the Privacy Act and the Federal Information Security Modernization Act. Both laws explicitly forbid unauthorized access and misuse of government personnel data.
In a letter addressed to members of congressional oversight committees, ACLU attorneys pointed out DOGE’s access to Treasury systems that process a significant volume of federal payments, including Social Security benefits, tax refunds, and salaries. Citing reports from WIRED, the attorneys highlighted that this access allows DOGE not only to obstruct funding for select agencies but also to handle vast amounts of personal information, which includes Social Security numbers, banking details, and financial records.
Accessing and possibly misusing such information raises alarms for the treatment of millions of individuals. Young engineers, without extensive backgrounds in human resources or legal compliance concerning privacy, are reportedly now monitoring payments to federal employees and Social Security recipients. This unprecedented level of oversight suggests a potential misuse of sensitive financial and personal data, putting affected individuals at risk.
The ACLU attorneys underscored that under typical circumstances, access to these critical systems would be reserved for career civil servants with substantial training and experience in handling sensitive information. These individuals generally undergo rigorous vetting procedures, ensuring that they are qualified to manage data responsibly.
In pursuit of transparency, the ACLU has lodged Freedom of Information Act (FOIA) requests to obtain communication records involving DOGE personnel and any pertinent requests made for access to personal data at the Office of Personnel Management. This includes inquiries related to DOGE’s intentions to implement artificial intelligence tools across federal operations, as well as discussions regarding compliance with various federal regulations that safeguard sensitive financial and medical information, such as the Health Information Portability and Accountability Act (HIPAA).
Recent reports indicated that DOGE operatives working within the General Services Administration (GSA), the body responsible for the federal government’s IT framework, have been advocating for the accelerated deployment of a custom AI chatbot named “GSAi.” An insider informed WIRED that the GSA had previously piloted a chatbot called Gemini designed for Google Workspace; however, DOGE determined that it did not meet their data requirements, indicating a critical need for enhanced access and control over data assets.
With these developments unfolding, the potential for misuse of information security practices raises concerns rooted in MITRE ATT&CK tactics and techniques, notably in areas such as initial access, privilege escalation, and data manipulation. As the situation evolves, vigilance around data sovereignty and security in federal operations will be paramount to mitigate risks associated with unauthorized access to sensitive information.
