As Elon Musk “leaves” government, some are declaring his venture a failure because it didn’t generate the promised savings.
But as a digital expert warned me only weeks into the administration, that was never the primary goal—or risk.
As I summarize in the discussion above, it was all about the data.
Always, and still now. His “departure” changes none of this.
A Look Back: Four Months of Rummaging Through Our Data
Here is a comprehensive list of the data that DOGE already accessed over the course of Musk’s time there:
Department of Health and Human Services (HHS)
DOGE accessed 19 sensitive systems, including:
the Healthcare Integrated General Ledger Accounting System (HIGLAS)
Centralized accounting frameworks for all Centers for Medicare and Medicaid Services (CMS) programs
Cloud-based data warehouses and other HHS accounting/payment systems
Centers for Medicare and Medicaid Services (CMS): Gained access to key payment and contracting systems
Centers for Disease Control and Prevention (CDC)
Food and Drug Administration (FDA)
National Institutes of Health (NIH): Accessed systems controlling finance, budget, procurement, property, and grants
National Institute for Occupational Safety and Health (NIOSH)
Department of Education: DOGE accessed highly sensitive Department of Education data systems, particularly those related to federal student aid and student loan records, and the federal student loan portfolio. In the guise of searching for "fraud, waste, and abuse,” they gained access to the following information for those with federal student loans: legal names; social Security numbers; dates of birth; home addresses; income and asset information; citizenship status; disability status; tax records
Department of Labor: Gained ccess to databases containing personal information about migrant workers, whistleblower identities, safety inspections, and unemployment claims
Department of Treasury: DOGE was granted access to Treasury systems after initial resistance, including:
Internal Revenue Service systems such as the Integrated Data Retrieval System, containing taxpayer data (names, SSNs, income, bank info, etc.)
the Bureau of the Fiscal Service, which manages nearly 90% of all federal payments and serves as the federal government’s financial management system. This includes:
Payment records and data on trillions of dollars in federal disbursements.
Personally identifiable information (PII) of millions of Americans, such as Social Security numbers, home addresses, and bank account details.
Confidential financial data of payees and recipients of federal payments.
General Services Administration: Gained access to federal real estate, procurement, and information infrastructure databases, including SmartPay and the Federal Procurement Data System (FPDS)
Office of Personnel Management: DOGE installed officials and accessed personnel data—this included data on current and former federal employees, including names, addresses, birth dates, Social Security numbers, income, citizenship and disability status, and other details related to federal employment and benefits
National Labor Relations Board: Accessed sensitive personnel and legal data
Department of Homeland Security: DOGE members accessed United States Immigration and Naturalization Service data, including information on refugees, asylum seekers, and DACA recipients
Social Security Administration: Before a court got in the way, DOGE gained access to a wide array of sensitive Social Security data, including: Social Security numbers; names and addresses; birth dates; bank account details; tax information; employer and employee payment records; earnings histories; medical records; mental health data; disability records; family court documents; citizenship and employment history
This access extended to personally identifiable information for millions of Americans.
Along the way, numerous instances occurred introducing major risks of breaches and insecure access to this data. The ones we know about include:
A DOGE staffer was mistakenly given read/write permissions over a critical Treasury Department payment system, which handles trillions of dollars annually.
The official DOGE.gov website was highly insecure: it pulled data from an external database that could be edited by anyone, allowing unauthorized modifications to the site’s content. Security researchers demonstrated that anyone could push updates to the site, and the site was not hosted on secure government servers.
At the National Labor Relations Board (NLRB), a federal cybersecurity specialist alleged that DOGE activity resulted in a security breach. The whistleblower reported anomalies such as changes to multi-factor authentication, disabling of internal alert systems, and the unusual outbound transfer of approximately 10 gigabytes of sensitive data—behavior described as "highly unusual" for the agency.
DOGE released information about the headcount and budget of an intelligence agency, which intelligence community sources described as a significant breach, potentially endangering U.S. citizens working for that agency.
DOGE staff using personal email accounts for official business, connecting unauthorized email servers to government networks, and feeding sensitive data into AI software, all of which violate standard federal cybersecurity practices
Add up both the vast array of private and valuable data, and this pattern of insecure access, and what we warned about a few weeks into the administration did indeed play out.
As a reminder, here was what a data security expert warned me was happening:
Overview: “a truly unprecedented transfer of governmental power to a private entity in real time”
“We're witnessing the first I.T.-driven restructuring of government in human history. While there's been some mockery of the young people Musk has employed, they are extremely capable (albeit with little to no experience handling government systems). Having spent decades working at the intersection of digital infrastructure, automation, and organizational strategy, I recognize the profound implications of such a shift….
This is a digital coup, embedding itself into the core I.T. infrastructure of federal agencies with little oversight and only selective “transparency.” While they claim the access is "read only," they're locking out career civil servants and scraping personal data from millions of federal employees; the "GSAi" initiative (Musk’s new AI-driven analysis tool for government contracts) is bypassing security vetting and granting Musk’s inner circle deep visibility into federal procurement.
This isn’t just unauthorized access -- it’s a full-scale redirection of the government’s digital nervous system into the hands of an unelected billionaire.
The existential risks here -- financial manipulation, mass data exploitation, and unchecked digital autocracy -- are no longer hypothetical. We're watching a truly unprecedented transfer of governmental power to a private entity in real time.”
Q: What are the risks of this for everyday Americans?
A:
“Well, what’s to stop them from aggregating and analyzing personal data, expanding to broader citizen records, tax data, social security information (which he’s made it clear he wants access to and may have already). So far all of this is being under the guise of first principles -- speech, assembly, religion -- but it grants one the power to engage in corporate exploitation or selective censorship on a whim. Disinformation campaigns could be hyper-targeted and used for commercial or political manipulation.”
Q: What is the significance of “read only” access? Versus other access they might have?
A:
“They’ve been using “read-only” access as a way to say, “Nothing to see here! It’s just read-only!” But even without direct manipulation, they can still conduct large-scale data scraping, pattern recognition, and predictive modeling. They’re analyzing and categorizing data at scale, which creates enormous leverage. Anyone in cyber security will tell you that “read only” doesn’t equate to “harmless.” I’m also worried about backdoor escalation and API exploitation — they could leverage any number of technical loopholes to intercept or reroute government data flows.”
“Long story short, with the access they have -- we’re expected to simply trust they have good intentions.”
Q. There was a story yesterday that one agency (GSA) made a request for “read access” to data on 14,000 federal employees when they (GSA) already had “read/write access” to that data. That troubled you. Why?
A:
“It suggests to me they’re trying to set up a new data pipeline for DOGE to control separately from GSA.”
Q: Why would they do that?
A:
“For DOGE exclusive use? Perhaps for unmonitored access to the vast amount of federal data — but unmonitored — to analyze or centralize control of all government systems.”
Q: What are some of the worst case scenarios of what you’re seeing so far?
A:
“It’s impossible to predict. I often tell people we’re living in a technological revolution on a scale larger than even the invention of the internet itself. The next 5 to 10 years are going to bring massive societal and technological change. I could see a government infrastructure irreversibly dependent on these privately-run/designed systems, lack of public accountability… effectively a corporate-run shadow government. Wealth and power could become “locked in” to those engineering this new hierarchy.”
Q: Are you worried about foreign players accessing the data Musk is getting?
A:
“Well we just don’t know what his access, security and vetting controls are. We know one of the young people working for him had been fired by a previous employer for corporate espionage. So short answer — yes. Very much so.”
Q: Can people do anything right now to safeguard against the risks? What should be done going forward?
A:
“The current “wait and see” approach is dangerous. We need Congress to demand full transparency and accountability/oversight — we need bipartisan opposition to this restructuring and for people to truly understand the risks.”
“The integration of modern technologies into government operations is inevitable, but how it’s done determines whether it will strengthen democracy or subvert it. Any major technological shift in government (especially involving AI) needs to be debated/legislated, not decided by executive fiat.”
Day 189 —May 29, 2025
The "Make America Healthy Again" report was rolled out as a sweeping federal health assessment to address the nation’s major health challenges. It was HHS Secretary RFK Jr’s big shining moment.
And it turns out—perfectly on brand for a life-time conspiracy theorist—it was riddled with errors, phony science and made-up studies. Scientists whose reports or findings in it immediately claimed that they had not authored the work they were being cited in, or that their conclusions had been presented inaccurately.
Here’s one summary:
“An investigation by NOTUS found dozens of errors in the MAHA report, including broken links, wrong issue numbers, and missing or incorrect authors. Some studies were misstated to back up the report’s conclusions, or more damningly, didn’t exist at all. At least seven of the cited sources were entirely fictitious, according to NOTUS.”
Share this post