Elon Musk’s Department of Government Efficiency (DOGE) has been a source of concern for cybersecurity experts over the first few months of the Trump administration, and it doesn’t seem to be letting up.
The White House initiative, given sweeping powers over federal agencies and access to reams of data, has expanded the government threat surface, has provided little accountability or transparency in its operations. A whistleblower recently disclosed to Congress that DOGE engineers exfiltrated National Labor Relations Board data and turned off monitoring tools, while a high-ranking Social Security Administration official operating in the equivalent of the agency’s IT department was physically escorted out of the office by security guards.
Take better care. That process has put the nation’s information security in a more precarious position, F5 CTO of Government Solutions Bill Church told IT Brew, and DOGE’s “hackathon” for the IRS—an alleged attempt to build a “mega API” to access tax data—is amplifying the danger.
“When we talk about hackathons, my experience has been it’s typically about speed to market, speed to minimum viable product,” Church said. “And what it’s not typically about is secure access to a treasure trove of data. So, it triggers a lot of the hairs on the back of my neck.”
He’s not alone. DOGE’s operating procedures have a lot of tech professionals worried. In February, British cybersecurity researcher Marcus Hutchins told IT Brew that he was concerned that DOGE was uploading government data to “multiple third-party systems.” Last month, DOGE’s poking around in OPM systems triggered an Office of the Inspector General investigation and its payroll access at the Department of the Interior raised red flags.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Old pals. DOGE is working with Palantir, a controversial data analytics and surveillance company with a history of winning federal government contracts, to build out its mega API. Musk and Palantir cofounder Peter Thiel are longtime allies, having co-founded PayPal together in the late 1990s. The API would allow DOGE to move IRS data to the cloud; according to reporting from Wired, once the API is completed the data would be managed by Palantir’s Foundry platform.
This would mark a major shift in how IRS data is managed—and that has Church concerned, he said. The danger of such a huge reversal in data and systems management is compounded by the slash-and-burn approach of a hackathon, he told IT Brew.
“Any time we start wholesale changing these environments and adding a mega API or something like that without going through the rigor that we would typically do in a system of checks and balances, auditing, we open the potential up for anybody to have access to this data who probably shouldn’t,” Church said.