A federal judge in Baltimore has recently ruled that the Department of Government Efficiency (DOGE) must purge all non-anonymized data accessed from the Social Security Administration. This ruling underscores significant concerns about data security and privacy, as the judge determined that DOGE could not have access to sensitive Social Security data (Politico).
Despite this setback, DOGE received approval from an appeals court in Baltimore to access confidential data from various federal departments, including the Treasury Department and the Education Department (AP News). This duality of rulings raises critical questions about the protocols governing data access, especially regarding the potential risks associated with unauthorized data handling.
Chad Johnson, a cybersecurity expert and assistant professor at the University of Wisconsin-Stevens Point, expressed grave concerns about DOGE’s approach to data security. In an interview with WPR’s Wisconsin Today, Johnson highlighted the dangerous precedent set by allowing DOGE to access sensitive information, warning that it could attract bad actors aiming to exploit these vulnerabilities in federal data systems.
Johnson compared the situation to the infamous Equifax data breach of 2017, stating that if the information collected by DOGE were mishandled or leaked, it could have similarly devastating consequences. He noted that the unprecedented amount of sensitive data at stake makes the potential for misuse particularly alarming, given the lack of evidence that DOGE is adhering to established security protocols such as the Federal Information Security Management Act (FISMA).
The ongoing debate reflects a critical tension between the need for data efficiency in federal agencies and the imperative to protect individual privacy. Johnson cautioned against the simplification of complex security measures, framing it as a dangerous sacrifice of privacy for the sake of operational efficiency. He emphasized the need for a foundational commitment to security practices to prevent significant breaches.
For ordinary citizens concerned about their personal data, Johnson recommends proactive personal cybersecurity practices such as using unique, strong passwords, enabling multi-factor authentication, and being mindful of the information shared online, as the average citizen has limited control over how their data is managed in federal systems.