Comment by lucasyvas
2 days ago
Because there are bigger fish to fry, I think people don’t appreciate the sheer cost of the system rebuild that will be required for security reasons later.
There’s absolutely no telling what additional software has been installed alongside existing, or which systems have been modified that would require audit. Purging this will be an absolute fucking nightmare to the American taxpayer.
This may turn into one of the most significant IT incidents in world history.
> The team could then feed this classified information into AI tools, either for training purposes or to mine the data for insights. (Members of DOGE already reportedly have put sensitive data from the Education Department into AI software.)
Perhaps it's cheaper to assume everything leaked or will leak soon.
Even if you were to argue AI systems would eventually have a place in government, which they almost certainly would have anyway long term, the sheer carelessness and lack of oversight of its implementation by a private citizen and group of individuals of proven, questionable ethics is enough reason in itself to have to burn the forest down.
Thinking of it objectively, almost nobody here can say they would stand for this at any company they worked at or ran. This is not an acceptable IT practice no matter which side of the fence you are currently sitting on - allowing an unvetted entity to modify your internal systems without audit or oversight is completely absurd.
> nobody here can say they would stand for this at any company they worked at or ran
This is what leaves me incredulous about so many people here defending this. I've been on this site daily for how many years I don't know but the one thing that has been consistent is the security idea that an outside entity gaining physical access to your server means that it is irreparably compromised, and that it should be treated as a liability and re-built from the ground up. But somehow it's fine if it's public data in a federal database?
1 reply →
You are correct. And the nonchalant way in which the leaders who are supposed to oversee this thing are treating it is appalling. It will have consequences during mid-terms and beyond. It is clear that some people believe elected office to mean that they are then given authority and rights with which to increase in...being voyeurs rather than visionaries???
[flagged]
45 replies →
i love when we pretend the NSA is dumb makes my day :)
Yes. Even if DOGE is operating without any ill intent, and I don't think they have ill intent, the possibility of errors alone is massive and they need to slow down.
https://www.usatoday.com/story/news/politics/2025/02/17/trum...
Intent to drop in, make major changes, and pretend like they won't break anything is ill intent
We criticize engineers who drop into a code base and try to make changes without understanding. You can be forgiven for doing it a few times, but after that you're doing it intentionally. And if they hired engineers that didn't know this, that's incompetence at both levels.
Not only is this different code bases and IT products, it's across organizations and done very rapidly.
I am also not convinced that they don't simply have malicious intent most of the time.
Elon has been operating in bad faith since the Twitter Files (so, the very start). Announce X, publish receipts that show ~X, but nobody reads receipts so checkmate.
The "140 year old people in social security DB" post is just the latest example of bad-faith. Either there is actually >>$100B of social security fraud and that's the story or he wants to pretend like that's the case when he knows full well that presence in the DB does not indicate eligibility or payouts.
32 replies →
Any sufficiently advanced incompetence is indistinguishable from malice
6 replies →
[flagged]
69 replies →
> I don't think they have ill intent
Perhaps you could read their statements? DOGE communications are filled with ill intent, and their publicly stated goal, and the goal for which their supports seem to support them, is the destruction of the bureaucracy. That's ill intent.
That's before we look at their actions.
You mean misunderstanding the data, coming to the wrong conclusions, etc? Data science always has an issue with bullshit KPIs, shallow depth of statistics, and mostly mangling stuff keeping the manager happy. Still it's much better than not having any data analysis.
Whether it benefits from being in a single datalake idk. We really don't know how the operations are being done, we're mostly just reacting to news reports and outside guessing.
I'm assuming it will be basically how Palantir works in government health care and intelligence agencies where they aggregate multiple data sources from a bunch of old and new databases and have complex analytical tools on top.
This time you're not dealing with a data scientist, you're dealing with someone who willingly spews lies, those situations aren't comparable
Furthermore, another comment went in depth about how boosting the irs and following other agencies guidelines would have had a positive return, but none of this happened. On the contrary, we're seeing agencies such as the irs being infiltrated by this thing that resembles a metastasis
1 reply →
I thank you for highlighting that the intent isn’t actually the problem. I do feel the opposite to you but I’m happy you can see the practice itself is not acceptable / is a bad practice.
[flagged]
10 replies →
Irrelevant. Even if they did nothing, the amount of exposure to the foreign intelligence services will devastate whatever we don’t footgun for a generation.
They should absolutely be regulated as to not expose data to foreign intel.
5 replies →
The intent is completely ill. DOGE is RAGE. Move fast and break everything before the courts can step in.
I think they have nothing but ill intent. Everything they've said and done so far just screams it.
He is being criminally reckless
Elon wants to build the X everything app and nuked the CFPB to do it and now has access to the fed system… I think he’s just biding his time. Aaaaand now that he has every American’s info he can dox anyone on Twitter. Makes you think twice about telling Elonia to go fuck himself on X … which is why I do it on Mastodon and BlueSky ;-)
Yes, exactly this. The chilling effect caused by this is real and terrifying.
I have definitely contradicted Elon Musk on my X profile (@cyrsbel) quite a lot. I have never once lost my blue checkmark, though, so I believe he is well-intentioned and a good person who is trying to do the right thing. (I am also subscribed to him and having that sub and the blue checkmark means he has payment details already so I'm not worried about doxxing via CFPB data.) However, you raise a legitimate security risk and concern. It is not feasible to trust a single person with this much power and access. Furthermore, regardless of how much I or anyone else love Elon Musk...he has said things that didn't happen multiple times and too much is riding on his claims about what can or will happen.
So yeah, I don't trust him. Ever since he reneged on interns, I noticed that...he has a tendency to think about things as if they're entirely meat and to worship the false god Scarcity. He's been gargling Ron Paul's gold coins so much that he completely fails to comprehend basic nation state financing and why deficits are manageable and our debt is also manageable given our $160T+ net worth and climbing...
14 replies →
Well when you have a white supremacist on the dodge team (confirmed by his comments on social media) working in this team, and you know white supremacists are very hateful... then I would assume there's obviously risk.
There is no reason to think they don't have ill intent.
Your default assumption should be ill intent when it comes to information security, my friend.
3 replies →
My nature is to give the benefit of the doubt, but after seeing that they are rushing and it manifests in laying off even teams of highly skilled and critical nuclear safety staff...that means someone there doesn't know what they're doing or the chaos could be the point as well. I would hope it's not to that extent, but this is why I maintain that CAT should be auditing DOGE's changes.
7 replies →
And many, many reasons to think that in fact they do. See my favorites for flagged stories about the DOGE staff.
Even their stated reason - to fund trillions in tax cuts for the .1% [0] - is heinous. Inequality is already breaking the economy. 4.5 trillion dollars ($13k for each and every American) being transferred to the yacht class will inflict generational harm.
0 - https://www.usnews.com/news/us/articles/2025-01-10/trump-tax...
11 replies →
If they did have ill intent, towards what is that ill intent targeted, and why should I care? These aren't organizations or missions I much care about. This isn't my government, except by an accident of geography. I have little say in how it's managed or what it does, but I have a high burden for it. It's unclear that this government protects me in any substantial way (or even in indirect, insubstantial ways). Meaningful reform is impossible at the sociological level, it requires too much buy-in too slowly, and that will always be hijacked by those with influence or watered down to meaninglessness.
1 reply →
You don’t think they have ill intent? Really? They have made it abundantly clear how much joy they get out of slashing services for everyday citizens, cutting jobs, and outright harassing federal workers. They are full of malicious intent for the people they view as the enemy.
> Even if DOGE is operating without any ill intent, and I don't think they have ill intent
Eh, they are going in like a bunch of bloodhounds smelling blood.
Musk killed USAID because he had a personal axe to grind.
The intent is to dismantle the federal government.
Their intentions are irrelevant. They are actively attacking the United States. They are enemy combatants and should be treated as such.
"and I don't think they have ill intent"
Elon Musk absolutely has ill intent or else DOGE wouldn't have all this access that they absolutely DO NOT NEED!
> I don't think they have ill intent
...
[flagged]
Most of government agencies are errors themselves
> security reasons later
What about security reasons now? The federal government includes the military. Giving DOGE “God mode” on the federal government is a national security risk right now.
“later” as in as soon as we can get the infestation removed, which would be the bigger fish needing frying.
Not to mention the open question of whether we will ever arrive at later.
Now is definitely relevant, however the ones steering the ship don't care about now. Someone will care later, that's all I personally know for sure.
You make the very weird assumption that this will go "back to normal" at some point.
The system was almost certainly already so-accessible.
All systems are accessible when you claim the right to arbitrarily fire people tasked with protecting access to it.
Assuming they have a read only copy to the data, how would having access to just data require rebuilding the systems?
It's common for stray passwords or authentication tokens to be found in data dumps of i.e. someone's email, dropbox, or whatnot. So getting read only access to all the data in a given agency means you probably have access to a trove of stray passwords and authentication tokens that can be used to pivot into write access there or somewhere else.
As a concrete example, if you have read-only access to someone's email inbox that's enough to steal most of their accounts on other services since you can request a password reset link and then click on it.
And there's no telling how many backups they compromised (let's be generous and assume backups exist).
Indeed, and its not just a problem for future democratic administrations (assuming they come to pass), it's doubtful that Trump's inevitable republican successors will be comfortable with Elon having a back door to their government.
[flagged]
Or maybe it'll accelerate the much needed improvements.
It still has to be torn down though, don’t you see that? Even if a following government wanted to keep things of benefit, it was implemented in an untrustworthy way without oversight. It has to be rebuilt either way now because they didn't follow best practices for the implementation. They objectively fucked up.
Yeah, all of every American's banking information being permanently exposed is a totally OK cost for "improvements".
Permanently exposed where?
Are we talking about something that happened, or just conjecture?
This is a very dramatic take on something you (and many others) are making extremely broad presumptions upon. It’s clear that DOGE is reviewing payment data and has the same access to various components of the US Govt that Obama’s US Digital Services, created to rebuild the ACA website but also provisioned for a number of other digital services. DOGE has the same access to services that USDS had. USDS was praised for its “speed and cutting through red tape”
This is wrong and naive.
https://talkingpointsmemo.com/edblog/doge-dives-into-core-na...
"DOGE currently has far deeper and far more extensive access to U.S. government computer systems — and is far deeper into the national security space — than is conceivably necessary for anything related to their notional brief and goals."
> This is wrong and naive.
I am honestly shocked at the amount of wrong or naive takes being posted on HN as of late.
2 replies →
Maybe naïve, but not wrong. They have access that any American citizen should have access to, and the only authority they really have is to flag items for review. The DOGE team is sensational, but i would bet an enormous sum that Trump has a much larger team that the sensationalized DOGE team at making decisions. It’s childish to believe the media’s talking points that there’s a bunch of children being allowed to run rampant controlling the government, especially in light of the recent “Biden is sharp as tack” media narrative.
From your link written by John Marshall, a “progressive liberal”: “It’s obvious that you’d want to be very cautious about centralizing this much power in anyone’s hands, especially people working outside all existing frameworks of oversight and accountability.” It’s called.. the President. The whole point of electing a president alongside of congress is to have a consolidated point of power.
The question isn't what's being accessed, it's who is accessing it.
There's at least some belief that the people looking at the data haven't been vetted or instructed as they should be when handling data of this nature.
It doesn't help that the guy who is running the show is basically doing it as a friend of the president and has some conflicts of interest.
Government employees already have access to every text, call, and email you have ever sent. Where was your outrage since the Snowden leaks?
12 replies →
It is not dramatic at all. Because of the very fact it's contentious, a rebuild will be undertaken by the next government to not trust it. It's an absolute guarantee regardless of how any one side feels about it.
I and many people would argue to rebuild it based on the lack of transparency we have seen. There are enough people that feel that way that a rebuild is inevitable, regardless if you end up right. The position is that we really don't know, so the only way to be safe is a do-over. Or at the very least, a completely transparent audit, which is also insanely expensive and very hard to scope.
i appreciate the optimism that there will be something left to actually have this 'do-over'...
Do you actually trust Elon Musk?
1 reply →
There are lessons that people learn over time and come up with best practices to avoid repeating the mistakes. If the intent is to really uncover waste and fraud then one way could have been
1. To ask for READ access to all the data with PII/sensitive scrubbed.
2. Any action to modify the content/data should ideally have followed the existing path/mechanism
>It’s clear that DOGE is reviewing payment data and has the same access to various components of the US Govt that Obama’s US Digital Services
How is that clear? What proof do you have of this other than Musk's word?
> the same access to various components of the US Govt that Obama’s US Digital Services
…but also much more. It is intellectually dishonest to equate these two.
Cutting through red tape can technically be done by nuking the red tape, but why cause all this harm when you can use scissors?
I don't think intellectually honest people can support the current takeover.
Sadism! That’s why.
Even if what you say is true (and as other posters point out, it isnt), DOGE and the Trump administration are staffed by confirmed Nazis and white supremacists who should be nowhere near the government. And Musk and VP Vance (both of whom interact with and support both Nazis and white supremacists regularly) supported and reinstated at least one, so this whole thing is rotten to the very top.
https://www.texasobserver.org/ice-prosecutor-dallas-white-su... https://gizmodo.com/doge-engineer-resigns-over-extremely-rac... https://www.theguardian.com/us-news/2025/feb/07/musk-doge-st...
But this time we're dealing with a malicious actor on one's end. And I say malicious, because in all honesty I can't justify someone spewing lies continuously while holding a public charge without being malicious
I have no reason to trust Elon Musk and many many reasons not to.
This kind of thinking is what leads to zero progress. Also I think most people will be surprised how unless a lot of the data is compared to private sector data. I.e, in 2017 Equifax leaked data on 150 million people and no one cared (you get a free 6month credit check). That data went to foreign governments and private databases and it is easy to access on darkweb so real actual scammers and criminals have it. Millions of people were targeted for scamming because of this. That is just ONE leak. Now imagine the amount of data Visa has on your for example, all your purchases. Apps that have collected your browsing history and actual GPS location. Don't think this data isn't sold and combined with other databases. There are companies that just collect data and buy data. And you are worried about 1 database with people given explicit access makes me think the real objection is something else.
By your logic we should just do away with cybersecurity in general. Clearly, it's all already out there so it isn't a problem!
We've already had the occasional large leak and survived, why not just leak continuously! Also leave your doors unlocked, you wouldn't want robbers to break an expensive door to get into your house, and most of your stuff isn't worth anything anyway!
What company do you work for so I can tell them to fire you for negligence? Nobody hire this person.
How can you possibly disagree with this and call yourself good at your job or a technologist? What an embarrassing take. Seriously you might want to delete your post if you want to ever be employed again. Actually trying to help you here.
[flagged]
1 reply →
He works for 127.0.0.1 you should look them up!
> I.e, in 2017 Equifax leaked data on 150 million people and no one cared (you get a free 6month credit check)
What are you even talking about? People (myself included) were fucking livid! The reason we got the 6mo credit check was because so many people tried to claim the monetary compensation (which the court had ruled they were owed!) that Equifax was unable (unwilling) to pay the resulting volume of money. The 6mo credit check was the weasel compromise that the Trump regulatory apparatus rubber stamped.
Okay so you care, do you think politicians who are now pretending to be concerned for privacy reasons care? Think the average american realizes that they have never cared about privacy and they look like clowns pretending like all the sudden they do.
3 replies →
Liar.