Comment by Amezarak
2 days ago
One of the more bizarre things with this whole saga is seeing people act as though the existing government employees are any different. People throwing our “vetted” like it means something meaningful.
No, “vetting” basically means they checked to see if you ever got caught embezzling money, or in the case of clearances, if you lied about committing any crimes (committing them is ok). They are regular people and getting them to abide by sensible IT policies is a giant nightmare and compliance is poor.
Heck, have people already forgotten Trump’s tax returns were leaked by politically motivated “vetted” people working for the IRS? Not the first time that happened either. And they didn’t even find anything interesting!
This is the guy you're equivocating with the average government employee: https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-...
"Had previously been fired from a job for leaking sensitive company data" tends to be the sort of thing that stops you from getting jobs where you work with extremely sensitive data.
Regular government employees only have access to the systems they need to do their job, so they are, in fact, different.
You don’t think anyone else has root?
I'm gonna go out on a limb and say no, not without first going through a change management process and going through a privileged session management system, except in the case of an emergency break-glass scenario where using those emergency creds throws all kinds of big DANGER alerts across the org if the access was unexpected. I can't speak to the Treasury and IRS specifically, but that's kinda standard across large orgs, especially ones that get audited regularly on their handling of sensitive data.
Some system protect against that. The philosophy behind IBM RACF is :《 A key security principle is the separation of duties between different users so that no one person has sufficient access privilege to perpetrate damaging fraud.》
1 reply →
[flagged]
> No, “vetting” basically means they checked to see if you ever got caught embezzling money, or in the case of clearances, if you lied about committing any crimes (committing them is ok). They are regular people and getting them to abide by sensible IT policies is a giant nightmare and compliance is poor.
However little is involved in vetting, it's something that has been done for regular government employees and hasn't been done for these employees. I'd rather have minimal safeguards than none.
Not sure why what they found matters to your argument.
[dead]