Comment by afavour

8 months ago

Security clearances are surely one? Government employees with access to that data are heavily vetted. DOGE, not so much.

Security clearances for classified information and most IRS employees don’t have security clearances.

I'm familiar with IRS contracts and while security clearances are not involved, they do have a unique background investigation process that involves a tax audits.

It would not be security clearances, but some form of assurances for protecting PII. Think of it this way. If this system contained people’s credit cards numbers, the entire system would be required to be PCI certified, and that requires that processes and procedures be in place so that even employee access is extremely limited. Data shouldn’t even be plaintext at rest. No one really needs to see anyone’s credit card number. Anonymized data is just fine.

So some agency, authorized by the president or not, barging in asking for read/write access to card numbers should not be allowed, because the data aren’t the president’s to give.

Same should be valid for social security numbers. You can’t guarantee that 100% of DOGE’s employees are benign, or that they are have the best opsec, or that their devices are not exploitable (or exploited already). So you minimize this attack surface by minimizing access.

Because if anything happens, then you can be 100% certain that Musk/Trump will not voluntarily answer for it/make people whole. They will at best be taken to court where they will fight for years while the victims suffer the consequences in the present.

So you do everything you can to prevent this nebulous, blameless “we meant well, we couldn’t know this would happen, we’re sorry for all the pain, let’s move forward together” outcome.