Comment by jiggawatts
19 hours ago
This is much ado about nothing. The article tries to very hard to make something ordinary sound nefarious.
This appears to be DOGE employees simply doing their job.
You may not agree with what they’re doing in a political sense, but if you were tasked with the same problem you’d come up with a nearly identical solution.
For example: “tenant admin” is probably the special role that can bypass access control (not audits!) and see and read all data.
This sounds scary but I regularly request this right from large government departments and I get it granted to me.
Its use is justified when normal access requests would be too complex / fiddly and error prone. Generally, in a large environment, there is no other way to guarantee 100% coverage because as an outsider you don’t even know what permissions to ask for if you can’t see anything due to a lack of permissions!
Seriously: sit down for a second and think about how you would go about getting access to make a full copy of an organisation’s data for an audit if you fully expect both passive resistance and even active efforts to hide the very things you’re looking for.
The original complaint mentions:
"7. March 3rd - I received a call during which an ACIO stated instructions were given that we were not to adhere to SOP with the doge account creation in regards to creating records. He specifically was told that there were to be no logs or records made of the accounts created for DOGE employees."
Which part of doing an audit, or some other DOGE employee's job, requires logs or records not to be made of their accounts?
Another quote:
"They were to be given what are referred to as “tenant owner” level accounts, with essentially unrestricted permission to read, copy, and alter data. Note, these permissions are above even my CIO’s access level to our systems. Well above what level of access is required to pull metrics, efficiency reports, and any other details that would be needed to assess utilization or usage of systems in our agency. We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval. The suggestion that they use these accounts instead was not open to discussion."
Audits don't require being able to alter data.
Also, some of the data is mentioned as being sensitive. Although granting access to the data of another agency may make sense, I have trouble believing that direct access to data such as sensitive personal information of third parties would routinely be given to people from outside of the organization. Even within the organization the group of people given access to sensitive data should be as limited as possible.
[flagged]
> DOGE staffers would have been instructed not to trust any custom role, so… Tenant Admin it is.
Ok, arguing with DOGE on their own terms… I confess I’m not knowledgeable with these systems, but how do you even trust it when it tells you you’re the “Tenant Admin”? Why would the deep state be unable to fabricate such a role that looks like the real one but is still lying to you? I did enough research to assume this is a Microsoft thing, so you might be viewing a Microsoft domain signed by a Microsoft SSL cert, and trust that Microsoft is telling you you’re really the highest admin. But… we’re talking a vast conspiracy with billions on the line… why would a true-believer DOGE crusader not believe there are also deep state agents in Microsoft, the certificate authorities, and ISPs?
Asking for Tenant Admin or whatever magic term seems like a start to get “the truth”, but completely inadequate to actually take down “the deep state.”
Of course, that’s the beauty of it. A super-powerful, secret enemy can never be vanquished, so they’re always a great excuse to take the next step to demolish the real government and trample the rights of the people.
2 replies →
Your argument makes sense. I still speculate they're doing malicious things.
2 replies →
I have taken part in audits for several organizations over the years, and I can assure you that's not how audits are done at all.
In fact, should the auditor find there is a way for them to access sensitive data without it being logged, they will flag it immediately. That would be the case even under simple financial regulation.
There is absolutely the risk that the people you audit will lie to you or present you with false data. In practice that's not common, because they stand to at the very least lose their jobs. It could also be illegal. Not worth it.
A normal audit, sure. This isn’t that. This is the prison guards flipping the mattress looking for contraband.
All of the public complaining is by staff that don’t understand their new position in the pecking order.
There is a King in charge and he cares not for the wailing of the petty nobles.
>This is the prison guards flipping the mattress looking for contraband.
No its not. These prison searches in fact do tend to find knives and what not and do in fact have some role in managing prison violence.
This is not about anything like that at all.
3 replies →
> Furthermore, on Monday, April 7, 2025, while my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you
It would be astonishingly stupid to threaten a whistleblower in such an amateurish manner when you’re backed by the party in power and have the full and official apparatus of the state at your disposal.
astonishingly stupid sounds about right for the people leading apparatus of the state :)
11 replies →
I don't believe your statement that you ask for, and successfully receive, tenant admin rights from large government departments.
DOGE employees aren't simply doing their job. They are actively subverting the government to fatally wound it.
Do you also delete logs, fire the cybersecurity team, and stonewall breach investigations?
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...
In that case, you and departments you work for are either breaking the law regularly or working with public data anyway.
Besides, no one needs unmonitored write access for audit. Even less DOGE who does no audit and don't have knowledge how to do audit. Audits are supposed to he traceable.
No one needs write access, but most systems only have a read/write predefined role for tenant-wide access. If you don’t trust the department staff to give you anything but a predefined role, it’s typically the only option. Similarly if you need to fire privileged IT staff on the spot for headcount reduction you need admin-equivalent rights to lock them out. You can’t in general trust disgruntled admins to lock themselves out!
Also, in some cloud systems full read access can give you direct or indirect access to service keys / API keys which then are write equivalent permissions anyway.
> If you don’t trust the department staff
I find the argument the most absurd in relation to DOGE. There is no reason to give them more trust then to anyone else in goverment ... and multiple reasons to trust them less. Starting from personal histories of some of them and how they were selected.
As such, this "I dont trust" is just reflection of their incompetence, arrogance and a lazy excuse.
[flagged]
Whistleblowers are protected by law. If their data is being exfiltrated then they may become targets of harassment.
1 reply →
> This sounds scary but I regularly request this right from large government departments and I get it granted to me.
Prove it. I want you to give examples of where you did something like this.
It’s not publicly provable for many obvious reasons such as the delegation being time bound.
Anything is publicly provable. And I think you can publicly prove it too. As another poster put it, if that's how you've dealt with systems before then either you were working with publicly available data or you were party to a crime.
Omg they also saw spikes in DNS traffic and high load during days exfiltration ahead of audit...
Clearly the (system) auditing infrastructure wasn't robust enough to still provide a lot of monitoring even in the service is being managed by someone else...
Also a several hundred line teardown of a 300line file is exactly what is wrong with some coders. Not having a CI/CL for every single short tool written once to do a job is called being productive...
Absolute balderdash.