Comment by Delk
1 day ago
The original complaint mentions:
"7. March 3rd - I received a call during which an ACIO stated instructions were given that we were not to adhere to SOP with the doge account creation in regards to creating records. He specifically was told that there were to be no logs or records made of the accounts created for DOGE employees."
Which part of doing an audit, or some other DOGE employee's job, requires logs or records not to be made of their accounts?
Another quote:
"They were to be given what are referred to as “tenant owner” level accounts, with essentially unrestricted permission to read, copy, and alter data. Note, these permissions are above even my CIO’s access level to our systems. Well above what level of access is required to pull metrics, efficiency reports, and any other details that would be needed to assess utilization or usage of systems in our agency. We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval. The suggestion that they use these accounts instead was not open to discussion."
Audits don't require being able to alter data.
Also, some of the data is mentioned as being sensitive. Although granting access to the data of another agency may make sense, I have trouble believing that direct access to data such as sensitive personal information of third parties would routinely be given to people from outside of the organization. Even within the organization the group of people given access to sensitive data should be as limited as possible.
[flagged]
> DOGE staffers would have been instructed not to trust any custom role, so… Tenant Admin it is.
Ok, arguing with DOGE on their own terms… I confess I’m not knowledgeable with these systems, but how do you even trust it when it tells you you’re the “Tenant Admin”? Why would the deep state be unable to fabricate such a role that looks like the real one but is still lying to you? I did enough research to assume this is a Microsoft thing, so you might be viewing a Microsoft domain signed by a Microsoft SSL cert, and trust that Microsoft is telling you you’re really the highest admin. But… we’re talking a vast conspiracy with billions on the line… why would a true-believer DOGE crusader not believe there are also deep state agents in Microsoft, the certificate authorities, and ISPs?
Asking for Tenant Admin or whatever magic term seems like a start to get “the truth”, but completely inadequate to actually take down “the deep state.”
Of course, that’s the beauty of it. A super-powerful, secret enemy can never be vanquished, so they’re always a great excuse to take the next step to demolish the real government and trample the rights of the people.
Azure for example has a built in role (actually a checkbox) that is un-fakeable by anyone that can’t MITM the portal web site.
The NSA might be able to do this, but even they’d be finding it a challenge if forced to do so on short notice with someone looking over their shoulder.
1 reply →
Your argument makes sense. I still speculate they're doing malicious things.
DOGE was given a mandate by a President with unprecedented (hah) unitary power. They’re executing on that, roughly how you’d expect them to, given their instructions and the time and resources available to them.
I personally feel that they’re being reckless and sloppy, uncovering “waste” that is often simply an artefact of their hubris. In doing so, they’re risking exposing the internal systems of the government to outside attack.
This is the rough equivalent of the guards in a prison turning over everything in a cell looking for contraband.
It’s not nice. It’s rarely productive. It is also a tool of intimidation. That’s part of the point. The prisoner is not supposed to like it. They’re not invited politely to present what they want others to see. They’re humiliated and powerless. That’s what the MAGA and DOGE want.
1 reply →