Congressman Dan Goldman Demands Trump Administration and Doge Comply with Federal Data Protection Law

By on No Comment

Congressman Dan Goldman Demands Trump Administration and Doge Comply with Federal Data Protection Law
Elon Musk and DOGE Officials Have Been Granted Unprecedented Access to Americans’ Personal Information, Flouting Federal Data Protection Laws 
 
DOGE’s Access to Classified Systems Risks Data Breaches and Hacks by Foreign Adversaries  
 
Read the Letter Here 
Washington, D.C. – Congressman Dan Goldman (NY-10), alongside his Democratic Homeland Security Committee colleagues, sent a letter to the Acting Director of the Office of Management and Budget (OMB), Matthew Vaeth demanding that the Trump Administration follow all relevant federal data protection laws after it was revealed this week that Elon Musk and DOGE have exceeded their authority and may have violated numerous federal laws with grave national security consequences.
“We know that China and other foreign adversaries are regularly seeking to breach federal agency networks to gather exploitable information about government officials, American citizens, and U.S. businesses. That is why the U.S. government has implemented numerous policies and programs to secure sensitive data. Elon Musk and his DOGE associates are not exempt from those policies,” the members wrote. 
This week, it was reported that Elon Musk and DOGE had gained access to a broad range of government databases at multiple federal agencies – including the Treasury Department, which oversees trillions in government payments. Furthermore, it was reported that they have also transferred government data with the personally identifiable information of million of Americans to their own unvetted commercial servers. Other reports indicate DOGE has accessed classified systems.
“The American public deserves to know who is accessing their personal information and why. The government also has an obligation to keep their information secure,” the members added. 
Read the Full Letter Here or below: 
Dear Acting Director Vaeth:
We write to express our serious concerns about the unprecedented access to sensitive government data granted to Elon Musk and his US DOGE Service (DOGE) associates and inquire about what policies and procedures are in place to protect the security and integrity of sensitive government information.
Under the Federal Information Security Modernization Act (FISMA) of 2014, the Director of the Office of Management and Budget (OMB) is responsible for “developing and overseeing the implementation of policies, principles, standards, and guidelines on information security” and “requiring agencies, consistent with the standards promulgated under such section 11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of (A) information collected or maintained by or on behalf of an agency; or (B) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency.”
Executive Order (EO) 14158, Establishing and Implementing the President’s “Department of Government Efficiency,” gave DOGE unprecedented access to information systems across government.2 It directs Agency Heads “to take all necessary steps” to ensure DOGE “has full and prompt access to all unclassified agency records, software systems, and IT systems.”3 The EO also directs DOGE to adhere to “rigorous data protection standards.”4 Although the EO fails to articulate those standards, they presumably include Federal laws including, but not limited to, FISMA, the E-Government Act of 2002, and the Federal Acquisition Regulation, as well as OMB policies intended to protect Federal networks, including OMB 22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. Instead, by all accounts, DOGE is running roughshod across Federal networks, accessing untold amounts of information about Americans in complete disregard for security and privacy standards.
According to media reports, in recent days, Elon Musk and his DOGE associates have accessed a broad range of government databases at multiple Federal agencies. These agencies include the Treasury Department, the U.S. Office of Personnel Management, the U.S. Agency for International Development, the Small Business Administration, and possibly others. The systems include the payment systems that the Treasury Department uses to honor U.S. financial obligations, those that store sensitive personnel data on Federal employees, and reportedly classified information systems, which DOGE has absolutely no authority to access. This reporting also indicates that DOGE officials have transferred data to commercial servers that may not have been vetted for compliance with security and privacy requirements, another potential violation of Federal law.8 These databases include personally identifiable information on Federal employees and millions of other American, and any risk of exposure to foreign adversaries could have grave national security consequences. Due to the complete lack of transparency about DOGE’s activities, it is possible that DOGE has gained access to other information that the public is not yet aware of.
We know that China and other foreign adversaries are regularly seeking to breach Federal agency networks to gather exploitable information about government officials, American citizens, and U.S. businesses. That is why the U.S. government has implemented numerous policies and programs to secure sensitive data. Elon Musk and his DOGE associates are not exempt from those policies. Under your statutory obligations, you are responsible for ensuring that Elon Musk complies with data privacy and security requirements, and we urge you to take action to ensure compliance.
  1. The American public deserves to know who is accessing their personal information and why. The government also has an obligation to keep their information secure. To help us better understand what policies and procedures are currently in place to secure data obtained by DOGE and what following steps are being taken to secure Americans’ data, we request that you respond to the questions by February 19, 2025:
  2. Which departments and agencies have granted DOGE access to their information systems and data? Please specify the types of information DOGE has accessed and the purpose of the access.
    1. DOGE has no authority to access classified systems, but media reports indicate DOGE employees have, in fact, accessed such systems.
    2. Have DOGE employees accessed classified systems? Please specify the authority under which DOGE employees accessed classified systems, which classified systems DOGE employees have accessed, and the purpose of DOGE access.
  3. Do the DOGE employees who have accessed classified systems have security clearances? If so, did they complete the SF-86 form and undergo the background investigations required for Federal employees to obtain access to classified information. Please provide the dates upon which each DOGE employee who accessed classified information received their clearance, the type of security clearance each DOGE employee has, the date of their clearance security education meeting, and who provided the clearance security education meeting
  4. What procedures are in place to ensure that DOGE complies with the E-Government Act of 2002’s requirement of Privacy Impact Assessments for the use of new information technology?
  5. How is OMB ensuring DOGE is in compliance with the Federal government’s mandatory information security policies under FISMA and other relevant laws?
  6. What guidance, if any, has OMB provided to Federal agencies how to mitigate security risks posed by DOGE access to their networks?
  7. In the past, the US Digital Service accessed Federal department and agency information systems after being invited to do so. Do Federal agencies have the authority to refuse DOGE access to their information systems and data?
OMB has an obligation to ensure Federal information systems and data security laws are being
followed, and we urge to move expeditiously to investigate what Federal laws and policies DOGE may have violated and take appropriate action. We look forward to your timely response.

  , , , , , , , , , , , , , , , , , , , , ,

Congressman Dan Goldman Demands Trump Administration and Doge Comply with Federal Data Protection Law added by on
View all posts by NewBlackVoices →

Leave a Reply

Your email address will not be published.