Notes from a March 18 meeting, marked “Internal/Confidential,” show that a DOL lawyer presented colleagues with an overview of DOL’s interactions with DOGE. “So far,” the notes read, “they do not have write access. They have asked; we’ve held them at bay. We’ve tried to get them to tell us what they want & then we do it. They only have read access.” DOGE seems primarily interested, according to the notes, in pay systems and grants, and has signed an agreement detailing a “long list of things they won’t do.”
The notes also detail interactions between the GAO and DOL related to DOGE’s work. Included are a specific set of requests GAO gave to DOL representatives:
“Please identify any systems and information for which USDS and/or agency DOGE team staff were provided access. In doing so, please identify all accounts created, including those for any applications, servers, databases, mainframes, and/or network equipment.
“Please describe the type of access that USDS and/or agency DOGE team staff have to agency systems and information (e.g., read, write, execute).
“Please describe how USDS and/or agency DOGE team staff access agency systems and information (e.g., on-premise or remote, agency furnished equipment or other equipment).
“Please describe the safeguards that are in place to determine that USDS and/or agency DOGE team staff protect the confidentiality, integrity, and availability of agency systems and information consistent with relevant laws and guidance.
“Please describe the processes that the agency has in place to ensure that USDS and DOGE teams are appropriately protecting the confidentiality, integrity, and availability of the agency systems and information as required by applicable laws and guidance?”
Concerns about DOGE access to agency systems are not unfounded. In February, WIRED reported that Marko Elez, a 25-year-old former X engineer, was granted the ability not only to read the code in the Treasury systems but also to write—or change—it. With that level of access, there were concerns that he could have potentially cut off congressionally authorized payments or caused the systems to simply stop working. “It’s like knowing you have hackers on your network, but nobody lets you do anything about it,” a Treasury employee told WIRED at the time.
Elez, according to the March 18 meeting notes and previous WIRED reporting, also has access to the DOL and has been linked to the Social Security Administration. His and other DOGE affiliates’ access to SSA data is currently restricted due to a court order. Elez did not immediately respond to a request for comment.
Reporting from WIRED and other outlets since then has continued to expose DOGE’s sweeping attempts to access sensitive data—and the potential consequences. President Donald Trump’s executive order from March 20 directs agencies to begin “eliminating information silos,” purportedly to fight fraud and waste. These actions could also threaten privacy by consolidating personal data housed on different systems into a central repository, WIRED previously reported.
A record detailing an initial request from GAO for DOL documents, due at the end of March, shows that the agency was asked to show how it protected its systems, with the requested documentation covering, among other things, its policies on management of access to system accounts, training, the principles of separation of duties and least privilege, the use of portable storage devices, audit logging, and its insider threat program. These requests reference the National Institute of Standards and Technology publication Security and Privacy Controls for Information Systems and Organizations, which serves as a set of information security guidelines for federal systems not related to national security.
