Musk Commandeers Sensitive Federal Data
Seen as a ‘smash and grab’ by one federal employee; privacy boundaries ignored; data house on illegally installed server in Musk’s DC office; where it goes from here is unknown
By John P. Desmond, Editor, AI in Business
Elon Musk’s commandeering of the most personal data the US government holds on its citizens, exposes a range of high risks that AI poses to business, governments and individual citizens.
Legal requirements around secure access and how government computer hardware intended to process sensitive information is procured, are being ignored by this Trump Administration.
The result is the creation of “multiple vulnerability points,” in the words of one cybersecurity expert.
A new server being used to control the vast databases Musk can now access, has been installed in a conference room that Musk’s team is using as its command center, according to an Office of Personnel Management (OPM) staffer who spoke to the Musk Watch newsletter, in the condition of anonymity. The account was written by journalists Caleb Ecarma and Judd Legum at Musk Watch.
The Musk team is able to access databases, initially with read and write permissions, to databases with medical histories, personally identifiable information, workplace evaluations and other private data. “They have access to the code itself, which means they can make updates to anything that they want,” an OPM staffer who spoke to Musk Watch stated.
Databases Musk Can Access
Musk and his associates gained access to a number of government databases, including:
USAJOBS, the federal government’s hiring site;
The OPM’s Enterprise Human Resources Integration (EHRI) system, continuing Social Security numbers, dates of birth, salaries, home addresses and job descriptions of all civil government workers. An OPM staffer told Musk Watch that is how individual government workers were targeted for dismissal for their connection to diversity, equity and inclusion reasons. The Musk team, which one late night comedian called “the MuskRats” and another called the “Musketeers,” had been “reviewing position description level data.”
USA Staffing, an HR onboarding system;
USA Performance, a job performance review site;
H1, which the government uses to manage employee health care. The OPM employee told Musk Watch, “The health insurance once scares me” because its information is protected by HIPPA privacy laws, “but they have access to all this stuff.”
The server was apparently acquired outside procurement rules that require a Privacy Impact Assessment be conducted, to ensure new security vulnerabilities are not introduced. The OPM staffer does not believe a PIA was conducted, “so this application and corresponding hardware are illegally operating” and the Musk team’s access to sensitive data has opened “multiple vulnerability points.”
Security experts are alarmed about what’s going on. Marcus Hutchins, a cybersecurity expert best known for stopping the WannaCry ransomware attack in 2017, warned in a February 8 account in The Washington Post that risks would multiply with every new user and new machine plugged in at OPM. “It’s highly likely they’re improperly accessing, transferring and storing highly sensitive data outside the environments it was intended to be contained within,” he stated.
New York AG’s Action With AG Coalition Sees Results
New York Attorney General Letitia James on February 6 announced she is leading a coalition of 14 AGs to restrict the Musk team’s access to sensitive government payment systems.
“This level of access for unauthorized individuals is unlawful, unprecedented, and unacceptable. DOGE has no authority to access this information, which they explicitly sought in order to block critical payments that millions of Americans rely on – payments that support health care, childcare, and other essential programs,” AG James stated in a press release.
She added, “In defense of our Constitution, our right to privacy, and the essential funding that individuals and communities nationwide are counting on, we will be filing a lawsuit to stop this injustice.”
A federal judge on February 8 issued an order limiting the Musk team’s access to sensitive federal data. It’s not clear that the Trump Administration will abide by the ruling.
Musk stated overnight Saturday that the judge who issued the ruling should be impeached. Vice President JD Vance pushed back also, stating on X, “Judges aren’t allowed to control the executive’s legitimate power,” according to an account from PBS. Vance is a graduate of Yale Law School
Deputy White House chief of staff Stephen Miller was quoted as calling the ruling “an assault on the very idea of democracy itself.”
US Judge Paul A. Engelmayer issued a preliminary injunction after the 19 AGs sued, alleging the Musk team is violating federal law. President Trump was quoted as saying while aboard Air Force One, “No judge should be allowed to make that kind of decision.”
The judge set a hearing date of February 14.
Sen. Chris Murphy, D-Conn., stated on ABC’s “This Week” on Sunday morning, February 9, “This is a red alert moment.” The senator expressed concern about the ability of the judicial branch to respond to the onslaught of attacks on privacy. “The pace of this assault on the Constitution, in order to serve the billionaire class, is absolutely dizzying.” Republicans in the House and Senate will need to help put a stop to it, he stated.
Anonymous Federal Worker Warns of “Gravity of This Situation”
One federal worker writing anonymously in Slate on February 3 stated that Musk’s access to the treasury data, private data regulated by laws, is a grave situation. “Those outside the federal government might not understand the gravity of this situation,” stated the author. “Now is the moment to act. We should not be waiting until the perps are driving off with every Bimmer in the lot.”
The grab of sensitive personal data is risky. “Its advertent disclosure could irreparably harm millions of American families,” the author said, adding, “Federal workers can only watch. We have been effectively silenced” by gag orders.”
And, “It cannot be up solely to the cubicle workers of the federal government to stare down certain retribution in order to delay lawless power grabs.”
And, “Take it from someone with a front-row seat: ‘Ocean’s Eleven’ this is not. It’s a smash and grab.”
Finally, “Everyone I know has polished their resume and started scanning job postings.”
We know the AI oligarch Musk is a smart guy; we have to hope he will in the end respect what the US framers put in place at the outset to preserve the republic.
Read the source articles and information at Musk Watch, The Washington Post, a press release from New York Attorney General Letitia James, an account from PBS and from Slate.