No. of Recommendations: 10
https://heathercoxrichardson.substack.com/p/februa...HCR - Feb 5th
Shortly after 1:00 this morning, Vittoria Elliott, Dhruv Mehrotra, Leah Feiger, and Tim Marchman of Wired reported that, according to three of their sources, “[a] 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies [SpaceX and X], has direct access to Treasury Department systems responsible for nearly all payments made by the US government.”
According to the reporters, Elez apparently has the privileges to write code on the programs at the Bureau of Fiscal Service that control more than 20% of the U.S. economy, including government payments of veterans’ benefits, Social Security benefits, and veterans’ pay. The admin privileges he has typically permit a user “to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to.”
“If you would have asked me a week ago” if an outsider could’ve been given access to a government server, one federal IT worker told the Wired reporters, “I'd have told you that this kind of thing would never in a million years happen. But now, who the f*ck knows."
The reporters note that control of the Bureau of Fiscal Service computers could enable someone to cut off monies to specific agencies or even individuals. “Will DOGE cut funding to programs approved by Congress that Donald Trump decides he doesn’t like?” asked Senator Chuck Schumer (D-NY) yesterday. “What about cancer research? Food banks? School lunches? Veterans aid? Literacy programs? Small business loans?”
Josh Marshall of Talking Points Memo reported that his sources said that Elez and possibly others got full admin access to the Treasury computers on Friday, January 31, and that he—or they—have “already made extensive changes to the code base for the payment system.” They are leaning on existing staff in the agency for help, which those workers have provided reluctantly in hopes of keeping the entire system from crashing. Marshall reports those staffers are “freaking out.” The system is due to undergo a migration to another system this weekend; how the changes will interact with that long-planned migration is unclear.
The changes, Marshall’s sources tell him, “all seem to relate to creating new paths to block payments and possibly leave less visibility into what has been blocked.”
Both Wired and the New York Times reported yesterday that Musk’s team intends to cut government workers and to use artificial intelligence, or AI, to make budget cuts and to find waste and abuse in the federal government.
Today Jason Koebler, Joseph Cox, and Emanuel Maiberg of 404 Media reported that they had obtained the audio of a meeting held Monday by Thomas Shedd for government technology workers. Shedd is a former Musk employee at Tesla who is now leading the General Services Administration’s Technology Transformation Services (TTS), the team that is recoding the government programs.
At the meeting, Shedd told government workers that “things are going to get intense” as his team creates “AI coding agents” to write software that would, for example, change the way logging into the government systems works. Currently, that software cannot access any information about individuals; as the reporters note, login.gov currently assures users that it “does not affect or have any information related to the specific agency you are trying to access.”
But Shedd said they were working through how to change that login “to further identify individuals and detect and prevent fraud.”
When a government employee pointed out that the Privacy Act makes it illegal for agencies to share personal information without consent, Shedd appeared unfazed by the idea they were trying something illegal. “The idea would be that folks would give consent to help with the login flow, but again, that's an example of something that we have a vision, that needs [to be] worked on, and needs clarified. And if we hit a roadblock, then we hit a roadblock. But we still should push forward and see what we can do.”
A government employee told Koebler, Cox, and Maiberg that using AI coding agents is a major security risk. “Government software is concerned with things like foreign adversaries attempting to insert backdoors into government code. With code generated by AI, it seems possible that security vulnerabilities could be introduced unintentionally. Or could be introduced intentionally via an AI-related exploit that creates obfuscated code that includes vulnerabilities that might expose the data of American citizens or of national security importance.”…
