A Dangerous Lack Of Clarity: Does DOGE’s Negotiated “Read Only” Access Mean “Read Only” Access To Data Or Code?
from the ask-more-questions dept
News moves fast… While this post was getting finalized came news that Marko Elez has resigned after his racist tweets were found and publicized. Nevertheless, the point made herein still stands.
Amidst all the news today is news suggesting that Musk and his lackeys have had their access to the federal government’s payment systems limited. While it appears true that there are now some limits, it is too soon to celebrate before we know whether there are enough. The limits might only be on the data used by these systems, and not the code that powers these systems. And that difference is important.
The news from today relates to the negotiated restraining order a judge approved arising from the Alliance for Retired Americans v. Scott Bessett litigation. Per that order, access to the Treasury Department’s data has now been limited to just two DOGErs, Tom Krause and Marko Elez, and that that access is “read only”:
The Defendants will not provide access to any payment record or payment system of records maintained by or within the Bureau of the Fiscal Service, except that the Defendants may provide access to any of the following people:
o Mr. Tom Krause, a Special Government Employee in the Department of the Treasury, as needed for the performance of his duties, provided that such access to payment records will be “read only”;
o Mr. Marko Elez, a Special Government Employee in the Department of the Treasury, as needed for the performance of his duties, provided that such access to payment records will be “read only”;
This order comes after reporting from earlier this week that, despite promises from the Treasury Department that Krause had “read only” access, Elez appeared to have admin privileges and may have even pushed live code into the system. Nathan Tankus, who has been closely tracking the access issue also reported today that, from a practical standpoint, Elez’s access may have already been somewhat curtailed in response to public reporting.
On Saturday, they had given Marko read/write access and marked his access request as completed and closed. There was no mistake in their wording: they explicitly said they had given Marko read/write access to SPS. On Wednesday, they reopened his access request and stated his permissions were now read only.
But reporting on what’s going on at Treasury in response to this court order keeps obscuring an important issue, and it’s leading people to breathe a sigh of relief that is potentially, and critically, not warranted. Indeed, there’s a way to read the court order that should be cause for alarm, not relief.
True, it is good that access to Americans’ social security numbers is limited to just two Muskers, and that their access is limited, although there is a lack of clarity for what these limitations mean. It may mean that they cannot change the data, and it may also mean that they cannot download or share it, but “read only” is not defined in the order, so it’s hard to be sure.
It is also not clear that it goes beyond payment records. Per the order access is limited to “any payment records,” which presumably includes Americans personal information. And access is also limited to “any payment system of records.” But “payment system of records” is a term desperate for definition, because it’s not at all clear that it applies to what it really needs to apply to.
What is really dangerous is for these renegades to have access to the software code that makes the payments out of Treasury. But this provision looks like it only prevents them from accessing the system that handles how Treasury handles the records about whom to pay. It does not look like this injunctive provision extends to anything that controls the payments themselves. It looks like any number of DOGErs (beyond just Krause and Elez) could still have access to those systems and the software Treasury uses to make payments (even if they don’t have direct access to the records of payments). There appears to be nothing in this order to limit any DOGEr’s access to not just see the software code but potentially also change the code, upload the code, and run the code.
If anything, the negotiated settlement suggests that DOGE very much still intends to do such things, given that Krause and (previously) Elez still needed access to records “for the performance of [their] duties.” What duties are these? How do they relate to actual payments? What are they still doing in these systems?
This lawsuit of course may not have been the right vehicle to limit their access to the software code, given that it was brought to address the separate problem of the the privacy harm resulting when any of them can see Americans’ personal information. But that’s not the only harm the nation faces if these guys still have control over the computers that handle whether and how America pays its bills. It is critically important that reporting recognize that this question has not been fully answered in a way that can give anyone confidence that our entire economy does not still rest in their unauthorized hands.
Filed Under: doge, elon musk, marko elez, payment system, tom krause, treasury department
Comments on “A Dangerous Lack Of Clarity: Does DOGE’s Negotiated “Read Only” Access Mean “Read Only” Access To Data Or Code?”
This was my immediate concern on reading the order as well. There seems to be plenty of leeway in the language of the order that would allow one to interpret the order as only applying to systems that store and/or provide access to view records. Systems which exist primarily to create records (process payments) are not obviously included in ‘payment systems of records,’ (which isn’t to say that they certainly are excluded, but just that it isn’t obvious and undeniable that they are included).
It is also worth noting that despite a separate court order requiring the administration to pause its funding freeze (so unfreeze), there are still many reports of Non-Profits and other organizations which remain unable to access the funds they should have received. So its definitely not to be taken as a given that the administration will obey this court order timely, or at all.
This comment has been flagged by the community. Click here to show it.
Cry more tears, left!st scum!
Re:
Son, I think its time to invest in a new keyboard. Your’s is so full of cheeto dust and genetic material, it keeps adding an ! to the middle of words.
Scorched Earth v1.7.2
The dim light left is that almost all code is developed and archived with a versioning system (Git, SVN, etc). Covering your traces in such a system is … possible, but difficult. Once Treasury returns to sane hands, the code can (and should – in case someone bypassed the archive system) be reloaded, and any additions vetted.
This presumes that the Treasury systems haven’t been burnt to the ground by retreating coup personnel.
Re:
How do we know Musk’s cronies are even using source control? Earlier reports said they were pushing directly to prod and had physically visited a facility in Kansas.
Re: Re:
We know that they aren’t and that some of the changes made are designed to work around change control systems.
But unless they encrypted/wiped the revision control systems on their way out, those old revisions still exist and can be restored over top of the cowboy deployments they did.
This comment has been flagged by the community. Click here to show it.
Re:
Democrats will not control the white house for 12 years, at least. You’ve messed up that bad.
Re: Re:
I thought you left because everyone was mean to you bro.
Re: Re:
your not gonna evade the spam filter
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:
1) obviously, I am
2) it is sad and cowardly that you guys are trying to quell dissent. It just means you know your ideas can’t stand up on their own.
Re: Re: Re:2
No ones “trying to quell dissent: bro. You’re just bragging about how you lost to a spam filter…again.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:3
Sure buddy, every single one of my comments and any other conservative is marked as “spam”. That’s…..literally attempting to quell dissent.
Re: Re: Re:4
You say that like BestNetTech has any kind of obligation to host your speech—or any speech that expresses “dissent” with the ideas expressed on the blog. Or are you going to say that Elon Musk deleting leftist/progressive/“DEI” speech from Twitter is suddenly a horrible thing only because he’s trying to “quell dissent”?
Re: Re: Re:5
Matty has already made it clear in a comment on another article that Musk outright removing content from his platform is fine, but Masnick having a filter that hides comments is “cowardly”.
Re: Re: Re:4 Have you tried not being a complete shitheel?
I rest my case.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:5
at this point, you’re just babbling
Re: Re: Re:6 That poor poor spam filter
I don’t have to time or crayons to explain to you that spam filters don’t have a super secret shadow ban the shitheel conservative button.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:7
……they literally do, especially when all you sh!tlib ret@ards act in concert.
Like, you’re SO CLOSE to getting it, and then the extra chromosome comes in.
Re: Re: Re:8 Tell me how much you don't care about us bro
Keep bragging about how you’re dumber that the spam filter fucknugget. It might make us forget how fucking mad you are about “winning”.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:9
very obviously defeating the “spam” filter (not that), so that’s a hot take.
Still not, obviously, tired of winning.
Re: Re: Re:10 It's about as hot as your moms stanky cooch
Just super mad about it, and losing to the spam filter and having a tiny peen, and whatever the fuck else you’ve failed at lately. Which judging by your anger, is quite a lot bro.
Re: Re: Re:8
…says the guy who can’t figure out that it’s his behavior that causes him to get flagged by everyone.
No, seriously, man, it’s all on you if you get flagged. I don’t flag people who merely disagree with me—I flag people who comment in bad faith with shitty takes and a bunch of edgy edgelord edginess that would’ve gotten them sued by Tim Langdell prior to him losing the “edge” trademark. Bigotry also helps seal the deal, and your continued use of a word that slurs the intellectually disabled, as well as your continued uncritical ass-kissing of a racist Apartheid-loving billionaire and his efforts to help his co-president bring back segregation, certainly fits the bill there.
The funny thing here is how, if you’d stop being so angry all the time, you might actually be able to perform a critical act: giving us a different perspective from which to consider our own thoughts and beliefs on a given subject. But you’d rather be a high school bully who thinks he never has to grow up or be a decent person even when he’s middle-aged and alone. It’d be sad if you weren’t so goddamned eager to dominate people—or to see them hurt by people you wish would dominate you.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:9
No, you just encourage them being flagged by others by bad faith misinterpretations of what they’ve said.
Re: Re: Re:10
Don’t blame me if you can’t defend your own bullshit well enough to make me say “fair enough” and admit I was wrong. That’s your problem.
Re: Re: Re:11
Actually, the fact you don’t like me advocating for a community I’m actually part of and you’re not (the trans community) is your problem rather than mine, and the fact you can’t admit I have more right to advocate for my community than you do is also your problem. No one said you have no right to communicate for communities you’re not a member of, but you have zero right to shut people out of advocating for their own communities with false accusations just because it makes you jealous because you think you’re the only one with any right to advocate for minorities.
Re: Re: Re:10
NO ones misinterpreting you when you call everyone a retard…
Re: Re: Re:11
Actually, that’s a word I’ve not used in decades since learning it’s an ableist/disablist slur, so you’ve only proved that you can’t tell the difference between ACs with completely different styles.
elez is gone
he quit after they outed him as a hardcore nazi/white supremacist:
https://www.cnbc.com/2025/02/06/musk-doge-staffer-resigns-over-racist-social-media-posts.html
Re:
Which is weird, because that’s why he was hired.
Re: Re:
It’s a distraction. Even if the court order restricted their ability to control payments the problem is all the time that passed where they had nothing stopping them.
Re: Re: Re:
And even if a court order says “don’t do this”, without any kind of enforcement to back up the order, they can keep doing whatever they want by saying “fuck you, make me” and going on about their business. I get the feeling these fuckers won’t stop until there are actual cops/federal agents with actual loaded guns in the building saying “yeah, no, you can’t be doing this”.
This comment has been flagged by the community. Click here to show it.
Cathy, you seem unclear on separation of powers
You just seem really unclear on why the president can do what he wants with Executive branch personnel, properties, and servers. So here’s a handy guide!
https://www.nationalreview.com/corner/a-rule-of-thumb-for-the-executive-power-debates/
Re:
Y U MAD BRO?
Re:
Is Yuval Levin a lawyer?
This comment has been flagged by the community. Click here to show it.
Re: Re:
Never stops MM or Cathy
Re: Re: Re:
So that’s a no?
Re: Re: Re: Your moms the town whatabout
Whatabout something else. Like how your mom never says no to anyone.
Re: Re: Re:
Never stops you, either. 🙃
Re: Re: Re:
Cathy Gellis is a lawyer, shit-for-brains.
Re: Re: Re:2
But it’s true that MM isn’t. Oh, sorry. Like Matty, I forgot to include the B after MM.
Re: Re: Re:3
Son you already fucked up so bad you had to take your ceiling mounted fleshlight in repairs twice. Maybe it’s time to put the crack pipe down and slink off in defeat.
Re: Re: Re:4
*whoooooooooosh!*
This comment has been flagged by the community. Click here to show it.
Re: Re:
Yo
https://x.com/ShitpostGate/status/1887482625750905287
Re: Re: Re: Congrats bro!
Hey someone in your family graduated!
Re: Re: Re:2
Hey now, c’mon. You don’t need to insult intellectually disabled people by implying that they’d ever be part of Matthew M. Bennett’s family.
Re: Re: Re:
Are you okay? That is very clearly not Yuval Levin.
Re:
MICROSOFT CLIPPY VOICE
You’ve linked to The National Review.
Did you mean to link The National Enquirer instead?
Re: Re:
No, I actually meant to link to the Weekly World News.
Re:
If “the president can do what he wants” then why did a court just tell them he couldn’t?
You keep misunderstanding the fairly simple fact that the Executive Branch is still bound by the law.
Yes, they can run it as they want WITHIN THE LAW.
Why do you keep ignoring that part? The reason a court blocked what DOGE people were doing was BECAUSE IT BROKE THE LAW.
long time coder; longer time tester
=== privacy violation ===
20 TB ext drive costs USD$300; USB-C transfer rate = 100MB/sec; day = 86400 sec; 8.6 TB / day; 2.5 days to copy 20 TB of confidential data;
if there’s five workstations breached and you carry in five drives, violating privacy of millions of citizens can be achieved in 12 hours;
=== code changes ===
sparks… honking huge sparks… pretty, pretty sky full of sparks as the library burns down because an idiot positioned a half ton of fireworks for the Fourth of July atop a roof composed of half inch plywood weatherproofed with tar paper
my hands tremble slightly at memories of rollouts done against the professional opinions of coding teams… who were blamed the following week by the executives who’d browbeaten ’em into doing so…
=== just in case ===
my advice to everyone in the US…?
if you got a plastic card (debit or credit or whatever) then be sure you have USD$500 cash in tens and twenties (assuming you have that much available to your card)
there could well be thousands of retail outlets unable to process any plastic given interdependencies…
what ought freak everyone out, nobody has any idea of what the full set of those interdependencies
R.E.A.D O.N.L.Y.
Read Everything, Alter Deliberately, Obfuscate, Negate, Lose Yottabytes
This comment has been flagged by the community. Click here to show it.
I love how you pro-USAID, corrupt woketards think Trump is going to be checked by anyone or anything.
Re: You were saying...
Attorneys from the Department of Justice agreed to the Trump administration motion filed on Wednesday night to limit access to payment systems. U.S. District Judge Colleen Kollar-Kotelly must sign off on the DOJ’s proposed order
Re:
Things going that bad already bro?
Where"s the oversight?
Oh that’s right, they got rid of that first.
A well designed IT delivery system (process, not SW/HW) should have sufficient IT controls to detect, if not prevent, and certainly have the capacity to rollback any changes.
Anyone familiar with Sarbanes-Oxley (SOX) Act knows it basically says never allow the same person transact both sides of the ledger. The law was enacted in 2002 as a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom. It would be unconscionable if Congress did not impose similar controls on its own systems.
In this case, the change initiator (coder) must not implement it (deploy to Prod). Any changes to Prod should be detected by monitoring systems. Those changes must correlate to approved changes. “Approved changes” must correlate what was deployed matches what was changed AND the changes MUST correspond to what was the agreed change (ie: the requirement).
Such a system would detect a direct change to Prod or an unapproved change to code that was deployed. Advanced systems will also track changes to authorizations/permissions or even new newtork connections (ie: http requests to/from unknown hosts.
For all this to work you must have oversight. That extends to validating processes and controls are in place, are sufficent and effective and are regularly audited and evaluated. That’s why the first thing Trump eliminated was the Inspector General positions; the oversight and auditors.
Enron’s $63 billion failure made it the largest corporate bankruptcy in U.S. history until Worldcom the following year in 2002. Those reeked havoc on financial markets. It is difficult to imagine the impact fraud on multi-trillion enterprise like the US Gov’t could have on the world.
it goes beyond the code
They may want to copy the software, but they want the data, and the court order does not stop them from accessing the data.
Because we find out from Washington Post that DOGE has embedded people in as employees, and these same employees are grabbing data and uploading it to Microsoft Azure.
That’s in the cloud and outside of federal protections. Ostensibly they say this is so they can run the data through AI programs to figure out fraud, but this gives Musk an almost unlimited access to data on everyone in the country.
https://burningbird.substack.com/p/trumps-and-musks-betrayal
Live the good life...
I’m sure he didn’t do anything nefarious while he was in there… amirite?
One of the old MAFIA’s favorite ‘get-out-of-jail’ cards was simple old fashioned blackmail. Absolutely nothing works better to get an official of any sort on your side, than showing him pics of he and his mistress doing the Tango. Or a 7 year old child.. or a donkey. Officials come in a variety of flavors.
What you are about to see – well actually you can’t see it because its all done in secret – is a massive blackmail campaign that will pull ALL of the big businesses onto the Trump band wagon.
Definitely Democracy VS Capitalism
payment system of records
“system of records” is defined in the statute in question, 5 USC §552a – Records maintained on individuals, section (5):
So an indexed collection of records whether filing cabinet or Oracle database.
Fortunately Judge Engelmayer has told the Muskovites to delete any data they copied from the Treasury systems, so that’s all ok, right?