Musk furious as judge shuts down DOGE access to Treasury payment system

The US Treasury Department’s payment servers hold the tax returns, social security data and bank account numbers of every adult citizen of the United States.

They are, one would assume, among the most highly secured servers on earth and yet it seems that all the employees of Elon Musk’s Department of Government Efficiency (DOGE) needed to do to access these systems after January 20 was to walk into Treasury Department offices and demand access to the servers’ credentials.

We learn of these extraordinary if still hazy and unconfirmed events by reading between the lines of a weekend ruling by US District Judge Paul Engelmayer in response to a suit brought by 19 states against the actions of the DOGE team.

In the ruling, Engelmayer blocked access by DOGE staff to the Treasury’s payment servers for the time being and ordered that any data downloaded to date by team members should immediately be deleted.

Allowing DOGE access in its current form violated the Administrative Procedure Act (APA), a statutory requirement, as well as the doctrine of the separation of powers and the Take Care Clause of the US Constitution, he ruled.

Further access for unauthorized DOGE staff risked “irreparable damage,” a technical term for serious consequences which can’t be easily remedied through subsequent legal action.

“That is both because of the risk that the new policy presents of the disclosure of sensitive and confidential information and the heightened risk that the systems in question will be more vulnerable than before to hacking,” the ruling continued.

In short, allowing unauthorized personnel to access these servers without monitoring risked data disclosure, also known as a data breach.

“Utterly insane”

The ruling traces the outline of an unexpected fault line that has appeared since President Trump’s inauguration: how far should Presidential appointees be allowed to go when executing executive orders if that risks breaking existing laws and rules around security?

Engelmayer’s answer, for now at least, is not far at all: only staff within the Treasury with the correct security clearance should be granted access to servers containing sensitive citizen and personal data.

Not surprisingly, as it continues its campaign to refashion and downsize the federal workforce, the White House was derisive of the ruling and the legal suit that precipitated it.

“Grandstanding government efficiency speaks volumes about those who’d rather delay much-needed change with legal shenanigans than work with the Trump Administration of ridding the government of waste, fraud, and abuse,” White House spokesperson Harrison Fields said in a statement released to media outlets.

Musk, meanwhile, took to his personal mouthpiece, X, to condemn at length the financial waste he claimed the DOGE access had uncovered within the system.

 “Yesterday, I was told that there are currently over $100B/year of entitlement payments to individuals with no SSN or even a temporary ID number. If accurate, this is extremely suspicious,” he tweeted. “This is utterly insane and must be addressed immediately.”

The counter-argument to this is that it’s not the intention behind the access that’s at issue so much as the principle that security clearance should still apply to people tasked with investigating alleged waste.

Fact vacuum

As is often the case, the ruling doesn’t reveal the full context of what occurred. According to Michel Chamberland, founder of IT services and consulting company IntegSec, this made it hard to judge how far security was bent for the sake of convenience.

“We do not have exact details of what systems were accessed, what specific data they have access to and what level of access they were provided. I think when we hear people’s social security numbers may have been compromised by the DOGE team, it is complete speculation,” he told Computerworld.

One remedy would be for DOGE to explain the nature of their access more clearly:

“I think the first thing they could do is provide more transparency as to what exactly they access, how they do it and the level of access provided,” said Chamberland.

“We also need to hear about the classification of these systems. Not all systems within a government agency will be highly classified. It is possible DOGE was able to do most or all their work without accessing systems that do require a security clearance,” he said.

However, Chamberland agreed that background checks for staff were essential.

“DOGE sharing this information with the public could go a long way to reduce security concerns.”

This is not the first time Musk’s DOGE has upset people enough to provoke legal action. Two weeks ago, a private class action alleged that his team sent emails to the federal workforce from the Office of Personnel Management (OPM) in a way that broke the E-Government Act of 2002 and was insecure.