DOGE's mucking around at the Social Security Administration (SSA) has been heavily scrutinized, but now the SSA itself is admitting it slightly underreported the unofficial agency's improper activities within its systems. DOGE employees may have been asked to assist a political advocacy group using SSA data, prompting Hatch Act referrals.

The Department of Justice, acting as the legal representative for the SSA in a lawsuit filed against it by multiple US government employee unions, filed arecord correction [PDF] in court last week amending a number of claims made in March by then-acting SSA Commissioner Leland Dudek. 

According to last week's filing, the Elon Musk–led DOGE effort retained certain SSA system access after US District Judge Ellen Hollander issued a temporary restrainingorder limiting that access, and SSA data were routed outside the agency on multiple occasions, including through an encrypted file and third-party sharing tools.

Even worse than that, the DOJ noted in its filing, email evidence shows that a pair of DOGE employees at SSA were approached by a political advocacy group asking them to help the group find evidence of voter fraud in a bid to overturn state-level elections. One of the DOGE employees even signed a "voter data agreement," the contents of which weren't explained in the filing, with the unnamed group. The agreement reportedly wasn't reviewed by the SSA, nor was it approved through the agency's data exchange procedures.

"DOGE Team members could have been asked to assist the advocacy group by accessing SSA data to match to the voter rolls," the filing states, "but SSA has not yet seen evidence that SSA data were shared with the advocacy group."

The activity of those two DOGE members led to referrals to the US Office of Special Counsel over potential Hatch Act issues, a 1939 law that restricts certain political activities by federal civil service employees.

Mystery records transmitted to outside sources

Politically-motivated activity involving SSA systems by employees is bad enough, but the previously unreported DOGE damage didn't stop there. 

The filing also contradicts Dudek's claims from March that DOGE "never had access to SSA systems of record" by finding that DOGE employees at SSA sent an email to the Department of Homeland Security and a DOGE advisor at the Department of Labor that included "an encrypted and password-protected file that SSA believes contained SSA data." 

"From the explanation of the attached file in the email body and based on what SSA had approved to be released to DHS, SSA believes that the encrypted attachment contained PII derived from SSA systems of record, including the names and addresses of approximately 1,000 people," the DOJ explained in the filing. The SSA reportedly still hasn't been able to access the file to determine what's actually in it. 

While the filing maintains that Dudek's claims were and still are accurate regarding DOGE not having official access to SSA systems of record, another part of the filing says DOGE was granted access to a range of SSA systems - some involving PII or data derived from systems of record - that SSA says were either unused or of unknown use.

• DOGE dilettantes 'didn't test' Social Security fraud detection tool at appropriate scale
• Senator demands to know status of 'duplicate' Social Security database 'immediately'
• Judge cites big OPM records leaks from 2015 in DOGE slapdown
• Federal agencies DOGE questions about what cost-cutting team is doing

SSA employee records, facility access systems, fraud and analytics shared workspaces, data-visualization tools connected to other data sources "which could provide access to PII," and enterprise data warehouse schemas "beyond those reported as of March" were in effect for various DOGE employees until they were terminated in late March, according to the filing.

In addition, the SSA learned since Dudek made his declaration in court that DOGE was using Cloudflare to share data amongst itself in violation of SSA rules. 

"Cloudflare is not approved for storing SSA data and when used in this manner is outside SSA's security protocols," the filing explained. "SSA did not know, until its recent review, that DOGE Team members were using Cloudflare during this period."

It's not clear whether the Cloudflare report is related, but a whistleblowerclaimed last August that DOGE was transmitting data from the SSA's Numident database (a master record of every application ever submitted for a US Social Security card) to an unauthorized cloud environment. Numident is only mentioned in last week's record correction filing, but only in relation to PII searches run against it after the temporary restraining order was issued. 

Nonetheless, it gives credence to the whistleblower reports, which the SSA hascontinued to deny. 

Not that the SSA actually knows what data DOGE put on Cloudflare - like the encrypted file emailed to DOL and DHS, "SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server."

Don't take any of these admissions to be confirmation that SSA was hiding information from the courts, naturally. The Administration maintains that Dudek's statements were all correct when he made them, "and SSA believes them to be accurate today," despite the evidence presented by DOJ in the filing.

We reached out to plaintiffs in the case, who didn't respond to questions, nor did the SSA or the White House. The DOJ only referred us to the court filings, and a source familiar with the matter told us that the DOJ isn't investigating DOGE, which is unsurprising given its role in this case. ®

More about

• Cybersecurity
• DOGE
• Federal government of the United States