Justice Ketanji Brown Jackson Told You So, Social Security Edition
The most important line in a court filing filed last week that disclosed DOGE was doing far more with Social Security data than then Social Security Administrator Leland Dudek claimed they were in a declaration submitted last March 24 reads, “SSA first learned about this agreement during a review unrelated to this case in November 2025.” (Docket) That, plus this discussion in the opening paragraph, is the only explanation for why the Social Security Administration (SSA) is just finding all this data now.
Based on its review of records obtained during or after October 2025, SSA identified communications, use of data, and other actions by the then-SSA DOGE Team that were potentially outside of SSA policy and/or noncompliant with the District Court’s March 20, 2025, temporary restraining order (“TRO”) (ECF 48). SSA notified the undersigned Department of Justice (“DOJ”) attorneys on December 10, 2025, of its concerns.
Something else led SSA to review DOGE access in October.
And while Debra Katz, the attorney for Social Security whistleblower Chuck Borges, claimed vindication from the disclosure, it’s not entirely clear whether Borges’ disclosures precipitated the discovery. He first came forward in August, two months before SSA appears to have started doing a real assessment of access violations, though he filed a retaliation supplement to his complaint in November.
Importantly, while Borges’ disclosures covered the revelations in last week’s filing, the most horrific of his disclosures pertained to actions that long post-date what is described in the filing, which all happened in March.
Last week’s declaration revealed the following:
On March 3, 2025, a DOGE boy sent an email with an encrypted file to DHS, copying Steven Davis (who then was the operational leader of DOGE) and a DOGE boy formally assigned to Department of Labor. SSA has not been able to break the encryption and so don’t know which 1,000 people the emailed records exposed.
The email attached an encrypted and password-protected file that SSA believes contained SSA data. Despite ongoing efforts by SSA’s Chief Information Office, SSA has been unable to access the file to determine exactly what it contained. From the explanation of the attached file in the email body and based on what SSA had approved to be released to DHS, SSA believes that the encrypted attachment contained PII derived from SSA systems of record, including names and addresses of approximately 1,000 people.
From March 7 through 17, the DOGE boys were sending links through Cloudflare, and SSA has not bothered to ask Cloudflare what got sent or whether it still has the data.
[B]eginning March 7, 2025, and continuing until March 17 (approximately one week before the TRO was entered), members of SSA’s DOGE Team were using links to share data through the third-party server “Cloudflare.” Cloudflare is not approved for storing SSA data and when used in this manner is outside SSA’s security protocols. SSA did not know, until its recent review, that DOGE Team members were using Cloudflare during this period. Because Cloudflare is a third-party entity, SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server.
Contrary to a declaration submitted by Mike Russo on March 12, the DOGE boys had more access than he disclosed at the time.
a. Three DOGE Team members were granted access to a system containing SSA employee records for agency personnel for workforce initiatives.
b. Two DOGE Team members were granted access to a system containing personnel access information to ensure terminated employees were unable to badge into the building or to access IT systems with their PIVs.
c. Six DOGE Team members were granted access to shared workspace that would have allowed DOGE Team members to share data to which the employees had separately been granted access for fraud or analytics reviews.
d. Two DOGE Team members had access to a data visualization tool that could connect to other data sources, which could provide access to PII.
e. Two DOGE Team members had access to additional EDW schemas beyond those reported as of March 12, 2025.
On March 24 (after Russo’s declaration claimed all DOGE was doing was pursuing waste, fraud, and abuse), a DOGE boy signed a Data Agreement with a partisan group attempting to overturn some elections.
[A] political advocacy group contacted two members of SSA’s DOGE Team with a request to analyze state voter rolls that the advocacy group had acquired. The advocacy group’s stated aim was to find evidence of voter fraud and to overturn election results in certain States.1 In connection with these communications, one of the DOGE team members signed a “Voter Data Agreement,” in his capacity as an SSA employee, with the advocacy group. He sent the executed agreement to the advocacy group on March 24, 2025 … but SSA has not yet seen evidence that SSA data were shared with the advocacy group.
From March 26 (two days after the Temporary Restraining Order in question) until April 2, a DOGE boy had access to “ten EDW schema containing” Personally Identifiable Information, but the DOGE boy never used it.
Contrary to some reporting and even more responses to the reporting on this, these abuses are not the most alarming things Borges disclosed, though they are consistent with parts of his whistleblower complaint. In truth, they provide details that make Borges’ earlier disclosures more concerning, such as that in the period when DOGE was sending data through Cloudflare, certain DOGE boys had just asked for and gotten access to the analytical warehouse, EDW.
First, around March 14, 2025, DOGE members requested access to PSNAP and SNAP MI databases for Payton Rehling and Aram Moghaddassi. Information reported to Mr. Borges indicates that proper approval through the Systems Access Management (SAM) system was bypassed for this request, which resulted in four user profiles.35 The Security Access Management process requires a written request for data access that is then either approved or disapproved by a supervisor who provides a written justification for their decision. This process is necessary for oversight of database access approvals.
Additionally, these profiles concerningly included equipment pin access and write access. 36 Equipment pin access means that instead of a user accessing data through a personal pin identifier, which would make the accessor’s actions traceable to a user, an equipment pin is used to verify the identity of a device or piece of equipment before it is granted access to a network or sensitive resources, potentially avoiding the creation of a record tied to a specific user. Giving a user “write access” means that the user will have the ability to edit data.
Granting access to databases that exceed authorized permissions violates the principle of least privilege, which holds that users should have the least amount of access necessary to do their job.37 Information provided to Mr. Borges indicates that on Monday March 17, 2025, the EDW team discovered that users had been given access to data that was reportedly not authorized through normal approval channels.38
34 An Enterprise Data Warehouse (EDW) is a central, secure system that integrates data from various sources across an organization to support informed decision-making and strategic analysis. It acts as a single source of truth, providing a consistent and reliable view of data for reporting, analytics, and business intelligence.
35 Exhibit 1, p. 5
36 Exhibit 1, p. 5
But these disclosures are entirely separate from Borges’ disclosures about what DOGE did after SCOTUS lifted the TRO in June, which is that in August — so five months after the abuses disclosed last week — SSA DOGE boys including Ed “Big Balls” Coristine with his ties to criminal hackers, created an entire copy of the SSA database and moved it onto a cloud not protected by government infrastructure.
The fact that DOGE was sending things via Cloudflare before that (and that SSA claims to be helpless to determine what got sent) demonstrates the danger of this. But it does not, remotely, address the danger.
As I said in August, when SCOTUS overturned Judge Ellen Lipton Hollander’s TRO in June, Justice Ketanji Brown Jackson warned about the skewed harm analysis SCOTUS was adopting.
Just last week, I wrote about the requirements for granting stay applications and, in particular, how this Court’s emergency-docket practices were decoupling from the traditional harm-reduction justification for equitable stays. See Noem, 605 U. S., at ___ (slip op., at 5). With today’s decision, it seems as if the Court has truly lost its moorings. It interferes with the lower courts’ informed and equitable assessment of how the SSA’s data is best accessed during the course of this litigation, and it does so without any showing by the Government that it will actually suffer concrete or irreparable harm from having to comply with the District Court’s order.
[snip]
Stepping back to take a birds-eye view of the stay request before us, the Government’s failure to demonstrate harm should mean that the general equity balance tips decisively against granting a stay. See Noem, 605 U. S., at ___ (slip op., at 4). On the one hand, there is a repository of millions of Americans’ legally protected, highly sensitive information that—if improperly handled or disseminated—risks causing significant harm, as Congress has already recognized. On the other, there is the Government’s desire to ditch the usual protocols for accessing that data, before the courts have even determined whether DOGE’s access is lawful. In the first bucket, there is also the state of federal law, which enshrines privacy protections, and the President’s constitutional obligation to faithfully execute the laws Congress has passed. This makes it not at all clear that it is in the public’s interest for the SSA to give DOGE staffers unfettered access to all Americans’ non-anonymized data before its entitlement to such access has been established, especially when the SSA’s own employees have long been subject to restrictions meant to protect the American people.
We’re only finding out about these earlier, less abusive violations, because lawyers and long-replaced SSA officials made declarations that have been debunked.
We’re not finding out why SSA launched the review in October or November (though the notice reveals, “A review of the SSA DOGE Team’s actions is ongoing”), and we’re not finding out what they have learned about the more serious violations.
What are the odds that the Musk Industrial Complex is planning to (mis)use all of that data for election meddling?
Watch the campaign Elon decided to join into in KY to see if that is what happens. Data vaccuumed up can also be used for AI models for better dead-bird deepfakes. DOGE and its minions need to be extirpated along with the Bushies and the Trumpkins burrowed into the administration due to their repeated demonstrated unreliability to their oaths of office.
“What are the odds that the Musk Industrial Complex is planning to (mis)use all of that data for 𝘧𝘶𝘳𝘵𝘩𝘦𝘳 election meddling?”
Fixed it for you…
my first email to my Senator, Patty Murray, when Musk and his Dodge minions stormed the SSA, was my educated fear that Musk would be stealing all the data to be able to micro-target voters for 2026 midterms, to suppress or turn out the votes he wants in various areas. And that he would hand over (or sell?) our data to Palantir for the same purposes.
i’ve seen a lot of chatter on Bluesky calling concerns for the integrity of the 2026 midterms as “doomerism”. nope – it is justified concern given Musk’s extraordinary power and ability to amplify certain messages over others, and our need to work every day to protect and harden our election infrastructure.
I would expect it to be (mis)used for a hell of a lot more than election meddling. Given that even infants are expected to have SSNs, you’re talking about data for almost everybody in the country. By now you can bet that Palantir and every other member of the surveillance-industrial complex has a copy, and is busy cross-indexing it with ALPR and facial recognition data (at a minmum).
And really, I think this was always the entire point of “DOGE”. If you were seriously investigating “waste, fraud, and abuse”, you’d want accountants and HR people on your team. If instead your team is nothing but hackers, well….
Meanwhile none of this is making SSA work better for those forced to navigate its various systems and facing the hard deadlines imposed by “timeliness” parameters. Since 26 November 25, the date of the notice that my Medicare premiums were being raised 140% because in 2024 I looted my pension funds to buy a condo (I had to figure this out myself), I have had 60 days to appeal the decision. This Sunday is my hard deadline.
Subtract Thanksgiving, Trump’s 3-day Christmas, New Years Day, MLK, and many weekends. THEN subtract the wait time for a call back from SSA, in my case over 90 minutes–*after* the process of determining this was what I had to do. THEN subtract all the times the SSA website (they want you to do this kind of thing online) has been down. I can’t count the instances where I’ve followed the steps only to see “We can’t process your request at this time…”
Nor could I make an appointment with any remotely local SSA office–there were no appointments. So yesterday I put all my documents in an envelope and sent them certified mail. Now I pray…not for myself so much; I have a doctorate in American Literature, which you don’t achieve without mastering document preparation at the very least. But what about those without my training? DOGE had its targets, but no stakeholders among the millions who must use SSA for basic (and guaranteed) services.
I have had similar problems dealing with SSA online. What has worked for me, and I hope will work for you, is using a different browser. Firefox reliably gives me that error message, but Edge works.
You make me feel so lucky that I noticed there was a Social Security office in the same industrial/office park that housed the Essex South District Registry of Deeds in Salem, Massachusetts, before the registry moved to a more remote and soulless industrial/office park in Beverly and shed all of the records in the move. I needed to replace my Social Security card, so, on a whim, I walked in on my way back from lunch and was able to talk to someone after an endurable wait.
Thank you, CambridgeKnitter. Yes, I had some success switching browsers too. And my previous experience with our local SSA office impressed me, but our office seems overwhelmed right now. My solution, archaic as it seems, was to send everything as hard copies by regular mail. (This was after I had uploaded several documents but discovered that the required SSA form refused to upload.)
At this point I’m just hoping what I did suffices.
I find it interesting that Microsoft’s Edge browser works but one has problems while using the (not very) competitive Firefox, as I generally do. One might start to wonder if Microsoft is laying “landmines” for other browsers, perhaps in an effort to make Edge look better?
wild bill, your comment really struck me. Everything about my experience navigating federal websites *does* seem insidiously geared toward having the frustrated navigator revert to Edge. I typically use Safari, sometimes Firefox, on my Mac laptop. Often neither connected to the SSA site, and I gave up.
My biggest takeaway from this has been the confirmation that the current administration (guided by Project 2025, itself guided by a longterm “conservative” goal of rendering the federal government drownable in a bathtub, all for the sake of the most-monied interests) is achieving one aim: making government NOT work for its citizens, to the point where they will reject the very concept of it…along with law and truth.
The other aims they’re achieving are almost exclusively Putin’s.
Putting aside the larger malfeasance picture, the references to Cloudflare are ambiguous and poorly described. Cloudflare is not inherently a data-storage service; it typically acts as an intermediary in front of websites or applications. If SSA data were uploaded to a Cloudflare-hosted storage product (such as object storage or a worker-managed store), that would constitute third-party data storage outside approved systems. If, instead, SSA data were shared via “links” to an application or site merely fronted by Cloudflare, Cloudflare may have cached or transmitted data transiently without being the system of record. In that case, the data sharing occurred at the application level, not because Cloudflare itself was used as a storage destination. The technical distinction matters, because it determines whether data were persistently stored by a third party or simply routed through one.
[Welcome to emptywheel. Please choose and use a UNIQUE username with a minimum of 8 letters. We adopted this minimum standard to support community security. Because your username is too short and common (there are more than one Jeremy in the community), your username will be temporarily changed to match the date/time of your first known comment until you have a new compliant username. /~Rayne]
Yeah, the Cloudflare reference didn’t make sense at all to me.
Did they have WRITE ACCESS to the Enterprise Data Warehouse? Holy crap! That is so wrong. No user should ever have write access to a data warehouse. Only the processes that pull data from the operational databases should be writing to the data warehouse.
Fits in with their “move fast and break things” ethos.
Any fraud, scam or improper use of government data resulting from SCOTUS overturning Judge Hollender’s TRO should henceforth be referred to as a Roberts hack.
Why should Kavanaugh have all the glory?
This SC is going down in the history books as the greatest wilful betrayer yet of the American people and the Constitution its members swore to serve. With Roberts’ name firmly attached. Move along there, Taney…
Rash decisions like this one and they slow walk the decision on tariffs.
Something is rotten in the state of Iceland.
Probably needed to call in a tutor for a crash course on economics.
My hunch is that a respected, longtime staffer not only saw something, but also realized what clusterfck this would mean for SSA, and once the DOGE boys were out the door, brought sufficient evidence and wisdom to a higher-up that SSA started digging.
As williamockam notes, there’s no way these folks should EVER have had Write Access to an EDW because of all the mischief that could create. Total guess here, as I have no inside contacts or info, but basic data retention protocols would make sure these systems and databases get backed up daily. If you have an idea that the system was messed with on a given day, you could look at the previous day’s backup, compare it with the target day, and see what information was changed. It might not tell you who did the changes, but seeing what was altered could go a long way toward motive and ultimately tracking them down.
And that kind of comparison, on a huge database like we’re talking about here, would take time. Given the political climate, you get one shot at accusing a DOGE boy (or one higher-up at DOGE) of misconduct. Getting it right is much more critical than getting it fast.
It has been awhile since I used large databases managed by the large government gate keepers like Booze, so I have to wonder whether enough tracking information about what computer and where the access to system originated? Do we know if that level of login information is collected and maintained for this data? A long time ago we got the run around about data access to a system so the gate keeper contractors moved the database to Fort Huachuca; however, while they changed the database location, they never changed the universal login and password that allowed access to the data we wanted. We knew the database did not track what computer was making the changes, just the login and password.
Assuming of course the DOGE kids don’t know how to cover their tracks. We already have claims in other cases about mysteriously missing records / videos / evidence so I would not be the least surprised that the backups were wiped for ‘efficiency’. That kind of deletion would also cause havoc for ongoing and new cases for SSA because the history is lost.
Don’t underestimate how easy this can be, I had a junior-level college roommate who was unpersoned by the administration. He found out when he went to get his registration packet and they looked at him like he had three heads: Who are you? In spite of the fact his parents were both high-powered professionals the university didn’t back down.
My understanding is Elon is consulting with the ICE agents in Minnesota, teaching them how to salute.
That is a snark, right?
Right…?
Curious that DOGE employees were using encryption to send sensitive SSA data to whomever, but SSA can’t decrypt the attachment months later. I wonder what they’re continuing to hide from their own govt.
Oh, and why hasn’t the relevant shithead former DOGE goon not provided the encryption tools? Has no one asked? Seems to me a lot of pressure could be brought to bear on someone refusing to do that.
“…a lot of pressure could be brought to bear on someone refusing to do that.”
But bringing that pressure requires two things that I see as sorely lacking: trained senior staff in high-level SSA management, and political will. As long as the Trump administration (and GOP more broadly) stand to gain from these machinations, and as long as they remain in power, who exactly is going to initiate and sustain that pressure?
I dividual members of Congress along with Prtizker and Walz have been making statements about “keeping track” and “coming after” lawbreakers. Whether or not they are actually doing that with an eye on statute of limjtations is another question. It would be nice if at least some Democratic officials somewhere grasped the concept of accountability and punishment as a deterrent. Because the Republican party will do this all again at the first opportunity otherwise.
Since Trump has staffed and stocked the government administration with his picked sycophants, there is generally little likelihood that anyone will take interest or action unless driven by public pressure. The current Congress is bought or cowed and the justice system ends at the Supreme Court where Roberts and company are busily establishing the universal executive.
Playing with votes, sure. But there is real money elsewhere. The entire database downloaded gives them full knowledge of many many details of the life of ordinary US citizens that private companies, such as an insurance company, would only dream of. You just know so much more about your clients that you can drastically reduce the odds of a bad bet, that is, someone with good coverage that you have to fork out money for, and drastically increase the odds of a good bet. Considering you offered all these clients “blind” deals, you can end coverage for the ones you deem bad bets, keep the premium unchanged for the other and tada! excellent results.at the data Now, if an “AI” owned by DOGE affiliated people was offering you that guidance, you don’t even have to get your hands dirty and touch the data yourself : you just used a well trained robot, and it turned out it worked. Full deniability granted, you were just lucky.
#tu
Well, the “data agreement” must have been a big zero, or they would have been shouting from the rooftops about the “proof the 2020 election was stollen”.
And who were the 1000 people whose SSA data was encrypted and emailed? Thiel’s enemies? Potential blackmail targets? Epstein witnesses?
The one thousand Epstein survivors?
Free advice: a campaign ad and promise- ‘your secrete and intimate personal information was stolen in the biggest data breach in the history of mankind. I will find and return every word and number that was stolen from you.
Even if this isn’t literally possible, it’s still a scary scenario with a powerfully active promise.