Government
,
Industry Specific
Federal Agencies and Experts Alike Say Musk’s Email Request Poses Security Threat
Elon Musk’s call for millions of federal workers to email his task force with five bullet points on what they worked on last week could create a potential goldmine for foreign adversaries, risking exposure of sensitive agency activities, national security interests and critical operations.
See Also: New Attacks. Skyrocketing Costs. The True Cost of a Security Breach.
Former federal officials, intelligence officers and security experts warned that a sudden mass collection of federal workers’ bullet-pointed activity reports is reckless. It is unclear how many federal employees responded to an Office of Personnel Management email demanding an outline of accomplishments precipitated by a Saturday afternoon tweet from Musk. The Washington Post reported Monday that the Trump administration said it would not enforce the Musk decree.
Security concerns have nonetheless persisted, especially amid reports that Musk plans to use artificial intelligence to analyze federal employees’ responses – heightening risks of misinterpretation and exploitation.
Collecting “potentially sensitive data points through notoriously insecure means like email, to create a repository that did not exist 48 hours ago, is a security nightmare,” said Hannah Quay-de la Vallee, a senior technologist at the nonprofit Center for Democracy and Technology. Harm could come from “creating a honeypot of valuable, ill-protected information, presumably accessible to DOGE workers who have recently demonstrated their inability to implement basic security practices.”
Senior leadership within the administration warned agency employees against responding to the email, including newly-appointed FBI Director Kash Patel and Secretary of State Marco Rubio. National Intelligence Director Tulsi Gabbard cited the “inherently sensitive and classified nature of our work” in telling spy agency employees to not reply. Health and Human Services employees received a stark warning from agency leadership that read in part: “Assume that what you write will be read by malign foreign actors and tailor your response accordingly.”
A former intelligence officer, speaking anonymously due to the sensitivity of the request, called it “unimaginable” to ask federal employees to risk exposing agency insights to threat actors in a desperate attempt to prove their jobs shouldn’t be eliminated by a non-government entity. The organization behind the email, the Department of Government Efficiency, is not a government agency. It has assumed the place of what used to be the U.S. Digital Service, a technology unit housed within the White House meant to improve the delivery of federal services to citizens. The White House has distanced itself from President Donald Trump’s claim that Musk heads the unit amid lawsuits challenging DOGE’s authority (see: DOGE Team Wins Legal Battle, Retains Access to Federal Data).
DOGE has ignited growing security concerns in its first month, from ousting top cybersecurity officials at the FBI and the Cybersecurity and Infrastructure Security Agency, to removing thousands of federal workers in critical security roles, including FDA reviewers responsible for assessing cybersecurity in medical devices. Soon after the axe fell on FDA, many of those terminated positions were quickly offered their jobs back – raising questions around the process DOGE was following when removing agency positions.
Much of the FDA’s work around drugs and medical devices is funded by user fees paid to the agency by the industry rather than taxpayers. One source who requested anonymity told ISMG the administration was “back-peddling after unnecessarily harming the American medical device manufacturing industry.”
Twenty-one DOGE staffers, all former U.S. Digital Service members, resigned Tuesday, telling White House Chief of Staff Susie Wiles they “will not lend our expertise to carry out or legitimize DOGE’s actions.”
“We will not use our skills as technologists to compromise core government systems, jeopardize Americans’ sensitive data, or dismantle critical public services,” read a letter the staffers wrote to Wiles, first obtained by NPR.
OPM, FDA and HHS did not respond to multiple requests for comment.
With reporting by Information Security Media Group’s Marianne McGee in the Boston exurbs.