Commentary  

In Appearance Before Congress, Bruce Schneier Raises Concerns about DOGE Data Handling Practices

In a warning to lawmakers, cybersecurity expert Bruce Schneier testified before the House Committee on Oversight and Government Reform, sharply criticizing the Department of Government Efficiency’s (DOGE) handling of federal data. Describing DOGE’s security protocols as dangerously inadequate, Schneier warned that the agency’s practices have put sensitive government and citizen information at risk of exploitation by foreign adversaries and criminal networks.

Cyber image of a lock on a computer screen

In testimony before the House Committee on Oversight and Government Reform, Harvard Kennedy School’s Bruce Schneier sounded the alarm about the Department of Government Efficiency’s (DOGE) data security protocols. He warned that highly sensitive federal data could fall into the hands of hostile nations or criminal groups.

“Data security breaches present significant dangers to everyone in the United States, from private citizens to corporations to government agencies to elected officials,” said Schneier, an internationally recognized security technologist who teaches cybersecurity policy at the Kennedy School. He described DOGE’s approach toward data security as “reckless” and urged Congress to rein in the agency’s attempts to consolidate federal data and remove key privacy and security controls.

Watch Full Testimony Here

“Their actions have weakened security within the federal government by bypassing and disabling critical security measures, exporting sensitive data to environments with less security, and consolidating disparate data streams to create a massively attractive target for any adversary,” Schneier told the committee.

In his testimony, Schneir outlined what he called a “DOGE approach” to data handling, with four distinct features:

  • Data consolidation: Exfiltrating and connecting massive U.S. databases to create a single pool of data covering all citizens.
  • Reduced security protocols: Removing access controls and audit logs, creating unmonitored copies of data, exposing highly sensitive data to cloud-based tools, seeking maximally permissive data access waivers, and eliminating previously required security protocols for vetting staff.
  • AI training and processing: Using AI tools to process data outside of carefully monitored environments.
  • Outsourcing: Transferring control over data access to private companies.

Taken together, Schneier argued, these steps have already caused significant damage to the data security of the federal government. “By following the DOGE approach, the current administration has increased both the likelihood and the potential scale of attacks against us and endangered our safety, both individually and collectively. A decisive shift in the administration’s approach to data security can begin to right the ship.”

More from this Program

Stephen Richer’s Summer Reading List
Picture of colorful bookshelf

Feature

Stephen Richer’s Summer Reading List

The official start of Summer is almost here, and Stephen Richer, Senior Practice Fellow in American Democracy and former elected Maricopa County Recorder, shares his summer reading list with a range of books focused on his work of democracy and elections, as well as his personal favorites.

 

The 2024 Presidential Election: The Broken Bond Between Youth and Democracy
Cover photo of the report

Policy Brief

The 2024 Presidential Election: The Broken Bond Between Youth and Democracy

The 2024 election saw Donald Trump make significant gains among young voters, increasing his support among 18- to 29-year-olds by 10 percentage points. This report aims to investigate the deeper issues at stake that are causing this historical shift.

More on this Issue