Commentary  

In Appearance Before Congress, Bruce Schneier Raises Concerns about DOGE Data Handling Practices

In a warning to lawmakers, cybersecurity expert Bruce Schneier testified before the House Committee on Oversight and Government Reform, sharply criticizing the Department of Government Efficiency’s (DOGE) handling of federal data. Describing DOGE’s security protocols as dangerously inadequate, Schneier warned that the agency’s practices have put sensitive government and citizen information at risk of exploitation by foreign adversaries and criminal networks.

Cyber image of a lock on a computer screen

In testimony before the House Committee on Oversight and Government Reform, Harvard Kennedy School’s Bruce Schneier sounded the alarm about the Department of Government Efficiency’s (DOGE) data security protocols. He warned that highly sensitive federal data could fall into the hands of hostile nations or criminal groups.

“Data security breaches present significant dangers to everyone in the United States, from private citizens to corporations to government agencies to elected officials,” said Schneier, an internationally recognized security technologist who teaches cybersecurity policy at the Kennedy School. He described DOGE’s approach toward data security as “reckless” and urged Congress to rein in the agency’s attempts to consolidate federal data and remove key privacy and security controls.

Watch Full Testimony Here

“Their actions have weakened security within the federal government by bypassing and disabling critical security measures, exporting sensitive data to environments with less security, and consolidating disparate data streams to create a massively attractive target for any adversary,” Schneier told the committee.

In his testimony, Schneir outlined what he called a “DOGE approach” to data handling, with four distinct features:

  • Data consolidation: Exfiltrating and connecting massive U.S. databases to create a single pool of data covering all citizens.
  • Reduced security protocols: Removing access controls and audit logs, creating unmonitored copies of data, exposing highly sensitive data to cloud-based tools, seeking maximally permissive data access waivers, and eliminating previously required security protocols for vetting staff.
  • AI training and processing: Using AI tools to process data outside of carefully monitored environments.
  • Outsourcing: Transferring control over data access to private companies.

Taken together, Schneier argued, these steps have already caused significant damage to the data security of the federal government. “By following the DOGE approach, the current administration has increased both the likelihood and the potential scale of attacks against us and endangered our safety, both individually and collectively. A decisive shift in the administration’s approach to data security can begin to right the ship.”

More from this Program

Chicago’s Solution To Public Pension Debt is a Generational Scam
Chicago's skyline with a graphic of hands holding money.

Article

Chicago’s Solution To Public Pension Debt is a Generational Scam

In this op-ed, Jennifer Hochschild explains that Chicago is facing a financial crisis decades in the making — a crushing burden of pension debt that no current resident created but all must bear. Instead she says, it is the result of a century of political promises, underfunded commitments, and systemic avoidance — leaving Chicagoans to reckon with the consequences today.

More on this Issue

Technology and Democracy: What to Read This Summer
A collection of books from the GETTING-Plurality Research Network.

Feature

Technology and Democracy: What to Read This Summer

This list of resources, curated by the GETTING-Plurality Research Network at the Allen Lab for Democracy Renovation, highlights emerging ideas at the intersection of technology and democracy.