Opinion | Here Are the Digital Clues to What Musk Is Really Up To

Watching Elon Musk and his band of young acolytes slash their way through the federal government, many observers have struggled to understand how such a small group could do so much damage in so little time.

The mistake is trying to situate Musk solely in the context of politics. He isn’t approaching this challenge like a budget-minded official. He’s approaching it like an engineer, exploiting vulnerabilities that are built into the nation’s technological systems, operating as what cybersecurity experts call an insider threat. We were warned about these vulnerabilities but no one listened, and the consequences — for the United States and the world — will be vast.

Insider threats have been around for a long time: the C.I.A. mole toiling quietly in the Soviet government office, the Boeing engineer who secretly ferried information about the space shuttle program to the Chinese government. Modern digital systems supercharge that threat by consolidating more and more information from many distinct realms.

That approach has delivered obvious benefits in terms of convenience, access, integration and speed. When the bipartisan Sept. 11 commission described how segmentation of information among agencies had stymied intelligence efforts, the solution was to create integrated systems for collecting and sharing huge troves of data.

Running integrated digital systems, however, requires endowing a few individuals with sweeping privileges. They’re the sysadmins, the systems administrators who manage the entire network, including its security. They have root privileges, the jargon for highest level of access. They get access to the God View, the name Uber gave its internal tool that allowed an outrageously large number of employees to see anyone’s Uber rides.

That’s why when Edward Snowden was at the N.S.A. he was able to take so much information, including extensive databases that had little to do with the particular operations he wanted to expose as a whistle-blower. He was a sysadmin, the guy standing watch against users who abuse their access, but who has broad leeway to exercise his own.

“At certain levels, you are the audit” is how one intelligence official explained to NBC News the ease with which a single person could walk off with reams of classified data on a thumb drive. It’s the modern version of one of the oldest problems of governance: “Quis custodiet ipsos custodes?” as the Roman poet Juvenal asked about 2,000 years ago. Who watches the sysadmin?

Consider the outrage that is the federal employee retirement system, a clunky program that Musk recently highlighted. The entire operation runs almost solely on paper, each retirement file hand-processed by hundreds of workers in a limestone mine 230 feet underground who ferry pieces of paper between the caverns to put them in the right manila folder. Since there couldn’t be an open flame in the mine, The Washington Post reported in 2014, all the food had to come from the outside. So the pizza guy had a security clearance. Multiple attempts at modernization failed, resulting in a frustratingly sluggish process in which simple searches often take months.

Not so the hiring and firing process at the Office of Personnel Management, where all employment records have been neatly digitized in an uber-human resources department for the entire federal government. That’s why a team from Musk’s so-called Department of Government Efficiency headed straight for O.P.M., dragging in sofa beds to sleep on so they could be there round the clock. O.P.M. is root access to the entire United States government.

With that kind of access, even a small team can search the entire government for employees whose job titles contain suggestions of wrongthink, or who might resist takeovers or wield bureaucratic tools to slow the pace of change.

In effect, this small DOGE crew has become sysadmins for the entire government. Soon after O.P.M., they descended on the Treasury Department, where every payment the government has made is stored: root access to the economy (including many companies that are direct competitors to those of Musk). Their efforts expanded recently to the I.R.S. and Social Security Administration, both of which hold extremely personal, sensitive information: root access to practically the entire American population.

The Atlantic reports that a former Tesla engineer appointed as the director of the Technology Transformation Services — a little-known entity that runs digital services for many parts of the government — has requested “privileged access” to 19 different I.T. systems reportedly without even completing a background check, making him less vetted than the person delivering pizza to that mine.

All this has merged with and amplified another kind of insider threat brewing for decades on the political side: the expansion of unchecked executive power.

“With money we will get men, said Caesar, and with men we will get money,” Thomas Jefferson once wrote, to warn against the ways that what he called elective despotism can become a self-feeding cycle. He had feared that an elected authoritarian would not just pulverize the institutions meant to limit his power, but take them over to wield as weapons, thus further entrenching himself.

Even Jefferson couldn’t have imagined a future in which the arsenal being deployed included centralized databases with comprehensive records on every citizen’s employment, finances, taxes and, for some, even health status.

After a judge blocked a Trump executive order, Elon Musk shared a post with his more than 200 million followers on X that included the judge’s daughter’s name, photo and job, allegedly at the Department of Education. There’s no indication he got access to government databases about her, but how would we know if he had, or if he does so in the future?

How many people are now wondering about private information about themselves or their loved ones? How many companies are wondering if their sensitive financial data is now in the hands of a rival? How many judges are wondering if their family is next?

It didn’t have to be this way. Over the years, expert after expert and organization after organization warned about the dangers of consolidating so much data in the hands of governments (and corporations). As far back as 1975, Jerome Wiesner, then the president of M.I.T., warned that information technology puts “vastly more power into the hands of government and private interests” and that “the widespread collection of personal information would pose a threat to the Constitution itself,” risking the rise of an “information tyranny in the innocent pursuit of a more efficient society.”

It’s not a choice between efficiency and manila folders in underground mines. There have been plenty of promising efforts to develop digital technologies that preserve our privacy while delivering its conveniences. They have names like zero-knowledge proofs, federated learning, differential privacy, secure enclaves, homomorphic encryption, but chances are you’ve never heard of any of them. In the rush to create newer, faster, more monetizable technologies — and to enable the kind of corporate empires whose chief executives stood beside Donald Trump at his inauguration — privacy and safety regulations seemed like a bore.

Now we are stuck with a system that offers equal efficiency to those who wish to exercise the legitimate functions of government and those who wish to dismantle it, or to weaponize it for their own ends. There doesn’t even seem to be a mechanism to learn who has gained access to what database with what privileges. Judges are asking and not always getting clear answers. The only ones who know are the sysadmins, and they’re not saying.