| ▲ | snickerbockers 2 days ago |
| So how is this any different from all the random employees who might have access to this data as part of their jobs? I would understand if there was this sort of scrutiny over every federal employee but as it stands I never know who has access to my data and if they can be trusted. |
|
| ▲ | wodenokoto 2 days ago | parent | next [-] |
| Usually you don’t have access to “everything”. It might even be illegal to cross reference certain data, e.g., the same person or department might not even be allowed to have access to two databases. I don’t know if the cross reference is true for the US, but it is for other countries. |
| |
| ▲ | scarab92 2 days ago | parent [-] | | [flagged] | | |
| ▲ | intended 2 days ago | parent | next [-] | | Course theres something wrong with it. When the frik did Americans, and American techies - get so blasé about personal information security! America fought against the idea of biometric ID cards. People on HN have railed against giving more information to the government forever. What the hell? Like this shit didn’t happen back home in INDIA, and that’s a nation which is comfortable with a stronger state. It’s NOT OK, and you can very well acknowledge that fact because you can just imagine what eviscerating a legacy code base without a replacement looks like. It looks like the disaster you wish on your worst enemy while you quit the firm and look for a new job. This isn’t beyond the project execution and technical ability of most people here to grasp. ask yourself how many consecutive miracles would it take for this to go off without a hitch. Then ask yourself if you are that lucky. | | |
| ▲ | scarab92 2 days ago | parent [-] | | [flagged] | | |
| ▲ | intended 2 days ago | parent | next [-] | | >They only touch personal data incidentally, and no doubt sanitise and anonymise it whenever possible. Come now. Good faith is earned. They MAY be doing it correctly. But show the damn receipts. This is the basic ask when someone comes to any firm and promises to fix everything and then runs away once the project fails. And if they ARENT showing the receipts - then make a noise about it. >the last thing anyone at DOGE wants is for personal data to leak Theres a great article which was shared here: "Why is it so hard to buy things that work"
https://danluu.com/nothing-works/ The idea here is that since its the right thing to do, firms will do the right thing. or: "markets enforce efficiency, so it's not possible that a company can have some major inefficiency and survive" > Although it's possible to find people who don't do shoddy work, it's generally difficult for someone who isn't an expert in the field to determine if someone is going to do shoddy work in the field. and > More generally, in many markets, consumers are uninformed and it's fairly difficult to figure out which products are even half decent, let alone good. | |
| ▲ | jhonof 2 days ago | parent | prev | next [-] | | > What makes you think DOGE is being blasé with personal data? Why should a government agency run by a random unelected tech ceo even have the option to be blasé with personal data? Like I thought this website was pretty vehemently against things like the Patriot Act giving the NSA granular personal data and backdoors into communication, that at least had the guise of "national security" backstopping it. Giving a new department personal data access for no reason other than "government efficiency" (no actionable goals given by the department btw) is significantly more tenuous than "national security". | |
| ▲ | djaychela 2 days ago | parent | prev | next [-] | | >What makes you think DOGE is being blasé with personal data? Their site was hacked? And given the overconfidence that some of the people involved seem to display, I think it's reasonable to ask for at least checking of what's happening... which isn't occurring. | |
| ▲ | macNchz 2 days ago | parent | prev [-] | | They’ve got a 19 year old engineer with some clear links to the cybercrime world seemingly plugging in to things, for one. https://www.wired.com/story/edward-coristine-tesla-sexy-path... |
|
| |
| ▲ | tourist2d 2 days ago | parent | prev [-] | | So more ambitiousness means you should get access to more user information? |
|
|
|
| ▲ | thebeardisred 2 days ago | parent | prev | next [-] |
| This is generally quite restricted. I personally had to undego a "Public trust" civilian security clearance (which is binding for life unlike the 75 years of TS-SCI). |
| |
| ▲ | ritwikgupta 2 days ago | parent | next [-] | | Public trust is not a security clearance; it is simply a more involved background check. A security clearance is only granted after a T3/T5 investigation and adjudication of the request. The SF312 NDA signed in order to receive your clearance does not expire. | |
| ▲ | imafish 2 days ago | parent | prev [-] | | And do we know the DOGE employees don’t undergo this? | | |
| ▲ | drawfloat 2 days ago | parent | next [-] | | Given the little background we know of the employees includes a guy who was fired for leaking secrets, I think it’s safe to say they didn’t | | | |
| ▲ | mexicocitinluez 2 days ago | parent | prev [-] | | lol https://www.bbc.com/news/articles/c93q625y04wo I already know the answer to this, but if Obama had George Soros hire a bunch of anti-white people to oversee the Doge systems, would you still be supporting it? Or it's okay because you're white and the people are in charge are white. |
|
|
|
| ▲ | rsynnott 2 days ago | parent | prev | next [-] |
| Except in exceptionally poorly run or small organisations, random employees do not have access to everything; generally they need a reason to look at stuff, and there’s a paper trail indicating that they looked at it. |
| |
|
| ▲ | bdcravens 2 days ago | parent | prev | next [-] |
| The fact that it crosses departmental boundaries. The fact that the employee has multiple businesses that could benefit from such data. |
|
| ▲ | pyrale 2 days ago | parent | prev | next [-] |
| I strongly suspect no single employee had access to all that data. |
| |
|
| ▲ | unsui 2 days ago | parent | prev | next [-] |
| accountabilty and role-based permissions based on least-privilege. None of that matters with what DOGE is doing. That should worry you. |
|
| ▲ | mexicocitinluez 2 days ago | parent | prev | next [-] |
| > So how is this any different from all the random employees who might have access to this data as part of their jobs? Are you asking why it's any different a non-American billionaire who has multipole government contracts having access to your data any different than Joe Bob who was hired and vetted by those same people unlike the other guy? |
| |
| ▲ | andsoitis 2 days ago | parent [-] | | > a non-American billionaire This is false. Elon Musk has South African, Canadian, and US citizenship.
Let's not play the xenophobia card. | | |
|
|
| ▲ | insane_dreamer 2 days ago | parent | prev | next [-] |
| There are considerable processes to make sure that happens, including proper background checks, seniority at the job, etc. You don't just hand some rando newbie the keys to the kingdom -- any company that did that would be laughed at. |
|
| ▲ | sherburt3 2 days ago | parent | prev | next [-] |
| Yeah I more concerned “God Mode” is a thing that exists. One would hope that these systems are heavily locked down but my experience maintaining legacy systems makes me think “God mode” is a thing you get because you have to run a quarterly report and it is too much of a hassle setting up the correct permissions. |
| |
| ▲ | jeffrallen 2 days ago | parent [-] | | Anyone who has ever had root on a database server has that access. There's no technology available that prevents the people responsible for correcting failing RAID volumes from reading blocks from /dev/sda. In theory, yes, there are DRM technologies that prevent you from getting a copy of a song Spotify stores in your cache. But those technologies are not used on multi-gigabyte databases. The only thing that protects that data is professional ethics, and in extremely paranoid (i.e. airgapped) environments, metal detectors. Sincerely, God Mode on x DBs, where x > 1. | | |
|
|
| ▲ | leet0rz 2 days ago | parent | prev [-] |
| It is not, it's the same there are just different people viewing your private information, probably more corrupt who banks all that money to themselves now instead of it going to whoever it was going to previously. |
