Top career officials at the Department of the Interior (DOI) were placed on administrative leave late last week after declining to immediately give affiliates of the so-called Department of Government Efficiency (DOGE) levels of access to a payroll system that would in theory allow them to, among other things, stop individual Supreme Court justices’ paychecks.
The New York Times has reported that these officials include the DOI’s chief information and information security officers; sources tell WIRED they also include a top lawyer.
For several weeks, say sources with direct knowledge of the situation, DOGE operatives have been seeking what they termed “full” or “system” access to the DOI’s payroll, human resources, and credentialing systems. Among the systems to which it demanded full access is the Federal Personnel and Payroll System (FPPS), which is housed in the DOI’s Interior Business Center and is used by dozens of federal agencies ranging from the Department of Justice to the Nuclear Regulatory Commission to handle payroll and records associated with more than 275,000 federal workers, including at agencies outside the executive branch.
The DOGE associates in question are Tyler Hassen, an energy executive and acting assistant secretary of policy, management, and budget at DOI; Stephanie Holmes, who runs HR for DOGE and is the acting chief human capital officer at DOI; and Katrine Trampe, an adviser to Doug Burgum, the secretary of the interior.
According to sources with direct knowledge, when asked why they sought full access to these systems, the DOGE operatives said they specifically sought levels of permissions that would give them the ability to create, pause, and delete email accounts. This functionality doesn’t, strictly speaking, exist for any one user within the systems they were seeking to access, because such actions are, as a security measure, designed to be initiated by one person and approved by another. Granting their request would thus require them each to be given an essentially God-mode level of access to the entire system architecture.
According to sources and a risk assessment memorandum reviewed by WIRED and first reported on by the Times, top career officials saw several issues with granting these unprecedented levels of access.
First, it raised an inherent security issue. No single person at DOI has root-level permissions to all the systems the DOGE operatives sought to access, which could allow them—or an outside actor who had compromised their credentials—to do anything from overwrite the code base to look at the W2s and other personal information of, or even stop payments to, individual federal workers. (According to one source, who cited The Atlantic’s recent reporting on top national security officials sharing sensitive military information in a Signal chat, a specific concern raised within the Department of the Interior was that DOGE affiliates might share the credentials in an insecure way, leading to a breach on par with the hack of the Office of Personnel Management a decade ago, in which tens of millions of federal personnel records were accessed by hackers linked to the Chinese government.)
Second, it wasn’t clear that the DOGE affiliates had the authority to either access these systems or do what they purportedly wanted to. An executive order signed by President Donald Trump gives the US DOGE Service broad authority to access unclassified systems. But while Holmes is detailed to DOI from the US Digital Service, Hassen and Trampe are DOI employees and are not, according to one source with knowledge, even part of a formal DOGE team. That means they have no authority or privileges past those of a normal DOI employee. Even Holmes, the acting chief HR officer, does not obviously have the authority to cut off the email accounts of DOI employees outside her own office, let alone workers situated at other agencies or even outside the executive branch.
To determine whether it was possible to grant the requested access, the officials concluded, it would be necessary to review federal privacy and information security law as well as lines of authority within DOI.
According to sources with knowledge, these issues were raised at a Thursday morning meeting between top technical and legal staff from the DOI and DOGE, where the career officials asked what specifically the DOGE affiliates were trying to do so as to evaluate whether there were legal means of granting them the necessary access. When pressed for information that would allow officials to evaluate DOGE’s request and the risks it would raise, Trampe, the sources say, simply reiterated that they sought system-level access that would allow them to create, pause, or delete email accounts, citing the authority of the executive order and saying the matter was not up for debate. It was made clear during the meeting, the sources say, that the deadline for granting the access was Friday.
| Got a Tip? |
|---|
| Are you a current or former government employee who wants to talk about what's happening? We'd like to hear from you. Using a nonwork phone or computer, contact the reporter securely on Signal at timmarchman.01. |
Following the meeting, top technical and legal officials drafted a risk assessment. (“Full administrative/root access enables individuals to initiate and modify personnel and payroll actions, potentially locking out other authorized users. Additionally, personnel with elevated privileges across multiple systems become prime targets for credential compromise by nation-state adversaries or other malicious actors,” they wrote.) Ultimately, they concluded that because of the inherent risks, only Burgum had the authority to grant the access DOGE requested.
Late Friday afternoon, the chief information and information security officers and the associate solicitor at the Department of the Interior were, according to sources with knowledge, placed on leave and told they were being investigated for workplace behavior. It is believed within the department that on Saturday, DOGE was granted access to the FPPS, though sources were unclear on the level of the privileges they’d been given.
“We are working to execute the president’s directive to cut costs and make the government more efficient for the American people and have taken actions to implement President Trump’s executive orders,” says a DOI spokesperson who did not give their name.
“These people,” says one source at DOI who worries that DOGE affiliates could inadvertently destroy parts of the nearly 30-year-old FPPS, stop paychecks, or allow for a breach of the entire system, “have no idea what they’re doing.”
