Democrats demand to know WTF is up with that DOGE server on OPM's network

Updated Who bought it, who installed it, and what's happening with the data on it.

Answers for these key questions, and others, regarding the DOGE server rapidly added to the US government's Office of Personnel Management network, have been demanded from the acting head of the OPM by Democrats.

The machine in question was put in place by Elon Musk's Department of Government Efficiency (DOGE) in the days after President Trump's January 20 inauguration. With the commander in chief's blessing, the server was used to send mass emails from hr@opm.gov asking federal employees to confirm they had received test messages, and then repeatedly offering nearly all of them a severance deal

That sparked a lawsuit, filed at the end of last month, which alleged a privacy impact assessment of the server, as required by law, was not carried out and published. The two anonymous federal workers who brought that legal action want the courts to force the government to perform and share that assessment. On Tuesday, the pair asked [PDF] for a temporary restraining order to block the OPM from operating any computer systems connected to hr@opm.gov until the matter is resolved.

Now Democratic members of the House Committee on Oversight and Government Reform have given [PDF] the agency's acting director Charles Ezell until February 14 to respond to their questions about the email box.

Like the lawsuit, the Dems want to know whether the system underwent a privacy impact assessment, as mandated by the 2002 E-Government Act. In addition, they want to know why senior OPM staff were locked out of the office's critical systems.

The committee members also want the OPM to produce details of any IT equipment installed between January 21 and January 24, including copies of any necessary privacy impact assessments; and list who installed or accessed that gear and how they were vetted by the agency, if at all. The Dems want to know who was behind the severance offer emails, whether CISA was consulted about the setup, and what happened to data collected by the email system.

These queries are pertinent because the OPM was cyber-ransacked in 2014, quite likely by China, and had more than 21 million records of government workers including security clearance details and fingerprint data stolen.

Their letter, which refers to the hr@ emails as an OPM initiative, reads:

The Democrats also want to know what role the DOGE team and its server played, if any, in the reported spamming of US National Oceanic and Atmospheric Administration staff by outsiders.

"At best, the Trump administration’s actions at OPM to date demonstrate gross negligence, severe incompetence, and a chaotic disregard for the security of our government data and the countless services it enables our agencies to provide to the public," wrote ranking committee member Gerald Connolly (D-VA), and Shontel Brown (D-OH), ranking member of the Subcommittee on Cybersecurity, Information Technology, and Government Innovation.

"At worst, we fear that Trump Administration officials know full well that their actions threaten to break our government and put our citizens at risk of foreign adversaries like China and Russia gaining access to our sensitive data."

The duo argue they have the authority to request this information under House rules. It remains unclear whether the Republican-controlled committee will support the request, and the OPM and DOGE could simply ignore it.

There are meanwhile signs DOGE is gearing up to protect itself from such information requests. The federal body formerly known as the US Digital Service has reportedly told staffers to stop using Slack as it prepares to slide under the wing of the Executive Office of the President. That shift, when completed, will place DOGE under the Presidential Records Act, exempting its communications from Freedom of Information Act requests and delaying public access until after the current administration ends.

On Tuesday, acting OPM chief Ezell sent out a memo pushing agencies to reclassify their CIO roles to allow them to be replaced with political appointees. That would make it easier for the White House to replace federal CIOs who resist policy directives. ®

Updated to add on Monday, March 10

A little over a month after asking, the OPM’s Office of the Inspector General has sent a response to the Oversight Democrats indicating it will be investigating the claims in their letter.

Some of the questions the Dems asked will be incorporated into annual reviews of OPM IT and financial systems, Deputy OPM Inspector General and acting IG Norbert Vint said in his response [PDF], sent Friday but made public today. As for “risks associated with new and modified information systems at OPM,” (the DOGE server, in other words) the OIG has “just begun an engagement to assess” that matter.

“We believe that, ultimately, our new engagement will broadly address many of your questions related to the integrity of OPM systems,” Vint said.

How long it'll take to complete the investigation was not said. We do wonder if the Trump administration’s firing of more than a dozen inspectors general during his first week in office, OPM OIGs among them, will slow the probe down.

Connolly seems to think there’s reason for concern, at the very least.

“Inspectors General must have the independence to carry out their mission free from partisan pressure and threat,” the ranking Oversight Democrat said of Vint’s response without indicating whether the investigation was imperiled. “The work of the Deputy Inspector General and the OPM Office of Inspector General must be allowed to proceed unimpeded.”