I agree that "random server" is a bad choice of words, but do want to add additional information context as the concern isn't necessarily unwarranted. Another qoute from the article:

“I have determined the business need is higher than the security risk associated with this implementation and I accept all risks,” wrote Aram Moghaddassi, who worked at two of Mr. Musk’s companies, X and Neuralink, before becoming Social Security’s chief information officer, in a July 15 memo.

Its also sounds like they did spin up a new database with limited security/oversight to "move" faster. Why that's worrisome is they aren't denying there is a risk or lack of security, they are just saying it's justified.

There was a time when bank card number was practically all you needed to get someone's money.

I think Estonia's electronic IDs are the best, they have the government sign (sometimes provide, but generally just sign) your public key. It's both that the government doesn't have your private key and that it's immediately usable for many things. I don't know if they do, but one can also make ID cards (with a necessary chip inside, of course), where a private key can be written and used for signing operations, but not read back.

Modern technology allows so much goodness that politicians and corps have just started globally gaslighting us over what can be done and what can't. Stalling on technically easily solvable issues, so that it wouldn't come to real ones.

What cloud servers are they using?

Could you please explain like I'm 10?

Given it's the government it's most likely AWS or Azure. That really isn't inherently bad, it's more the attitude of "move fast and break things" doesn't necessarily work for secure systems with sensitive data.

At this point I think you can legally opt out of any type of data collection by the government like the Census. You're required by law to participate but they are also required by law to keep your information safe, that's no longer possible in this administration and there's plenty of relevant data to back it up.

So again, it’s all just bullshit hopes and dreams by the anti-doge people. No data has been exposed or hacked, no evidence of it actually being on anything insecure.

The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.

What is potentially worrisome in this situation is it seems like the SSA is taking on the "move fast and break things" attitude of Silicon Valley.

More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn't inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn't disagreeing, just saying he thinks the risk is worth it.

We‘re getting closer to a cyberpunk world every day

I don't love the idea of the Trump administration being in charge of creating a national ID system, but this maybe the best time to make one.

If Democrats proposed a national ID database the crazy 'FEMA is coming to round us up' republicans would freak out about it. As proven with Trump sending the national guard into D.C., as long as Trump does it they don't care.

It's times like this I wonder about the like/dislike paradigm I.E. "I like/dislike knowing this and/or appreciate the perceived reputability of the source" vs. "This is good news/I fucking hate this."

This one just got a "I fucking hate this" from me.

OP, please revise your title to match the article, it is currently misinformation.

The complaint is about where the oversight comes from. This is not some random cloud server.

“S.S.A. stores all personal data in secure environments that have robust safeguards in place to protect vital information,” he said. “The data referenced in the complaint is stored in a longstanding environment used by S.S.A. and walled off from the internet. High-level career S.S.A. officials have administrative access to this system with oversight by S.S.A.’s information security team.”

I dont have a problem with that, but what I will object to is the current regime making the replament ID system. 1) there is no way they would design it well or securely, smart people capable of building such a system are usually the first to bounce to another country as they will have the means to do so. 2) it would be too easy for them to lord the new ID over peoples heads (like they are with immigration status now) and impliment a social credit score like China does.

Your correct that SSNs should not be used as IDs, but getting the government to build a modern system for that opens too many avanues for abuse (especially with darth cheeto in charge).

Don't you think after 5 months without oversight who exactly has access to that server that the difference between this and a random s3 bucket is nearly nil? But you are right, in the light of integrity the title should reflect the facts as they present themselves currently.

In cyber security you may never know if a bad actor got access to your systems/data. The issue with not following good security practices is that you increase the risk of this happening.

Its like saying we should stop mandating vaccines cause the diseases aren't around anymore. When you let down your defenses you end up with outbreaks that shouldn't have happened and are harder to control.

In cyber security you may never know if a bad actor got access to your systems/data. The issue with not following good security practices is that you increase the risk of this happening.

If they're using Azure or AWS then they have a level of built in good security practices. These people aren't morons, they know what they're doing. In fact, using AWS or Azure you have to fuck things up to make it insecure, because by default they're all pretty locked down.

Its like saying we should stop mandating vaccines cause the diseases aren’t around anymore.

I'm 100% a pro-vaccine person, but vaccines should not be mandatory. "My body, my choice" - isn't that the saying? Or is that only for women wanting an abortion? If someone doesn't want to get a vaccine then they can suffer the potential consequences while those who are vaccinated don't (but they have to deal with the potential side effects of the vaccine).

While AWS/Azure do make the initial configs rather fool proof, that falls apart the moment you start configuring them for actual use. It's also especially easy to mess things up when handling PII, at the SSA level it's probably something that DOGE staff don't have experience with.

As for vaccines. Largely through that out there cause it seemed like obvious bait for you, but I don't think a single slogan "my choice my body" really encapsulates the arguments around abortion

The people working at doge are mostly what people would consider geniuses in their field. Configuring azure databases to be secure is a piece of cake. Like I said, it’s harder to make them insecure than it is to make them secure. I know, I work with them every day. How does handling PII make it easier to mess things up exactly?

Good to know you were just trying to bait and “troll”, not really good faith arguing is it? You wouldn’t have been trying to find something to disagree with just because you can’t argue against my actual point I made, were you?

“My body my choice” perfectly encapsulates the argument for abortion because it literally is pro-abortion people’s main argument - and yes, I am 100% pro-abortion.