The List of Rules Marko Elez Didn’t Sign

/29 Comments/in /by

One of the lawsuits in which it was recently disclosed that DOGE boy Marko Elez emailed information with Personally Identifiable Information to two people at GSA (which I also wrote about here) is one in which Public Citizen is representing AARP in a Privacy Act claim against Treasury. [docket]

The government provided it in that case amid a discovery dispute, mostly as a courtesy because they were filing it in New York. But it contributed to a request for more information about what the hell Marko Elez was up to.

On February 18, Colleen Kollar-Kotelly ordered the government to file any Administrative Record behind the decision to give DOGE access to Treasury. The government squawked about that order, but after plaintiffs noted that the real decision maker in this case was Treasury Secretary Scott Bessent, not the people who had submitted declarations, Judge Kollar-Kotelly ordered those submitted, which the government provided — as a 215 page exhibit — on March 10.

On March 14 — the same day Treasury disclosed Elez’ mailed files to GSA — they supplemented that record. Some of the new documents appear to include some of the details Treasury gathered as they tried to figure out what Elez had done with his access.

That includes this data, showing that when someone first tried to give Elez access to the Top Secret Treasury Mainframe, they equivocated about whether to give Elez read only (the message on January 30) or read-write (the message the next day); at the time he appears to have been granted interim Secret, not Top Secret, clearance.

The main exhibit in the Administrative Record includes a spreadsheet showing what access he was supposed to have as of February 1, reflecting the sandboxed access described in earlier filings. It doesn’t reflect this read-write access.

Plaintiffs are also interested in Elez’ access during a late January trip to Kansas City, which has never been addressed in the declarations in this case.

What plaintiffs didn’t ask about (though they do ask for backup) is the letter sent on February 5 asking Elez to please sign the rules that go along with the Fiscal Service laptop Elez used to access Treasury networks.

Those rules include the following:

  • Use Fiscal Service data, equipment, and IT systems properly and follow laws, regulations, and policies governing the use of such resources (Base Line Security Requirements, (BLSRs), Treasury Information Technology Security Program (TD-P 85-01), the Treasury Security Manual (TD-P 15-71), and Fiscal Service Policies).
  • Protect Fiscal Service data, equipment and IT systems from loss, theft, damage, and unauthorized use or disclosure. Secure mobile media (paper and digital) based on the sensitivity of the information contained.
  • Use appropriate sensitivity markings on mobile media (paper and digital).
  • Promptly report any known or suspected security breaches or threats, including lost, stolen, or improper/suspicious use of Fiscal Service data, equipment, IT systems, or facilities to the IT Service Desk at 304-480-7777.
  • Do not attempt to circumvent any security or privacy controls.
  • Logoff, lock, or secure workstation/laptop to prevent unauthorized access to Fiscal Service IT systems or services.
  • Do not read, alter, insert, copy, or delete any Fiscal Service data except in accordance with assigned job responsibilities, guidance, policies, or regulations. The ability to access data does not equate to the authority to access data. In particular, Users must not browse or search Fiscal Service data except in the performance of authorized duties.
  • Do not reveal any data processed or stored by Fiscal Service except as required by job responsibilities and within established procedures.
  • Do not remotely access Fiscal Service IT systems unless authorized to do so, such as an approved telework agreement authorizing remote access over the bureau’s VPN software.
  • Do not transport or use Fiscal Service data or equipment outside of the United States or US Territories without written approval from the CSO or CISO.
  • Do not connect Fiscal Service equipment to or access a Fiscal Service IT system from a foreign network without written approval from the CSO or CISO.
  • Do not install or use unauthorized software or cloud services on Fiscal Service equipment.
  • Take reasonable precautions to prevent unauthorized individuals from viewing screen contents or printed documents.
  • Do not open e-mail attachments, or click links, from unknown or suspicious sources.
  • Be responsible for all activities associated with your assigned user IDs, passwords, access tokens, identification badges, Personal Identity Verification (PIV) cards, or other official identification device or method used to gain access to Fiscal Service data, equipment, IT systems, or facilities.
  • Protect passwords and other access credentials from improper disclosure. Do not share passwords with anyone else or use another person’s password or other access credential such as, but not limited to, someone else’s PIV card.
  • Use only equipment and software provided by Fiscal Service or that has been approved for use by Fiscal Service’s CIO or designee to conduct Fiscal Service business.
  • Provide non-work contact information to the bureau to facilitate emergency communications.
  • Comply with Fiscal Service social media policy, including restrictions on publishing Fiscal Service information to social media and public websites. [my emphasis]

One of these rules, about not revealing data processed by Fiscal Service, would seem to apply to his sharing of information with GSA.

There’s no evidence Elez ever did sign those rules. Instead, he quit — and, without evidence, the entire world has assumed he quit because he was revealed to have made racist comments on social media.

It’s not yet clear what happened; perhaps it’ll become more clear if plaintiffs get discovery. But by all appearances, on Scott Bessent’s authority, someone at least considered giving a guy only cleared to the Secret level Read/Write access to Treasury’s Top Secret Mainframe, without first making sure he had signed a list of rules about altering or copying data.

And then he left.

Update: I’ve tweaked this reflecting the comment below that the Mainframe may be called Top Secret, without actually being classified Top Secret.

Update: Judge Kollar-Kotelly did grant more limited discovery. That includes most, but not all, details plaintiffs wanted about Elez’ email:

9. With respect to the email sent by Marko Elez referred to in paragraph 12 of the declaration of David Ambrose, ECF 48-2:

a. identify each addressee, including any cc’s or bcc’s.

b. state the date on which the email was sent.

c. identify each individual, if any, who authorized or directed Mr. Elez to send the email.

d. identify the Bureau Systems from which the Personal Information contained in the email or the attached spreadsheet was obtained.

[removed]

f. describe the nature of the information that was transmitted, including whether the information relates to the USAID files that Mr. Elez copied, as noted in paragraph 18 of Joseph Gioeli’s declaration, ECF 24-2.

Share this entry
29 replies
    • Rugger_9 says:

      My guesses are Elno or Convict-1 / Krasnov for leverage or Putin/MBS/KJU/Orban/Bibi… payoffs. That’s a lot of hoops for Elez to jump through making it far less likely to be accidental.

  2. Amicus12 says:

    Why do I have a suspicion that he broke those rules and was not going to sign a statement that could be used to show that he did so knowingly, or upon learning it was unlawful did nothing to report or correct the wrongdoing?

  4. Kempmouse says:

    Top Secret (tss) is the administrative platform for mainframes, at least at my agency. I think those are top secret (mainframe) profile names so that was about mainframe access not security clearance. The name is dumb. I remember my first day on the job i got my mainframe account and was like “omg I’m getting top secret security clearance?!”

    [Welcome back to emptywheel. THIRD REQUEST: Please use the SAME USERNAME and email address each time you comment so that community members get to know you. You attempted to publish this comment a fourth username as “Katie” triggering auto-moderation; it has been edited yet again to reflect your established username. You have also commented as “Kate” and “KateJJ” which do not meet the site’s username standard. Please check your browser’s cache and autofill; future comments may not publish if username does not match.
    Please also avoid using emojis as they’re not searchable, too often unviewable by some operating systems or by screenreaders. Emoticons are acceptable. /~Rayne    ]

  6. Resident New Guy says:

    The “Top Secret” they refer to in the images is almost certainly a reference to an access control product for IBM mainframes called “CA Top Secret” (now sold by Broadcom) rather than a reference to US Government security clearance levels.

    • Rayne says:

      Please provide documentation to support this claim because the information provided so far indicates otherwise.

      Welcome to emptywheel.

      • Resident New Guy says:

        I’m not sure what other documentation exists to provide. Here’s my logic: The top picture is an access request for a system. If it’s a system responsible for financial transactions, it has to be internet connected so it can interface with commercial payment networks (banks). While it’s possible it’s a classified system (which aren’t directly internet connected) with trusted interfaces to the various payment networks, given that:
        – it’s an access request for a mainframe;
        -a popular mainframe access control software called “Top Secret” (https://docs.broadcom.com/doc/ca-top-secret) exists; and
        -the weird abbreviation after “Top Secret” in the picture: “TSS” (which may be “Top Secret Security” – another name of the same software product)

        I think it’s more likely the ticket refers to the “Top Secret” application rather than specifying a “top secret” classified mainframe. That also makes sense with the read/write permission and group discussion in the body of the ticket.

        But, the classification of the system is a trivial distraction. Rules of behavior (and violations) aren’t different for classified systems and non-classified systems. People get fired for misuse of unclassified systems all the time. I just caution folks from putting all their eggs in the “He had access to a top secret system without the top secret clearance.” basket because there’s not enough evidence (at least in this post) to make that assessment.

      • Kempmouse says:

        Resident is saying what I said earlier. I commented a link to the product earlier. I work on the mainframe daily. Top Secret is the software that manages our mainframe access. So if I need access to the Numident, I submit a request to have the Top Secret profile added to my user id. And importantly, i have to submit a justification, something the doge boys refuse to do. The proof is that in the email Marcy posted, it shows Top Secret mainframe profiles that he needs. You’ll see some say TSO in them. TSO is basically but oversimplifying, the mainframe.

        • Rayne says:

          I’d buy that if 1) the access requested already indicated global, and 2) if you or Resident could point to a specific piece of evidence in the form of documentation supporting your claim. Right now it’s just you two saying Trust Me.

      • Kempmouse says:

        Right. The mainframe access software is called Top Secret. Access request emails refer to TSS profiles like in the email posted. It has nothing to do with security clearances despite the silly name.

        • P J Evans says:

          It has NOTHING TO DO with the mainframe access software.
          He had a “temporary” secret clearance, and wasn’t cleared for top secret (or compartmented TS) work. Just about EVERYONE in government has to have a clearance, because so much stuff is not open to everyone.
          Talk to people who know this stuff, not software sales.

  7. originalK says:

    I don’t know if this is common knowledge- but Kansas City has some of the highest speed internet in the country, and was the launch site for Google Fiber in the Obama era. Tennessee, home of Al Gore & Amy Gleason, and where she worked with Brad Smith at Russell Street Ventures, also has a corridor known for its internet infrastructure.

    https://en.m.wikipedia.org/wiki/Google_Fiber

    https://ispreports.org/us-cities-with-the-fastest-internet/

    https://www.brookings.edu/articles/google-fiber-competition-and-affordable-broadband-for-all/

    Again, possibly, initiatives & investments led by the US government on behalf of its people being used against them.

  8. dadidoc1 says:

    My suspicion is that he inserted a backdoor into the Treasury department software as directed by his handler. Once the backdoor was inserted, his physical presence and employment by DOGE were no longer necessary. He simply disappeared into the shadows. Mission accomplished.

  9. Savage Librarian says:

    Pry

    So, bye, bye, you Marko Elez guy
    Show-me game, it’s cockamamie
    Why is Amy so shy?
    Uncontrolled DOGE boy
    A stinking risky spy’s spy?
    Singing, “This’ll be the day that I pry”
    “This’ll be the day that I pry.”

    https://www.youtube.com/watch?v=PRpiBpDy7MQ

    “Don McLean – American Pie (Lyric Video)”

  10. thequickbrownfox says:

    From other sites, Marko Elez area of expertise is in AI. He has some programs on github related to it, which indicates that could be the case.

    That leads me to guess that he was there to copy databases so that AI could be run on the information. Government databases would certainly be a large learning model, access to several of which would be a goldmine for whoever it is that has it, for certain. It’s like having the genealogy of everybody in the U.S., and everybody that has ever dealt with the federal government, no matter where they are from. It’s a roadmap to total control. If not now, because AI is still in the developmental stage, but later. Trump has declared that the United States is going to be the world leader in AI, so he’s all-in.

    • RJames0723 says:

      It would be interesting to know what the datasets that he downloaded looked like. If the account ids are random but the input and output sets are matched, it would support the AI training dataset theory.

      • RJames0723 says:

        I never said that all databases worked like that. I merely gave an example of how looking at the the datasets that are being bandied about might give insight into their intended use.

    • JustMusing says:

      Well, I know I’ve had enough with Artificial Intelligence. It’s already run amok in the current administration without any computers involved at all.

    • Palli Davis Holubar says:

      I, too, was instinctively sure grabbing content & exporting it to Musk tech facilities was the mission. Why else would Elez disappear? Clearly, it is hard to concentrate on accurate work along side the peripatetic insanity of Musk. Not to mention, crimes on government property are problematic. [Though not insurmountable.]

  11. Ginevra diBenci says:

    “Very Respectfully”? Who closes a note to interloper Marko Elez like that? I went googling; the most recent Deputy Assistant Commissioner, Enterprise IT Operations was listed as Ryan Schanedig, who does not seem to exist. Ryan Schaedig, however, fits all the criteria to have been the email’s signatory. Double George Mason University (undergrad and grad), lives in Arlington, VA, most likely assumed the DACEIO position in 2023 when it was last advertised.

    I haven’t taught business writing in decades. Maybe abject deference to adolescent tyrants is, in fact, the style these days. (If so, it might explain a lot.) And perhaps Schaedig’s (or whoever’s) extreme submissiveness is just a relic of the earlier days of this hell, before government employees started feeling their own mojo. Still, it’s depressing to see, along with the note’s writer assuming blame (“we missed having you sign it”) for what was surely an intentional DOGE evasion. Elez and his master Elon must have gotten some cheap LULZ out of it, which is even worse.

    • BRUCE F COLE says:

      Bingo. Abject deference is the key to their success. Thus, the meaning of the “3 Percenter” militia movement (pun, if you prefer): that’s the percentage of violent zealots in the general population required to commit a successful putsch — assuming a high level of abject deference (and indifference).

Comments are closed.