Posts

Trump Fired Inspectors General Who Identified $183.5 Billion in Waste, Fraud, and Abuse

/3 Comments/in , /by

There have and will be a slew of lawsuits in response to Trump’s attack on government. But this lawsuit, from eight of the Inspectors General that Trump fired on January 24, has been much anticipated. [docket]

That’s partly because Congress just strengthened the laws protecting Inspectors Generals, in response to Trump’s firing of some in his first term, as the suit lays out.

63. Congress responded in 2022 by further amending the IG Act. The Securing Inspector General Independence Act of 2022, see supra ¶6, enacted by overwhelming margins in both houses of Congress, procedural protections before an IG can be removed or placed on nonduty status, designated that a “first assistant” would automatically replace an IG in the event of a vacancy, and required the President to communicate reasons for not making a formal nomination to fill an IG vacancy after a certain period of time.

64. The 2022 amendments also strengthened the procedural safeguards on removing an IG. Prior to the amendments, the IG Act had required the President to provide 30 days’ notice to both houses of Congress and “reasons for any such removal.” The 2022 amendments require the President to provide 30 days’ notice to both houses of Congress, including appropriate congressional committees, and to “communicate in writing the substantive rationale, including detailed and case-specific reasons, for any such removal.” 5 U.S.C. §403(b). With the 2022 amendments included, the relevant provisions now reads as follows:

An Inspector General may be removed from office by the President. If an Inspector General is removed from office or is transferred to another position or location within an establishment, the President shall communicate in writing the substantive rationale, including detailed and case-specific reasons for any such removal or transfer to both Houses of Congress (including to the appropriate congressional committees), not later than 30 days before the removal or transfer. Nothing in this subsection shall prohibit a personnel action otherwise authorized by law, other than transfer or removal.

65. These procedural provisions ensure that Congress or members of Congress can, if it or they deem it appropriate, seek to persuade the President not to go forward with a noticed removal. Indeed, the legislative history of the Inspector General Reform Act indicates that Congress added the notice requirement to “allow for an appropriate dialogue with Congress in the event that the planned transfer or removal is viewed as an inappropriate or politically motivated attempt to terminate an effective Inspector General.” See S. Rep. No. 110-262, at 4 (2008)

If Congress has any power to limit how the President fires someone, then this suit will uphold that power (a large team from Wilmer Cutler, led by former Solicitor General Seth Waxman, are representing the plaintiffs).

But it’s also because the plaintiffs in this suit embody everything Trump claims he wants to do with DOGE. Elon Musk claims he’s hunting for waste, fraud, and corruption in government agencies he’s wildly unfamiliar with. These civil servants have been doing this, some of them, for four decades.

Indeed, one thing the suit lists, for each of the plaintiffs, is how much material impact they have had in their role (with one exception, exclusively in the IG position from which they were fired, which the report explains is:

“Monetary impact” describes the estimated financial savings or losses that could result from implementing recommendations made in an IG’s audits, inspections, or evaluations, essentially quantifying the potential cost-benefit of addressing issues like waste, fraud, and abuse in a government agency or program. See CIGIE, Toolkit for Identifying and Reporting Monetary Impact, at 1 (June 18, 2024), https://www.ignet.gov/sites/default/files/files/Toolkit%20for%20Identifying%20and%20Reporting%20Monetary%20Impact.pdf.

Some monetary-impact estimates reported herein also consider monetary benefits associated with IG investigations.

And while there’s some inconsistency in the reporting (for example, Sandra Bruce included stuff from when she was Acting IG during Trump’s first term whereas some of the others left out susbstantial terms in other IG roles, Larry Turner’s number — for Department of Labor — seems quite high, and Mike Ware does not include $30 billion seized or returned pursuant to investigations he oversaw), the Inspectors General describe identifying $183.5 billion in material impact.

As noted in this post, that includes substantial work cleaning up after COVID relief rolled out by Trump, particularly from Mike Ware, work which lead DOGE Treasury Official Thomas Krause relied on to suggest that DOGE could be effective. In Ware testimony to Congress that Krause cited, Ware described up to $200 billion in fraud just in Small Business related relief alone.

Using OIG’s investigative casework, prior OIG reporting, advanced data analytics, and additional review procedures, we estimate SBA disbursed more than $200 billion in potentially fraudulent COVID-19 EIDLs and PPP loans. This estimate represents approximately 17 percent of disbursed COVID-19 EIDLs and PPP funds — specifically, more than $136 billion COVID-19 EIDLs and $64 billion in PPP funds. Since SBA did not have an established strong internal control environment for approving and disbursing program funds, there was an insufficient barrier against fraudsters accessing funds that should have been available for eligible business owners adversely affected by the pandemic.

That’s what Trump did by firing Ware and the others: halt proven efforts to do what DOGE is incapable of — and only pretending — to do.

Which is another reason to keep an eye on this lawsuit.

Thomas Krause Says Trump Had to Close USAID because of Trump’s Poor COVID Management

/5 Comments/in , , , /by

In the last few days, Trump has started doing a better job of messaging with his responses to lawsuits. I’ll attempt to explain that going forward. But one instance is the Thomas Krause declaration filed in the Attorneys General challenge to the DOGE access to Treasury systems (which I also wrote about in this post). Krause — still serving as the hatchet man CEO of Citrix (which probably creates a serious conflict) — uses his declaration to claim that he is attempting to “improve the accuracy of financial reporting.”

I am responsible, among other duties, for reducing and eliminating improper and fraudulent payments; waste, fraud, and abuse; and improving the accuracy of financial reporting. To that end, I am focused on improving the controls, processes, and systems that facilitate payments and enable consolidated financial reporting.

Later in the declaration, he provides a notably different explanation for his job.

My role on the Treasury DOGE Team is to find ways to use technology to make the Treasury Department more effective, more efficient, and more responsive to the policy goals of this Administration.

To justify the focus of DOGE, Krause cites several Biden-era GAO reports.

7. As illustrated by several reports released by the Government Accountability Office (GAO), we have our work cut out for us. On January 16, 2025, GAO released a report entitled “Financial Audit: FY2024 and FY2023 Consolidated Financial Statements of the U.S. Government.” In the report, GAO summarizes that they were not able to determine if the Financial Report of the U.S. Government is fairly presented. Among other reasons, GAO highlighted “problems in accounting for transactions between federal agencies.” GAO found many material weaknesses including “the federal government’s inability to determine the full extent to which improper payments, including fraud, occur and reasonably assure that appropriate actions are taken to reduce them.” GAO also reported that Treasury and Office of Management and Budget (OMB) officials expressed their continuing commitment to addressing the problems this report outlines. In short, the GAO report identifies the Federal government’s inability to account for all of the improper payments including waste, fraud and abuse across federal agencies.

8. On September 10, 2024, the GAO released a report entitled “Payment Integrity: Significant Improvements are Needed to Address Improper Payments and Fraud.” The report found that since 2003, cumulative improper payments1 by executive branch agencies have totaled about $2.7 trillion dollars. Some of GAO’s top concerns [1] included fraudulent or improper Earned Income Tax Credit refunds, Social Security payments, unemployment and Medicare and Medicaid payments. In fiscal year 2023 alone, federal agencies estimated $236 billion in improper payments across more than 70 federal programs. In addition, GAO estimated that the total annual financial losses across the government from fraud are between $233 and $521 billion. These numbers are truly staggering—billions and billions in hardearned American taxpayer dollars are being misspent every year. GAO highlighted a number of steps that Congress and federal agencies could take to help reduce fraud and improper payments, including that “[a]gencies should improve oversight to ensure that funds aren’t paid to ineligible recipients” [2] and that “[a]gencies should improve their collection and use of data for preventing and detecting fraud.” [3]

9. Similarly, GAO has identified areas for improvement in BFS’s systems related to identifying and tracing transactions to determine whether they were complete and properly recorded in the correct general ledger accounts and line items within the Schedules of the General Fund. See GAO Report, “Financial Statement Audit: Bureau of the Fiscal Service’s FY22 Schedules of the General Fund” (March 30, 2023). Specifically, GAO has found inconsistent reporting, lack of traceability, and need for improved controls with the Treasury’s Central Accounting and Reporting System (CARS), which federal agencies use to track their spending for budgetary and accounting purposes. These kinds of improvements and others can enhance BFS’s ability to ensure accountability in the spending of taxpayer dollars.

1 Improper payments and fraudulent payments are related but distinct concepts. An improper payment is a payment that should not have been made, or that was made with an incorrect amount; fraudulent payments occur due to willful misrepresentation. All fraudulent payments are improper, but not all improper payments are fraudulent. [emphasis and links added]

Elon Musk parroted a lot of this language at his presser at the White House yesterday (which is one reason I say they’re beginning to coordinate this better).

If you don’t look too closely, the declaration almost makes DOGE look smart. Except I decided to look at one of the reports — the second one — more closely.

And once I did, I realized that Thomas Krause is, in part, using Trump’s management failures during COVID as an excuse to start shutting down government. Start with the fact that the first agency Krause focused on after arriving at Treasury was USAID — pursuing his goal of making Treasury, “more responsive to the policy goals of this Administration.” But that’s not one of the high risk agencies, all of which have to do with direct payments.

Since 2003, which is when they first tracked the data, the amount of improper payments has steadily increased. But it has declined in recent years, under Biden.

 

There’s a reason for that. Look more closely at the estimated improper payments, their sources, and their timing. 

For longstanding programs — Medicare and Social Security, the ones Krause mentions in his declaration — the number of improper payments in recent years is about what it was under Trump. What has spiked in recent years (and then receded) are programs that expanded under COVID: Expanded Medicaid and unemployment access, and the PPP program rolled out under Trump, something Krause neglects to mention at [1]. A key thing this report measures is COVID mispayments — that is, improper payments made under programs set up under President Donald Trump, 1.0.

The quotes at [2] and [3] are not actually from the report. They’re from this website (which links to this report).

Many of the recommendations and data used in this report pertain to COVID or lessons learned from it. For example, the report recommends making the payment tracking center set up in response to COVID permanent.

Establish a permanent analytics center of excellence to aid the oversight community in identifying improper payments and fraud.28 This could be achieved by building upon and expanding PACE and making it permanent.

And it recommended building in such collection in case of any future emergency response — in part, to avoid the two to three year delay in finding these payments reflected in the table above.

Require OMB to (1) provide guidance for agencies to proactively develop internal control plans that would be ready for use in, or adaptation for, future emergencies or crises and (2) require agencies to report these plans to OMB and Congress.

Amend PIIA. Quickly reporting improper payment estimates for emergency relief programs is critical for agency accountability and transparency over whether appropriated funds were spent for their intended purposes. In addition, estimating improper payments and identifying root causes help ensure that agencies develop and implement corrective actions to reduce them.

In November 2020, we recommended that Congress consider, in any future legislation appropriating COVID-19 relief funds, designating all executive agency programs and activities that made more than $100 million in payments from COVID-19 relief funds as “susceptible to significant improper payments.31 Such a designation would require, among other things, agencies to report improper payment estimates for such a program and develop corrective actions to reduce improper payments. In March 2022, we recommended that Congress amend PIIA to apply this criterion to all new federal programs for their initial years of operation.32 The current approach resulted in 2-to-3 year delays in reporting improper payment estimates for short-term and emergency spending COVID relief programs.

Much of the fraud, too, pertains to COVID relief.

When it is discovered, the Department of Justice (DOJ) can bring charges of fraud against the alleged fraudsters. For example, DOJ has prosecuted over 2,000 COVID-19 fraud-related cases, and hundreds of additional cases are pending. We analyzed the department’s public statements and court documentation and found that, from March 2020 through March 2024, at least 1,998 individuals or entities facing fraud-related charges were found guilty or liable.16 This includes charges in cases involving SBA’s loan programs, DOL’s Unemployment Insurance (UI) programs, and Treasury’s economic impact payments. Of the individuals found guilty, at least 1,596 had been sentenced as of March 31, 2024, and many have also been ordered to pay restitution and fines. There were also federal fraud-related charges pending against at least 632 other individuals or entities involving federal COVID-19 relief programs, as of March 31, 2024.17 We expect the number to continue to increase as investigations take time to develop and given the significant number of investigative leads. For instance, SBA’s IG office reported that its actionable leads represent more than 100 years of investigative case work.18 The government has 10 years to prosecute individuals who committed fraud related to the Paycheck Protection Program (PPP) and the COVID-19 Economic Injury Disaster Loan (EIDL) program.19 DOL’s IG has requested Congress similarly extend the statute of limitations for the pandemic relief UI programs as well.20 Additionally, in a June 2024 press release, the Internal Revenue Service requested to Congress that the statute of limitations for fraud be extended for the Employee Retention Credit.21 We support their requests.

Now, to be fair, there was likely to be overpayments and fraud regardless of who was in charge when COVID hit (or when avian flu and measles become pandemics in months ahead).

This is not all attributable to Trump’s COVID failures.

But one other thing about this report deserves mention: It is full of discussion of the role of Inspectors General in finding this fraud, including a bunch of the people Trump fired four days into his term — six of whom just filed suit today (which I’ll turn to shortly). Indeed, one of them — Mike Ware — is cited in the report Krause invoked.

18 Stolen Taxpayer Funds: Reviewing the SBA and OIG Reports of Fraud in Pandemic Lending Programs Hearing Before the House Committee on Small Business, 118th Cong. 45 (2023) (statement of Hannibal “Mike” Ware, Inspector General of U.S. Small Business Administration).

Thomas Krause says we need to fix the errors created by Trump’s poor management of COVID. But one of the first things Trump in his second term did was to fire the people who’ve done the most to do so.

Update: Corrected Mike Ware’s last name.

Update: I’ve linked Ware’s testimony, above. Among other things, he estimated that SBC IG identified up to $200 billion in fraudulent COVID relief.

Using OIG’s investigative casework, prior OIG reporting, advanced data analytics, and additional review procedures, we estimate SBA disbursed more than $200 billion in potentially fraudulent COVID-19 EIDLs and PPP loans. This estimate represents approximately 17 percent of disbursed COVID-19 EIDLs and PPP funds — specifically, more than $136 billion COVID-19 EIDLs and $64 billion in PPP funds. Since SBA did not have an established strong internal control environment for approving and disbursing program funds, there was an insufficient barrier against fraudsters accessing funds that should have been available for eligible business owners adversely affected by the pandemic.

In other words, a huge chunk of the fraud Krause says he is looking for was IDed by one of the guys Trump fired on day four.

Marko Elez “Resigned” the Day His Write Access to Payment Systems Was Discovered

/25 Comments/in , , /by

According to the currently operative story, Marko Elez — the DOGE [sic] boy who had source code for Treasury’s payments system — resigned in response to a query from WSJ reporter Katherine Long about his social media posts in support of

A key DOGE staff member who gained access to the Treasury Department’s central-payments system resigned Thursday after he was linked to a deleted social-media account that advocated racism and eugenics.

Marko Elez, a 25-year-old who is part of a cadre of Elon Musk lieutenants deployed by the Department of Government Efficiency to scrutinize federal spending, resigned after The Wall Street Journal asked the White House about his connection to the account.

“Just for the record, I was racist before it was cool,” the account posted in July, according to the Journal’s review of archived posts.

“You could not pay me to marry outside of my ethnicity,” the account wrote on X in September. “Normalize Indian hate,” the account wrote the same month, in reference to a post noting the prevalence of people from India in Silicon Valley.

After the Journal inquired about the account, White House spokesperson Karoline Leavitt said that Elez had resigned from his role.

But that belief is only based on correlation, not any proof of causation. Long asked about posts that are in no way exceptional for the far right boys Elon has infiltrated into the government. And Elez resigned that same day.

Sure, Elon implied that Elez quit because the boy’s far right ideology was exposed — he led a campaign for his reinstatement. That campaign — and JD Vance’s support for it — similarly led a lot of people to believe that Elez had been reinstalled at Treasury. But multiple court filings claim that Elez resigned and never came back, at least not to Treasury.

In fact, there are two things that might provide better explanations than the discovery that like Elon himself, Elez is a racist.

As WSJ itself notes, Elez resigned the same day that Colleen Kollar-Kotelly ordered that Elez, then still identified as a Special Government Employee, be granted only read-only access to Treasury’s networks. Once Elez no longer worked for the defendants in that case — starting with Scott Bessent — then any access he had would be exempted from the order.

More importantly, as a court filing submitted yesterday reveals, Elez’ resignation happened the same day that Treasury discovered Elez’s Bureau laptop, “had mistakenly been configured with read/write permissions instead of read-only.” The filing is a declaration from Joseph Gioeli, who has been employed as the “Deputy Commissioner for Transformation and Modernization in the Bureau of the Fiscal Service” since 2023 and is a civil servant first hired in the first year of Trump’s first term.

His declaration describes how the 4-6 week “payment process engagement plan” initiated (per Thomas Krause) on January 26 required giving Elez risky access to payment systems. Gioeli describes how they tried to mitigate those risks.

11. The scope of work as envisioned in the engagement plan required access to Fiscal Service source code, applications, and databases across all these Fiscal Service payment and accounting systems and their hosting environments. This broad access presented risks, which included potential operational disruptions to Fiscal Service’s payment systems, access to sensitive data elements, insider threat risk, and other risks that are inherent to any user access to sensitive IT systems. In light of these risks, BFS and Treasury Departmental Office employees developed mitigation strategies that sought to reduce these risks.

12. These measures included the requirement that Mr. Elez be provided with a BFS laptop, which would be his only method of connecting to the Treasury payments systems, both in connecting with the source code repository and for his read-only access of the systems. He had previously been provided a Treasury laptop from the Department shortly after he onboarded, but due to Bureau security policy, that device was restricted from accessing the BFS systems and services he had requested. BFS used several cybersecurity tools to monitor Mr. Elez’s usage of his BFS laptop at all times and continuously log his activity. Additionally, the Bureau enabled enhanced monitoring on his laptop, which included the ability to monitor and block website access, block the use of external peripherals (such as USB drives or mass storage devices), monitor any scripts or commands executed on the device, and block access to cloud-based storage services. Additionally, the device contained data exfiltration detection, which alerts the Bureau to attempts to transmit sensitive data types. The laptop is also encrypted in accordance with Bureau policy, which, if the laptop were stolen or lost, would prevent unauthorized users from accessing data contained within the laptop.

13. Additional mitigation measures that were adopted included that Mr. Elez would receive “read-only” access to the systems, and that any reviews conducted using the “read-only” access would occur during low-utilization time periods, to minimize the possibility of operational disruptions. While providing a single individual with access to multiple systems and data records accessed here was broader in scope than what has occurred in the past, this read-only approach is similar to the kind of limited access the Bureau has provided to auditors for other Treasury non-payment systems, though even in those scenarios the availability of production data was significantly limited. [my emphasis]

Gioeli goes on to describe how, starting on February January 28, the Bureau gave Elez source code in a sandbox environment.

16. On January 28, 2025, the Bureau provided Mr. Elez with the Bureau laptop and with copies of the source code for PAM, SPS, and ASAP in a separate, secure coding environment known as a “secure code repository” or “sandbox.” Mr. Elez could review and make changes locally to copies of the source code in the cordoned-off code repository; however, he did not have the authority or capability to publish any code changes to the production system or underlying test environments. This repository was separate from Fiscal Service’s typical code development environment, and unlike the usual code development environment, this new repository was segmented, to ensure that no changes to the operative source code could be made. [my emphasis]

Then, six days after giving him that sandbox access, using the same laptop, they gave him read-only access to first two and then one more systems.

17. On February 3, 2025, consistent with the engagement plan and mitigation measures developed, Mr. Elez was provided with read-only access, through his Bureau laptop, to the certain BFS systems. The read-only access that Mr. Elez was provided gives the user the ability to view and query information and data but does not allow for any changes to that information and data within its source system. While this reduces risk, it does not fully eliminate the risks identified in the assessment (for example, the risk of overburdening the system with a complex read-only query). Specifically, Mr. Elez was provided read-only access to the Payment Automation Manager (PAM) Database, Payment Automation Manager (PAM) File System, and, subsequently on February 5, the Secure Payment System (SPS) Database.

After he got that access, per a review of the logs, Elez copied some files from the active database onto his Bureau laptop, on which he had the source code.

18. ISS configured his network access and assisted him in setting up the necessary tools to connect to the PAM database on February 3. His access was closely monitored by multiple BFS administrators throughout the process on February 3. That same day, he received a “walk-through” demonstration of two BFS payment systems, the PAM database and the PAM file system (the system that controls the payment file “landing zone” discussed above), to see how the systems worked. He logged in with his read-only access to these systems on February 3 during this “walk-through” demonstration. The Bureau is in the process of reviewing the logs of Mr. Elez’s activity on his Bureau laptop, and this review remains ongoing. Based on the preliminary log reviews conducted to date, it appears that on February 3, Mr. Elez copied two USAID files directly from the PAM database to his BFS laptop; on February 4 and 5, Mr. Elez accessed the PAM file system; and on February 5, Mr. Elez accessed the PAM payment processing database. These activities are consistent with the read-only access that Mr. Elez was provided and did not change or alter any BFS payment system or record within their source systems. As noted, reviews of Mr. Elez’s work are still actively occurring; I do not have any more detail to provide at this time about his activities with respect to PAM. [my emphasis]

Then, on February 5, Elez got access to the payment system itself — again, with the same laptop on which he had source code.

19. Due to scheduling constraints, Mr. Elez was unable to meet with Bureau personnel to set up his access to the SPS database until February 5. On that date, lSS held a virtual walk-through session to help him to connect to the SPS database. He accessed this database exclusively under the supervision of Bureau database administrators in a virtual walkthrough session. According to the preliminary review of logs the Bureau has conducted to date, it appears Mr. Elez accessed the SPS database only once during that walk-through demonstration on February 5. It does not appear that he accessed the database again. As part of the ongoing review, additional log reviews are currently underway to confirm this. Mr. Elez never logged into ASAP, CARS, or ITS.gov, as technical access to those systems was never established for him. [my emphasis]

The next day, “it was discovered” (Gioeli does not say by whom, which means we’re not seeing a declaration from that person) that Elez actually “had mistakenly been configured” with read/write access, rather than “read only.”

20. On the morning of February 6, it was discovered that Mr. Elez’s database access to SPS on February 5 had mistakenly been configured with read/write permissions instead of read-only. A forensic investigation was immediately initiated by database administrators to review all activities performed on that server and database. The initial investigation confirmed that all of Mr. Elez’s interactions with the SPS system occurred within the supervised, walk-through session and that no unauthorized actions had taken place. His access was promptly corrected to read-only, and he did not log into the system again after his initial virtual over-the-shoulder session on February 5. To the best of our knowledge, Mr. Elez never knew of the fact that he briefly had read/write permissions for the SPS database, and never took any action to exercise the “write” privileges in order to modify anything within the SPS database—indeed, he never logged in during the time that he had read/write privileges, other than during the virtual walk-through – and forensic analysis is currently underway to confirm this. [my emphasis]

Throughout his declaration, Gioeli stresses that they’re still investigating whether Elez did something unauthorized with his access.

21. As noted above, the Bureau used several cybersecurity tools to monitor Mr. Elez’s usage and continuously log his activity. While forensic analysis is still ongoing, Bureau personnel have conducted preliminary reviews of logs of his activity both on his laptop and within the systems and at this time have found no indication of any unauthorized use, of any use outside the scope that was directed by Treasury leadership, or that Mr. Elez used his BFS laptop to share any BFS payment systems data outside the U.S. Government.

And his declaration stops short of saying that some mitigation techniques were used. For example, Gioeli says that the enhanced monitoring on Elez’ Bureau laptop had the ability to “block the use of external peripherals (such as USB drives or mass storage devices)” and access to the cloud, but it doesn’t say whether those functionalities was used.

Plus, Gioeli’s declaration makes it clear that they have’t involved Elez in any review of his access. No one has asked Elez, for example, whether he knew he had write access to the payment system.

Similarly, in an earlier declaration submitted in the parallel DC case, Thomas Krause gave a very couched answer about whether Elez had has any ongoing access.

I currently have no reason to believe Mr. Elez retains access to any BFS payment data, source code, or systems.”

Did anyone think to ask the guy? Does anyone know where that guy is? Are you going to interview him? Or is someone deliberately trying to keep him from being questioned further?

Worse still, Thomas Krause declaration submitted in the NY case doesn’t even say that Elez has left Treasury — only that he has resigned from the role of, “working closely with engineers at the Bureau of the Fiscal Service (BFS) on information technology (IT) matters in service of BFS’s mission to promote financial integrity and operational efficiency of the federal government through accounting, financing, collection, payment, and other relevant BFS services.”

On February 6, 2025, Mr. Elez submitted his resignation from this role. On that same day, he turned in his Treasury laptop, BFS laptop, access card, and other government devices; his BFS systems access was terminated; and he has not conducted any work related to the BFS payment systems since that date.

Elez was made a Treasury employee — contrary to early reports, he was not a SGE. That may make it easier to shuffle him off somewhere else.

What Gioeli describes is the panic that ensues when a guy who had high level access quits unexpectedly. And to date, we’ve never been given a formal explanation of why he quit — or whether he was asked to do so. We certainly can’t reconcile the claims that he has been reinstated with claims that he’s not doing what he was doing at Treasury.

Everyone has always assumed that Elez quit because his racism was discovered. But given the timeline, we can’t rule out that he quit because of the access concerns (and ongoing investigation) at Treasury.

Timeline

January 21: Elez hired.

January 23: Krause hired.

January 26: Treasury focuses on USAD. Treasury also adopts a 4-6 week engagement plan.

January 28: Bureau provides Elez with Bureau laptop copies of the source code for PAM, SPS, and ASAP in sandbox.

January 31: Treasury focuses on TAS codes; Elez assists in “automating” manual review of payments. “A high-ranking career official at Treasury also raised the issue of risks from DOGE access in a memo to Treasury Secretary Scott Bessent.”

February 3: Treasury gives Elez access to PAM. Booz threat contractor delivers report warning of grave insider threat.

February 5: Treasury gives Elez access to SPS, the payment system.

February 6 (afternoon): Elez resignation.

February 7: Treasury flags but then approves four payments. WaPo publishes story about Booz report and Booz contractor is fired.

February 8: Paul Engelmeyer limits Krause’s access.

February 10: Millenium Challenge Corporation submits, but then requests not to process, a payment.

Documents

Opposition to Stay

Thomas Krause Declaration: Describing the plan to use technology to provide more oversight over payments (citing three Biden-era GAO reports, not anything DOGE has discovered).

Vona Robinson Declaration: Describing that the only payment that has been intercepted at Treasury was a payment to the Millenium Challenge Corporation.

Michael Wenzler Declaration: Describing the hiring, employment status, revisions thereof, of Thomas Krause and Marko Elez, and also confirming Elez’ resignation from Treasury.

Joseph Gioeli Declaration: Describing the circumstances of Elez’ access and the investigation into what he did with it.