1 day ago
6
Chuck Borges has had quite the year.
In January, Borges started a new job as the Social Security Administration’s chief data officer, overseeing some of the most sensitive data systems in the federal government—including databases containing Social Security numbers, addresses, citizenship status, and benefits records of nearly every American.
Or at least that was the job description. Instead, he spent seven months struggling to get basic visibility into the systems he was statutorily responsible for, at times learning about how Elon Musk’s so-called Department of Government Efficiency (DOGE) was operating at the agency in press reports rather than internal discussions. By this summer, he filed a whistleblower complaint alleging that DOGE had copied and moved sensitive American data to an unsecure cloud environment. Borges was quickly forced to resign.
Now, Borges is launching his campaign for Maryland state senator.
In his first interview since the campaign began on Tuesday, Borges describes his clashes with DOGE, being sidelined at his own agency, and why he thinks technologists are needed to help steer this new era of government.
This interview has been edited for length and clarity.
WIRED: Why did you decide to run for office? And how did working under DOGE influence your decision to run?
Chuck Borges: I left SSA in late August, and the next month was very trying, both personally and professionally. There was a lot of congressional interaction. There was some media outreach. We had a lot of documentation to work on. I started to express to various local groups that they should be concerned about data privacy. This is not a partisan issue. It’s a nonpartisan issue that your data privacy should be concerning to you and that there’s risk involved.
In early October, the local Democratic Party reached out to me and asked if I would be interested in running for office. The reason I’m running is pretty simple—I worked at the highest levels of federal government and through that process I saw a lot of interactions with Congress. There’s a lot of concerns in the country today around government dysfunction and a lot of things just aren’t working.
DOGE didn't influence my decision, but the dysfunction I experienced this year in general continued to motivate me to find ways to serve the public better.
When you first heard about DOGE involving itself at SSA, what did you expect would happen?
I didn't know what to expect initially. There wasn't a lot of structure around what the DOGE personnel coming in would or wouldn't be doing, and what the use cases were in which they'd be operating. If that was understood at the highest levels, it wasn't communicated to me. I learned that they were going to be operating on a combination of discrete projects and general review of SSA systems, but for the first few months, I did not have almost any interaction with them.
When did you start growing concerned about how SSA leadership and DOGE was handling data at the agency?
The first moment that I grew concerned that I was not being adequately involved in discussions was learning about the Death Master File changes through media reports, because this would be the 6,000 people who received the artificial dates. [SSA’s Death Master File essentially records all deaths reported to the agency. In April, SSA classified around 6,000 living immigrants as dead, making it more difficult for them to apply for and receive financial services.]
While the data officer may not have the approval authority that others do at the agency, that is something that, in my experience, you would consult data authorities on. And with a CDO, you would be at least consulting and informing them of significant changes or risks involving critical datasets, personal information or high-value data. That was the first alarm bell for me.
How did you approach the work when you had limited insight into what was happening?
I tried to reach out through my perceived chain of command. I also tried to understand what was going on through colleagues in the data space, and the information was very tightly controlled, so I wasn't able to get a lot of answers. It's not necessarily that I believe colleagues were hiding things from me. It's that a lot of people didn't know what was going on in various parts of the organization, with no nefarious intent. That could just be confusion.
In my whistleblower disclosure, I discussed a sequence of events that raised continuing concerns to me. Data officers like to make data more open and transparent. I would like to make sure that we have a better understanding of the data that we have by cataloging it, and then I would like to be able to track and manage how that catalog data is being used. While there was a lot of confusion [during the DOGE era], you do your best to put the administrative and technical structures in place to catalog data, to track it, to identify who's responsible for it, and to make decisions around it. The challenge for me was that I couldn't do a lot of that, due to both the administrative concerns and the fact that, like for when it comes to data governance, for instance, I was denied permission to hold data governance council on multiple occasions. [Data governance councils are made up of agency officials who ensure that data standards and rules are followed.]
As an expert in government data, what do you believe was the purpose behind DOGE’s decision to move SSA data to a separate, unsecure cloud environment?
I never saw a use case that required this scale and scope of data in my time as CDO.
What’s the worst-case scenario of uploading sensitive SSA data to an unsecure cloud?
Just like when any personal information is stored, if it's not properly secured, it could be accidentally exposed to bad actors. Data breaches through simple human error, without any bad intent, happen all the time. The Numident data I talked about in the disclosure, it’s actionable. It's all the information that you put into a birth certificate. It’s residence. It’s date of birth, place of birth, mother's maiden name. The information that can identify you as a person, whether it's current or not, it's still very actionable, and that's highly sensitive information that needs to be treated very carefully.
When did you first raise concerns about DOGE’s access to SSA data? What made you realize those concerns weren’t going to be addressed internally?
When I disclosed my concerns internally, I was expecting a lot of feedback. Before, I think, a calendar week passed, I was instead informed that employees were being told not to answer my questions.
[In a recent letter to the chair of the Senate Committee on Finance, SSA commissioner Frank Bisignano claimed that an agency review found “that neither the Numident database nor any of its data has been accessed, leaked, hacked, or shared in any unauthorized fashion.”]
Why did you decide to become a whistleblower?
As the chief data officer, I have the direct responsibility for the safety and security of public data. Based on the information I had, it seemed apparent to me that I would not be able to verify the safety and security of that data. And when I paired that with my role and my concerns that I wasn't going to be able to execute on that role as required by the law, I felt it necessary to raise those concerns to the appropriate oversight authorities.
Was there a moment when you realized the cost of raising these concerns would end your career?
It was a thought I had. I had seen other executives escorted out of the building or compelled to leave for raising concerns. So I understood that was a potential outcome, and I was prepared for that. There’s never a wrong time to do the right thing.
What advice would you give to feds who might find themselves in a position similar to yours?
I would offer those in leadership positions the following advice: (A) Definitely don't break the law. (B) Don't put your people in morally or ethically questionable situations. And (C) look around and ask questions, because when you sign up to be a leader, you sign up to assume a bit of professional risk in order to make sure that your concerns can be heard. And this is the position I found myself in.
For those that are working, I understand that you're afraid. Just make sure that you are doing the best to document the work that you're doing, so that it can be tracked and managed by your superiors, so that you can get credit for the work that you're doing, and so that if there ever are any concerns, they can be properly backtracked and unpacked.
Elon Musk recently did an interview with Joe Rogan where he said that DOGE is still operational and continuing to cut costs within federal agencies. What risks does this pose?
There are definitely inefficiencies in the government that could stand improvement. I don't know that anybody would dispute that, and the government does move awfully slow at times. However, the government also handles a large amount of sensitive information and tax dollars. You need to pair speed with intention in order to make sure the government can operate efficiently, and you need to make sure that you're looking forward to the desired outcome, which is exactly why I'm running for State Senate, so that you can build something that's sustainable.
What do you want to accomplish as a Maryland state senator?
I live in a region of southern Maryland that is a really unique combination of biodiversity, agricultural expertise, and—because of our position close to DC and the military base down here—tech savvy. So this should be a region that is ideally poised for growth, and it’s shrinking.
I believe that I have the experience in both executive management, a little bit in legislation, and I have the tech savvy to really help my region think outside the box and unstick it, turn it into a real model of sustainable growth for, honestly, the entire East Coast.
English (US) ·