Security Concerns Surround AI Vision for US Government

AI and the Future of Government Efficiency

Elon Musk has proposed that government bureaucracy could be streamlined using artificial intelligence (AI) and interactive chatbots. The Department of Government Efficiency (DOGE), which Musk is reportedly overseeing, is reviewing federal government agencies to identify and reduce what it views as inefficient spending authorized by the U.S. Congress. The initiative to create a government framework using generative AI will involve pooling significant amounts of training data, a process that DOGE is allegedly already undertaking.

This task would largely be accomplished by importing large amounts of information from government employees’ online conversations conducted on collaboration platforms, such as Microsoft’s SharePoint and considerable volumes of email. Beyond the technological challenge of achieving such a daunting objective, there exists a significant risk to highly sensitive information, including its sources and the methods by which it is acquired. This raises important national security concerns.

Recent History of US National Security Breaches

Sharing Government Data in the Internet Age

Understanding the national security risk requires some background. One of the key skills federal employees develop is knowing how information flows within their organization. At the beginning of my tenure as a foreign service officer a few decades ago, the United States Foreign Service repeatedly instructed its employees that assignments would teach how data travels through the system.

With the arrival of the internet to desktop computers under former Secretary of State Colin Powell’s leadership, an important transition began in which the federal government learned how data transited through individual organizations and was connected to interagency activities with intelligence, defense, and other agencies.

Public servants across the myriad bureaus and offices involved in foreign affairs witnessed new ways in which information moved throughout the government. For instance, the government’s inability to connect the dots on the activities of the 9/11 hijackers highlights the critical importance of information exchange to national security and the potential consequences when it fails.

For the Department of State (DOS), ensuring data distribution aligned with national security concerns meant shifting from a need-to-know model of information management to embracing a need-to-share model. During the early 2000s, my colleagues and I developed new means to collect and disseminate information. In an interagency effort, we created an enterprise platform for passing on-the-job knowledge from a rapidly retiring workforce to new hires.

In doing so, our agency developed a distributed set of online communities for sharing practical guidance on myriad topics, including how to manage the transition of military units on assignments in Iraq and Afghanistan and the budding new discipline of open-source intelligence analysis. Another of the DOS’ information sharing initiatives, Secure Internet Protocol Router Network (SIPRNet) Distribution or, internally known as SIPDIS, was used to share its classified cables with the Department of Defense (DOD).

SIPDIS was the embodiment of the need-to-share mantra. When established, it was unclear to what extent the military would use it; however, only when complaints came in regarding service interruptions did its importance become apparent. An exemplar came from a unit in the U.S. Navy’s Sixth Fleet, which was having difficulty maintaining SIPDIS connectivity. Our agency assumed the issue was at an onshore facility in Italy or Spain.

Surprisingly, the problem was observed aboard an Aegis cruiser monitoring civil unrest in Algeria from international waters offshore. SIPDIS reporting gave the ship’s captain a valuable source of information regarding the potential need to evacuate American citizens from the country.

Chelsea Manning, Wikileaks, and Lasting Implications

Unfortunately, SIPIS is also historically synonymous with one of the most significant data breaches in U.S. history: the illegal copying of some 251,287 diplomatic cables and their release to Julian Assange’s Wikileaks by U.S. Army intelligence specialist Chelsea Manning. The impact of the breach, carried out by Assange, was sweeping and immediate. Sensitive information was exposed, and diplomatic relationships were affected. The leaked materials were reported in news outlets worldwide, leading to notable consequences.

For instance, when Tunisians rose up against their government in the first of the Arab Spring revolutions, the country’s military refused to put down the protests by force. Junior officers tasked with ending the uprising disobeyed orders from generals and the ruling elite, the latter of whom were identified as excessively corrupt by U.S. diplomats and defense attachés posted to the Tunis Embassy, according to reporting in local news outlets based on information in Wikileaks.

After the Wikileaks episode and Manning’s arrest, much finger pointing ensued. However, the lesson was simple. While the DOS had robust rules on what material could be read by different individuals based on their roles and locations in the organization, those controls were stripped away when the information was passed to servers at the DOD. While still classified, the information was all readable to anyone with access to SIPRNet’s SIPDIS archive.

Consequently, Manning accessed the cables, burned their information to compact discs, and shared them with an intermediary who facilitated their delivery to Wikileaks. Thus, the lesson was that the role-based access controls for protecting secret communiqués should always be maintained. Yet, the DOGE’s aims to implement AI-driven systems to streamline government operations could strip away rather than uphold these access controls.

Altogether, the Manning breach and its lasting consequences are incredibly relevant as Musk’s DOGE team moves into the Pentagon.

Edward Snowden and the National Security Agency

Nine agencies of the U.S. Intelligence Community report to the DOD, including the National Security Agency (NSA). A far-reaching, cyber-intelligence service, NSA was stunned by another major breach more than a decade ago, when Edward Snowden took a trove of ultra-sensitive data first to Hong Kong and eventually to Russia, where he remained and was granted citizenship in September 2022.

That Musk and his small cadre of workers often connected with Musk’s companies may gain even greater levels of access to classified information than Snowden did in his duties as a systems administrator for the DOD’s most sensitive networks is also cause for concern, especially given their current handling of sensitive government information.

Government Efficiency and National Security Lapses

To fulfill the DOGE’s vision of AI-driven government oversight system, massive concentrations of data may be pooled together for the purposes of training AI models. Such repositories are incredibly attractive, high-value intelligence targets. Yet, the DOGE team has shown little regard for sensitive national security-related data, posting information labeled both secret and not for foreign distribution on doge.gov regarding the National Reconnaissance Office (NRO).

This is an enormous national security lapse as the NRO’s responsibilities include developing, deploying, and maintaining U.S. intelligence satellites. Further, the NRO’s existence was not acknowledged until 1992, more than 30 years after its founding. Until the DOGE’s website postings revealed the agency’s headcount and budget, this information remained an official secret due to its ultra-sensitive nature.

Beyond the NRO, DOGE operatives gained access to classified data at USAID, and as foreign aid efforts intersect with counterterrorism programs, ensuring sensitive information remains secure is paramount to U.S. and international security interests.

These lapses in handling classified materials may only represent the tip of the iceberg in terms of broader national security risks.

International Intelligence Relations

Another concern involves secret information shared with allies, including those of the Five Eyes Intelligence Oversight and Review Council (FIORC) — Australia, Canada, New Zealand, the U.K., and the U.S. The FIORC members exchange highly sensitive intelligence information and prioritize its security.

Past national security breaches, both recent and from decades ago, serve as stark reminders of the consequences when intelligence assets are compromised. Notable examples include the defection of senior MI6 officer Kim Philby to Moscow in 1963 and Snowden’s flight there 30 years later, both of which resulted in the loss of intelligence operations and the deaths of agents whose activities were compromised.

Key Considerations Moving Forward

A foremost concern is DOGE’s custodianship of classified data. In gathering large volumes of secret information and converting it to a format useful for training AI models, access controls could be removed, and the data stored in a manner that makes it uniquely vulnerable to foreign compromise.

That possibility that DOGE could facilitate a similar national security breach as those discussed should be a primary concern, not only in the intelligence community but also for elected officials charged with its oversight.

This publication was produced on behalf of Rice University’s Baker Institute for Public Policy. Wherever feasible, the material was reviewed by external experts prior to its release. Any errors are the responsibility of the author(s) alone. 

This material may be quoted or reproduced without prior permission, provided appropriate credit is given to the author(s) and Rice University’s Baker Institute for Public Policy. The views expressed herein are those of the individual author(s) and do not necessarily represent the views of Rice University’s Baker Institute for Public Policy.