A worker at the General Services Administration told colleagues in a Slack message Tuesday that they have resigned in protest after Elon Musk ally Thomas Shedd requested “admin/root access to all components of the Notify.gov system,” which is a government system used to send mass text messages to the public that contains information the worker said is highly sensitive and would give Shedd unilateral, private access to the personal data of members of the public.
Shedd is a former Tesla engineer who now runs Technology Transformation Services (TTS), a group of coders and software engineers within the GSA, who is closely allied with Elon Musk and DOGE. Notify.gov contains not just the phone numbers of everyday people but also information about whether they participate in government programs such as Medicaid, which is based on a person's financial situation. In recent days, Musk has become obsessed with the idea of "fraud" in Medicaid, Medicare, and Social Security, and in identifying those he suspects are committing fraud.
“The TTS commissioner, Thomas Shedd, has required us to provide admin/root access to all components of the Notify.gov system,” the Slack message, seen by 404 Media starts. It then says this would allow Shedd to “view all personally identifiable information (PII) moving through the Notify system, including phone numbers and variable data for members of the public.” It says Shedd “would be able to download and store this data without anybody else receiving a notification.”
“I don’t believe that I can operate a program and system without the ability to manage access to PII,” they added. “As a result, I have submitted my resignation to GSA. Today will be my last day.”
404 Media previously obtained leaked audio from a meeting Shedd had with TTS employees in which he suggested that a tool called login.gov could be turned into an information sharing platform across government agencies that could be used to identify people doing fraud. He also suggested that many government employees could be replaced with “AI coding agents” that would be created by his team.
Notify.gov is a platform that allows government agencies to text people. Examples shown in a demo include, for example, telling someone that their Medicaid coverage is expiring and must be renewed alongside instructions to renew it.
Sources at TTS told 404 Media that the fact Shedd wants access to Notify.gov is “scary news.”
“Someone at TTS resigned rather than surrender a vast trove of data to Thomas Shedd,” one employee said. “I’m scared that we’ll run out of people who will tell him no.”
The employee told 404 Media that "Notify contains PII, including at least: names, phone numbers, and the status of participating in public benefit programs which are based on financial status."
Another employee also told 404 Media that the development was concerning, and that granting Shedd admin access to the system outside of established protocols would be dangerous for the resigning worker to do.
“The Federal Information Security Management Act of 2002 (FISMA) requires creating these policies for every information system,” the second employee told 404 Media. “They are a legal requirement. The policies spell out who can have access and under what circumstances. An authorizing official must accept the policy by formally signing it and personally accepting the risk.”
FISMA says that to provide someone access to a system they must go through an Authorization to Operate (ATO) process that determines who should have access to what systems, and for what reasons. The resigning worker said in their Slack message that they had been “instructed to skip that process and place the system in non-compliance.”
The worker who resigned said in their resignation note that Shedd would have unfettered, private access to the information of anyone who has interacted with the Notify system.
Here is the full message:
• Thomas would be able to view all personally identifiable information (PIl) moving through the Notify system, including phone numbers and variable data for members of the public. This information exists in our UI, cloud.gov-managed resources, and AWS resources. Thomas would be able to download and store this data without anybody else receiving a notification.
• Thomas would be able to fully manage the access of others, including granting the same access to others or removing it from existing team members. Granting the same access would, of course, grant the same ability to view and download PII.
We have not received a justification for this request, which makes it difficult to suggest alternative approaches that would accomplish Thomas's goals while still being protective of PlI for members of the public. We have made clear to Thomas that this level of permission would allow access to PII. While we have suggested alternatives, such as read-only access, Thomas has continued to request full admin/root access.
We also believe that this level of access for somebody outside of the product team is not contemplated by the system's authority to operate. While it's entirely possible to properly update the SSPP [System Security and Privacy Plan] to add this sort of access using our established ATO [Authorization to Operate] processes, we have been instructed to skip that process and place the system in non-compliance until the access is remediated.
I don't believe that I can operate a program and system without the ability to manage access to PII. As a result, I have submitted my resignation to GSA. Today will be my last day.
It has truly been a pleasure to work with each and every one of you. I have valued your individual and collective contributions toward building a new-to-government shared system that has already had an impact. I have valued your care, commitment, and diligence. We have built a program together on a stable foundation, which can allow it to survive even beyond our time on this team. I am proud of that, and l am proud of you.”
After this article was originally published, GSA Acting Press Secretary Will Powell told 404 Media that Shedd's "Access ensures a detailed understanding of how the systems work so areas for optimization and efficiencies can be quickly identified. Mr. Shedd is working with all appropriate GSA officials to ensure all established GSA protocols and policies are followed before he is granted access to a TTS system. Mr. Shedd has not been given access to the Notify.gov system at this time."
Update: This article has been updated with comment from the GSA.
