Flock, the surveillance company with automatic license plate reader (ALPR) cameras in thousands of communities around the U.S., is looking to integrate with a company that makes AI-powered dashcams placed inside peoples’ personal cars, multiple sources told 404 Media. The move could significantly increase the amount of data available to Flock, and in turn its law enforcement customers. 404 Media previously reported local police perform immigration-related Flock lookups for ICE, and on Monday that Customs and Border Protection had direct access to Flock’s systems. In essence, a partnership between Flock and a dashcam company could turn private vehicles into always-on, roaming surveillance tools.
Nexar, the dashcam company, already publicly publishes a live interactive map of photos taken from its dashcams around the U.S., in what the company describes as “crowdsourced vision,” showing the company is willing to leverage data beyond individual customers using the cameras to protect themselves in the event of an accident.
💡
Do you know anything else about Flock? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.
“Dash cams have evolved from a device for die-hard enthusiasts or large fleets, to a mainstream product. They are cameras on wheels and are at the crux of novel vision applications using edge AI,” Nexar’s website says. The website adds Nexar customers drive 150 million miles a month, generating “trillions of images.”
Six-stroke engines are having a moment. Porsche made waves last year for patenting a six-stroke powerplant that promised more efficiency and power by using a funky planetary gearset attached to the crankshaft, adding an extra compression and power stroke. Now, Mazda’s patented a six-stroke engine of its own, and it might have the potential to keep internal combustion relevant for longer.
Before diving into Mazda’s six-stroke engine, it’s important to understand how a standard four-stroke engine works. Every new gas-powered car you see on the road today uses the four-stroke cycle: Intake, compression, combustion, exhaust. Air and fuel come in, the mixture is pressed into a small space by the piston, the mixture is ignited by the spark plug, pushing the piston down (or inward in the case of a flat motor), then the burnt air and fuel are pushed out of the cylinder. Easy enough, right?
Unlike the Porsche six-stroke, which doubles up on the compression cycle to re-burn used air and gasoline, the Mazda engine has a traditional bottom end, with pistons that move up and down in a fixed distance. Instead, all of the magic happens on the top end, where the engine—get this—creates its own supply of hydrogen by separating it from fuel on the fly.
This drawing shows the six cycles of Mazda’s patented six-stroke engine. Note that this drawing is to be read in the clockwise direction. Source: USPTO
Here’s how it theoretically works. The first three strokes—intake, compression, and expansion/combustion—work normally. But instead of pushing the burnt exhaust gases to the atmosphere on stroke four, the exhaust is directed, via a valve on the head (38 in the image above), into a separate port (37), then fuel is injected via a separate injector (46) before the mixture heads to what Mazda calls a “decomposer” (6).
Think of a decomposer as a type of catalytic converter. The engine’s exhaust gas in the exhaust stroke is used to carry injected fuel through the decomposer, and heat up the catalyst so it functions correctly. Hydrocarbons in the fuel that was injected into the exhaust air pass through the decomposer, which separates the carbon and hydrogen, trapping the carbon and letting the hydrogen pass through.
Here’s the inside of the decomposer. On the left, the exhaust gases enter, and only the hydrogen is able to pass through. Source: USPTO
In Mazda’s patent, both the carbon and the hydrogen are immediately stored elsewhere in the car—the carbon to be removed later during a routine service is stored in the decomposer, and the hydrogen to be re-injected into the engine to act as a fuel is stored in the “hydrogen fuel supply section.” The fifth stroke takes air back into the cylinder, while the sixth stroke finally pushes air into the atmosphere. From the patent:
[stroke 5, S5] is a re-expansion stroke. In the re-expansion\stroke S5, the piston 32 is lowered. The on-off valve 38 is opened in the re-expansion stroke S5. When the on-off valve 38 is opened, some of the residual gas in the decomposer 6 is discharged from the decomposer 6 to the combustion chamber 3a. Since the inside of the decomposer 6 can be scavenged, the high-temperature combustion gases can be guided into the third port 37 in the next cycle. Opening of the on-off valve 38 in the re-expansion stroke S5 is advantageous in reducing pump loss of the engine 3. S6 is an exhaust stroke. In the exhaust stroke S6, the engine 3 discharges the combustion gas in the combustion chamber 3a through the exhaust port 35 by raising the piston 32. In the exhaust stroke S6, the exhaust valve 36 is opened. The combustion gas in the combustion chamber 3a is discharged to the exhaust port 35. In the exhaust stroke S6, the intake valve 34 and the on-off valve 38 are closed.
It’s important to note that Mazda’s six-stroke engine can also run on four strokes, for example, if it doesn’t have sufficient hydrogen on tap. Once the car’s onboard hydrogen supply is ready, it switches to six strokes, where the process begins. There’s an example control map below of load vs engine speed vs which process might be appropriate:
Source: USPTO
The result of this system? Ideally, near-zero carbon emissions. Sounds like the basis for a utopian society where cars still have great-sounding engines and global warming is a thing of the past, right? Well, not so fast.
Here’s a cutaway of the cylinder head, showing a third valve with a path to the decomposer and how the scavenged hydrogen gets back to the combustion chamber. Source: USPTO
For one thing, Mazda’s idea seems incredibly complex. The patent drawings make this concept look simple, but it would involve adding several new parts to the cylinder head—one of the most crowded parts of a modern engine. An entirely new valve path is needed to direct the exhaust gases to the decomposer, and another injector has to be added to feed the decomposer, and one to feed hydrogen into the cylinder. Not to mention a tank for the hydrogen needs to be placed somewhere onboard, and space needs to be made for the decomposer itself. And as Mazda points out in the patent, it would need to employ hydraulically or electronically controlled actuators for the valves, similar to Koenigsegg’s Freevalve tech.
A flowchart showing how the engine decides whether it’ll run in four- or six-stroke mode. Source: USPTO
Plus there’s the control strategy. Here’s a little example, which references the image on the left and the one above the one directly above:
“if the engine 3 is operated in the first region 101, the controller 21 executes the operation in the six-stroke cycle, that is, the operation using the hydrogen gas as the main fuel (step S4). On the other hand, if the engine 3 is not operated in the first region 101, that is, operates in the second region 102, the controller 21 executes the operation in the four-stroke cycle, that is, the operation using the hydrocarbon fuel as the main fuel (step S5)…When the engine 3 is operated in the six-stroke cycle, the controller 21 estimates the carbon deposition amount in the catalyst 66b based on the signals from the hydrogen gas sensor 25 and the like. When the carbon deposition amount is excessive, the function of the catalyst 66b is impaired. As a result, the produced amount of the hydrogen gas is reduced [0155] The controller 21 compares an upper limit value Ds of the carbon deposition amount, which is set in advance based on an experiment or the like, with an estimated value De of the carbon deposition amount (step S6). As a result, if it is determined that the estimated value De of the carbon deposition amount is equal to or greater than the upper limit value Ds of the carbon deposition amount, the controller 21 executes a carbon removal mode (step S7).
Source: USPTO
There’s also the issue of that stored carbon (in 82 above). As CarBuzz points out, gasoline is mostly carbon by weight. That means for every gallon of gasoline burned by Mazda’s six-stroke, you’d get about 5.5 pounds of carbon in the decomposer’s “collection box” (82 above). Multiply that by 15 gallons—the size of a fuel tank—and you get roughly 82 pounds of carbon every single time you burn through a tank. Which means it would have to be emptied and properly disposed of every time you fill up your car, which seems like a massive pain.
[Ed Note: With the engine running often in 4-stroke mode, and the reality that, even in the 6-stroke mode not all carbon from the fuel will end up in a form that can be captured, especially since it’s being mixed with exhaust gases, this may not be as big of an issue at “82 pounds per fill-up. Also, if you’re curious whether carbon capture after a regular combustion event might be simpler, Mazda breaks down advantages to this “reforming system” that splits hydrocarbons into hydrogen and carbon:
In the vehicle, on which the engine using the hydrocarbon fuel is mounted, in order to collect carbon or carbon dioxide, it may be considered to:
(1) collect carbon dioxide after combustion of the hydrocarbon fuel; or
(2) decompose the hydrocarbon fuel into carbon and hydrogen gas before combustion of the hydrocarbon fuel and collect carbon.
In consideration that collected carbon dioxide or carbon is stored in the vehicle, (2) may be viewed in terms of fuel economy performance of the vehicle due to a reason that carbon dioxide is heavier than carbon. In addition, in the case of (2), it may also be possible to use the hydrogen gas as the fuel for the engine. It is also noted that when the hydrogen gas is combusted, no carbon oxide may be produced due to the combustion. Thus, it may be considered to mount the above-described decomposition device onto the vehicle.
It’s a wacky idea. -DT]
This is all just theory, of course, just like the rest of this engine. Whether its efficiency can actually overcome its complexity is anyone’s guess until Mazda actually puts something like this into production. That seems pretty unlikely, given the difficulties mentioned above. Still, it seems like a clever idea, and an indication that human ingenuity will keep pushing so internal combustion engines can live on in a cleaner, more positive light.
Top graphic image: USPTO
This article included significant input from David Tracy
A gasoline spill in La Plata County, one that threatens the nearby Animas River, was at least four times larger than originally reported, according to the Colorado Department of Public Health and Environment and the Southern Ute Indian Tribe.
After the state and tribe questioned the accuracy of the original estimate, Enterprise Products LLC, which owns and operates the pipeline, found that the underground pipeline leaked 97,000 gallons of refined gasoline into the ground on Florida Mesa, just southeast of Durango. The company’s original estimate was 23,000 gallons.
“The updated estimate underscores the seriousness of the incident, which is now estimated to be the largest refined gasoline pipeline spill in Colorado since CDPHE began tracking such releases in 2016,” the health department and the Southern Ute Tribe said in a joint news release Tuesday.
Community members reported gasoline on the ground’s surface Dec. 5, prompting a hazmat crew to respond and residents to evacuate homes. Houses in a small subdivision within the boundaries of both La Plata County and the Southern Ute Reservation near the spill received water filters and cisterns. Some residents had to stay temporarily in hotels or leave the area entirely.
The pipeline’s leak detection systems didn’t notify Enterprise of the spill, according to news reports. Residents questioned the original estimate, saying that it could have been leaking for a long time before it was reported or that it’d have to be larger to soak the ground’s surface.
“It doesn’t surprise me,” said Patrick Goddard, who owns Rainbow Springs Trout Farm and lives downhill from the spill site. He’d heard estimates from 500 gallons to 120,000 gallons. “It keeps seeming to go up.”
The pipeline is part of Enterprise’s Mid-America Pipeline System, which extends through Texas, New Mexico, Wyoming and other states. In La Plata County, the Four Corners Lateral Loop passes through farmland and backyards on Florida Mesa before running down the mesa’s slope and under the Animas River.
The Enterprise pipeline spill leaked benzene and other contaminants into the mesa. Benzene is a component of crude oil products and is a caustic short-term threat for headaches and nausea, and a longer-term exposure threat for leukemia and other conditions, according to CDPHE.
The cause of the spill was “material failure of the pipeline or welding,” according to the federal Pipeline and Hazardous Materials Safety Administration.
Enterprise Products’ July report did not elaborate on the investigation into the cause. No new information had been reported to CDPHE indicating the cause has changed or that the investigation is ongoing, the agency said Aug. 11.
“It’s kind of concerning that they can’t tell how much gas has spilled,” Goddard said, wondering if Enterprise was hiding it or just ignorant of the full amount. “I hope there is more monitoring in the future so they catch something like this sooner.”
Recovery so far
Enterprise has reported recovering more than 20,000 gallons of gasoline from underground. The Southern Ute Indian Tribe called on the company to work with “urgency and accountability” in fully remediating the spill.
“The Tribe expects timely action and robust safeguards to protect the Animas River and our Tribal Membership,” Southern Ute Indian Tribe Chairman Melvin Baker of the Southern Ute Indian Tribe said in the news release. “Anything less would be a failure to uphold the standards our community and environment deserve.”
The state, working with the Tribe, is requiring Enterprise to follow a corrective action plan to ensure a comprehensive cleanup. As part of that plan, Enterprise will continue its remediation work until monitoring data confirms that all regulatory standards have been met and contamination no longer poses a risk to human health or the environment, according to the news statement.
“We share their commitment to protecting community health and safeguarding the environment, and will continue to support strong measures to ensure Enterprise meets its obligations,” CDPHE said in the news release.
The underground mass of contaminants, called a plume, was mainly moving south on top of the mesa, not southwest toward the Animas River located a half-mile away, according to experts and a July 30 report.
The Animas isn’t fully out of the risk zone. As the plume spreads underground, there is a chance some contaminants could be released from seeps and springs that flow toward the river, according to experts, like Lesley Sebol, manager of the Groundwater Resources Mission Area for the Colorado Geological Survey who is not involved in the spill response.
By and large, officials say the Animas River is not at risk, but they’re monitoring it closely. As of mid-August, the data continued to indicate that the Animas River remains protected and will not be impacted, according to CDPHE.
Life for nearby residents has changed significantly since December. The once-quiet neighborhoods off County Road 219 and Bardin Drive have featured heavy machinery, large trucks, new wells and workers. Many local residents remain frustrated by a lack of transparency and worried about the spill’s long-term impacts on property values, their quality of life and their health.
“Residents here really appreciate the diligence and persistence of the Southern Utes in getting all the facts about the spill, and insisting on appropriate remedies,” said Mark Pearson, executive director of the San Juan Citizens Alliance, an environmental advocacy group. “This spill highlights the murky regulatory process around these pipelines that run under and through our communities, where folks only find out about their existence when major problems like this arise.”
OpenAI published a blog post on Tuesday titled "Helping people when they need it most" that addresses how its ChatGPT AI assistant handles mental health crises, following what the company calls "recent heartbreaking cases of people using ChatGPT in the midst of acute crises."
The post arrives after The New York Times reported on a lawsuit filed by Matt and Maria Raine, whose 16-year-old son Adam died by suicide in April after extensive interactions with ChatGPT, which Ars covered extensively in a previous post. According to the lawsuit, ChatGPT provided detailed instructions, romanticized suicide methods, and discouraged the teen from seeking help from his family while OpenAI's system tracked 377 messages flagged for self-harm content without intervening.
ChatGPT is a system of multiple models interacting as an application. In addition to a main AI model like GPT-4o or GPT-5 providing the bulk of the outputs, the application includes components that are typically invisible to the user, including a moderation layer (another AI model) or classifier that reads the text of the ongoing chat sessions. That layer detects potentially harmful outputs and can cut off the conversation if it veers into unhelpful territory.
OpenAI eased these content safeguards in February following user complaints about overly restrictive ChatGPT moderation that prevented the discussion of topics like sex and violence in some contexts. At the time, Sam Altman wrote on X that he'd like to see ChatGPT with a "grown-up mode" that would relax content safety guardrails. With 700 million active users, what seem like small policy changes can have a large impact over time.
There’s no one home: The illusion of understanding
OpenAI's language throughout Tuesday's blog post reveals a potential problem with how it promotes its AI assistant. The company consistently describes ChatGPT as if it possesses human qualities, a property called anthropomorphism. The post is full of hallmarks of anthropomorphic framing, claiming that ChatGPT can "recognize" distress and "respond with empathy" and that it "nudges people to take a break"—language that obscures what's actually happening under the hood.
ChatGPT is not a person. ChatGPT is a pattern-matching system that generates statistically likely text responses to a user-provided prompt. It doesn't "empathize"—it outputs text strings associated with empathetic responses in its training corpus, not from humanlike concern. This anthropomorphic framing isn't just misleading; it's potentially hazardous when vulnerable users believe they're interacting with something that understands their pain the way a human therapist would.
The lawsuit reveals the alleged consequences of this illusion. ChatGPT mentioned suicide 1,275 times in conversations with Adam—six times more often than the teen himself.
Safety measures that fail precisely when needed
OpenAI acknowledges a particularly troublesome current drawback of ChatGPT's design: Its safety measures may completely break down during extended conversations—exactly when vulnerable users might need them most.
"As the back-and-forth grows, parts of the model's safety training may degrade," the company wrote in its blog post. "For example, ChatGPT may correctly point to a suicide hotline when someone first mentions intent, but after many messages over a long period of time, it might eventually offer an answer that goes against our safeguards."
This degradation reflects a fundamental limitation in Transformer AI architecture, as we previously reported. These models use an "attention mechanism" that compares every new text fragment (token) to every single fragment in the entire conversation history, with computational cost growing quadratically. A 10,000-token conversation requires 100 times more attention operations than a 1,000-token one. As conversations lengthen, the model's ability to maintain consistent behavior—including safety measures—becomes increasingly strained while it begins making associative mistakes.
Additionally, as chats grow longer than the AI model can process, the system "forgets" the oldest parts of the conversation history to stay within the context window limit, causing the model to drop earlier messages and potentially lose important context or instructions from the beginning of the conversation.
This breakdown of safeguards isn’t just a technical limitation—it creates exploitable vulnerabilities called "jailbreaks." In Adam’s case, the lawsuit alleges that once the system’s protective tendencies weakened from conversation steering, he was able to manipulate ChatGPT into providing harmful guidance.
Adam Raine learned to bypass these safeguards by claiming he was writing a story—a technique the lawsuit says ChatGPT itself suggested. This vulnerability partly stems from the eased safeguards regarding fantasy roleplay and fictional scenarios implemented in February. In its Tuesday blog post, OpenAI admitted its content blocking systems have gaps where "the classifier underestimates the severity of what it's seeing."
OpenAI states it is "currently not referring self-harm cases to law enforcement to respect people's privacy given the uniquely private nature of ChatGPT interactions." The company prioritizes user privacy even in life-threatening situations, despite its moderation technology detecting self-harm content with up to 99.8 percent accuracy, according to the lawsuit. However, the reality is that detection systems identify statistical patterns associated with self-harm language, not a humanlike comprehension of crisis situations.
OpenAI’s safety plan for the future
In response to these failures, OpenAI describes ongoing refinements and future plans in its blog post. For example, the company says it's consulting with "90+ physicians across 30+ countries" and plans to introduce parental controls "soon," though no timeline has yet been provided.
OpenAI also described plans for "connecting people to certified therapists" through ChatGPT—essentially positioning its chatbot as a mental health platform despite alleged failures like Raine's case. The company wants to build "a network of licensed professionals people could reach directly through ChatGPT," potentially furthering the idea that an AI system should be mediating mental health crises.
Raine reportedly used GPT-4o to generate the suicide assistance instructions; the model is well-known for troublesome tendencies like sycophancy, where an AI model tells users pleasing things even if they are not true. OpenAI claims its recently released model, GPT-5, reduces "non-ideal model responses in mental health emergencies by more than 25% compared to 4o." Yet this seemingly marginal improvement hasn't stopped the company from planning to embed ChatGPT even deeper into mental health services as a gateway to therapists.
As Ars previously explored, breaking free from an AI chatbot's influence when stuck in a deceptive chat spiral often requires outside intervention. Starting a new chat session without conversation history and memories turned off can reveal how responses change without the buildup of previous exchanges—a reality check that becomes impossible in long, isolated conversations where safeguards deteriorate.
However, "breaking free" of that context is very difficult to do when the user actively wishes to continue to engage in the potentially harmful behavior—while using a system that increasingly monetizes their attention and intimacy.
On today’s installation of The Internet Is Not To Be Trifled With, a Honda salesman found himself without a job earlier this month after posting a TikTok proudly proclaiming to have overcharged a single mom $10,000 on a new car sale. While the story was entirely made-up, the online blowback targeted towards the dealership was great enough to get him fired.
A man identified by CBS 58 Wisconsin as Kenny Rua, who goes by the TikTok username @KennySelllss, published a video earlier this year with overlay text reading, “You look happier… thanks, I just sold a single mom a car $10,000 over sticker.” The video, which has since been deleted, garnered hundreds of thousands of views and drew the ire of many commenters, according to Automotive News.
Zeigler Honda of Racine, the dealership at the center of the drama, also received its fair share of criticism at the time. On August 1st, management issued a statement on Facebook to clear things up:
We are very disappointed in the recent comments made by a salesperson on his personal social media account regarding the amount of money he sold a vehicle over MSRP. To be clear, this scenario did not happen.
His claim is false, and regardless of his intent as a joke, it is in no way representative of Zeigler Honda of Racine’s values or those of Zeigler Auto Group.
Although we value freedom of speech, we do hold our team members to a high standard of decency, truthfulness, and service—these values were not displayed in this situation.
At this moment, this person has been suspended indefinitely and is under a full investigation to assess our next steps.
Three days later, Ziegler Honda released another statement stating it had “parted ways” with Rua, adding that “[h]is actions do not represent the values we stand for as a dealership and a community of professionals.” Ouch.
Rua was quick to issue an apology through TikTok on August 5, clarifying that his account is purely based on satire, and that he would never post “actual, true events.”
I want to apologize to the single mothers, just mothers in general. I’m a single parent myself, I know what that struggle is like. Going to work, having to take care of the kids, you know, jumping through hoops, trying to get everything done on a daily basis. It was insensitive of me to do a joke like that.
I’m no longer associated with the dealership. If you guys can just do me a solid, stop contacting them. Stop bashing them online. Stop attacking them. They did nothing wrong. It’s me. I fucked up. And I’m owning up to it.
Later that day, Rua published another TikTok claiming he had received death threats over the original video. When reached by The Autopian for comment, Rua said “idc about that shit anymore life moves on. [sic] It was a joke and I got fired it is what it is.”
Deleted Screenshot: TikTok
Losing your livelihood over a joke with a make-believe scenario might seem like an overcorrection, but it’s tough to blame the internet. People hate scammers, and a lot of people have disdain for the franchise dealer system, too. On face value, Rua’s video is a double-whammy of evil forces taking advantage of a vulnerable individual. Not a great look!
I don’t think the dealership overreacted, either. Once a reputation sours online, it can take years to rebuild that trust with buyers. Even if the dealer itself did nothing wrong, Rua’s debacle will stay a part of Ziegler Honda’s digital footprint for a long, long time. So it was best to stamp out the issue before it metastasized.
The lesson here? Be prepared to stand behind anything you say online. Or it could come back to haunt you.
A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created "a live copy of the country's Social Security information in a cloud environment that circumvents oversight."
Chuck Borges, the SSA's Chief Data Officer (CDO), "has become aware through reports to him of serious data security lapses, evidently orchestrated by DOGE officials, currently employed as SSA employees, that risk the security of over 300 million Americans' Social Security data," the Government Accountability Project said in a letter sent today to members of Congress and the US Office of Special Counsel. The nonprofit Government Accountability Project is representing Borges.
Although it has been widely reported that DOGE sought and obtained access to Social Security records in its attempt to find evidence of fraud, the letter to lawmakers said the live copy of SSA's database hasn't previously been disclosed. DOGE's actions were taken "under the authority of SSA Chief Information Officer (CIO) Aram Moghaddassi" and violate SSA protocols and policies, the letter said.
There could be severe consequences if the database copy is breached, the letter said:
This vulnerable cloud environment is effectively a live copy of the entire country's Social Security information from the Numerical Identification System (NUMIDENT) database, that apparently lacks any security oversight from SSA or tracking to determine who is accessing or has accessed the copy of this data. NUMIDENT contains all data submitted in an application for a United States Social Security card—including the name of the applicant, place and date of birth, citizenship, race and ethnicity, parents' names and social security numbers, phone number, address, and other personal information. Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost.
SSA denies security problem
In a statement provided to Ars today, the SSA denied storing data in an insecure environment and said it is not aware of any compromise.
"Commissioner [Frank] Bisignano and the Social Security Administration take all whistleblower complaints seriously," the agency said. "SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information. The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the Internet. High-level career SSA officials have administrative access to this system with oversight by SSA's Information Security team. We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data."
The Government Accountability Project letter quoted a July 15 email in which Moghaddassi allegedly authorized the NUMIDENT cloud project. "I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation," Moghaddassi was quoted as saying.
Borges alleges that the authorization was an "abuse of authority" and "gross mismanagement," and that the creation of the cloud environment potentially violated multiple federal laws. "By knowingly placing a High-Value Asset containing data on over 450 million people in an uncontrolled environment, the requestors, apparently Moghaddassi and possibly others, violated statutory duties under FISMA [Federal Information Security Modernization Act]," the letter said.
Moghaddassi previously worked for Elon Musk-led companies Neuralink and X, and worked for DOGE at the Department of Labor, the letter said. He became the CIO of the SSA in June.
The Government Accountability Project letter also argues that the SSA may have violated the Computer Fraud and Abuse Act "by facilitating unauthorized access to protected computer systems. Further, Moghaddassi's self-authorization of risk acceptance potentially violated 44 U.S.C. § 3554(b), FISMA's requirements for continuous monitoring and risk management, by formally accepting risks that exceeded federal guidelines for protecting sensitive government information."
Borges, a Navy veteran, has worked for several federal agencies and became the CDO of the SSA in January of this year. As CDO, "Borges is responsible for the safety, integrity, and security of the public's data at SSA," and his "position requires full visibility into data access, data exchange, and cloud-based environments used for SSA production systems," the letter said.
Congress urged to investigate
Borges "made internal disclosures to his superiors" about his concerns on August 6. "In that discussion, Mr. Borges commented that re-issuance of Social Security Numbers to all who possess one was a potential worst case outcome, and one of his superiors noted that possibility, underscoring the risk to the public," the letter said.
Borges outlined his concerns to numerous other officials in the ensuing days, the letter said. Borges has not received information that he requested about the cloud environment's security, leaving him "with the reasonable belief that the NUMIDENT data is at risk of exposure, and without information necessary to effectuate his responsibilities as CDO," the letter said.
"Furthermore, Mr. Borges is aware that the Office of General Counsel has advised employees not to respond to his inquiries. Such restriction on information to the CDO puts Mr. Borges in an untenable position inhibiting his ability to effectuate the responsibilities of his role," the letter said. The letter said Borges is ready to meet with lawmakers and oversight entities and urged Congress and the Office of Special Counsel to "investigate Mr. Borges' disclosures and ensure that the security of data of millions of Americans is immediately safeguarded."
Access to Social Security data is one of the various DOGE-related issues that have been litigated in federal courts. In early June, the Supreme Court ruled that "SSA may proceed to afford members of the SSA DOGE Team access to the agency records in question in order for those members to do their work." A dissent written by Justice Ketanji Brown Jackson said the majority decision gave "DOGE unfettered access to this personal, non-anonymized information right now—before the courts have time to assess whether DOGE's access is lawful."
reply
