Skip to content

Instantly share code, notes, and snippets.

@spdustin

spdustin/Exhibit J.md

Created March 10, 2025 22:50
Show Gist options
  • Save spdustin/e33bfa8ba7eff4e3e78f82964a670d0c to your computer and use it in GitHub Desktop.
Save spdustin/e33bfa8ba7eff4e3e78f82964a670d0c to your computer and use it in GitHub Desktop.
Download ZIP
AFL-CIO vs SSA, Case No. 1:25-cv-00596-ELH
Raw
Exhibit J.md

EXHIBIT J

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND NORTHERN DIVISION

AMERICAN FEDERATION OF STATE, COUNTY AND MUNICIPAL EMPLOYEES, AFL-CIO, et al., Plaintiffs, vs. SOCIAL SECURITY ADMINISTRATION, et al., Defendants.

Case No. 1:25-cv-00596

DECLARATION OF TIFFANY FLICK

I, Tiffany Flick, declare as follows:

  1. My name is Tiffany Flick. I recently retired from the Social Security Administration (“SSA”) after working at the agency for almost 30 years.

  2. I began my career at the agency in 1995, when I joined as a social insurance specialist in a local Social Security office providing direct service to the public. I then took a promotion to a position in the Office of Budget at SSA Headquarters, where I held a variety of positions, including the Acting Associate Commissioner for Budget. I have also held a variety of roles in the Office of the Commissioner for multiple Commissioners, including Senior Advisor to Chief of Staff, Senior Advisor to the Deputy Commissioner, Executive Secretary, and Deputy Chief of Staff. Before becoming Acting Chief of Staff to Acting SSA Commissioner Michelle King on January 20, 2025, I served as the Associate Commissioner for Budget, Facilities and Security in the Office of Hearings Operations.

  3. The Social Security Administration oversees Social Security Retirement, Survivor, and Disability benefits, and Supplemental Security Income payments for nearly 72 million people. Providing those benefits requires the agency to maintain sensitive and personal information on nearly every person in the United States. In addition to Social Security numbers, that data include individuals' citizenship status, age, income, bank account numbers, medical history, and federal tax information.

  4. It has been a priority throughout my career to protect the extremely personal information that SSA collects and maintains. Throughout its existence, SSA has emphasized to the public that any personal data or information shared with the agency will be protected. The importance of privacy is engrained into every SSA employee from day one. Along with accurate and timely payment of benefits, attention to privacy is one of SSA's most fundamental duties. In 1937, the first regulation adopted by the Social Security Board outlined the rules regarding privacy and the disclosure of Social Security records. Through the years, other regulations and the Privacy Act have further defined the agency's responsibilities to ensure the confidentiality of the information the agency collects and holds.

  5. SSA's collection and maintenance of sensitive data is governed by numerous laws and policies, including the Privacy Act and Systems of Record Notices issued under the Privacy Act, the Social Security Act, federal tax laws, and internal SSA regulations and policies.

  6. In addition, every employee is required to sign two documents on a yearly basis. The first outlines our Systems Sanctions Policy, which explains the specific sanctions for any unauthorized access or disclosure of SSA data. The second document is an annual reminder about every employee's duty to protect personally identifiable information, including when SSA employees need to, as a part of their job, communicate with constituents outside the agency. In addition, annual information security training is required for all employees.

  7. Part of SSA's annual Financial Statement, Federal Information Security Management Act (“FISMA"), and internal controls audits examine the agency's privacy protections and data systems to help ensure that all information security policies and processes are being followed.

  8. SSA also has a detailed process for entering agreements with other agencies when there is a need to share data between agencies, such as computer matching agreements. This process generally takes months and involves multiple levels of review, including review by the General Counsel's office to ensure the sharing of information accords with all applicable privacy laws and policies of both SSA and the partner agency.

  9. On the morning of January 30, 2025, I got a call from Leland Dudek. At the time, Mr. Dudek was serving as a senior advisor in the Office of Program Integrity, where he worked on anti-fraud measures. Mr. Dudek told me that some members of DOGE requested to be on-site immediately and wanted to come to our Headquarters that day. He informed me that two DOGE associates, Michael Russo and Scott Coulter, would be working at SSA.

  10. Since Mr. Dudek was only a mid-level employee, I asked him why he was communicating with anyone from DOGE. Mr. Dudek told me that DOGE had reached out to him. I then told him to stand down and not have further contact with anyone from DOGE. I told Mr. Dudek that we would handle the issue through the Commissioner's Office. I immediately reported this call to Acting Commissioner King. We began to prepare to onboard Mike Russo, but Scott Coulter had not come to the agency prior to February 16, 2025.

  11. On January 31, 2025, Mike Russo came onsite to begin his onboarding process, and he officially joined the agency as Chief Information Officer (CIO) on February 3. He introduced himself as a DOGE representative to multiple employees on multiple occasions.

  12. That day, he also met with two senior executives and asked whether they planned to take the deferred resignation offer, commonly known as the "Fork in the Road" offer, and suggested that they should take the offer.

  13. As soon as Mr. Russo joined SSA, he requested to bring in a software engineer named Akash Bobba, who was already assisting DOGE in multiple agencies. However, there were challenges with Mr. Bobba's background check that took a few days to resolve.

  14. On February 10, the Commissioner's Office and the Office of Human Resources started to receive phone calls and emails from Mr. Russo, DOGE manager Steve Davis, and people who said they were associated with the White House's Presidential Personnel Office (“PPO”) but who were working out of the Office of Personnel Management (“OPM”). All of those contacts were about onboarding and giving Mr. Bobba the equipment and credentials he needed to access SSA data before midnight on February 10.

  15. I worked for multiple SSA commissioners across multiple administrations, and that request was unprecedented. I did not understand the apparent urgency with which Mr. Bobba needed to be onboarded and given access to SSA's systems and data, which are highly sensitive.

  16. Mr. Russo and Mr. Davis grew increasingly impatient over the course of the evening on February 10. We managed to swear Mr. Bobba in over the phone, contrary to standard practice, around 9 p.m. ET that evening. However, the credentialing process necessary for access to the systems would take longer.

  17. On the same day, February 10, Mr. Russo contacted several people, including Mr. Dudek, and put together his own internal team to answer questions from DOGE. Because Mr. Russo did not share many details of the questions or his conversations, I had only limited information on what the team he assembled was doing.

  18. Mr. Russo never fully disclosed to the Commissioner's office the details on what information DOGE wanted and issues it needed to address, but my understanding is that it was related to fraud. The information DOGE sought seemed to fall into three categories: (1) untrue allegations regarding benefit payments to deceased people of advanced age; (2) concern regarding single Social Security numbers receiving multiple benefits (which is normal when multiple family members receive benefits through one wage-earner); and (3) payments made to people without a Social Security number.

  19. I considered each of these concerns to be invalid and based on an inaccurate understanding of SSA's data and programs. As to the first, SSA's benefits' file contradicts any claim that payments are made to deceased people as old as 150 years. As to the second issue, DOGE seemed to misunderstand the fact that benefits payments to spouses and dependents will be based on the Social Security number of a single worker. As to the third, we were simply never given enough information to understand the source of the concern but had never encountered anything to suggest that inappropriate benefit payments were being made to people without a Social Security number.

  20. As soon as Mr. Russo started, the Commissioner's Office tried to assist him in the areas related to potential fraud to help him understand how the programs work, what measures the agency currently takes, and areas that need specific focus, as we would do for any new political appointee. We proposed briefings to help Mr. Russo and Mr. Bobba understand the many measures the agency takes to help ensure the accuracy of benefit payments, including those measures that help ensure we are not paying benefits to deceased individuals. However, Mr. Russo seemed completely focused on questions from DOGE officials based on the general myth of supposed widespread Social Security fraud, rather than facts.

  21. In addition, during this time, Mr. Russo was also having conversations with other agencies about data sharing, including the Department of Treasury, Department of Education, and Department of Homeland Security. While data sharing with these agencies is normal, Mr. Russo's lack of transparency with the Acting Commissioner about those conversations is not.

  22. Throughout this time, Acting Commissioner King requested that Mr. Russo report to her, as the CIO normally would, but he consistently gave evasive answers about his work. It appeared to me that he was actually reporting to DOGE.

  23. During the week of February 10, with daily pressure from Mr. Russo, the CIO's office tried to rapidly train Mr. Bobba to get him access to SSA data systems so he could work on a special project for Mr. Russo at DOGE's request and so that he could “audit" any of the work of SSA experts.

  24. We worked to provide Mr. Bobba with the necessary information and information security training but had to do so in a truncated manner and outside normal processes.

  25. Given that, I do not believe Mr. Bobba had a sufficient understanding of the sensitive nature of SSA data or the ways to ensure such data's confidentiality. These are complicated systems with complex policies governing very large programs, and it simply is not possible to become proficient within a matter of a few days.

  26. Based on my conversations with experts in the CIO's office, I determined that Mr. Bobba could have access to anonymized and read-only Numident data using a standard “sandbox" approach so that he wouldn't have access to other data. That access was sufficient to allow Mr. Bobba to answer DOGE's numident-related questions about fraud as I understood them, but didn't expose personally identifiable information. This approach was similar to how we would handle any request to review SSA's records for potential fraud, waste, and abuse by oversight agencies like OIG, GAO, or auditors conducting financial statement and FISMA audits. For auditors, we would only provide the data they were requesting for the scope of their review, which they would outline in detail. SSA would provide anonymized or sanitized data needed for the type of review being conducted. If problems were identified, then the individual cases would be located and addressed.

  27. Unfortunately, due to the speed with which we were demanded to work, the anonymized file had technical glitches that created problems with the data in the file.

  28. Mr. Bobba reported that there were problems with the sandboxed, anonymized Numident file on Saturday, February 15. I understood that Mr. Bobba was working off-site at OPM while he was analyzing the SSA data. I also understood that other, non-SSA people were with him and may have also had access to this protected information. My understanding is that Mr. Russo approved a telework agreement for Mr. Bobba (while at the same time directing CIO management to work onsite full-time) to allow him to work out of OPM. But our standard telework agreements state that employees need to work in a private location and should be careful to protect systems and data from unauthorized access. Mr. Bobba's work didn't seem to align with those requirements.

  29. I also understood that a DOGE employee asked why it was taking so long to get Mr. Bobba access to SSA's data and why SSA was more difficult than other agencies.

  30. Mr. Russo and other DOGE officials demanded that Mr. Bobba be given immediate, full access to SSA data in the Enterprise Data Warehouse (“EDW”), which included Numident files, the Master Beneficiary Record (“MBR”) files, and the Supplemental Security Record ("SSR") files.

  31. The mater files in the EDW, including the Numident, MBR and SSR files, includes extensive information about anyone with a social security number, including names, names of spouses and dependents, work history, financial and banking information, immigration or citizenship status, and marital status.

  32. The Numident file contains information necessary for assigning and maintaining social security numbers.

  33. The MBR and SSR files contain detailed information about anyone who applies for, or receives, Title II or Title XVI benefits.

  34. Full access to the EDW would provide "read" access to most of SSA's data. Read access does not allow a user to change data but does permit a user to copy and paste, export, and screenshot that data or otherwise compile it for analysis.

  35. Full access to other SSA data systems might also include “write” access, which would allow for the changing of data in the system.

  36. It was never entirely clear what systems Mr. Russo wanted Mr. Bobba to have access to, but Mr. Russo repeatedly stated that Mr. Bobba needed access to "everything, including source code."

  37. Generally, we would not provide full access all data systems even to our most skilled and highly trained experts. The scope of each official's access is job-dependent and follows separation of duties to keep individuals from making inadvertent or unauthorized changes to systems.

  38. We tried to determine why Mr. Bobba needed full access to the EDW. But Mr. Russo was evasive and never provided the kind of detail that SSA typically requires to justify this level of access.

  39. Instead of giving us time to resolve the technical issues with Mr. Bobba's sandbox, on February 15, Mr. Russo went to the federal Chief Information Officer, a Presidential appointee housed within the Office of Management and Budget, and got an opinion saying he could give Mr. Bobba access to all SSA data.

  40. Meanwhile, I received phone calls from SSA staff that Mr. Russo requested they provide full access to the EDW for Mr. Bobba. I told our CIO's office not to provide Mr. Bobba with that access and informed them that Mr. Russo needed to speak with Acting Commissioner King, because we needed to understand why this level of access was necessary to address the specific questions or issues they were looking at.

  41. Also on February 14, Mr. Dudek was placed on administrative leave while an administrative investigation was conducted regarding allegations of multiple inappropriate actions. The public reporting of this incident is largely correct.

  42. All of this led to the escalation of tensions over the weekend of February 15 and 16, 2025, because we did not promptly provide full access to SSA's data and because Mr. Dudek was placed on administrative leave.

  43. But the request to give Mr. Bobba full access to these databases without justifying the "need to know" this information was contrary to SSA's long-standing privacy protection policies and regulations, and none of these individuals could articulate why Mr. Bobba needed such expansive access. I also understood that Mr. Bobba would not view the data in a secure environment because he was living and working at the Office of Personnel Management around other DOGE, White House, and/or OPM employees.

  44. Acting Commissioner King requested more details from Mr. Russo on why this level of access was necessary for the work Mr. Bobba was conducting before authorizing any additional access. She did not get an answer.

  45. Instead, on February 16, 2025, Commissioner King received an email from the White House noting that the President had named Mr. Dudek as the Acting Commissioner. At the time this email was sent, I understood Mr. Dudek to still be on administrative leave because, according to normal agency procedure, it would be his immediate supervisor that would have had to lift his leave—which had not happened.

  46. Shortly after Commissioner King informed me of Mr. Dudek's elevation to Acting Commissioner, I retired.

  47. I understand that, upon my leaving, then-Acting Commissioner Dudek gave Mr. Bobba and the DOGE team access to at least the EDW and possibly other databases.

  48. I am deeply concerned about DOGE's access to SSA systems and the potential to inappropriately and inaccurately disclose this information, especially given the rushed nature in which we were required to onboard and train Mr. Russo and Mr. Bobba.

  49. I am not confident that DOGE associates have the requisite knowledge and training to prevent sensitive information from being inadvertently transferred to bad actors. That concern is elevated, given that I understand Mr. Bobba to be working, and thus accessing SSA systems, from OPM offices—surrounded by employees and officials of other agencies and White House components who have, to my knowledge, never been vetted by SSA or trained on SSA data, systems, or programs. Given that non-secure off-site access, the protections built into SSA's data systems may not work. Others could take pictures of the data, transfer it to other locations, and even feed it into AI programs. In such a chaotic environment, the risk of data leaking into the wrong hands is significant.

  50. Access to the EDW alone would not affect benefit payment systems. However, I witnessed a disregard for critical processes—like providing the “least privileged" access based on a "need to know"—and lack of interest in understanding our systems and programs. That combined with the significant loss of expertise as more and more agency personnel leave, have me seriously concerned that SSA programs will continue to function and operate without disruption. SSA information technology is made up of an incredibly complex web of systems that are extremely reliable in making Social Security and Supplemental Security Income payments. Some of the system operate based on old programming languages that require specialized knowledge. Such systems are vulnerable to being broken by inadvertent user error if SSA's longstanding development, separation of duties, and information security policies and procedures are not followed. That could result in benefits payments not being paid out or delays in payments. I understand that DOGE associates have been seeking access to the “source code” to SSA systems. If granted, I am not confident that such associates have the requisite understanding of SSA to avoid critical errors that could upend SSA systems.

  51. Additionally, even with only read access DOGE can, and has already, used SSA data to spread mis/disinformation about the amount of fraud in Social Security benefit programs. The agency can always do more to ensure accurate and timely benefits payments, and it continues to pursue improvements. However, fraud is rare, and the agency has numerous measures in place to detect and correct fraud.

  52. SSA serves practically every American in this country. And the agency administers more than $1.5 trillion dollars of the American economy. And we understand the seriousness of our responsibility to the people of this country.

  53. A disregard for our careful privacy systems and processes now threatens the security the data SSA houses about millions of Americans. The stakes are high.

  54. It is because of these very real concerns that I submit this declaration today.

I declare under penalty of perjury, as prescribed in 28 U.S.C. § 1746, that the foregoing is true and correct.

Executed on March 6, 2025, in Valparaiso, Indiana.

Tiffany Flick

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment