Jenna McLaughlin
Appearances
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
I'm going to go with A. I'm going to go with C. All right.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
Well, it was a slow burn, and I think you have sort of two things happening at the same time. So one is you have huge leaps in technology, right? It becomes much cheaper. to have cameras everywhere and to process the data and their ability to capture images and voices and other kinds of data about us has also gone up dramatically.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
At the same time, you have two other factors on the buy side, if you will, right? So one is the government after 9-11 builds a huge surveillance infrastructure and that includes police-owned cameras in our city streets. It also includes purchasing data from all of these different apps and cameras and license plate readers that are all over our cities. Right.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
Yeah. At the same time, you have a targeted ad market, right? So companies want to know where you went, what you bought, what you clicked on, so they can serve you with targeted ads. So you have this confluence of factors on both the supply side and the demand side, which lead us to a situation where surveillance becomes pervasive.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
I mean, I think because it's happening a step at a time, people don't necessarily realize how pervasive the surveillance is. Like crabs boiling in water, basically.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
I mean, I think it all goes back to the ad economy, right? Which is that Every move you make in the commercial space, by and large, is tracked so that companies can build profiles of you about what kind of purchaser are you. Are you a Walmart purchaser or are you a Whole Foods purchaser? And what does that mean in terms of what your income and lifestyle and purchasing habits might be?
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
And then that allows them to target ads to you just to make us buy more stuff. It's the American way. And that data, though, is also really rich and detailed and also provides insights about individuals' political leanings potentially, their faith. All of these kinds of information may be inferred from a sufficient collection of data.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
And that then becomes very useful to the government, which also fuels the market for this data to continue being collected and continue being sold.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
One thing that I think is important to also remember in all of this is that the data isn't always accurate, right? I didn't know that. Yeah. They call it noise when they talk about data. You could be associated with the wrong people, the wrong cars, the wrong address.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
And maybe that's fine if you're talking about marketing, but that's definitely not fine if the government is planning to take any action based on that data.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
Absolutely. The government's other argument for why it wanted TikTok out of Chinese hands is because It said, well, the algorithm that TikTok uses could be used to manipulate American public opinion, which is, I think, an incredibly paternalistic argument. And generally, the courts are very reluctant to accept paternalistic arguments in the face of a First Amendment challenge.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
I think for both of those issues, the surveillance infrastructure that has been built up over the last two decades is really problematic for people who are vulnerable. I think Jenna's right to say that we don't know exactly what the new administration will do, but one thing we do know they'll do is that they're going to try and deport
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
a large number of people who are in this country without authorization. And in the past, ICE has used, which is the Immigration and Customs Enforcement, used a database which contrains Hundreds of millions of phone records, water records, electric, utility, gas, phone, internet, cable, those records are associated with a name, right?
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
And that can be used to also identify individuals who may be in the country illegally. So that's something that ICE has done in the past according to public reporting and could potentially do again.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
So I think that we shouldn't have to give up our privacy just in order to get convenience. We should be able to have both. And there are a couple of ways that that can be accomplished. One part is the part that we can all do ourselves. When you get that annoying notification about cookies, click on it, you know, turn them off. That way they can't track you as well.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
We've also seen a lot more privacy by default in settings. So one of the things that I believe it was Apple did, is that the apps on your phone were sharing location information without getting explicit consent. Apple sort of changed the default so that now in order to share your location, you actually have to go in and say, yes, Angry Birds can share my location.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
So that makes a huge difference, checking the privacy settings on your browser. will also limit the collection of information about you. So those are things we can do. There are things that companies have done and I think will continue to do to protect user data. But at the end of the day, I think the government has to step in and provide us with comprehensive data privacy protection.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
You know, the entire European Union, all of those countries have a law that protects their data so that there are limits on, you know, the data that is collected. So they're like, you know, pretty basic building blocks of what data privacy law has to include. And we have a bill that's been introduced but has never actually moved out of the Commerce Committee, I believe.
It's Been a Minute
Drones, TikTok & Luigi Mangione have us asking: who's watching us?
Yes, that's what we want, security by design and privacy by design.
NPR News Now
NPR News: 02-05-2025 2PM EST
A CIA spokesperson said Director John Ratcliffe is, quote, moving swiftly to ensure the CIA workforce is responsive to the administration's national security priorities. The offers were sent to all employees of the agencies, though sources cautioned there will likely be exceptions for highly sensitive or senior roles. Jenna McLaughlin, NPR News.
NPR News Now
NPR News: 02-05-2025 2PM EST
Employees at the Central Intelligence Agency, the National Security Agency, and the Office of the Director of National Intelligence received deferred resignation offers in recent days. That's according to sources who spoke to NPR on condition of anonymity. The move is part of an effort to realign the intelligence community with President Trump's agenda.
NPR News Now
NPR News: 01-21-2025 6PM EST
On day one, Acting Homeland Security Chief Benjamin Huffman sent a memo to all members of the agency's advisory committees terminating their roles. NPR acquired a copy of the memo, which says the decision is part of an effort to eliminate, quote, misuse of resources.
NPR News Now
NPR News: 01-21-2025 6PM EST
The memo also says that while advisory members can reapply, future committee work will be focused on DHS's mission of protecting the homeland. Trump's pick to lead Homeland Security, South Dakota Governor Kristi Noem, has said that the agency has gotten distracted by work like election security. She has vowed to shrink DHS components, including the Cybersecurity and Infrastructure Security Agency.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
Sure, yeah, GSA doesn't often make the headlines, but it is really important. A source told me to think about it this way. It's basically the federal government's circulatory system. It pumps blood to the rest of the body. Without GSA, federal agencies would have a really hard time doing things like buying anything or accomplishing their mission.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
They buy real estate, they get supplies for the government, but also manage nearly all of the government's contracts, so it runs kind of like a business. If GSA is impacted, that's going to trickle down to the rest of the government and eventually to normal people who are seeking public services.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
Yeah, so sources at GSA spoke to my colleague Shannon Bond and I on condition of anonymity about all this. They're not allowed to speak to the press, and they were really scared of being further retaliated against by Trump officials. But listen, Layla, what they told us is that there's going to be big job cuts, canceled contracts, terminated leases.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
They're still figuring out the particulars of how to get to that 50% number. But there will be three requirements to keep your job. Is it required by law? Is it critical to the mission? And lastly, does it generate revenue? Remote work is all going to be over by March 3rd, but it is kind of unclear where employees around the country will actually go into the office.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
That's because GSA wants to consolidate all its regional and local office space into four or five major hubs across the country. You know, inevitably, there's going to be more and more legal challenges to what's going on.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
The deferred resignation offers we've been hearing about and these firings that have been happening without cause or notice, but everything's moving so fast, it's hard to keep up. By the way, at the end of the day, it's unclear how much all these major changes are going to cost.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
Yeah, that's really important. Our sources told us that GSA employees in some departments have been specifically told by their managers that going forward, everything they do on their work devices is going to be heavily surveilled. You know, of course, most government and corporate-owned devices are subject to some monitoring. That's part of the deal of being employed.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
But this is really above and beyond. One of the most disturbing things sources told us is that employees would have what's called a key logger put on their computers. Those programs track every single thing that you type. It's super invasive, yeah.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
But technical experts at GSA also told us it's a big cybersecurity risk, depending on whether things like passwords or other sensitive information is retained or stored elsewhere. Other surveillance might be monitoring of when employees log in, their badge swipes, their chats. Meanwhile, staff in D.C. can't just swipe into the office anymore. They have to go through a full security screening.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
One of our sources said that they were told this is the Trump plan for the rest of the federal government with some small exceptions. So the 50% cuts, the ramping up of pressure, this constant surveillance we've been talking about. You know, Leila, we might be having the same conversation again soon about a different agency.
Up First from NPR
Federal Worker Surveillance, Trump's Team In Europe, Elon Musk And Mars
No problem.
Up First from NPR
A Whistleblower Takes on DOGE
So first, Barula saw files leaving the case management system that we had been talking about. He described it as kind of the nucleus where all the sensitive stuff lives and stuff never leaves there. And then he saw a slightly larger chunk of files leaving the entire system. And it was impossible to know exactly what those files were. It's all extremely mysterious and sketchy.
Up First from NPR
A Whistleblower Takes on DOGE
Luckily, Brulis came with the receipts. He included in his official disclosure that same image I had been talking about where it shows the spike of data leaving the system. So he was able to definitively prove that data left that should not have. And what makes him think that Doge may have taken this data? He really double and triple checked his work. He stress tested these theories.
Up First from NPR
A Whistleblower Takes on DOGE
He confirmed no one at the NLRB had been saving backup files that week or migrating data for projects. And, you know, the timeline matched up. He essentially thought of it as, you know, even if Doge was not the one responsible for this, something unusual happened and it needs to be investigated. I spoke to Richard Griffin. He was the former NLRB general counsel from 2013 to 2017.
Up First from NPR
A Whistleblower Takes on DOGE
And he told me in an interview that none of that confidential and deliberative information should ever leave the agency.
Up First from NPR
A Whistleblower Takes on DOGE
The data leaving was almost all text files. It added up to around 10 gigabytes. Think of that like the equivalent of a full stack of encyclopedias worth of pages if someone printed them. But it's possible the files that were extracted were compressed into a smaller package or that only some of the files were extracted. They could have searched for something specific.
Up First from NPR
A Whistleblower Takes on DOGE
Well, according to his disclosure, next thing he does is gather the troops. He got his IT team together to discuss possible insider threats, namely the Doge engineers. So this group of people eventually launched a formal breach investigation.
Up First from NPR
A Whistleblower Takes on DOGE
They were actually preparing a request for assistance outside their agency from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. That's a mouthful. You can just call them CISA. They have more forensic tools to investigate potential breaches than the NLRB does. But ultimately, those efforts kind of just went quiet.
Up First from NPR
A Whistleblower Takes on DOGE
They were disrupted without an explanation from somewhere higher up, according to Brulis.
Up First from NPR
A Whistleblower Takes on DOGE
So, Aisha, I should also say that the NLRB told NPR that they did conduct an investigation into Brulis' claims. They said that they ruled out a breach. However, given the evidence in Brulis' disclosure that NPR reviewed, he argues that there's suspicious activity that should be investigated further. In the days after requesting the formal investigation, it got even scarier.
Up First from NPR
A Whistleblower Takes on DOGE
Brulis actually found a printed letter in an envelope taped to his door at home, a place he had only been living for two months, and that included a ton of sensitive personal information. It had photos of him walking his dog that appeared to be taken with a drone.
Up First from NPR
A Whistleblower Takes on DOGE
And, you know, when investigators and myself tried to follow this data trail and figure out where this could have come from, we could not find it even in the tools that journalists have access to to search through public records.
Up First from NPR
A Whistleblower Takes on DOGE
It's terrifying, honestly. He doesn't know. Law enforcement is investigating as we speak. Right now, there's not clear, obvious suspects yet. But he's really scared because all of this really sensitive data, it was only available in his government file. He only recently updated it. He just moved like two months ago.
Up First from NPR
A Whistleblower Takes on DOGE
So, Berulis can't confirm for sure, but he has reason to believe that there was potential malicious activity. According to his disclosure, there were multiple login attempts to the system from a Russian IP address that was using the new credentials that Doge appears to have created. So, Aisha, this happened within minutes of those new accounts being created.
Up First from NPR
A Whistleblower Takes on DOGE
Because of all this, experts told me that they could see the possibility that Doge has been compromised. I spoke to Russ Handorf. He's a former FBI cyber expert. He said malicious cyber actors, whether they're criminals or hackers working for Russia and China, might be really interested in getting inside the NLRB systems. And that's for a couple of reasons. First, we've heard U.S.
Up First from NPR
A Whistleblower Takes on DOGE
government officials sounding the alarm for years about stealing U.S. intellectual property to benefit their own industries and companies. It might also be valuable for blackmail purposes or to hold the data for ransom. But the thing about this is this cloud account could be connected to other government systems.
Up First from NPR
A Whistleblower Takes on DOGE
And Handorf said that it could be a way for a hacker to jump off from NLRB and go somewhere else.
Up First from NPR
A Whistleblower Takes on DOGE
Yeah, I was lucky enough to speak to Barulis at length. You even got notes.
Up First from NPR
A Whistleblower Takes on DOGE
And got to learn a lot more about him and what makes him tick. Let's just start off with you introducing yourself. Sure. Tell me a little bit about you. When he was 16, he got a computer for his birthday instead of a car, and he just took it apart to see how it worked and put it back together.
Up First from NPR
A Whistleblower Takes on DOGE
And Aisha, the White House gave us a comment after we published. They said, essentially, it's old news that Doge is in federal agencies like the NLRB sharing data. They did not deny it.
Up First from NPR
A Whistleblower Takes on DOGE
Meanwhile, we got a copy of an email informing NLRB employees that two Doge staffers will embed with the NLRB for the next two months. You know, given the fact that folks like Connelly want independent investigations, it'll be hard to guarantee that those new Doge staffers aren't going to mess with any forensic evidence while they're there.
Up First from NPR
A Whistleblower Takes on DOGE
We're also hearing some IT staff have been locked out of the systems that they work on. Basically, they can't see what's going on or do their job.
Up First from NPR
A Whistleblower Takes on DOGE
Berulis is still employed at the NLRB, and we haven't heard any indication that he's going to be put on administrative leave or fired. In their statement, NLRB told us that they're committed to protecting their employees' rights to make official disclosures to Congress and that they will cooperate with any investigation. But I think you're right. It's a really scary moment right now.
Up First from NPR
A Whistleblower Takes on DOGE
And for him to know that these Doge staffers might be in the office with him after he raised these concerns, it's really troubling. But Brulis felt like it was really important to do this. He said it was a moral imperative that he has never encountered something like this in his 20 years of I.T.
Up First from NPR
A Whistleblower Takes on DOGE
And he actually made a personal plea to the Doge engineers. It was a simple request.
Up First from NPR
A Whistleblower Takes on DOGE
He did the same thing with electronics from the thrift store, actually. He would buy radios and take them apart. He even said that he once got nearly electrocuted messing around with all the electronics.
Up First from NPR
A Whistleblower Takes on DOGE
Absolutely. And meanwhile, Aisha, we're already hearing from more federal workers after this story came out. They want to share more about what they're seeing at their agencies. So our team has a lot of work to do.
Up First from NPR
A Whistleblower Takes on DOGE
So the place to go is Signal. The encrypted messaging application Signal is a great tool. You know, it does a really good job of protecting the average user. It's not totally bulletproof if you're using a work device or if the phone itself is compromised. But for the average person, it does a really good job of keeping your data safe.
Up First from NPR
A Whistleblower Takes on DOGE
And, you know, just a note for full disclosure, NPR CEO Catherine Marr is chair of the board of Signal. To find us on Signal, click the little pen and pad in the top right corner of the app and search for our usernames. Mine's JennaMcLaughlin.54. And Stephen?
Up First from NPR
A Whistleblower Takes on DOGE
And he's worked in this field for many years. Prior to being in the government, he was a technical consultant. He was a specialist actually doing auditing of corporate systems. So exactly the kind of stuff that Doge does that they're trying to do, that was actually Brulis' job. He says he decided to join the NLRB because he was really interested in public service.
Up First from NPR
A Whistleblower Takes on DOGE
He had done volunteer firefighting in the past. He had worked for a rape crisis line. But he wanted to use his technical skills to do more.
Up First from NPR
A Whistleblower Takes on DOGE
So his job at the NLRB specifically is to secure the cloud-based systems. He reinforces who gets access to those systems, and he helps keep out attackers.
Up First from NPR
A Whistleblower Takes on DOGE
So normally anyone working on these systems, once they create an account, there's a ticket filed. You get to track a little bit about what that account is doing. But when the Doge staffers came in, Barula said that his colleagues were asked not to track anything, to just completely act like they were never there.
Up First from NPR
A Whistleblower Takes on DOGE
It's really unusual. Every expert I talked to for this story, over 10 people said... There's absolutely no reason that you wouldn't want your activity logged if you're doing something legitimate, because at the bare minimum, it allows you to troubleshoot, to fix errors that are completely benign.
Up First from NPR
A Whistleblower Takes on DOGE
If there is a potential breach or a concern about a cybersecurity issue, it gives you a lot of clues about what systems affected, what happened, which users were involved. So, yeah, it's extremely problematic, and it really set off some red flags for Berulis.
Up First from NPR
A Whistleblower Takes on DOGE
It's important to say when we asked NLRB for comment on this story, they said they had no official record of Doge visiting, that they'd never authorized Doge accessing their systems, that Doge had never requested access. Of course, that's counter to Brulis' official disclosure, plus records of internal communication seen by NPR and the forensic evidence that we've been looking at.
Up First from NPR
A Whistleblower Takes on DOGE
It's really possible that this first visit and this request not to log access was outside senior leadership's awareness, that they didn't know about it.
Up First from NPR
A Whistleblower Takes on DOGE
Yeah, Aisha. So for the first couple of days, Berulis was continuing to do his job as normal. He went home on the weekend and then he noticed that this political reporter, Roger Sullenberger, tweeted about one of the Doge engineers and his public GitHub page. So basically, that's a place where you can host coding projects, collaborate with other people on that project.
Up First from NPR
A Whistleblower Takes on DOGE
And he noticed that a project was deleted or made private before he was able to figure out what it was. But the name was really interesting. The name of that project was NXGen B-Door Extract. NXGen is the name of an internal system that was designed specifically for the NLRB in-house, built just for them. And because of that name, Berlis was freaked out.
Up First from NPR
A Whistleblower Takes on DOGE
Yeah, every single person I talked to about this immediately just gasped. They were shocked that someone would actually call something this. Because the name B-Door essentially implies that you're building a backdoor or a way to get into a system that's not authorized. A possible way to extract information.
Up First from NPR
A Whistleblower Takes on DOGE
So to be clear, we were not able to recover the code for that project. We can't know exactly what the program was doing without seeing the details of that code. But, you know, even without knowing when it was created or how frequently it was used, the real importance of this is that it made Brulis concerned. That's when his real fears started to escalate. And why did that scare him so much?
Up First from NPR
A Whistleblower Takes on DOGE
Mostly because he was really scared of the data inside the NLRB getting out, particularly the data that lives in an extremely sensitive internal system, the case management system. That's where all the case files live of ongoing NLRB investigations. So, Aisha, here's some of the kind of data that NLRB has. personal information about union members or employees that are voting to join the union.
Up First from NPR
A Whistleblower Takes on DOGE
It has witness testimony in ongoing cases. It lists union organizers and leadership. And, you know, even if there's a possibility that that information was out in the wrong hands, we spoke to a It could scare people from forming unions or coming to the NLRB with concerns or testifying if they feel like that information isn't going to be secure.
Up First from NPR
A Whistleblower Takes on DOGE
But, you know, even if you're not the biggest fan of unions, this agency also has sensitive business information. Companies sometimes cooperate with investigations, whether it's an investigation into potential trade secrets or something along those lines. So it's possible that companies will have shared a lot of information about their internal workings that they also would not want exposed.
Up First from NPR
A Whistleblower Takes on DOGE
I think, firstly, if someone had this data, they could use it to create blacklists of union organizers, fire a bunch of people, target harassment and intimidation tactics at individuals involved in union activism. It could even give a company an advantage in an ongoing legal battle with the NLRB.
Up First from NPR
A Whistleblower Takes on DOGE
If you've got insight into the opposing counsel's notes, you can probably come up with a pretty good response. Meanwhile, a foreign adversary or criminal hacker might be really interested in that data, too. They might hold it for ransom. They might learn more about their competitors' businesses or innovations.
Up First from NPR
A Whistleblower Takes on DOGE
And it's also possible that this data could be combined with some of the other sensitive sources of data that Stephen's been talking about to build a larger dossier on American citizens.
Up First from NPR
A Whistleblower Takes on DOGE
Yeah, there were some really weird stuff going on that any IT specialist that you talk to is going to kind of scratch their head about. He saw them using what's called a container. It's kind of like a little bubble that exists inside of a computer where everything that you're doing inside of it is invisible to the rest of the system. So you can execute code.
Up First from NPR
A Whistleblower Takes on DOGE
You can have it run a bunch of automated programs. And then when it's deleted, when you're done with it, nobody really knows it was ever there or what it was up to. In his disclosure to Congress, Berulis also said that they turned off multi-factor authentication, deleted logs, turned off security requirements for mobile access.
Up First from NPR
A Whistleblower Takes on DOGE
You know, these are all security controls that would be really strange and unusual for a regular user to disable. And, you know, for Berulis, all of this points to a real attempt to obfuscate activities, to cover tracks.
Up First from NPR
A Whistleblower Takes on DOGE
And then the thing that was really important to Barulis is he saw this giant spike of data leaving the agency. That was one of the biggest red flags that he saw. He captured images of data transiting out of the agency over time, over several weeks. And there's one gigantic spike that you can see right in the time where Doge had access.