The insider threat programs at departments such as Health and Human Services, Transportation, and Veterans Affairs, also have policies that protect unclassified government information, which enable them to monitor employees’ clicks and communications, according to notices in the Federal Register, an official source of rulemaking documents. Policies for the Department of the Interior, the Internal Revenue Service, and the Federal Deposit Insurance Corporate, also allow collecting and assessing employees’ social media content.
These internal agency programs, overseen by a national task force led by the attorney general and director of national intelligence, aim to identify behaviors that may indicate the heightened risk of not only leaks and workplace violence, but also the “loss” or “degradation” of a federal agency’s “resources or capabilities.” Over 60 percent of insider-threat incidents in the federal sector involve fraud, such as stealing money or taking someone’s personal information, and are non-espionage related, according to analysis by Carnegie Mellon researchers.
“Fraud,” “disgruntlement,” “ideological challenges,” “moral outrage,” or discussion of moral concerns deemed “unrelated to work duties” are some of the possible signs that a worker poses a threat, according to US government training literature.
Of the 15 Cabinet-level departments such as energy, labor, and veterans affairs, at least nine had contracts as of late last year with suppliers such as Everfox and Dtex Systems that allowed for digitally monitoring of a portion of employees, according to public spending data. Everfox declined to comment.
Dtex’s Intercept software, which is used by multiple federal agencies, is one example of a newer class of programs that generate individual risk scores by analyzing anonymized metadata, such as which URLs workers are visiting and which files they’re opening and printing out on their work devices, according to the company. When an agency wants to identify and further investigate someone with a high score, two people have to sign off in some versions of its tool, according to the company. Dtex’s software doesn’t have to log keystrokes or scan the content of emails, calls, chats, or social media posts.
But that isn’t how things work broadly across the government, where employees are warned explicitly in a recurring message when they boot up their devices that they have “no reasonable expectation of privacy” in their communications or in any data stored or transmitted through government networks. The question remains if and to what extent DOGE’s operatives are relying on existing monitoring programs to carry out Trump’s mission to rapidly eliminate federal workers that his administration views as unaligned with the president’s agenda or disloyal.
Rajan Koo, the chief technology officer of Dtex tells WIRED that he hopes the Trump administration will adjust the government’s approach to monitoring. Events such as widespread layoffs coupled with a reliance on what Koo described as intrusive surveillance tools can stir up an environment in which workers feel disgruntled, he says. “You can create a culture of reciprocal loyalty,” says Koo, or “the perfect breeding ground for insider threats.”
Already Overwhelmed
Sources with knowledge of the US government’s insider-threat programs describe them as largely inefficient and labor intensive, requiring overstretched teams of analysts to manually pore through daily barrages of alerts that include many false positives. Multiple sources said that the systems are currently “overwhelmed.” Any effort by the Trump administration to extend the reach of such tools or widen their parameters—to more closely surveil for perceived signs of insubordination or disloyalty to partisan fealties, for instance—likely would result in a significant spike in false positives that would take considerable time to comb through, according to the people familiar with the work.
In an email last month seeking federal employees’ voluntary resignations, the Trump administration wrote that it wanted a “reliable, loyal, trustworthy” workforce. Attempts to use insider-threat programs to enforce that vision could be met by a number of legal challenges.
