The General Services Administration (GSA) performs many backbone functions of government, including numerous online services overseen by its Technology Transformation Services division.
AFP via Getty ImagesThe former Tesla engineer now at the head of a critical tech-focused division of the federal government, known as the Technology Transformation Services, requested last week that he be given admin access to nearly all of the projects that the division operates, according to three current staffers, who were alarmed as such access is highly unusual and would violate internal security measures.
On Monday, emails began going out to each “system owner” of 19 internal TTS projects, asking for their explicit approval in granting “privileged access,” or the highest level of administrative capabilities, to new TTS director Thomas Shedd, an ally of Elon Musk and his Department of Government Efficiency. (TTS is a division of the General Services Administration.) These projects include Data.gov, a central repository of government datasets; USA.gov, the government’s primary job board; and Notify.gov, a text messaging service built for government agencies, among others.
“It's like saying the CEO should have all the janitor's keys and all the locker room combinations,” a TTS staffer told Forbes.
Shedd also specifically sought read-only access to Login.gov and Cloud.gov, two of TTS’ most important projects. Login.gov is used across numerous federal databases to allow Americans a secure way to interact online with everything from the Social Security Administration to veterans’ benefits. Cloud.gov provides an easy-to-use, secure, cloud-based platform for any government agency.
“While [Shedd] has currently requested read-only access to login.gov and cloud.gov we have evidence that that will not hold based on what happened at Treasury – where they were granted read-only and then that expanded,” another current staffer told Forbes, referencing how a DOGE minion at Treasury’s read-only access was later elevated. “This is the foot in the door.”
Got a tip? Please contact Cyrus Farivar by email or Signal at cfarivar@forbes.com or 341-758-0888.
Shedd’s role at TTS shows one way Musk is placing his allies in agencies across the government as part of his sweeping effort to remake the federal workforce, cut trillions from the government’s budget and revamp its tech underpinnings. Last week, according to the Washington Post, Shedd told TTS staff that the team was one of the “two pillars” of technical talent in the federal government. Shedd has also told TTS staffers to expect “AI coding agents,” among other changes coming to the once-obscure agency, according to Wired and 404 Media.
Shedd has separately requested similar access to the division's “client projects,” where TTS staff are deployed to other government agencies. But because those projects are not under GSA, Shedd cannot pressure those outside agencies in the same way. TTS’ client projects include numerous online services including DirectFile, the free online tax system, and Weather.gov, the public portal for meteorological data from the National Oceanic and Atmospheric Administration, used by agencies like FEMA during disasters.
“If you cripple those feeds or introduce any level of unpredictable behavior, you put millions of people at risk,” another TTS staffer wrote to Forbes, referencing Weather.gov. “Honestly, part of what makes this so terrifying is that we can’t figure out what the end game is.”
To date, Shedd has not fully completed conventional federal background checks, internal onboarding, and extensive security training that is required to obtain the access he seeks.
Were Shedd to be granted all of these administrative privileges, he would have unfettered access to nearly all of TTS projects, including their data, code, and environments. Granting this level of access, whether in government or in a corporate setting, is highly unusual, the sources said.
According to rank-and-file staff that spoke to Forbes, TTS leadership during the Biden and first Trump administrations did not have such access, nor would they have asked for it. That’s because fundamentally, it is bad security practice; as more people are granted access to more systems, the chances that those systems can be compromised increases.
“This is an open invitation to disrupt major load-bearing portions of the federal IT infrastructure,” Nicholas Weaver, a computer science lecturer at the University of California, Davis, wrote Forbes, when informed of Shedd’s request. “There is no conceivable reason the top level manager should be given write access to all these key components unless he specifically wants to bypass the normal procedures put in place to prevent damage to these critical services.”
Recently, a TTS employee reminded their colleagues to follow all existing rules governing onboarding, writing in an internal Slack message that was viewed by Forbes last week: “Teams should insist that this process is followed, and not circumvented.”
“That may delay access but it ensures that people really do have the authority to do what they're asking,” the staffer continued in the same Slack message. "This is not malicious compliance... This is exercising the protections against exactly this kind of activity that FISMA [a federal information security law] requires.”
In a statement, GSA Acting Press Secretary Will Powell said in an email that Shedd has the authority to make these requests under existing agency policy.
“TTS is a part of the renewed focus on GSA’s original mission: to be the backbone of the federal government’s administrative operations — streamlining processes, optimizing resources, and ensuring cost-effectiveness,” Powell wrote.
