21 hours Ago By Paresh Dave, Dell Cameron, Alexa O'Brien
This month, Andrew Bernier, a US Army Corps of Engineers researcher and a union leader, says that he has received a barrage of menacing messages from the same anonymous email account. Unfolding like short chapters in a dystopian novel, they have spoken of the genius of Elon Musk, referenced the power of the billionaire’s so-called Department of Government Efficiency (DOGE), and foretold the downfall of “corrupt” union bosses. But the most eerie thing about the emails, which Bernier says began arriving after he filed an official charge accusing the Trump administration of violating his union’s collective bargaining agreement, is that they included personal details about his life—some of which he believes might have come from surveillance of his work laptop.
The author referenced Bernier’s union activities, nickname, job, travel details, and even the green notebook he regularly uses. The most recent email implied that his computer was loaded with spyware. “Andy's crusade, like so many before it, had been doomed from the start,” one email stated.
“The real tragedy wasn't his failure—it was his belief that the fight had ever been real.” The unsettling messages, which were reviewed by WIRED, are an extreme example of the kinds of encounters that workers across the US government say they have had with technology since President Donald Trump took office. WIRED spoke to current employees at 13 federal agencies for this story who expressed fears about potentially being monitored by software programs, some of which they described as unfamiliar.
Others said that routine software updates and notifications, perhaps once readily glossed over, have taken on ominous new meanings. Several reported feeling anxious and hyperaware of the devices and technology around them. At the General Services Administration (GSA), one worker cited a Chrome browser extension called Dynatrace, an existing program for monitoring app performance.
Inside the Social Security Administration (SSA), another employee pointed to Splunk, a longstanding tool that’s used to alert IT staff to security anomalies like when an unauthorized USB drive is plugged into a laptop. At the US Agency for International Development (USAID), one worker was caught off guard by Google’s Gemini AI chatbot , installations of which kicked off days before Trump took office. “Everyone has been talking about whether our laptops are now able to listen to our conversations and track what we do,” says a current GSA employee, who like other workers in this story, was granted anonymity because they didn’t have authorization to speak and feared retaliation.
Dynatrace and Splunk did not respond to requests for comment from WIRED. The workers’ accounts come as Musk’s DOGE organization is rapidly burrowing into various government agencies and departments, often gaining access to personnel records , logs of financial transactions , and other sensitive information in the process. The efforts are part of the Trump administration’s broader plan to terminate thousands of government employees and remake the face of federal agencies.
Like many private companies, US federal agencies disclose to staff that they have tools to monitor what workers do on their computers and networks. The US government’s capabilities in this area have also expanded over the past decade. It couldn’t be learned whether the Trump administration has begun using existing tools to monitor employees in new ways; multiple agencies, including the Social Security Administration and the General Services Administration, denied that they have.
The White House did not respond to requests for comment. Public evidence has not emerged of new government purchases of user-monitoring software, which is generally needed for detailed surveillance such as tracking which files a worker has copied onto a thumb drive. Some of the updates and changes that have been noticed by federal workers date back to software purchases and plans enacted long before Trump was in power, WIRED reporting shows.
“I will say my concerns are primarily based in general fear as opposed to specific knowledge,” says a worker at the Department of Homeland Security, who adds: “I’d love to be told I’m wrong.” But activity that some workers perceive as signs of increased surveillance has prompted them to take precautions. Bernier, who works as a civil engineer for the Army Corps based in Hanover, New Hampshire, says the messages he received spooked him enough that he asked local police to keep an eye on his home, removed the battery from his work-issued laptop, and kept his work phone on airplane mode while traveling to a non-work conference last week.
“There are things I don’t control but actions I can take to protect myself and my family,” he says. Bernier’s anonymous emailer and the Army Corps did not respond to requests for comment. A person inside the Environmental Protection Agency told WIRED last week that they’ve witnessed coworkers back out of Microsoft Teams meetings, which can be easily recorded and automatically transcribed, when they are related to topics they believe could get them fired.
“Definite chilling effect,” the person says. The EPA did not respond to a request for comment. An employee at the National Oceanic and Atmospheric Administration (NOAA), whose work with international partners is being audited by DOGE operatives , says they and their colleagues began avoiding messaging one another and have “really cut down on putting things in writing” in recent weeks.
They report that correspondence from their supervisors has also significantly dropped off. NOAA declined to comment. At the Federal Bureau of Investigation, anxiety around officials possibly targeting officers and activities perceived as being disloyal to the president has cratered morale, a federal law enforcement source with knowledge of the agents' concerns tells WIRED.
The FBI declined to comment. Aryani Ong, a civil rights activist and cofounder of Asian American Federal Employees for Nondiscrimination, a group that advocates for government workers, says those she’s been in contact with are in a heightened state of alert. In response, some federal employees have turned to encrypted communications apps to connect with colleagues and taken steps to anonymize their social media accounts, Ong says.
(Federal workers are granted an allowance to use non-official communication tools only “in exceptional circumstances.”) Insider Threat Long before Trump’s inauguration, user activity monitoring was already mandated for federal agencies and networks that handle classified information—the result of an executive order signed by then-president Barack Obama in the wake of a massive breach of classified diplomatic cables and information about the wars in Iraq and Afghanistan in 2010. The capability is part of government-wide insider threat (InTh) programs that greatly expanded after Edward Snowden’s leak of classified surveillance documents in 2013, and again after an Army specialist murdered four colleagues and injured 16 others at Fort Hood in 2014.
The US government’s current approach to digitally monitoring federal workers has largely been guided by a directive issued by the Committee on National Security Systems in 2014, which orders relevant agencies to tie user activity to “specific users.” The public portions of the document call for “every executive branch department and agency” handling classified information to have capabilities to take screenshots, capture keystrokes, and intercept chats and email on employee devices. They are also instructed to deploy “file shadowing,” meaning secretly producing facsimiles of every file a user edits or opens.
The insider threat programs at departments such as Health and Human Services , Transportation , and Veterans Affairs , also have policies that protect unclassified government information, which enable them to monitor employees’ clicks and communications, according to notices in the Federal Register, an official source of rulemaking documents. Policies for the Department of the Interior , the Internal Revenue Service , and the Federal Deposit Insurance Corporate (FDIC), also allow collecting and assessing employees’ social media content. These internal agency programs, overseen by a national task force led by the attorney general and director of national intelligence, aim to identify behaviors that may indicate the heightened risk of not only leaks and workplace violence, but also the “loss” or "degradation" of a federal agency’s “ resources or capabilities .
” Over 60 percent of insider threat incidents in the federal sector involve fraud, such as stealing money or taking someone's personal information, and are non-espionage related, according to analysis by Carnegie Mellon researchers. “ Fraud ,” “disgruntlement,” “ ideological challenges ,” “ moral outrage ,” or discussion of moral concerns deemed “unrelated to work duties” are some of the possible signs that a worker poses a threat, according to US government training literature. Of the 15 Cabinet-level departments such as energy, labor, and veterans affairs, at least nine had contracts as of late last year with suppliers such as Everfox and Dtex Systems that allowed for digitally monitoring of a portion of employees, according to public spending data .
Everfox declined to comment. Dtex’s Intercept software, which is used by multiple federal agencies, is one example of a newer class of programs that generate individual risk scores by analyzing anonymized metadata, such as which URLs workers are visiting and which files they’re opening and printing out on their work devices, according to the company. When an agency wants to identify and further investigate someone with a high score, two people have to sign off in some versions of its tool, according to the company.
Dtex’s software doesn’t have to log keystrokes or scan the content of emails, calls, chats, or social media posts. But that isn't how things work broadly across the government, where employees are warned explicitly in a recurring message when they boot up their devices that they have "no reasonable expectation of privacy" in their communications or in any data stored or transmitted through government networks. The question remains if and to what extent DOGE’s operatives are relying on existing monitoring programs to carry out Trump’s mission to rapidly eliminate federal workers that his administration views as unaligned with the president’s agenda or disloyal.
Rajan Koo, the chief technology officer of Dtex tells WIRED that he hopes the Trump administration will adjust the government’s approach to monitoring. Events such as widespread layoffs coupled with a reliance on what Koo described as intrusive surveillance tools can stir up an environment in which workers feel disgruntled, he says. “You can create a culture of reciprocal loyalty,” says Koo, or “the perfect breeding ground for insider threats.
” Already Overwhelmed Sources with knowledge of the US government’s insider threat programs describe them as largely inefficient and labor intensive, requiring overstretched teams of analysts to manually pore through daily barrages of alerts that include many false positives. Multiple sources said that the systems are currently “overwhelmed.” Any effort by the Trump administration to extend the reach of such tools or widen their parameters—to more closely surveil for perceived signs of insubordination or disloyalty to partisan fealties, for instance—likely would result in a significant spike in false positives that would take considerable time to comb through, according to the people familiar with the work.
In an email last month seeking federal employees’ voluntary resignations , the Trump administration wrote that it wanted a “reliable, loyal, trustworthy” workforce. Attempts to use insider threat programs to enforce that vision could be met by a number of legal challenges. US intelligence community analysts are required by law and directive to provide unbiased and objective work.
That means avoiding cherry-picking information to deliberately alter judgements or falling prey to outside pressure, including from personal or political biases. These standards, even when not officially codified, are core to the professional ethics of any intelligence practitioner or law enforcement analyst conducting assessments of insider threats. A 2018 national insider threat task force framework notes that federal programs should comply with “all applicable legal, privacy and civil liberties rights, and whistleblower protections.
” Bradley Moss, an attorney representing US intelligence and law enforcement personnel, says that "disloyalty" to the Trump administration is “too vague” an excuse to terminate employees with civil service protections, adding that if "they're going to go through the statutory process, they need to demonstrate actual cause for termination." A federal law enforcement source warns that monitoring could theoretically be used to gather political intelligence on federal employees, while the administration looks for more palatable reasons to terminate them later; similar to how law enforcement may obtain evidence that's inadmissible in the course of a criminal investigation, but then search for another evidentiary basis to file charges. Joe Spielberger, senior legal counsel at the Project On Government Oversight, a nonpartisan group fighting alleged corruption, says that if Musk were serious about cutting government waste, he would be strengthening protections for people who report corruption and mismanagement .
Any warrantless or mass surveillance of federal workers without transparent guidelines, he says, would represent a major concern. “When you create this culture of fear and intimidation and have that chilling effect of making people even more fearful about calling out wrongdoing, it ensures that corruption goes unnoticed and unaddressed,” Spielberger says. Additional reporting by Makena Kelly, Kate Knibbs, and Zoë Schiffer.
.
