Should local government tech teams prepare for an unwelcome DOGE visit?

A couple weeks back it dawned on me the DOGE raids on federal offices could easily be replicated at State and local levels. You wouldn’t even need “Big Balls” to do it personally—Trump could send in the FBI or anyone else with a loose grasp of Constitutional law and start demanding access, control, or wholesale changes in local government offices.

Of course, this would be illegal on several fronts, but that doesn’t seem to matter anymore.

So I brought it up at work, recommending we do a little prophylactic “refresher” on policies and procedures around protecting the data we manage and keeping interlopers out of our systems, whether they’re Chinese state hackers or anyone else that has no right to access.

I actually felt a little silly bringing it up—I didn’t really think it would happen, but I figured if we’re witnessing things in Washington, DC we never thought we’d see, we might as well be prepared.

Then I saw this article hit over the weekend:

In this case, these were just rubes from a local Y’all Qaeda cell going after the most liberal city in America, and they didn’t get anywhere. But this is likely a harbinger of things to come.

It also reminded me of an incident in my own building a couple years back, where a “First Amendment Auditor” (don’t get me started) busted into the building and caused some mayhem for a couple hours.

In light of the San Francisco event and the general anti-public-service trend that’s in vogue for the tech bros in charge, I felt moved to pen a brief list of recommendations and share it on LinkedIn. Reposting here for future reference.

5 tips for local governments in the DOGE era

If you’re in local government in a “blue” city or county, your office may be targeted for DOGE-style harassment. Here are 5 ways to prepare:

1. Remind all staff of your procedures around public information requests. Yes, the public is entitled to information, but not instantly, not unfettered, and not without legal review. You carry the public’s data–some of it very private indeed–so you must protect it within reason.
2. Remind IT security and IT infrastructure teams about access control rules designed to prevent unauthorized access, whether those are physical, human, or electronic barriers. They already know this, but a reminder and a heads-up about this specific risk can help them stay alert.
3. Talk with your on-site physical security provider, whether they’re from a private firm or your own law enforcement team. Make them aware of this novel risk. You may have to call them for help on short notice and they should be prepared to keep the peace.
4. Let your lawyers know about this new risk, especially whoever handles freedom-of-information requests. Legitimate requests for info must be served, but harassment should never be supported, and you want the lawyers assessing which is which, not line staff.
5. If you have communications staff, make them aware of this risk, too. They may have to issue press releases, social posts, or deal with other new online hassles from bad-faith actors.

After posting this list, I thought of one more: Keep your cool and don’t give in.

The DOGE attack is intended to terrorize. A fearful or angry reaction is as much of a “win” for them as gaining actual access. It’s better to pity these people and send them away empty-handed, technically and emotionally.

Did I miss any other tips? Share them in the comments.