House Oversight and Reform Committee Ranking Member Gerry Connolly, D-Va., is demanding answers from Federal agencies regarding their use of AI technologies – particularly in connection with Department of Government Efficiency (DOGE) activities – and whether they are complying with Federal security laws.
In March 12 letters to the 24 Federal CFO Act agencies, Rep. Connolly cites recent reports that the DOGE personnel have fed sensitive data from the Education Department into AI software.
The use of AI within Federal agencies is not new. However, feeding sensitive data into AI software – especially commercial AI software – increases the chances that it will be leaked or fall victim to a cyberattack.
“The American people entrust the Federal government with sensitive personal information related to their health, finances, and other biographical information on the basis that this information will not be disclosed or improperly used without their consent, including through the use of an unapproved and unaccountable third-party AI software,” wrote Ranking Member Connolly.
The letters cite multiple legal requirements that Federal agencies are bound by in their use of AI software, including the Federal Risk Authorization Management Program (FedRAMP). FedRAMP aims to ensure that the Federal government uses secure cloud services.
Rep. Connolly cited reporting that reveals government IP addresses were linked to Inventry.ai – an AI product designed for supply chain management. However, this vendor reportedly used by the DOGE team has not been approved for Federal cloud use through the FedRAMP process.
“If DOGE failed to ensure its AI vendors have adequate FedRAMP approval, it risks violating the Privacy Act of 1974, the Federal Information Security Management Act, and the E-Government Act of 2002,” Rep. Connolly said in a March 12 press release.
Additionally, the congressman said any use of AI by Federal agencies or DOGE must adhere to the Advancing American AI Act, which requires agencies to keep a public inventory of “current and planned uses” of AI.
“Without clear purpose behind the use of AI, guardrails to ensure appropriate handling of data, and adequate oversight and transparency, the application of AI is dangerous and potentially violates Federal law,” Rep. Connolly wrote.
The ranking member is looking to better understand how DOGE is using the data of millions of Americans, and said he wants answers to a list of questions by March 26.
Specifically, he wants agencies to provide details such as a list of the data sources collected and used by Elon Musk or the DOGE team in connection with AI, legal authorities used to access the data, and privacy protections employed to analyze the data with the use of AI.
Rep. Connolly also wants a comprehensive list of all AI software employed since President Donald Trump took office on Jan. 20, as well as a list of individuals involved in feeding sensitive data into AI technology since Jan. 20.
Rep. Connolly said the agencies’ responses “will inform necessary legislative reforms on the topics covered in this letter.”
In a statement to MeriTalk last month regarding DOGE’s reported use of AI within Federal agencies, Ranking Member Connolly said, “For someone who likes to present himself as a tech genius, Elon Musk is making Americans less safe, and these unthinkable mistakes have the potential to create the biggest cybersecurity disaster in human history.”
