Bruce Schneier

Opening Statement to the House Committee on Oversight and Government Reform Hearing on The Federal Government in the Age of Artificial Intelligence

delivered 5 June 2025, Washington, D.C.

Audio mp3 of Address       Audio AR-XE mp3 of Address

Written Testimony.pdf

[AUTHENTICITY CERTIFIED: Text version below transcribed directly from audio]

Thank you and thanks for inviting me.

So, I'm a technologist. I've been working in cryptography and cyber security since the early 1990s. I write; I teach; I consult; I start companies. I've thought a lot about the role of AI in democratic government; actually wrote a book on this topic that'll be published in October.

Previous four speakers have talked about the promises of this technology. I want to talk about the national security implications of the way our country is consolidating data and feeding it to AI models. Chairman Comer said in his statement about this hearing that he wanted to "unleash AI responsibly" while "protecting interests and rights of all Americans." DOGE's [Department of Government Efficiency] actions do exactly the opposite. Over the last few months, DOGE's affiliates have spread across government. They are still exfiltrating massive U.S. databases, processing them with AI, and offering them to private companies such as Palantir. These actions are causing irreparable harm to the security of our country and to the safety of everyone, including everyone in this room, right, regardless of political affiliation.

This unprecedented security risk is a result of two things: [1] DOGE's sloppy cyber security regarding our data and regarding the networks they've accessed; and also [2] the over-trusting of AI current technology to take over human tasks.

You all need to assume that our adversaries have copies of all the data DOGE has exfiltrated and have established access into all the networks that DOGE has removed security controls from.

And your data can be used against you, right. Consider the coercive power of your financial records or your medical records or the government clearance form you filled out. Whoever you think of as your enemy, or an enemy of the United States, they can use this data to coerce you or a family member or a member of your staff. And this is true for any elected official or CEO or police officer or judge or nuclear power plant operator; like, really it's true for everyone. The more powerful you are, or the more critical your role, the more likely it is that someone will seek to use your data against you.

There's also a military concept called "preparing the battlefield," which are the things that you do to the enemy in peace time to make wartime easier. So, China hacking backdoors into our power grid is an example of that; and preparing to use our data against us is another. So, you should assume that any significant military action against the United States will start with every general's bank account being zeroed out -- and maybe your bank accounts being zeroed out, because there's nothing more distracting than your distraught families.

Data is power. Any entity, government or corporate, that holds individual data has the ability to understand, predict, even manipulate behavior, right.

This is Facebook's business model.

Our government collects incredibly intimate data about Americans, but its power is limited by how that data is organized. There was security in our data being spread amongst different government agencies, with different rules governing use and sharing. Using AI to reason across disconnected data stores represents a massive increase in government power and therefore a security threat.

DOGE's sloppy security practices also means we can't trust the data they're using. Did they make copying mistakes? Did some adversaries slip in bad data? Remember that nonsense about 150-year-olds collecting social security? That was someone misunderstanding how the data was encoded.

Our adversaries are certainly capable of penetrating the security of any of the companies that DOGE gave our data to; and just as capable as poisoning our AI systems. Data integrity is vital, and good AI fed with bad data makes bad decisions and is untrustworthy.

Irreparable damage has already been done but the damage is ongoing. 2015, China hacked OPM [(United States) Office of Personnel Management], stole data about all federal workers. That was a major security breach. Continuous real time access to data is much more dangerous. And the longer these vulnerabilities persist, the more adversaries will be able to manipulate data and install backdoors; the more they'll be able to manipulate the AIs we're creating, and the more they'll be able to secretly influence our policy outcomes.

Sacrificing cyber security in an effort to create an AI future not only risks the country, it risks the AIs; which in turn risks our justice system, our legislative system, our banking system, national defense, and all of us -- all of you -- personally.

So, thank you, and I welcome questions and conversation.

Original Audio and Image (Screenshot) Source: YouTube

Audio Note: AR-XE = American Rhetoric Extreme Enhancement

Image Note: Digitally enhanced screenshot

Page Updated: 6/9/25

U.S. Copyright Status: This text, audio, image = Property of AmericanRhetoric.com.