
Resolves YES if sensitive government data is breached via DOGE. Resolves NO otherwise. This can resolve to a percentage if there is a data breach but it's not clear whether it was caused by DOGE.
I will use my judgment to resolve this market and offer the following guidance as to what I am looking for in terms of a data breach.
DOGE includes DOGE initiatives, systems, processes, and employees, including cases where DOGE is working with other government departments.
This does not include authorized release of sensitive data. It does include data being stolen by adversaries, accidentally published on the internet, or being anonymously leaked to newspapers.
Update 2025-02-16: This does not include re-release of data that was publicly available prior to 2025-01-20.
This does not include temporary loss of access to data. It does include permanent loss of data due to ransomware, destructive attacks by adversaries, or accidental deletion of data.
Update 2025-02-16: data loss lasting for several days can also count as a data breach.
This does not include technical breaches of laws or regulations that increased the risk of a breach, if no breach occurs as a result, nobody is prosecuted, and nobody is pardoned. For example, Hillary Clinton's private email server was not a data breach for the purpose of this market.
Update 2025-02-16: This does not include temporary website defacement. It does include attackers gaining write access to sensitive data. It does include other data breaches that occurred during a website defacement attack.
Update 2025-04-01 (PST) (AI summary of creator comment): Intentional but Unauthorized Release:
Even if a data release is intentional, it must be unauthorized to count as a breach. Examples like the Snowden case illustrate that intentional actions can still be breaches if not properly authorized.
Government Affiliation Clarification:
Although DOGE is part of the government, its actions are not automatically considered authorized. Each incident must be evaluated to determine if the release was unauthorized.
Update 2025-04-02 (PST) (AI summary of creator comment): Doge Involvement Clarification:
Only breaches directly caused by DOGE count.
If another agency releases or publishes sensitive data accidentally or otherwise with no DOGE involvement, it does not qualify as a data breach for this market.
@Shai there can be intentional but unauthorized release of data, eg Snowden.
Doge is part of the government but their actions are not automatically legal or authorized as a result.
@MartinRandall Sure, a rogue employee (or a group) acting against orders/policy is obviously a breach. That's not my objection. He's a comment you made below:
there is some dispute about whether this exact data had already been published by another government agency and so is effectively public domain. If so, this would mean it is not a data breach.
here the logic seems to be:
DOGE publishes data -> breach.
Different government agency publishes the same data -> not a breach.
Is there an underlying principle at play here that I'm missing?
Anyway, it's almost inevitable that if/when DOGE releases some data the press or another agency will claim they didn't have authority to do so. To me that doesn't sound like a data breach, but ultimately it's your call if that's a YES resolution.
@Shai not what I was saying. If a different agency accidentally publishes sensitive data with no Doge involvement then it's not a Doge data breach. This market isn't about all US govt data breaches, it's specifically about Doge.
In addition to the posting of classified data, it also appears that the site was hacked.
Two messages appeared on the site on Friday afternoon, with one saying: “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN - roro.”
The other said: “This is a joke of a .gov site.” Both messages were since removed.
I hadn't considered the possibility of a data breach where attackers gain write access to a government system, but that is within the normal scope of the term "data breach". At this time I expect to resolve this YES. I will close the market to allow time for additional reporting or retractions, as well as to allow discussion.
@rouleurderby there is some dispute about whether this exact data had already been published by another government agency and so is effectively public domain. If so, this would mean it is not a data breach.
@Shihan do you have an example in mind where a government group was incorrectly or controversially blamed for a breach?
@Fay42 I would not include the taking and storing aspects of the Mar-a-Lago charges. If information leaked because of being improperly stored, that would count. I don't think that was proven.
@Fay42 I think in the Mar-a-Lago case there were claims that unauthorized people saw some of the taken papers.