Day Thirteen of the Trump-Musk Treasury Payments Crisis of 2025: Bombshell Court Filings Confirm Wired & Notes on the Crises Reporting & Raise Alarms About BFS-Based Impoundment
Notes on the Crises pivoted on February 1st into around the clock coverage of the Trump-Musk Treasury Payments Crisis of 2025
Read Part 0, Part 1, Part 2, Part 3, Part 4, Part 5, Part 6 & Part 7
If you are a current or former career Bureau of the Fiscal Service Employee, especially if you’re a legacy IT programmer with years of experience and especially if you are a COBOL programmer currently working on the PAM, SPS or any other adjacent team, contact me over email or over signal (a secure and encrypted text messaging app) — linked here. My Signal username is “NathanTankus.01”. I would also like Legal counsel sources from the Treasury and Federal Reserve as well as payments level sources at the Federal Reserve. I am also looking for sources at FINCEN. Finally If you work at any Administrative Agency and have knowledge of the Bureau of the Fiscal Service directly stopping payments your agency has authorized, please get in touch.
This is a free piece of Notes on the Crises. I will not be paywalling any coverage of this crisis for as long as it persists, so please take out a paid subscription to facilitate performing that public service. You can also leave a “tip” if you want to support my work but hate emails cluttering your inbox or recurring payments. If you’re rich, take out the Trump-Musk Treasury Payments Crisis of 2025 Platinum Tier subscription. The additional thing you get is me trying to stop the Treasury’s internal payment system from melting down or Musk taking your confidential information, along with everyone else's. So far, nowhere near enough rich people are paying their fair share.
Note to Readers: I am on bluesky, an alternative to twitter. It's been hard to let go of twitter since that is where I built my following, but clearly it's becoming less usable and there are obvious concerns about getting traction about a Musk story on the Everything Musk app. I have also started an instagram for Notes on the Crises which is currently being populated with my articles. Audio versions of my articles (read by me personally) will come soon
Finally, I'm known as a crypto skeptic, and I am, but that doesn't mean I won't accept people giving away bitcoin to me. Here's my address: bc1qegxarzsfga9ycesfa7wm77sqmuqqv7083c6ss6
Mini-Media Round Up
I’ve gotten and done so much media since this crisis started that it's hard to keep up with it all. As a result, I think I’m going to devote an entire piece to just going through the various media outlets which have cited or interviewed me and that I have yet to link to. For today, I’m just going to cite three especially notable citations to my work. The first is not media “strictly speaking”. However, I will mention it yesterday. Apparently last Friday the “Ranking Member” of the house democrats Committee On Education and Workforce Robert Scott cited my article breaking the news that Marko Elez had “read and write” access in a letter to the Government Accountability Office asking them to investigate this issue. It's always both appreciated and important to get congressional traction with your reporting
.
The second is Robert Reich who, among other things, was President Clinton’s secretary of Labor from 1993 to 1997. Reich says in a piece Friday:
Musk’s rats continue to burrow into sensitive government payment systems.
According to the best source I’ve found on this (Nathan Tankus’s Crises Notes), Musk and his rats have now gained unrestricted access to your Social Security number, your confidential bank information, your confidential medical information, and much more. [emphasis added]
So thank you Robert.
The Third notable citation is an especially generous new citation from economist Paul Krugman:
Now, the enemies of democracy will keep trying to find new ways to undermine rule of law. I have to admit that I never even thought about the federal payments system as a target before the news of Musk’s antics was broken. Special credit goes to Nathan Tankus, an expert on “the technical details of monetary policy”, who has become the man of the moment. [emphasis added]
So thank you Paul. Both on my own behalf as well as on behalf of the Viking press publicists popping champagne somewhere.
Monday I ended my last piece by listing the topics I would write about in my next piece. What I didn’t list is what broke late afternoon/evening yesterday. Specifically, in new court filings the Treasury confirms Wired, Talking Points Memo and my reporting that Marko Elez had read & write access to top secret payments systems. This is of course a huge validation of my work in this newsletter last week and affirms the credibility of the investigative journalism I choose to undertake in the future.
I got a huge scoop and only missed breaking the story Wired broke by 6.5 hours overnight. I broke other stories which only appeared subsequently in other outlets and have details still not confirmed by other outlets. This is a major new stage in what I can do with this newsletter and builds trust with potential future sources, making it even easier to do investigative journalism in the future. In some ways the most important validation is that the Washington Post is crediting this newsletter with having gotten to this story along with Wired, which will lead other mainstream outlets to properly credit Notes on the Crises as well:
The Treasury Department had previously stated that Elez was only granted “read-only” access to the payment system, although reporting by Wired and the financial newsletter Notes on the Crises had questioned that assertion.
Thanks to Jeff Stein for this citation and all of his advice and support since January 31st as I first caught up to this issue and then jumped headfirst into breaking news myself.
Of course, as nice as it is to get deserved credit, the substance of this confirmation is also worth looking at closely. Normally I try to avoid big block quotes from court filings (okay, who am I kidding) but I think the full quote is important here. I’ve uploaded five court documents to my website for ease of access and posterity’s sake (find them linked together below). First up, Joseph Gioeli III’s sworn affirmation, who is “Deputy Commissioner of Transformation and Modernization” at the Bureau of the Fiscal Service:
On the morning of February 6, it was discovered that Mr. Elez’s database access to SPS on February 5 had mistakenly been configured with read/write permissions instead of read-only. A forensic investigation was immediately initiated by database administrators to review all activities performed on that server and database. The initial investigation confirmed that all of Mr. Elez’s interactions with the SPS system occurred within the supervised, walk-through session and that no unauthorized actions had taken place. His access was promptly corrected to read-only, and he did not log into the system again after his initial virtual over-the-shoulder session on February 5. To the best of our knowledge, Mr. Elez never knew of the fact that he briefly had read/write permissions for the SPS database, and never took any action to exercise the “write” privileges in order to modify anything within the SPS database—indeed, he never logged in during the time that he had read/write privileges, other than during the virtual walk-through – and forensic analysis is currently underway to confirm this. [emphasis added]
When I first read this paragraph, I laughed for about a minute straight in incredulity and disbelief.
What you are being asked to believe is that the most sensitive systems in the world, systems being scrutinized by much of the world for the first time, had “accidentally” been put under the full control of Marko Elez. You are also being asked to believe that this applied to only one system and the investigation launched was just to “make sure” nothing “bad” happened during this “accident”. And what do you know, they confirmed it! What is interesting about this story is it is perfectly shaped to fit the reporting from Wired and myself as much as possible while providing an innocuous explanation. This is roughly the equivalent of a student giving the excuse “I slipped on a banana peel and my dog ate my homework”. Apparently the Trump-Musk Treasury department has innovated in the field of slapstick comedy far beyond the capacity of Charlie Chaplin to imagine.
Its especially interesting that they are claiming that this only happened with SPS since, while my sources confirmed Wired’s reporting about Marko Elez’s access to the Secure Payment System (SPS) and the Payment Automation Manager (PAM), my subsequent reporting confirmed evolutions of Marko Elez’s access to SPS but could not confirm evolutions of his access to other systems. This leaves two possibilities. The first is that the Treasury is shaping its answers to provide a rationale that is consistent with reporting from multiple sources but only to what they perceive is the extent necessary. These statements are their assessment of that, triangulating between Wired and my reporting.
The second is that they know only a small circle of very high level Bureau of the Fiscal Service employees could definitively know they are lying. Thus they either feel secure that these claims won’t be disconfirmed or their disconfirmation would facilitate finding an important security leak. These two different possibilities are obviously interrelated insofar as only confirming read/write access to SPS obliviates much of the power of lower level current Bureau of the Fiscal Service employees as sources (please still get in contact securely over Signal nevertheless). There is also the possibility that they expect counterclaims to have less force if they actually follow through on not having DOGE employees directly interact with these systems, even on a read only basis, anymore. More on this later.
These documents also confirm that Elez had direct access to source code and even that he was changing source code but only in a “sandbox” environment. Specifically, Gioeli states:
Bureau provided Mr. Elez with the Bureau laptop and with copies of the source code for PAM, SPS, and ASAP in a separate, secure coding environment known as a “secure code repository” or “sandbox.” Mr. Elez could review and make changes locally to copies of the source code in the cordoned-off code repository; however, he did not have the authority or capability to publish any code changes to the production system or underlying test environments.
Note that this is also a statement which provides an “innocuous” explanation for reporting last week, including Josh Marshall’s early reporting at Talking Points Memo of “source code changes” which neither Wired or I could confirm. This clearly appears to be an effort to tie all these issues up in a nice, tidy bow.
As I’ve made clear, I find the convenience of these explanations preposterous but I want to emphasize that aside from the fact that I stand by the accuracy of all my reporting, I do not have specific information at the time of writing to facilitate refuting Treasury’s new stories. I also want to emphasize what both Wired and I have explained in our reporting. “Read only” access is still “catastrophic” and it does not matter very much whether dangerous, and possibly unconstitutional, code is put into testing and production by a DOGE employee themselves or ordered by DOGE and implemented by career civil servants at the Bureau of the Fiscal Service. Nor does modifying the payment system to implement unconstitutional directives at the operational level even necessarily require “read only” access.
Which brings us to Thomas Krause’s sworn “affirmation” yesterday. Recall that he is the Musk ally installed in a senior position and the only other person the initial injunction allowed “read only” access in addition to Marko Elez. His statement is not all that interesting regarding the facts about Marko Elez but it does provide some plausible and useful claims such as “Currently, I am the only Treasury DOGE team member.” and confirms the reporting that he will soon become “Fiscal Assistant Secretary” i.e. taking David Lebryk’s old position. There is also a key phrase in his affirmation which gives the whole game away:
(2) ensuring that the Treasury DOGE Team was leveraging its unique technological expertise to help operationalize the President’s policy priorities for the early days of the Administration, including by helping identify payments that may be improper under his new Executive Orders. [emphasis added]
When I wrote my piece published the morning of February 3rd I was hoping that my rhetorical question about improper payments was ghoulish overkill:
Is “Wokeness,” the “Green New Deal,” “Marxism,” and “Gender Ideology” going to be the new definition of an “improper payment"? [emphasis added]
It turns out that I was dead on, unfortunately.
To spell this out explicitly, the Krause statement is an admission, perhaps inadvertent, that they are pursuing using BFS systems to impound spending and they are going to rhetorically cover this by defining impounded spending as “improper payments”. As I stated in that piece, improper payments are in the eye of the beholder (in this situation).
Which brings us to the key question of making impoundment at the payments level operational. These documents have valuable details about their approach to building the technical machinery of impoundment. The downside is that we have to go through… details about the technical machinery of impoundment. Krause states:
One initial goal of the engagement was to ensure that all payments through BFS’s payment systems included Treasury Account Symbols (TAS) and Business Event Type Codes (BETCs), which are used to identify what type of payment and accounts each payment request is associated with. These are the kinds of enhanced controls suggested in the March 30, 2023 GAO Report [emphasis added]
This is a tricky area to discuss because unlike most of the nonsense coming out of the Trump administration on this issue, there is a real issue and legitimate purpose related to Krause’s statement. That is not particularly impressive nor does it validate DOGE’s activities, it is simply an indication of how outrageously otherworldly and maliciously false so much of the discourse about this issue has been.
First, what are “Treasury Account Symbols”? The GAO report Krause invokes defines them as:
A TAS is a unique identification code that the Department of the Treasury, in collaboration with the Office of Management and Budget (OMB), assigns to a federal entity’s individual appropriation, receipt, or other fund account [emphasis added]
A Business Event Type code, in turn, is just a code that identifies an activity related to that appropriation such as a disbursement or a collection. The key here is that if you can identify a specific appropriation by its TAS code, you can block the specific appropriations you do not like. This goes far beyond simply blocking payments from an entire agency which was my early concern which turned out to be entirely valid.
It's important to understand that while Krause is telling the truth that ensuring all payments had TAS and BETC codes has been a regularly suggested improvement to internal controls and one that both the Bureau of the Fiscal Service itself, in addition to the GAO, has pursued, he is avoiding saying that he is looking to put them to an entirely new and dangerous purpose. The GAO report he invokes, for example, explicitly states that they are pursuing this internal control improvement to facilitate identifying and closing:
TASs established during the annual fiscal year-end rollover process that do not subsequently have corresponding appropriations supporting the period of availability.
In other words, this control was originally intended to ensure that agency spending is in line with congressional appropriations, not ignoring appropriations and unilaterally reducing agency spending below agency appropriations to suit their own ideological purposes. So while the internal control is legitimate, the purpose they are aiming to use it for is not. If you are an employee of the Government Accountability Office and would like to discuss my analysis, please contact me securely over signal (or email if you are comfortable with that).
Incidentally, Krause’s statements also confirm that Elon Musk was lying when he claimed that they do not check payments:
In the normal course, when an agency initially provides a payment file to BFS through its PAM system, BFS conducts certain reviews of that file (known as “pre-edit”) before requesting that the agency certify the payment, after which point the file is processed through BFS’s systems. An example of a check that occurs during the pre-certification phase is to compare the payments in the file against the Do Not Pay working system, which is used to identify payments that may be improper or fraudulent. If transaction(s) in a payment file lead to a match when screened through the Do Not Pay working system, BFS notifies the submitting agency, which is given an opportunity to reexamine the payment file to determine whether to ultimately certify it for processing [emphasis added]
Thus, the only sense in which Musk’s original tweet remains remotely true is that the payment is not outright “denied” but sent back to an agency for investigation and possible recertification. It may seem quant to continually fact check Musk tweets from two weeks ago but it's important to keep track of the shifting rationalizations and justifications to emphasize that the reasoning and claims are changing to accomplish the same goal: abrogating the constitution in service of centralizing power in the executive branch and subordinating both Congress and the Judiciary.
In this iteration of these rationalizations, Krause attempts to present impoundment at the operational BFS level as a reasonable corollary to the “do not pay” checks that already happen.
Our work to implement the President’s foreign aid Executive Order was intended to operate similarly. The plan we implemented included identifying payments files in the pre-edit phase, prior to certification and processing, that may fall within the scope of the Executive order and, thus, require review by the State Department, as the authorized agency under the Executive Order, to determine whether they fall within the scope of the Executive Order but should receive a waiver, or whether instead the payor agency should pause the payment pursuant to the Executive Order [emphasis added]
This is, of course, sophistry. The operational process may be similar but the purpose is entirely different. Of course impoundment would operationally look similar to a “do not pay” check, they are looking to stop payments! But the purpose of the current “do not pay” system is to align agency disbursements with congressional appropriations and a “freeze spending” check is expressly intended to abrogate congressional appropriations. Hence why Trump’s head of the OMB has put such emphasis on the alleged illegality of the Impoundment Control Act of 1974!
02/11/25 Document 28 “Memorandum Opinion and Order”
02/11/25 Document 31 “Wenzler Affirmation”
02/11/25 Document 32 “Robinson Affirmation”
02/11/25 Document 33 “Krause Affirmation”
02/11/25 Document 34 “Gioeli Affirmation”
Which brings me to Vona S. Robinson’s affirmation (for completeness and ease of perusal, I’m linking all the files above together above, including a couple of files I do not discuss in this piece). Robinson provides a lot more details which affirm and intensify the reasons to be concerned about Krause’s testimony above. She also provides clear details in general. In fact, I’m going to quote her description of how the Bureau of the Fiscal Service traditionally processes payments simply because it’s worth reading to better understand what we have been talking about the last two weeks:
Within PAM, PAM’s “file system” receives payment files from payor agencies into its “landing zone,” which is the existing system that ingests payment files before agencies certify the payments for processing. When payment files come into the “landing zone,” they are transferred to the PAM application where the payment file is validated and a preedit report is generated and sent back to the Federal Agency that contains, among other things, information about potentially improper or fraudulent payments. The Federal Agency uses this report to certify the payments in the SPS system, after which the payments are processed consistent with the instructions within the file.
This again affirms the falsity of Musk’s earlier claims. I’ll get to assessing Musk’s recent tweets in the context of these court affirmations tomorrow… unless more news breaks.
Crucially, Robinson’s statement provides confirmation to CNN’s bombshell reporting about payment level impoundment regarding USAID. It also adds new alarming details about just how far payment level impoundment has gotten. As far as I’m aware, as of publication I’m the first source to cover these disturbing revelations. Specifically, they have already moved beyond a stop payment process for agencies to stopping payment at the Treasury Account Code (TAS) level:
On January 31, the Bureau was directed to (1) identify incoming specific Agency payment files to the “landing zone” that met 4 specified Treasury Account Symbol (TAS) codes,—I understand that those TAS codes had been associated with categories of payments that were not USAID payments, but which nonetheless may have been covered under the foreign aid Executive Order; (2) create a copy of the payment files with those TAS codes—the original payment files would remain in the landing zone to ensure payment integrity; (3) move those copies into a separate folder (the “MoveIT” folder) where they could be sent to authorized officials at the State Department for review; (4) deliver the copies to authorized staff at the State Department through a secure portal that was limited in access to certain designated Department of State officials, for same-day review, and (5) allow those State Department officials to determine whether the Executive Order required a pause, or whether the original payment files should move forward into PAM’s processing system for disbursement according to Treasury’s normal payment processes. [emphasis added]
Let's break this down.
What Vona Robinson is saying is that the Trump administration has already reached beyond stopping payments from agencies they do not like to stopping specific appropriations they do not like regardless of the agency doing the spending. In the examples she describes a flagged payment file is left in the processing stage but a copy is produced, placed in a different folder and that folder’s contents can be sent to an administrative agency using a “secure portal”. That folder which leads to files being sent to an agency is called the “MoveIT” folder. What the officials at the agency are “supposed to be” doing according to the Trump administration is reviewing them for “violations” of the president’s executive orders which unconstitutionally order sweeping spending freezes. Thus, this process is operationally elevating executive orders above all other laws.
What non-USAID appropriations were flagged? You might think that they were non-USAID, state department expenditures because of Robinson’s description above. This is perhaps the most disturbing part: they were not:
One TAS code was associated with the Millenium Challenge Corporation (MCC) and three TAS codes were associated with certain payments from the Department of Health and Human Services (HHS). These included two sub-accounts labeled “Refugee and Entrant Assistance, Admin for Children and Families,” one account labeled “Gifts and Donations Office of Refugee Resettlement, Admin for Children and Families,” and one account labeled “Refugee Resettlement Assistance, Administration for Children and Families, Health and Human Services.”
Besides the despicable nature of pursuing freezing the spending they were flagging, this affirmation essentially communicates that a government agency, a cabinet level one no less, was not involved in the review process of its own appropriations. This is much worse than anything that had previously been in the public domain. The fact that these are international payments and in some general sense “state department related” does not make them automatically subject to State department review (at least as far as I’m aware. If there is any statutory basis for State department review, please let me know and I will correct my error).
Of course, reviewing payment files manually is a high effort process and will not scale to the extent that DOGE and the Trump administration desire. This is why Robinson’s statements about manual review are crucial. Specifically:
At the outset, I understand that BFS career staff queried the PAM file system manually to identify payment files and shared those payment files with Mr. Elez for review through the MoveIT folder. I further understand that, at some point after January 31, Mr. Elez assisted in automating the manual review of the payment files. [emphasis added]
It is unclear whether this "automation" of the "manual review" was a source code change or an API overlay. Based on discussions with programmers unfamiliar with the situation, who also reference public reporting about the quality of programming skills DOGE employees seem to have had, it is commonly believed that what was constructed was an API overlay. Nevertheless, clarity is needed on this point and an independent investigation into the issue of source code changes. This also means that Marko Elez was directly involved in writing code to automate operationally and unconstitutionally impounding appropriations.
Robinson finishes her affirmation saying that the “State Department review process” has been frozen and that the BFS has not impounded spending “certified” by agencies:
As of February 10, we have ensured that the State Department review process will not proceed for payment requests within the scope of the TRO order issued in New York v. Trump, No. 1:25-cv-39-JJM-PAS (D.R.I.)
To the best of my knowledge, BFS has not failed to disburse any payment duly certified by a payor agency as a result of the Treasury DOGE Team’s work. To date, no payments, with the exception of the single MCC payment mentioned above, have been delayed or canceled by the payor agency as a result of the re-routing and review process described herein.
This is not particularly comforting.
The Trump administration may currently claim that they were not “freezing” spending without the agency’s approval before the temporary restraining order but, first of all, “freezing” i.e. impounding spending is still unconstitutional whether it's done at the agency level or at the payments level. Second of all, and most importantly, the operational capacity to freeze payments is a coercive tool which creates pressure on agencies to comply with illegal presidential executive orders (or illegal interpretations of those executive orders). The obvious fear is that non-compliance will lead to a worse freezing of payments and leave payment freezes to the sole discretion of whoever in the Treasury will be making these kinds of decisions in the future on DOGE’s behalf. All my fears from two weeks ago about DOGE reaching into the “payments heart” and short circuiting the “bureaucratic trench warfare” opened up by agencies choosing to follow court orders are coming true.
What is the take away from all this? It appears that we may have avoided the worst case scenarios of system failure and Marko Elez breaking a system he does not understand. This is important and valuable. We truly were in a potentially apocalyptic scenario last week. My inclination is to believe that they are not going to have one of the 20 something DOGE employees mess around with these extraordinarily sensitive systems (if you are a BFS employee who knows facts to the contrary, please get into contact securely over signal). However, my inclination to believe we’ve avoided the worst case scenarios is based on my informed intuition that the leadership in this area, including Musk, are laser focused on impoundment. Thus the constitutional crisis has still intensified from my first article on January 31st.
My lack of fear or panic right now is simply based on how fearful I was of the very real threat of total system breakdown. But we are in a, say, 7 alarm constitutional crisis. The focus on data privacy stemmed the bleeding but the Attorney Generals involved with this suit, or some other entities, need to figure out an effective lawsuit over the constitutional issue at hand. Every issue will be affected so every group which is opposed to an unconstitutional and fully imperial, unchecked presidency needs to be laser focused on this issue and form large coalitions to oppose it.
Corrections 3:30 PM: This article has been updated to clarify that source code changes are not necessary to automate a flagging of payment files for Agency (or other) review on the basis of Impoundment-related Trump executive orders
Subscribe to Notes on the Crises
Get the latest pieces delivered right to your inbox