Skip to content
a strong musky smell

What could possibly go wrong? DOGE to rapidly rebuild Social Security codebase.

A safe and proper rewrite should take years not months.

Makena Kelly, wired.com | 1.0k
Computer display showing COBOL code
Credit: Tigermad
Credit: Tigermad
Story text

The so-called Department of Government Efficiency (DOGE) is starting to put together a team to migrate the Social Security Administration’s (SSA) computer systems entirely off one of its oldest programming languages in a matter of months, potentially putting the integrity of the system—and the benefits on which tens of millions of Americans rely—at risk.

The project is being organized by Elon Musk lieutenant Steve Davis, multiple sources who were not given permission to talk to the media tell WIRED, and aims to migrate all SSA systems off COBOL, one of the first common business-oriented programming languages, and onto a more modern replacement like Java within a scheduled tight timeframe of a few months.

Under any circumstances, a migration of this size and scale would be a massive undertaking, experts tell WIRED, but the expedited deadline runs the risk of obstructing payments to the more than 65 million people in the US currently receiving Social Security benefits.

“Of course one of the big risks is not underpayment or overpayment per se but [it’s also] not paying someone at all and not knowing about it. The invisible errors and omissions,” an SSA technologist tells WIRED.

The Social Security Administration did not immediately reply to WIRED’s request for comment.

SSA has been under increasing scrutiny from President Donald Trump’s administration. In February, Musk took aim at SSA, falsely claiming that the agency was rife with fraud. Specifically, Musk pointed to data he allegedly pulled from the system that showed 150-year-olds in the US were receiving benefits, something that isn’t actually happening. Over the last few weeks, following significant cuts to the agency by DOGE, SSA has suffered frequent website crashes and long wait times over the phone, The Washington Post reported this week.

This proposed migration isn’t the first time SSA has tried to move away from COBOL: In 2017, SSA announced a plan to receive hundreds of millions in funding to replace its core systems. The agency predicted that it would take around five years to modernize these systems. Because of the coronavirus pandemic in 2020, the agency pivoted away from this work to focus on more public-facing projects.

Like many legacy government IT systems, SSA systems contain code written in COBOL, a programming language created in part in the 1950s by computing pioneer Grace Hopper. The Defense Department essentially pressured private industry to use COBOL soon after its creation, spurring widespread adoption and making it one of the most widely used languages for mainframes, or computer systems that process and store large amounts of data quickly, by the 1970s. (At least one DOD-related website praising Hopper's accomplishments is no longer active, likely following the Trump administration’s DEI purge of military acknowledgements.)

As recently as 2016, SSA’s infrastructure contained more than 60 million lines of code written in COBOL, with millions more written in other legacy coding languages, the agency’s Office of the Inspector General found. In fact, SSA’s core programmatic systems and architecture haven’t been “substantially” updated since the 1980s when the agency developed its own database system called MADAM, or the Master Data Access Method, which was written in COBOL and Assembler, according to SSA’s 2017 modernization plan.

SSA’s core “logic” is also written largely in COBOL. This is the code that issues social security numbers, manages payments, and even calculates the total amount beneficiaries should receive for different services, a former senior SSA technologist who worked in the office of the chief information officer says. Even minor changes could result in cascading failures across programs.

“If you weren't worried about a whole bunch of people not getting benefits or getting the wrong benefits, or getting the wrong entitlements, or having to wait ages, then sure go ahead,” says Dan Hon, principal of Very Little Gravitas, a technology strategy consultancy that helps government modernize services, about completing such a migration in a short timeframe.

It’s unclear when exactly the code migration would start. A recent document circulated amongst SSA staff laying out the agency’s priorities through May does not mention it, instead naming other priorities like terminating “non-essential contracts” and adopting artificial intelligence to “augment” administrative and technical writing.

Earlier this month, WIRED reported that at least 10 DOGE operatives were currently working within SSA, including a number of young and inexperienced engineers like Luke Farritor and Ethan Shaotran. At the time, sources told WIRED that the DOGE operatives would focus on how people identify themselves to access their benefits online.

Sources within SSA expect the project to begin in earnest once DOGE identifies and marks remaining beneficiaries as deceased and connecting disparate agency databases. In a Thursday morning court filing, an affidavit from SSA acting administrator Leland Dudek said that at least two DOGE operatives are currently working on a project formally called the “Are You Alive Project” targeting what these operatives believe to be improper payments and fraud within the agency’s system by calling individual beneficiaries. The agency is currently battling for sweeping access to SSA’s systems in court to finish out this work. (Again, 150-year-olds are not collecting social security benefits. That specific age was likely a quirk of COBOL. It doesn’t include a date type, so dates are often coded to a specific reference point—May 20, 1875, the date of an international standards-setting conference held in Paris, known as the Convention du Mètre.)

In order to migrate all COBOL code into a more modern language within a few months, DOGE would likely need to employ some form of generative artificial intelligence to help translate the millions of lines of code, sources tell WIRED. “DOGE thinks if they can say they got rid of all the COBOL in months then their way is the right way and we all just suck for not breaking shit,” says the SSA technologist.

DOGE would also need to develop tests to ensure the new system’s outputs match the previous one. It would be difficult to resolve all of the possible edge cases over the course of several years, let alone months, adds the SSA technologist.

“This is an environment that is held together with bail wire and duct tape,” the former senior SSA technologist working in the office of the chief information officer tells WIRED. “The leaders need to understand that they’re dealing with a house of cards or Jenga. If they start pulling pieces out, which they’ve already stated they’re doing, things can break.”

This story originally appeared on wired.com.

Photo of WIRED
Makena Kelly, wired.com
Wired.com is your essential daily guide to what's next, delivering the most original and complete take you'll find anywhere on innovation's impact on technology, science, business and culture.
1.0k Comments
Staff Picks
S
Skytooeen
I worked as a program manager years ago for my employer, a Fortune 50 company, on an effort to get us off of our mainframe, with a COBOL footprint that was similar in size to this one. Let me tell you, this absolutely cannot be done in three months, AI or no AI. There are all sort of issues and complexities when you move from a centralized system to a distributed one. Think race conditions, batch vs streaming processing, totally different inter-app messaging techniques. COBOL itself is a tricky language, with "gotchas" that don't exist in other languages.
The best outcome is that they keep the old system up and running while they screw around with trying to conjure a replacement. The worst is if they start turning off pieces (or the whole thing) from the old system without testing their new systems and instead "test in prod". Knowing Trump and Musk, I don't have high hopes.
w
walnut close
With experience doing enterprise platform conversions for 30 years, both from a system vendor's perspective, and as an enterprise IT architect and executive, I cannot begin to describe how guaranteed to fail, in terms of service delivery, consistency, security, and continuity, this effort is. System and language choices matter, to be sure, but they are not by themselves, or usually even primarily , determinative of success, or failure. Architecture, project management, testing, scope and quality control, transition and rollout planning ... all have a bigger impact on success or failure than any of the stuff these yahoos are going on about. You can doom a project with a bad technology choice, without question, but you can't come close to assuring it success just by making a good one.

And - I can't emphasize this enough - even if they get everything right technically, architecturally, and project-wise, it won't affect the rate of fraud or error, unless the source of fraud and error are understood, and mechanisms for detecting, and correcting them are baked onto the project requirements. COBOL is not a source of fraud, and is not inherently a source of error. Given that DOGE has identified exactly no credible fraud, and very little in the way of systemic error, that element too is doomed to fail.

This reminds me of a grossly exaggerated version of multiple spectacular system conversion failures led by big consulting at various enterprises I've been involved with over the years. The only difference is the scale (literally $Trillions across the nation at stake), and the mismatch between the hired "experts" and actual understanding of the systems they are trying to replace, are both exaggerated by a couple orders of magnitude compared with even the most massive corporate consulting boondoggles.
L
Lord Bayaz
I was part of a COBOL mainframe conversion project similar to this in many ways, but smaller in scope. After 10 years with a team of hundreds, the new capability is only partially fielded. One challenge was undocumented “spaghetti code.” Another was a lack of experts in both COBOL and (for instance) AWS.

Best of luck to the team tasked with doing this.
j
johnsonwax
What midsize bank deals with tens of trillions of dollars and has 400 million customers?? lol “midsize bank level software transition” 😂
And here's the part everyone gets wrong about government work. If you are too much of an outlier for the bank, the bank simply refuses to take you as a customer. So it's easy for banks to optimize their system because they just reject the long tail of weirdo customers. If a customer walks into your restaurant and says 'I'm on a liquid diet and am allergic to the following 87 things, what can you serve me', you're going to say 'nothing, sorry' and they'll have to leave and find food elsewhere. When you're the VA and that customer is a veteran and they have that condition because they took an artillery round on behalf of the American public, you're going to figure out how to prepare that meal.

Government doesn't get to define its market. Musk has repeatedly revealed that he's never looked at a paystub and been curious what that OASDI acronym stands for, because he assumed a 6 year old getting SS benefits was fraud, when that 6 year old is just the 'S' in that acronym. And when your customer is 6, there's a whole bunch of added shit you gotta add to your system to service that customer - powers of attorney, trusts, shit like that. Same goes for the 'D' in that acronym, as a LOT of SS recipients cannot visit an office or call on the phone. You gotta accommodate them as well. You know what my mom's bank 100% could not do? They couldn't handle an investment in a trust. At all. That didn't make it through the last software rewrite so we had to move her bank.

The whole fucking point of government is that whatever you do has to work for every last goddamn person in the country - it's 100%. You don't get to choose your customers. You have to accommodate the weirdest goddamn corner case you never even thought of. And the way you normally do that is with human beings. Someone who can listen to the need, recognize there's no fucking way the software can do that or the procedure manual was prepared for, and work the system to get the necessary outcome. Banks have the benefit of simply stopping the exercise after the easy 90% is done. Government does not.

That's what makes public service work hard.
Prev story
Next story