Let’s talk about the “5 bullets” email
Full disclosure, I am not a current federal government employee but have dozens of friends who are, so when they first told me about this email on February 22, I was kind of weirded out, to be honest. As someone who has worked in the corporate sector and academia, I have had to report my weekly activity log, so that itself did not raise any red flags for me. However, multiple things about this email screamed “phishing” in my head. In corporate America, I have received loads of training on protecting myself and the company from scams, fake emails, computer security protocols, etc.
So, let’s look at the email in detail and break down why I thought this might be a phishing scam…
The email originated from a generic HR OPM address. The Office of Personnel Management (OPM) oversees the entire federal government staffing. From the website:
However, orders are usually disseminated from each individual department or agency. So, if I worked for the State Department, I would expect the email address to be from state.gov. There was a great deal of controversy regarding a new server being installed at OPM, which was used to pool all government employees email addresses. This is the server HR@OPM.gov. Some employees filed a motion for a Temporary Restraining Order with the US District Court for the District of Columbia to stop the server due to privacy concerns. This TRO was denied, though there are still some follow-up motions, directly related to this email. So, the email might be legitimate, but also could be a spoof. Looking at the email header may give clues to the source, but how many people know how to do this? Can government IPs even be traced?
The subject line is very informal. Anyone working in a professional setting of any kind, (e.g. corporate, government, academia) will tell you that official communications from HR never sound this informal. I would personally expect a very dry subject line e.g. “New protocols for submitting weekly reports”.
There is zero greeting. Phishing scams tend to address recipients very informally, overly personally, or just jump right into the body of the text. Most professional email servers sending bulk emails tend to have the programming to insert a greeting for the individual recipient. Even if this is not possible, surely there should be some time of greeting such as “Valued federal employee”.
The body of the text is also very generic and informal. Note the abbreviation used within the text body. It would surprise me greatly if I received an email from HR containing casual wording and abbreviations instead of completely spelling out the word. Also, there is limited guidance as to how to approach this endeavour. Add in the fact that this email was delivered on a Saturday, when most employees were home and may not even check email on the weekend. And the short deadline to reply is also normally a trick of phishing scams, making everything sound super urgent.
There is no signature block at all. No clues who actually sent it within the email itself (we will get the other thing in just a minute…). I don’t know about you, but every single email or memo I have ever received from HR in 35+ years of work has somebody’s name and/or signature block, even if it is just the main office information. Again, makes me suspicious.
Of course, then the real interesting bit happened on social media. Elon Musk sent out a tweet (an X? a xeet?) indicating that he was the one who sent the email or authorized it to be sent.
Aside: if the email was sent by one of his young proteges, that could explain the informal nature of the email since younger generations now communicate in brief bursts with tweets, text messages, and whatever else they use. Heck, when I was a professor, I would get emails from students (roughly the same ages as Musk’s employees) that would address me too informally and limited wording in the body of the emails. I have even received emails with no capitalization at all while requesting to join my study group and once I even got a “Yo Doc” greeting. Anywho…
This tweet was very “interesting”.
Shocking, I know, but not everyone is on social media!!! Even if they are, they might not be on X or might not check X all the time (like me).
Notably, as has been pointed out by many others, there is a threat of being fired if no response is received, but this statement is NOT present in the actual email. (more on this in a bit)
What about employees who don’t have access to email for whatever reason?
What about employees on leave?
“understand what they got done”? Who is going to read these emails and “understand” every single job, every single department, every single task?
How are they going to verify that the information provided actually pertains to that person’s job?
Anyway, employees who received the email were ANGRY. Why? Federal employees are evaluated based on specific metrics for each individual job. Many employees already have to document their productivity. Some metrics are automatically assessed. Read more about this here. But how is a generic email to an unknown entity actually going to be evaluated to see if they are performing their job?
Incidentally, there have been a ton of really amusing responses posted on social media and blogs. I’m not going to link to any of the funniest as many are very NSFW. But this was my favorite I saw:
As we all know, chaos reigned on Monday with different responses from different departments on how to handle replying to the email, with the end result being that responses would be voluntary. This time.
Musk was not amused. Trump thought it was “genius”. White House confused.
Really??!? “doing so little work” and “non-existent people”. Ok, so let’s assume for just one minute that there are actually people that don’t exist. Why would they even have emails? How? Wouldn’t the emails bounce back as undeliverable? And, contrary to statements by Musk and Trump, government employees are usually quite hard-working for very little pay and it is very unlikely to be fraud.
As threatened, Musk sent a followup email with the EXACT. SAME. WORDING. from the same email address. The main difference this time is specifying that this will be an ongoing requirement. Prior indications were that it would be delivered differently, but clearly it was not.
I have soooo many questions about the way this will be handled. Reports are that Musk will use AI to parse all these emails. Even so, this is a LOT of emails. At least 2.3 million! Granted, a computer can chug through that many emails fairly quickly, but how effective will it actually be?
How do you teach an AI to understand what each job entails and whether the email response in question matches up with the job description? Not saying this won’t be possible “some day”, but that day is not today. Read this for some more insight and click on the embedded links there, too. There are many articles published in reputable sources regarding what AI can and can’t do at this point.
Same question as before: what about employees on leave or without email? If the AI sees a “no response” to the checklist of employees, is this an automatic firing?
Let’s assume for a second that the AI will just “flag” questionable responses. Who will manually look at those responses and how will they evaluate? Now you are putting human error into play along with potential AI error.
What about those who have only classified work? Will a simple statement “all my work is classified” be sufficient or do you actually have to list five bullets saying “classified” for each one? How will the AI know if the things you have done are actually classified or if you are just using that as justification to simplify your responses? (I think most people will be honest just setting up a hypothetical here.)
Ok, so let’s talk some numbers regarding the human end of the equation.
Assume 2.3 million workers, which seems to be the base consensus.
Assume AI flags all of them for human review and it takes ~1 minute per email to evaluate. (Let’s face it — it’s gonna take a lot longer than that but it’s a start)
One minute per email for all 2.3 million employees is 1597.22 DAYS of work, working straight through 24 hours. But that is ridiculous for one person, so let’s make some more assumptions….
2.3 million employees at 1 minute per email is 38333.33 HOURS of work
Assume an eight hour day, so you have 4792 working days needed.
This is even more ridiculous than the original ~1600 days so we will stick with that one and just run 3 shifts around the clock.
Now you need to get this accomplished in just 4 days. Emails due on Monday midnight and assume you want to fire the employees who don’t make the cut before the weekend begins because you don’t want to pay them for the following week, obviously.
The human element required for this is not insignificant. Who is going to pay these employees to do this work? Where will they come from? Won’t they be government employees, which is exactly what you are trying to eliminate?
See what I mean? We just keep chasing down a rabbit hole…
Transparency would help to ease a lot of the uncertainty, but I don’t think that is forthcoming anytime soon. My fear for this exercise is that it will be a simple “Did employee X respond?” If no, let go. “Did employee Y have five bullet points, regardless of what they say?” If no, let go. We can play this ‘what if’ all day long. At the end of the day, I am worried for my friends and everyone else who puts in hard work in a thankless job to make this country great.
I am with you in spirit as we proceed Onward Through the Fog.