The most important intervention in the United States labor market is not unionization or the minimum wage. It is professional licensing—government-required permission to work in a particular profession, earned after significant education and testing—that covers twice as many workers as unionization and federal wage laws combined. And the system that oversees it is broken.

Researchers have known for decades that professional licensing is a bad deal for consumers and workers. High-profile critiques of licensing go back to at least 1945, when Milton Friedman’s Ph.D. thesis presented some of the earliest evidence that licensing costs consumers dearly. In the decades since, economists and journalists have developed a body of evidence supporting these critics’ views. The idea that licensing raises barriers to professions that are far higher than necessary to protect the public has remained a focus of “libertarian” and “liberaltarian” causes alike, giving rise to a bipartisan reform movement that aimed at reducing barriers to work for people with criminal records, lowering the price for health care, and making starting a new business easier.

But despite these efforts—and despite the clarity of the problem—very little has been done to meaningfully roll back licensing. In fact, the institution of professional licensing has only grown in its reach and outlandishness. More and more new professions are becoming licensed, such as art therapists and, most recently and most absurdly, fortune tellers.

[Jerusalem Demsas: Permission-slip culture is hurting America]

Reform efforts haven’t worked because none of them addresses the center of the problem: the regulatory boards that control professional licensing. When a state makes a licensing law—a rule that only practitioners who have jumped through certain hoops can practice—it usually also creates a board to interpret and implement the law. Each state has dozens of these boards; almost 1,800 have been established nationwide. They are powerful engines of professional regulation, deciding who is in and who is out, setting the terms of what you can do as a provider and, ostensibly, disciplining professionals for misbehavior.

Importantly, most statutes require that most board seats go to part-time volunteers working in the very profession they are supposed to regulate. The seats on these boards can be hard to fill, because serving can be a big time commitment and offers no pay; often, only those already involved in advocacy through professional associations are willing to sign up.

For anyone interested in licensing reform, ignoring boards is akin to someone interested in criminal-justice reform ignoring the role of courts and judges. And in this case, the boards have all the wrong incentives for public protection. Licensing works to protect consumers only if it doesn’t go too far. If getting into a profession is too hard, or the rules are too strict about what professionals can and can’t do, professional service will be expensive and scarce. But for those already licensed, more is more. The harder that entering and practicing are, the less competition those professionals face, which can mean better pay, a better lifestyle, and more prestige.

As an antitrust professor who has studied how companies act when they have control over who competes with them and how, I had a guess about how boards stacked with advocates for their profession would behave when given control over licensing. They would act like a cartel—keeping competition down and profits high. I thought board members would struggle to “change hats” from professional to regulator. When I decided to write a book about professional licensing, I started attending licensing-board meetings in my home state to see whether I was right.

[Read: The onerous, arbitrary, unaccountable world of occupational licensing]

Some of what I saw confirmed this hypothesis. For example, I watched the Tennessee Board of Alcohol and Drug Abuse Counselors nix a proposed reform that would relax a requirement that applicants need to have majored in a behavior-health field, a rule that all but foreclosed the profession to anyone who hadn’t decided to be a counselor when they were a teenager. The reasons they gave had nothing to do with the sort of public protection licensing ostensibly serves. Rather, they wanted “to protect what we’ve got.” Another said anything less than a “fully robust” license would mean less pay and prestige for counselors. One put it simply: “It’s our responsibility to make sure we are looking out for this profession.”

That has it exactly backwards. A licensing board’s responsibility is to look out for the public and to implement decisions made by legislatures, including efforts to dial down licensing. But time and again, I saw licensing reform initiated by a state government die in these board meetings. For example, in 2019, Arizona passed a “universal recognition” law that purportedly allowed anyone licensed in any state in most professions to practice in Arizona. The law was touted as promoting interstate mobility and cutting the red tape of a state-by-state licensing system. But a member of Arizona’s psychology board later told me her board had functionally killed it, at least with respect to psychologists, by interpreting it narrowly. Similarly, in Tennessee, the legislature responded to the crisis of too few physicians by streamlining the licensure process for applicants from foreign medical schools. The licensing board flat-out refused to implement it.

Boards not only resist efforts to reduce licensing barriers; they actively work to increase them. They do this by lobbying the very legislatures that are supposed to oversee them, even using their licensing fees to fund their efforts. In these efforts, licensing restrictions are often portrayed as a win-win for the profession that lobbies for them and for the consumers who get more public protection.

But this ratchet isn’t always good for consumers, because professional services can become scarce and expensive as a result. Returning to the example of alcohol- and drug-abuse counselors, one used to need 1,500 hours of practical experience to be a counselor; then that doubled to 3,000. Today one needs 6,000 hours—as much as a medical residency—to qualify for a license in Tennessee. That and the college-major requirement have made this an exceedingly difficult profession to enter. Only about 400 counselors practice in Tennessee, a state where about 70,000 people deal with opioid addiction.

Some of what I saw, however, seemed to refute my theory that what amounted to industry self-regulation at the licensing boards would work to keep down the number of professionals.

An example: The medical-board disciplinary case of an ob-gyn who had lost his license the year before. He had had sexual relationships with a number of his patients. He had written some of them (and others) off-book prescriptions for controlled substances, in at least one case prescribing a quantity so large that he later said he had come to believe the patient was selling it on the street. He also admitted to occasionally having done drugs at work with his patients. Only six months after his license was revoked, he asked the board for it back, as a changed man with a new commitment to be a better physician. The board voted to grant him a new license the day of his hearing, a fresh start for a physician who sees mostly Medicaid patients in inner-city Memphis. Much of the board discussion focused on whether a chaperone requirement could be imposed on the newly relicensed physician without raising an alarm among his patients.

[Read: The disappearing right to earn a living]

My theory that boards would keep out unwanted competitors could not explain why the board didn’t bar this doctor from the profession for good. There seemed to be more to the story of self-regulation than cartel-like behavior. When it came to dealing out disciplinary measures, board members’ professional identity and years of advocacy created blind spots where they could not see the worst of their profession. Their professional associations, too, encouraged board members to give their peers the benefit of every doubt and to believe a fellow professional who promised to do better next time. This generosity of spirit was particularly notable in the healing professions, where doctors and nurses were dispositionally inclined to see practically every provider before them as capable of redemption. The effects of this dynamic have been devastating: For example, these impulses contributed to the opioid crisis, as prescribing practices went unchecked by professional licensing boards until too late.

The diagnosis is old: Professional licensing needs to be rolled back, to be used only where necessary to protect the public and where lighter regulatory touches—that don’t so severely impact consumers and workers—aren’t effective. And where we need professional licensing, such as in many health-care professions and in law, a lighter regulatory touch will keep professional services affordable and accessible.

But the prescription is new: States need to overhaul their licensing-board systems to eliminate the self-regulation that has made licensing a lose-lose for workers and consumers alike.

Elon Musk’s unceasing attempts to access the data and information systems of the federal government range so widely, and are so unprecedented and unpredictable, that government computing experts believe the effort has spun out of control. This week, we spoke with four federal-government IT professionals—all experienced contractors and civil servants who have built, modified, or maintained the kind of technological infrastructure that Musk’s inexperienced employees at his newly created Department of Government Efficiency are attempting to access. In our conversations, each expert was unequivocal: They are terrified and struggling to articulate the scale of the crisis.

Even if the president of the United States, the head of the executive branch, supports (and, importantly, understands) these efforts by DOGE, these experts told us, they would still consider Musk’s campaign to be a reckless and dangerous breach of the complex systems that keep America running. Federal IT systems facilitate operations as varied as sending payments from the Treasury Department and making sure that airplanes stay in the air, the sources told us.

Based on what has been reported, DOGE representatives have obtained or requested access to certain systems at the U.S. Treasury, the Department of Health and Human Services, the Office of Personnel Management, and the National Oceanic and Atmospheric Administration, with eyes toward others, including the Federal Aviation Administration. “This is the largest data breach and the largest IT security breach in our country’s history—at least that’s publicly known,” one contractor who has worked on classified information-security systems at numerous government agencies told us this week. “You can’t un-ring this bell. Once these DOGE guys have access to these data systems, they can ostensibly do with it what they want.”

[Read: If DOGE goes nuclear]

What exactly they want is unclear. And much remains unknown about what, exactly, is happening here. The contractor emphasized that nobody yet knows which information DOGE has access to, or what it plans to do with it. Spokespeople for the White House, and Musk himself, did not respond to emailed requests for comment. Some reports have revealed the scope of DOGE’s incursions at individual agencies; still, it has been difficult to see the broader context of DOGE’s ambition.

The four experts laid out the implications of giving untrained individuals access to the technological infrastructure that controls the country. Their message is unambiguous: These are not systems you tamper with lightly. Musk and his crew could act deliberately to extract sensitive data, alter fundamental aspects of how these systems operate, or provide further access to unvetted actors. Or they may act with carelessness or incompetence, breaking the systems altogether. Given the scope of what these systems do, key government services might stop working properly, citizens could be harmed, and the damage might be difficult or impossible to undo. As one administrator for a federal agency with deep knowledge about the government’s IT operations told us, “I don’t think the public quite understands the level of danger.”

Each of our four sources, three of whom requested anonymity out of fear of reprisal, made three points very clear: These systems are immense, they are complex, and they are critical. A single program run by the FAA to help air-traffic controllers, En Route Automation Modernization, contains nearly 2 million lines of code; an average iPhone app, for comparison, has about 50,000. The Treasury Department disburses trillions of dollars in payments per year.

Many systems and databases in a given agency feed into others, but access to them is restricted. Employees, contractors, civil-service government workers, and political appointees have strict controls on what they can access and limited visibility into the system as a whole. This is by design, as even the most mundane government databases can contain highly sensitive personal information. A security-clearance database such as those used by the Department of Justice or the Bureau of Alcohol, Tobacco, Firearms and Explosives, one contractor told us, could include information about a person’s mental-health or sexual history, as well as disclosures about any information that a foreign government could use to blackmail them.

Even if DOGE has not tapped into these particular databases, The Washington Post reported on Wednesday that the group has accessed sensitive personnel data at OPM. Mother Jones also reported on Wednesday that an effort may be under way to effectively give Musk control over IT for the entire federal government, broadening his access to these agencies. Trump has said that Musk is acting only with his permission. “Elon can’t do and won’t do anything without our approval,” he said to reporters recently. “And we will give him the approval where appropriate. Where it’s not appropriate, we won’t.” The specter of what DOGE might do with that approval is still keeping the government employees we spoke with up at night. With relatively basic “read only” access, Musk’s people could easily find individuals in databases or clone entire servers and transfer that secure information somewhere else. Even if Musk eventually loses access to these systems—owing to a temporary court order such as the one approved yesterday, say—whatever data he siphons now could be his forever.

[Read: Trump advisers stopped Musk from hiring a noncitizen at DOGE]

With a higher level of access—“write access”—a motivated person may be able to put their own code into the system, potentially without any oversight. The possibilities here are staggering. One could alter the data these systems process, or they could change the way the software operates—without any of the testing that would normally accompany changes to a critical system. Still another level of access, administrator privileges, could grant the broad ability to control a system, including hiding evidence of other alterations. “They could change or manipulate treasury data directly in the database with no way for people to audit or capture it,” one contractor told us. “We’d have very little way to know it even happened.”

The specific levels of access that Musk and his team have remain unclear and likely vary between agencies. On Tuesday, the Treasury said that DOGE had been given “read only” access to the department’s federal payment system, though Wired then reported that one member of DOGE was able to write code on the system. Any focus on access tiers, for that matter, may actually simplify the problem at hand. These systems aren’t just complex at the code level—they are multifaceted in their architecture. Systems can have subsystems; each of these can have their own permission structures. It’s hard to talk about any agency’s tech infrastructure as monolithic. It’s less a database than it is a Russian nesting doll of databases, the experts said.

Musk’s efforts represent a dramatic shift in the way the government’s business has traditionally been conducted. Previously, security protocols were so strict that a contractor plugging a non-government-issued computer into an ethernet port in a government agency office was considered a major security violation. Contrast that with DOGE’s incursion. CNN reported yesterday that a 23-year-old former SpaceX intern without a background check was given a basic, low tier of access to Department of Energy IT systems, despite objections from department lawyers and information experts. “That these guys, who may not even have clearances, are just pulling up and plugging in their own servers is madness,” one source told us, referring to an allegation that DOGE had connected its own server at OPM. “It’s really hard to find good analogies for how big of a deal this is.” The simple fact that Musk loyalists are in the building with their own computers is the heart of the problem—and helps explain why activities ostensibly authorized by the president are widely viewed as a catastrophic data breach.

The four systems professionals we spoke with do not know what damage might already have been done. “The longer this goes on, the greater the risk of potential fatal compromise increases,” Scott Cory, a former CIO for an agency in the HHS, told us. At the Treasury, this could mean stopping payments to government organizations or outside contracts it doesn’t want to pay. It could also mean diverting funds to other recipients. Or gumming up the works in the attempt to do those, or other, things.

In the FAA, even a small systems disruption could cause mass grounding of flights, a halt in global shipping, or worse, downed planes. For instance, the agency oversees the Traffic Flow Management System, which calculates the overall demand for airspace in U.S. airports and which airlines depend on. “Going into these systems without an in-depth understanding of how they work both individually and interconnectedly is a recipe for disaster that will result in death and economic harm to our nation,” one FAA employee who has nearly a decade of experience with its system architecture told us. “‘Upgrading’ a system of which you know nothing about is a good way to break it, and breaking air travel is a worst-case scenario with consequences that will ripple out into all aspects of civilian life. It could easily get to a place where you can’t guarantee the safety of flights taking off and landing.” Nevertheless, on Wednesday Musk posted that “the DOGE team will aim to make rapid safety upgrades to the air traffic control system.”

Even if DOGE members are looking to modernize these systems, they may find themselves flummoxed. The government is big and old and complicated. One former official with experience in government IT systems, including at the Treasury, told us that old could mean that the systems were installed in 1962, 1992, or 2012. They might use a combination of software written in different programming languages: a little COBOL in the 1970s, a bit of Java in the 1990s. Knowledge about one system doesn’t give anyone—including Musk’s DOGE workers, some of whom were not even alive for Y2K—the ability to make intricate changes to another.

[Read: The “rapid unscheduled disassembly” of the United States government]

The internet economy, characterized by youth and disruption, favors inventing new systems and disposing of old ones. And the nation’s computer systems, like its roads and bridges, could certainly benefit from upgrades. But old computers don’t necessarily make for bad infrastructure, and government infrastructure isn’t always old anyway. The former Treasury official told us that mainframes—and COBOL, the ancient programming language they often run—are really good for what they do, such as batch processing for financial transactions.

Like the FAA employee, the payment-systems expert also fears that the most likely result of DOGE activity on federal systems will be breaking them, especially because of incompetence and lack of proper care. DOGE, he observed, may be prepared to view or hoover up data, but it doesn’t appear to be prepared to carry out savvy and effective alterations to how the system operates. This should perhaps be reassuring. “If you were going to organize a heist of the U.S. Treasury,” he said, “why in the world would you bring a handful of college students?” They would be useless. Your crew would need, at a minimum, a couple of guys with a decade or two of experience with COBOL, he said.

Unless, of course, you had the confidence that you could figure anything out, including a lumbering government system you don’t respect in the first place. That interpretation of DOGE’s theory of self seems both likely and even more scary, at the Treasury, the FAA, and beyond. Would they even know what to do after logging in to such a machine? we asked. “No, they’d have no idea,” the payment expert said. “The sanguine thing to think about is that the code in these systems and the process and functions they manage are unbelievably complicated,” Scott Cory said. “You’d have to be extremely knowledgeable if you were going into these systems and wanting to make changes with an impact on functionality.”

But DOGE workers could try anyway. Mainframe computers have a keyboard and display, unlike the cloud-computing servers in data centers. According to the former Treasury IT expert, someone who could get into the room and had credentials for the system could access it and, via the same machine or a networked one, probably also deploy software changes to it. It’s far more likely that they would break, rather than improve, a Treasury disbursement system in so doing, one source told us. “The volume of information they deal with [at the Treasury] is absolutely enormous, well beyond what anyone would deal with at SpaceX,” the source said. Even a small alteration to a part of the system that has to do with the distribution of funds could wreak havoc, preventing those funds from being distributed or distributing them wrongly, for example. “It’s like walking into a nuclear reactor and deciding to handle some plutonium.”

DOGE is many things—a dismantling of the federal government, a political project to flex power and punish perceived enemies—but it is also the logical end point of a strain of thought that’s become popular in Silicon Valley during the boom times of Big Tech and easy money: that building software and writing code aren’t just dominant skills for the 21st century, but proof of competence in any realm. In a post on X this week, John Shedletsky, a developer and an early employee at the popular gaming platform Roblox, summed up the philosophy nicely: “Silicon Valley built the modern world. Why shouldn’t we run it?”

This attitude disgusted one of the officials we spoke with. “There’s this bizarre belief that being able to do things with computers means you have to be super smart about everything else.” Silicon Valley may have built the computational part of the modern world, but the rest of that world—the money, the airplanes, the roads, and the waterways—still exists. Knowing something, even a lot, about computers guarantees no knowledge about the world beyond them.

“I’d like to think that this is all so massive and complex that they won’t succeed in whatever it is they’re trying to do,” one of the experts told us. “But I wouldn’t want to wager that outcome against their egos.”