Using Social Media in Background Investigations

A directive signed by the Director of National Intelligence yesterday formally authorizes the use of social media by official investigators who are conducting background investigations for security clearances.

See Collection, Use, and Retention of Publicly Available Social Media Information in Personnel Security Background Investigations and Adjudications, Security Executive Agent Directive 5, May 12, 2016.

The directive was crafted to avoid undue infringements on privacy.

Investigators will be limited to considering only publicly available postings. The subjects of a background investigation “shall not be requested or required” to provide passwords for access to non-publicly available materials or to make such materials available. Agencies will not be allowed to “friend” an individual for the purposes of gaining access to materials that are not otherwise available.

And the consideration of social media must be relevant to the official guidelines for granting access to classified information. That is, they must pertain to substance abuse, criminal conduct, foreign allegiance, or other such criteria.  See Adjudicative Guidelines for Determining Eligibility for Access to Classified Information, rev. December 29, 2005.

The utility of social media for background investigations remains to be demonstrated, particularly since any public posts that do not voluntarily advertise behavior that is at odds with official guidelines would not trigger investigative attention. A pilot project will be conduct to validate the approach before it is systematically included in the investigative process.

A hearing on Incorporating Social Media into Federal Background Investigations was held today by the House Committee on Oversight and Government Reform.

“The use of social media has become an integral, and very public, part of the fabric of most Americans’ daily lives, and it is critical that we use this important source of information to help protect our nation’s security,” said William R. Evanina, director of the National Counterintelligence and Security Center, in a statement to the House Committee.

DoD Security Clearances Down by 900K Since 2013

The total number of employees and contractors holding security clearances for access to classified information at the Department of Defense dropped by a hefty 900,000 between 2013 and 2016 — or 20% of the total cleared population at DoD. At the start of the current Fiscal Year, DoD had a remaining 3.7 million cleared personnel.

These data were presented in the latest quarterly report on Insider Threat and Security Clearance Reform, 1st quarter, FY 2016, published last month.

Importantly, this was a policy choice, not simply a budgetary artifact or a statistical fluke. A reduction in security clearances is a wholesome development, since it lowers costs and permits more focused use of security resources. It also increases pressure, at least implicitly, to eliminate unnecessary security classification restrictions.

However, reductions in clearances appeared to be stabilizing over the past year, with the elimination of around 100,000 clearance holders who did not have access to classified information, and an increase of around 100,000 cleared persons who did have such access.

Meanwhile, the Insider Threat program is being slowly implemented across the government. The Department of Defense expanded its “Continuous Evaluation” capability — providing automated notification of financial irregularities or criminal activity, for example — to cover 225,000 employees, up from 100,000 last year. The Department of State also initiated its own Continuous Evaluation pilot program.

Overall, the Insider Threat program faces continuing hurdles. “Many departments and agencies are discovering challenges with issues such as organizational culture, legal questions, and resource identification, to name a few,” the latest quarterly report said.

Former Intelligence Employees Must Report Foreign Jobs

Under a requirement recently enacted by Congress, intelligence agency employees who hold clearances for Sensitive Compartmented Information (SCI) must report any employment with a foreign government entity for up to two years after leaving their US government job.

An internal US Air Force memorandum implementing the new requirement for Air Force intelligence personnel was released under the Freedom of Information Act yesterday.

See Reporting Certain Post-Government Employment by Holders of Sensitive Compartmented Information (SCI) Accesses, Air Force Guidance Memorandum 2015-14-04-O, 5 November 2015.

SCI is classified information that is derived from intelligence sources or methods.

The reporting requirement concerning foreign government employment was adopted by Congress in the FY 2015 intelligence authorization act (section 305) and was enacted into law as 50 U.S.C. 3073a.

It is unclear from the public record whether any specific incident or circumstance prompted the new reporting requirement.

Insider Threat Program Inches Forward

The Department of Defense “is moving forward with the development of its insider threat and personnel security reform efforts,” wrote Michael G. Vickers, then-Under Secretary of Defense (Intelligence) in an April 2015 report to Congress that was released last month under the Freedom of Information Act. “The Department recognizes the magnitude and complexity of these challenges, the need for multi-agency solutions, and is marshalling needed resources,” he wrote.

An insider threat is defined as someone who uses his or her authorized access to damage the national security of the United States, whether through espionage, terrorism, unauthorized disclosures of classified information, or other harmful actions.

The Department of Defense “is directing multiple pilots and concept demonstrations using both ‘push’ and ‘pull’ capabilities to conduct CE [continuous evaluation] on approximately 100,000 military, civilian and contractor personnel” in an effort to identify potential insider threats, the April 2015 DoD report to Congress said.

The overall, government-wide insider threat program is advancing rather slowly, judging by the program’s latest Quarterly Report (for the 4th quarter of FY 2015) that was just published. Several anticipated program milestones have been missed or deferred, the Report indicates.

The most effective way to limit the insider threat may be to reduce the number of “insiders.” If so, substantial progress has been made in that direction, with the elimination of 800,000 security clearances at the Department of Defense between FY2013 and the 3rd quarter of FY 2015, according to the Report. (The very latest security clearance totals have not yet been published.)

The 2016 Omnibus Appropriations bill passed by Congress last month included a provision requiring expanded reinvestigations of security clearance holders, Federal News Radio reported last week (“Agencies directed to use social media in security clearance reviews” by Nicole Ogrysko, December 28).

“The enhanced personnel security program of an agency shall integrate relevant and appropriate information from various sources, including government, publicly available and commercial data sources, consumer reporting agencies, social media and such other sources as determined by the Director of National Intelligence,” the legislation instructed.

Numerous advocacy and whistleblower defense organizations this week wrote to the Intelligence Community Inspector General urging him to investigate whether the insider threat program “has been improperly used to target or identify whistleblowers. Additionally, we ask that you lead the initiative to properly distinguish between whistleblowing and insider threats.”

DoD Security-Cleared Population Drops Again

The number of people in the Department of Defense holding security clearances for access to classified information declined by 100,000 in the first six months of FY2015.

There are now 3.8 million DoD employees and contractors with security clearances, down from 3.9 million earlier in the year, and a steep 17.4% drop from 4.6 million two years ago.

Moreover, only 2.2 million of the 3.8 million cleared DoD personnel are actually “in access,” meaning that they have current access to classified information. So further significant reductions in clearances would seem to be readily achievable by shedding those who are not “in access.”

The total number of security-cleared persons government-wide is roughly 0.5 million higher than the number of DoD clearances, putting it at around 4.3 million, down from 5.1 million in 2013.

The new DoD security clearance numbers were presented in the latest quarterly report on Insider Threat and Security Clearance Reform, FY2015 Quarter 3, September 2015.

The reduction in security clearances is not simply a reflection of programmatic or budgetary changes. Rather, it has been defined as a policy goal in its own right. A bloated security bureaucracy is harder to manage, more expensive, and more susceptible to catastrophic security failures than a properly streamlined system would be.

So the Administration’s Insider Threat Program states that one of the objectives of the program is to “Reduce total population of […] Secret and TS/SCI clearance holders to minimize risk of access to sensitive information and reduce cost.”

Reducing security clearances would also go hand in hand with, and help to reinforce, a long-term reduction in national security classification. (Although not widely recognized, original classification activity — the creation of new secrets — across the government has dropped each year for the past four years to a historically low level, according to the Information Security Oversight Office.)

The current insider threat program was initiated in 2012 — after the major WikiLeaks releases but before the Snowden disclosures. Its purpose was “to counter the threat of those insiders who may use their authorized access to compromise classified information.” See National Insider Threat Policy, The White House, November 21, 2012.

Implementation of the program has been slow, however.

A December 2014 milestone to provide “continuous evaluation” of the most sensitive Top Secret-cleared population was missed, the latest quarterly report notes. (Continuous evaluation refers to the automated screening of relevant information streams from multiple sources and databases including law enforcement, counterintelligence, credit reporting, and perhaps others.) Continuous evaluation of all TS and TS/SCI cleared personnel is said to be on track for December 2016.

Last year, the Department of Defense demonstrated continuous evaluation on approximately 100,000 cleared personnel. DoD will expand this capability to 225,000 persons this year, to 500,000 next year, and to 1 million in 2017, the quarterly report said.

Last week, the U.S. Navy issued updated guidance on implementation of its own Insider Threat Program.

Among other things, the guidance calls for a “reduction of Navy privileged users” who have unusually broad access to IT systems and data “and, therefore, could pose a higher risk of insider threat.” See Navy Insider Threat Program, Opnavinst 5510.165A, October 1, 2015.

Insider Threat Program Advances, Slowly

The Department of Defense recently demonstrated the “Continuous Evaluation” of approximately 100,000 cleared military, civilian and contractor personnel, in order to validate their eligibility for access to classified information on an ongoing basis.

Continuous Evaluation (CE) refers to the automated monitoring of government and commercial databases for signs of criminal behavior, irregular financial activity, or other “triggers” that could lead to suspension of a security clearance. CE is a central feature of the emerging Insider Threat program that is intended to deter and detect espionage, terrorism, unauthorized disclosures of classified information, and other offenses by security-cleared personnel.

According to a new quarterly report on the Insider Threat program, the Department of Defense is on track to expand its Continuous Evaluation capability to 225,000 persons by the end of 2015, to 500,000 persons by the end of 2016, and to 1 million persons during 2017. (There are approximately 4.5 million cleared personnel in government and industry.) See Insider Threat and Security Clearance Reform, Quarterly Report, FY 2015, Quarter 2, June 2015.

But progress has been uneven. The Office of the Director of National Intelligence missed a December 2014 milestone for Continuous Evaluation of the most sensitive Top Secret and TS/SCI (Top Secret/Sensitive Compartment Information) clearance holders in government and industry. The revised goal is “to have CE completed on a portion of the TS and TS/SCI population in the Executive Branch by the end of FY 16,” the new quarterly report said.

The Insider Threat problem is a difficult one particularly since the fraction of employees who are spies, terrorists, or leakers is minuscule. Nor does this tiny contingent have a simple, readily identifiable profile. (Convicted spy Aldrich Ames and fugitive unauthorized-discloser Edward Snowden, for example, seem to have few traits in common, although both apparently passed their polygraph examinations without difficulty.)

Therefore, even though Continuous Evaluation is years away from full implementation, security policy officials are already looking beyond it for other options.

Last week, the Intelligence Advanced Research Projects Agency (IARPA) invited researchers to submit proposals for its Scientific advances to Continuous Insider Threat Detection (SCITE) Program.

The SCITE Program seeks “a new class of insider threat indicators, called active indicators, where indicative responses are evoked from potential insider threats,” according to the June 18 Broad Agency Announcement issued by the IARPA “Office for Anticipating Surprise.”

“Current practice and research is heavily focused on passive indicators that monitor existing data sources for indicative behaviors,” IARPA said.

By contrast, “Active indicators introduce stimuli into a user’s environment that are designed to evoke responses that are far more characteristic of malicious users than normal users. For example, a stimulus that suggests that certain file-searching behaviors may be noticed is likely to be ignored by a normal user engaged in work-related searches, but may cause a malicious user engaged in espionage to cease certain activities.”

Security-Cleared Population Declined by 12% Last Year

The number of persons holding security clearances for access to classified information decreased by more than 635,000 (or 12.3 percent) last year, according to a new report to Congress from the Office of the Director of National Intelligence.

It was the first reported drop in the total security-cleared population since the government began systematically collecting statistics on security clearances in 2010.

The majority of the reductions involved persons who had been cleared for access to classified information but did not in fact have such access. Still, at the end of FY 2014, there were 164,000 fewer individuals with access to classified information than at the beginning of the year, the ODNI report said. Most of the reductions occurred within the Department of Defense, which reported a 15% decrease in clearances (Secrecy News, March 26).

Altogether, there were 4.5 million cleared persons as of October 1, 2014, down from 5.1 million cleared persons a year earlier. Top Secret clearance holders, including government employees and contractors, numbered 1.4 million persons, down from 1.5 million the year before.

What makes the new reductions particularly interesting is that they were not simply a statistical blip or an artifact of changes in the budget. Rather, they were purposefully achieved through a “concerted effort” by agencies seeking to reduce the number of security clearances.

“These decreases were the result of efforts across the USG to review and validate whether an employee or contractor still requires access to classified information,” the ODNI report said.

The implication is that the national security bureaucracy, including the national security classification system, is susceptible to deliberate regulation and is not, as sometimes appears, an autonomous entity driven obscurely by its own internal dynamic. It follows that additional changes in the size and structure of the national security system may be achievable.

The new ODNI report also noted:

*    There was a 14.4% reduction in new and renewed security clearances.

*    The National Security Agency had the highest reported rate of security clearance denials (9.2%), while the FBI had the lowest reported rate (0.1%). The CIA reported a denial rate of 6.5% and a revocation rate of 0.6%.

The ODNI report cautioned, however, that different agency denial rates may not be comparable due to differences in reporting practices.

The unclassified annual report on security clearances was required by Congress in the FY 2010 Intelligence Authorization Act.

DoD Cut Security Clearances by 15% in Last Two Years

In a significant retrenchment of the national security bureaucracy, the Department of Defense has reduced the number of employees and contractors who hold security clearances in the past two years by more than 700,000 persons, a cut of 15% in the total security-cleared population in DoD. The previously undisclosed reductions were reported in data provided by DoD to the Office of the Director of National Intelligence.

This is the first documented drop in the overall number of security clearances since FY 2010, when the systematic collection of statistical data on clearances began, and it is probably the first major decline in the number of cleared personnel since 9/11.

Most of the new reductions involved persons who had been investigated and deemed “eligible” (or “cleared”) for access to classified information but who did not have or need such access in fact. But a sizable 117,000 persons who were “in access” (i.e. who actually did have access to classified information) were also dropped from the clearance rolls between FY 2013 and FY 2015, according to the new statistics.

A 2014 report from the Office of Management and Budget recommended reductions in the cleared population since the “growth in the number of clearance-holders increases costs and exposes classified national security information, often at very sensitive levels, to an increasingly large population.” A cut in clearances may also lead indirectly to reduced production of classified information.

In the first quarter of FY 2015, following the new reductions, there were 3.9 million DoD personnel (employees and contractors) with security clearances, down from 4.6 million in FY 2013, for a drop of 15.3%. The total number of clearance holders government-wide is about 0.5 million higher than the DoD figure.

The new data were disclosed last week in the latest quarterly report on implementation of the Insider Threat Program.

The data also indicated that the backlog of Top Secret/SCI clearance holders whose periodic reinvestigations were overdue (or “out of scope”) had been reduced by 63,000. However, there are still 356,000 TS/SCI clearance holders that remain “out of scope” and in need of an updated reinvestigation, according to the DoD data.

A new annual report to Congress on security clearances government-wide (including non-DoD agencies) “is in its final stages, but not yet ready for release,” said a spokesman for the Office of the Director of National Intelligence. It will be made available next month, he said. Last year’s annual report is here.

Security-Cleared Population Drops by 10%

The number of people who hold security clearances for access to classified information has been reduced by ten percent, the White House said in budget request documents released this week.

“The Administration achieved its objective to reduce the total number of security-cleared individuals by 10 percent,” according to the White House/OMB budget request (at p. 51).

The security-cleared population has grown steadily for several years, with 5.1 million people eligible for classified access, according to the latest data from October 2013.

Taking the new ten percent reduction into account, the total number of cleared individuals should now be around 4.6 million. The actual figure is not available for public release, said Eugene Barlow, a spokesman for the Office of the Director of National Intelligence. But he said it will be presented in April in the next annual report on security clearances, as required by the FY2010 intelligence authorization act.

The security clearance system naturally becomes harder to manage — and more expensive — as it becomes larger.

A 2014 report from the Office of Management and Budget said that periodic reinvestigations had not been performed as required for around 22 percent of the people that hold that hold Top Secret or TS/SCI clearances. “This backlog poses unacceptable risk, leaving the U.S. Government potentially uninformed as to behavior that poses a security or counterintelligence concern.”

Executive branch agencies spent $1.6 Billion on the security clearance system in 2012. A background investigation for a Top Secret clearance cost an average of $3,959 each, according to OMB.

The new ten percent reduction in clearances “will allow agencies to better deploy resources to priority activities, such as completing periodic investigations for the most sensitive populations,” the White House said.

In 2013, the Director of National Intelligence (who also serves as “Security Executive Agent”) wrote to executive branch agencies directing them to validate the clearance requirement for each currently cleared individual. This validation process produced the desired reduction in clearances. A copy of the DNI’s letter to agencies is not available for public release, Mr. Barlow of ODNI said.

Wanted: Director of the Federal Register (Top Secret)

The National Archives is seeking a new Director of the Federal Register program, a position that requires a Top Secret security clearance.

The Federal Register is sometimes described as the “daily newspaper” of the executive branch. Each weekday, it “provides citizens access to proposed and final regulations, rules, and other administrative actions of the Federal government,” according to an announcement in USA Jobs.

In addition to overseeing the Federal Register itself, the Director of the Federal Register program is responsible for administering the Code of Federal Regulations, the United States Government Manual, the Public Papers of the Presidents, and other foundational U.S. government documents.

So why does the Director need a Top Secret clearance? One reason is that he or she would play a role in continuity of government under conditions of national emergency, and would be responsible in particular for production of the so-called Emergency Federal Register.

“Over the past several years, Federal agencies have developed contingency plans to maintain operations in the case of a broad range of emergency circumstances,” according to a recent proposed rule that was published (naturally) in the Federal Register on October 28. “The FRA [Federal Register Act] authorizes the President to activate the Emergency Federal Register (EFR) system in place of the daily Federal Register in certain limited circumstances…. The purpose of the EFR is to support the preservation of the rule of law and a constitutional form of government,” the proposed rule explained.

Up to now, as far as anyone can tell, the Emergency Federal Register “has never actually replaced the ‘real thing’,” said Harold C. Relyea, a specialist in U.S. government information policy.

The search for a new Director of the Federal Register is open through November 21.