The traditional system for granting or denying security clearances for access to classified information is undergoing a significant overhaul as it transitions into what is called Trusted Workforce 2.0.

Among other changes, Trusted Workforce 2.0 will ultimately phase out the painstaking periodic reinvestigations of cleared personnel in favor of “continuous evaluation” or “continuous vetting.” This relies mainly on regular, automated record checks of law enforcement and other records to identify problematic behavior that requires attention and mitigation.

The transition is well underway.

“Executive branch agencies have enrolled more than two million individuals, nearly half the total cleared population, in continuous vetting capabilities,” according to the final Trump Administration quarterly report on clearance reform issues. See Security Clearance, Suitability/Fitness, and Credentialing Reform, ODNI, DoD, and OMB, January 2021.

On January 13, 2021 ODNI and the Office of Personnel Management issued a Federal Personnel Vetting Core Doctrine for public comment. It is intended “to guide transformative efforts to reform the U.S. Government personnel security vetting processes [in order] to promote mobility, improve efficiencies and move towards an enhanced risk management approach.”

*    *    *

Meanwhile, the procedures for challenging the denial or revocation of a security clearance could be enhanced through an initiative taken late in the Trump Administration by then-Undersecretary of Defense Ezra A. Cohen.

His January 14, 2021 memorandum would bring all Department of Defense civilian, military and contractor clearance disputes under the umbrella of the Defense Office of Hearings and Appeals (DOHA), providing increased due process to those who are denied a clearance. Unlike current practice, the DOHA due process rights would also extend to contested DoD intelligence clearances for access to sensitive compartmented information.

The move was hailed by attorney Mark S. Zaid, who said it will help thousands of people.

“I cannot speak highly enough of what was accomplished,” he said on Twitter. “DOHA is [the] gold standard of clearance due process. Their hearing process features experienced administrative judges, lawyers on both sides, witnesses, cross-examination, access to evidence, submission of exhibits, and opening and closing statements; all aimed at getting to truth,” said Mr. Zaid, who also represents Mr. Cohen on other matters.

Last year, DOHA conducted 3,248 legal reviews of security clearance cases, said DOHA director Peregrine Russell-Hunter at a recent meeting of the NISPPAC industrial security advisory group. The new DoD policy, which would add to DOHA’s workload, is to take effect by September 2022 unless it is rescinded or modified by the Biden Administration.

Ezra Cohen, a figure of some controversy who was brought into the Trump National Security Council by disgraced national security advisor Michael Flynn, was appointed by President Trump on December 22, 2020 to serve as the new Chair of the Public Interest Declassification Board. The Board advises the White House on classification and declassification policies.

*    *    *

The number of people holding security clearances making them eligible for access to classified information in Fiscal Year 2019 was 4,243,937, according to the latest annual report to Congress on the subject from the Office of the Director of National Intelligence (ODNI).

The 2019 figure represents a 4.2 percent increase over the previous year. The total number of clearances is about the same as it was a decade ago, but well below the reported peak of 5.1 million cleared persons in FY 2013.

The number of security clearance approvals in 2019 — including both new clearances and renewals — increased by a solid 44 percent over the year before. About two-thirds of the cleared personnel were actually granted access to classified information, while the rest remained eligible for possible future access.

See Fiscal Year 2019 Annual Report on Security Clearance Determinations, ODNI, April 2020, released last month under the Freedom of Information Act.

*    *    *

While disclosing the number of clearances, ODNI redacted other information in the report such as the composition of the cleared workforce (government employees vs contractors), the distribution of clearance levels, and the percentage number of denials and revocations of clearances.

According to the January 26, 2021 transmittal letter (appended to the report), the redacted information was withheld pursuant to the statute “which protects information pertaining to intelligence sources and methods.”

This makes no sense, and it could simply be a mistake. The report is not primarily about the intelligence community. It profiles the entire government and contractor clearance system, including cleared non-intelligence agency personnel. Intelligence sources and methods are not implicated in the government-wide data summaries that were redacted. (The report does contain some IC-specific data that were likewise redacted, though this is also not “source or method” information.)

Alternatively, this might be a case where the FOIA exemption for intelligence sources and methods is being expanded and exploited beyond its legitimate boundaries. That is a longstanding and recurring form of abuse, and fixing it is something that remains to be accomplished.

The Moynihan Commission described the issue in its 1997 report (Chapter 1, p. 8, emphasis added):

“One persistent problem in this context has been the intermingling of secrecy used to protect carefully defined national interests with secrecy used primarily to enhance such political or bureaucratic power. This creates the potential that some officials, welcoming insulation from outside scrutiny, will seek means to develop and maintain secrecy beyond what is authorized in a statute or regulation. (An example is when sources and methods protection under the National Security Act is used to deny access to information that does not reveal a particular intelligence source or method.)”

Further (Chapter 2, p. 23):

“[N]either the National Security Act nor any of the relevant executive orders has defined what constitutes a ‘source’ or a ‘method,’ and the use of these provisions has been the subject of frequent criticism. Protection of sources and methods has been used to justify the classification of a range of information sometimes only indirectly related to a specific source or method.”

The problem described by the Moynihan Commission is neatly demonstrated by the ODNI redaction of the security clearance report. This and similar actions could help draw new attention to the need to clearly define and limit the meaning of “intelligence sources and methods.”

We appealed the partial denial and asked ODNI to reconsider the redactions.

(Update, October 2021: ODNI granted the appeal in part and released the report with the numbers of government employees and contractors intact.)

Last June the Department of Defense denied an application for security clearance for access to classified information because the applicant had “delinquent debts totaling about $24,000.”

In May, a defense contractor was denied a security clearance based on delinquent debts totaling $87,517.

In fact, excessive personal debt is among the most commonly cited reasons for denying or revoking access to classified information.

The rationale for linking personal financial behavior with national security is spelled out in the National Security Adjudicative Guidelines for Determining Eligibility for Access to Classified Information that are published in Security Executive Agent Directive 4 (Guideline F: Financial Considerations):

“Failure to live within one’s means, satisfy debts, and meet financial obligations may indicate poor self-control, lack of judgment, or unwillingness to abide by rules and regulations, all of which can raise questions about an individual’s reliability, trustworthiness, and ability to protect classified or sensitive information. . . . An individual who is financially overextended is at greater risk of having to engage in illegal or otherwise questionable acts to generate funds. Affluence that cannot be explained by known sources of income is also a security concern insofar as it may result from criminal activity, including espionage.”

“Conditions that could raise a security concern and may be disqualifying include:
(a) inability to satisfy debts;
(b) unwillingness to satisfy debts regardless of the ability to do so;
(c) a history of not meeting financial obligations;
(d) deceptive or illegal financial practices such as embezzlement, employee theft, check fraud, expense account fraud, mortgage fraud, filing deceptive loan statements and other intentional financial breaches of trust;
(e) consistent spending beyond one’s means or frivolous or irresponsible spending, which may be indicated by excessive indebtedness, significant negative cash flow, a history of late payments or of non-payment, or other negative financial indicators;” and so on.

See the entire Guideline F in Security Executive Agent Directive 4.

The subject arises, of course, because of reporting from the New York Times that President Trump has personal debt totaling hundreds of millions of dollars.

The concern is not so much the blatant unfairness of the dual standard by which thousands of individuals are denied a clearance for a minuscule fraction of the financial irresponsibility displayed by the President.

The problem is that the entire apparatus of security clearances is being mooted and undermined by the President who controls it. It does little good to try to ensure the integrity of each individual member of the massive defense and intelligence bureaucracies if their chief executive is himself potentially vulnerable to overwhelming financial pressure.

According to the latest government quarterly report on security clearance policy, around 2.3 million cleared individuals (out of perhaps 4 million or so) are now subject to “continuous evaluation” to promptly detect financial irregularities or other activity of security concern.

In the new fiscal year, the Defense Counterintelligence and Security Agency says it will “expand the number of individuals covered by continuous high-value checks, including providing alert management and real-time threat analysis and reporting, for the national security sensitive population.” The President is not among the covered individuals.

One of the most vexatious aspects of the system of granting security clearances for access to classified information has been the reluctance of some government agencies to recognize the validity of clearances approved by other agencies, and to require new investigations and adjudications of previously cleared personnel.

A new directive from the Director of National Intelligence seeks to finally resolve this longstanding problem by mandating “reciprocity,” or mutual acceptance of security clearances issued by other agencies. See Reciprocity of Background Investigations and National Security Adjudications, Security Executive Agent Directive 7, November 9, 2018.

With certain exceptions, “Agencies shall accept national security eligibility adjudications conducted by an authorized adjudicative agency at the same or higher level,” DNI Daniel R. Coats wrote.

“Background investigations and national security eligibility adjudications, conducted by an authorized investigative agency or authorized adjudicative agency, respectively, shall be reciprocally accepted for all covered individuals,” again with certain exceptions.

In most cases, cleared personnel would not be required to fill out a new security clearance questionnaire or to undergo a new background investigation in order for their clearances to be recognized and accepted by another agency.

(Reciprocity refers to mutual recognition by agencies of an individual’s eligibility for access to classified information. Whether the individual also has the requisite “need to know” the information requires a separate determination.)

Security clearance reciprocity is an elusive policy goal that has been pursued since the Clinton Administration, if not longer.

A 2004 study by the Defense Personnel Research Center investigated the failure to fully implement reciprocity at that time and attributed it to issues of “turf and trust.”

“Virtually all respondents agreed that beneath the lack of complete reciprocity there is a certain lack of trust based on fear.” See Security Clearance Reciprocity: A Progress Report, PERSEREC, April 2004.

A new bill introduced by Sen. Mark Warner (D-VA) would require reporting on the number of individuals whose clearances take more than 2 weeks to be reciprocally recognized after they move to a new agency or department. See “Vice Chairman Warner Introduces Legislation to Revamp Security Clearance Process,” news release, December 6.

After years of cumulative and seemingly irreversible growth, the backlog of pending security clearance investigations declined in the last three months in response to new policy guidance.

Since June, the National Background Investigation Bureau has reduced its background investigation inventory from 725,000 cases to 657,000 cases, according to a new quarterly report on security clearance policy. “Reductions are expected to continue as policy changes are further implemented.”

The backlog of pending investigations had increased from about 190,000 in August 2014 to more than 710,000 in February 2018. As recently as last March, the Government Accounting Office said that “NBIB leadership has not developed a plan to reduce the backlog to a manageable level.”

But that was then. Now, the new quarterly report says, background investigations are on track to be reduced to “a steady and sustainable state” by March 2021.

The decline is attributed to “thoughtful, risk-based modifications to the background investigation process” as well as to a significant increase in the number of investigators. “NBIB increased the capacity of its investigative workforce from 5,843 Federal and contractor investigators on October 1, 2016 to over 8,400 Federal and contractor investigators today,” according to a new NBIB report obtained by ClearanceJobs.com.

Much remains to be done. A June 2018 deadline for producing “updated standards for denying, suspending, and revoking Federal credentials” was missed, the quarterly report said.

An efficient and judicious security clearance system excludes persons who might pose a threat to national security. But an inefficient and backlogged system excludes qualified persons who cannot wait a year or longer for a clearance. In this way, a poorly performing clearance system may itself pose a threat to national security.

Revoking security clearances for access to classified information in order to punish critics, as the White House proposed to do yesterday, is probably within the President’s authority. But it shouldn’t be. And there is, in principle, a way to prevent it.

“Not only is the President looking to take away [former CIA director John] Brennan’s security clearance, he’s also looking into the clearances of Comey, Clapper, Hayden, Rice, and McCabe,” said White House press secretary Sarah Sanders. “The President is exploring the mechanisms to remove security clearance because they’ve politicized and, in some cases, monetized their public service and security clearances.” (Comey and McCabe, it turns out, no longer hold security clearances.)

“Making baseless accusations of improper contact with Russia or being influenced by Russia against the President is extremely inappropriate,” she said. “And the fact that people with security clearances are making these baseless charges provides inappropriate legitimacy to accusations with zero evidence.”

In fact, making baseless accusations (let alone well-founded accusations) is not normally grounds for denial or revocation of a security clearance.

But in the wake of a 1988 Supreme Court case known as Navy v. Egan, it is often presumed that the President can grant, deny or revoke a security clearance for any reason or for no reason at all.

Yet that is not exactly correct, as Louis Fisher explained in a 2009 paper for the Law Library of Congress.

While the Court in Egan affirmed deference to the executive branch in matters of national security, even there such deference was not absolute and it was explicitly constrained by the possibility of legislative action (“unless Congress specifically has provided otherwise”).

“Nothing in Egan recognizes a plenary or exclusive power on the part of the President over classified information,” Fisher concluded. See Judicial Interpretations of Egan by Louis Fisher, The Law Library of Congress, November 13, 2009.

It follows that if Congress disapproved of the use of the security clearance system to regulate or suppress critical commentary, then it — or perhaps a new Congress — could effectively prohibit such use.

The total number of persons holding security clearances for access to classified information dropped to just over 4 million at the end of FY 2016, according to a long-delayed government report that was partially released on Wednesday. But the backlog of clearances awaiting investigation and adjudication has continued to grow.

See FY 2016 Annual Report on Security Clearance Determinations, Office of the Director of National Intelligence, released March 28, 2018.

The newly disclosed 2016 number is only about 4% lower the year before, but it preserves and extends a much steeper decline in the cleared population which had reached 5.1 million only three years earlier. Reductions in the number of security clearances are generally regarded as desirable since they entail reduced numbers of background investigations, as well as reduced costs and vulnerabilities associated with cleared personnel.

Release of the new report on security clearances was delayed because of internal disagreements about how much information to make public. In the end, the advocates of reduced disclosure won out and much of the specific information that had been contained in the previous years’ reports is excluded from the latest report. Thus, a comparison with the FY 2015 report shows that the breakdown of the number of clearances held by contractors versus government employees was withheld from the new report, as was the timeliness of the clearance process in individual intelligence agencies that were formerly identified by name.

But why was that information withheld?

“The National Counterintelligence and Security Center elected to remove the most sensitive information that might be of value to our adversaries in order to ensure we could share the report publicly,” said Joel Melstad, a spokesman for the Director of National Intelligence. “We believe that this unclassified version provides full transparency into the security clearance volume levels for U.S. government employees and contractors, as well as an appropriate level of public insight into the security clearance determination processing metrics for IC agencies/elements without giving an advantage to our adversaries, who would also be the recipients of this information.”

Still, it is not obvious to a non-security professional that release of the total number of contractors holding security clearances would provide any advantage to US adversaries.

Despite the significant drop-off in the number of clearances, backlogs in the process continued to grow due in part to an inadequate number of qualified investigators.

“Processing times for the longest cases increased in most agencies,” the new ODNI report said. “In addition, there were generally more cases pending over four months than in the previous years.”

In fact, by the first quarter of FY 2018, the average time for processing a Top Secret clearance in the fastest 90% of cases had rocketed up to 380 days, according to another new White House report (at p.13). That was an increase of about 100 days from a year earlier.

But the White House report also said that as of December 2017, seventeen new initiatives had been approved “that will immediately begin to reduce the backlog.”

“Examples include guidance for temporary (interim) authorizations and pre-appointment waiver determinations, expanding the use of video teleconference technology and telephonic reference interviews, clarifying some requirements in the Federal Investigative Standards to improve efficiencies, and expediting the deployment of the newly approved SF-85P.” See Security Clearance, Suitability/Fitness, and Credentialing Reform, 1st Quarter, FY 2018, March 2018.

The National Background Investigations Bureau had 710,000 investigative actions awaiting processing as of earlier this month, said NBIB director Charles S. Phalen Jrat a Senate Intelligence Committee hearing. It can regularly address 160,000-180,000 with its existing workforce, he said, so “only” about 530,000 or so pending investigations would be considered “backlog.”

Earlier this month, the Senate passed new legislation (passed by the House last year) to require expanded reporting on security clearances.

The “Securely Expediting Clearances Through Reporting Transparency (SECRET) Act” of 2017 (HR 3210) would notably require a report on security clearance investigations of White House personnel in the Executive Office of the President.

Members of Congress are urging the executive branch to update and expand the security clearance process by examining the social media presence of individuals who are being considered for a security clearance for access to classified information, which is now being done only on a limited and uneven basis.

“I put more effort into understanding who my interns are” than the security clearance process does in granting clearances, said Senate Intelligence Committee chairman Sen. Richard Burr at a hearing yesterday. “You go to the areas that you learn the most about them — social media is right at the top of the list.”

“I can’t envision anyone coming into the office that you haven’t thoroughly checked out everything that they’ve said online,” Sen. Burr said.

On Tuesday, the House of Representatives passed a bill to promote the use of social media in security clearance investigations.

“It may be hard to believe, but the Federal Government often fails to conduct a simple internet search on individuals before they are trusted with a security clearance,” said Rep. Ron DeSantis (R-FL).

“Publicly available social media is one of the best ways to understand an individual’s interests and intentions, but our investigatory process still focuses on interviewing the applicant’s family, friends, and neighbors,” he said.

In fact, then-Director of National Intelligence James R. Clapper issued a directive in 2016 authorizing — but not requiring — the use of social media in security clearance background investigations. See Security Executive Agent Directive 5 on Collection, Use, and Retention of Publicly Available Social Media Information in Personnel Security Background Investigations and Adjudications, May 12, 2016.

But the practice has apparently been adopted unevenly and on a limited basis.

“For example, the Army initiated a pilot program that found that while checking social media is a valuable tool, it can be costly and may raise some legal issues,” said Rep. Gerry Connolly (D-VA).

The bill passed by the House this week would require the OMB to report on current use of social media in background investigations, legal impediments to such use, the results of any pilot programs, and options for widespread implementation.

The bill “is a much needed first step in modernizing federal security clearance background investigations,” said a House Committee report on the bill. “In recent years, there have been several cases in which federal contractor employees with security clearances leaked classified information after previously sharing suspicious posts on publicly available social media sites.”

Recent news stories on security clearances (like these from the Christian Science Monitor and NPR) cite data from 2015 regarding the number of persons cleared for access to classified information (4.2 million at that time).

Why aren’t more current numbers being cited?

More recent information has already been compiled in an annual report to Congress that was completed in October 2017. But its release to the public has been delayed indefinitely by an internal intelligence community dispute over the classification status or sensitivity of some of the more detailed reporting on individual agency statistics that are contained in the report.

In fact, the same detailed reporting was provided in the 2015 report and the same dispute over publication arose. But at that time, Obama Administration intelligence officials told security officers in effect to “knock it off” and to just release the report, which they did in June 2016.

The public disclosure of security clearance data was one of dozens of fundamental changes to national security information policy that were made during the Obama Administration to promote greater transparency. Although the annual report on security clearances was required by Congress (in the FY 10 intelligence authorization act), its public disclosure was a choice made by the Obama Administration. Now a different choice is being made.

A FOIA request for release of the latest report on security clearances is pending.

“Security clearances are not mandated for the President, Vice President, Members of Congress, Supreme Court Justices, or other constitutional officers,” a recent Congressional Research Service report explains. “The criteria for election or appointment to these positions are specified in the U.S. Constitution, and except by constitutional amendment, no additional criteria (e.g., holding a security clearance) may be required.”

In fact, the security clearance system itself is an expression of presidential authority. Its scope and operation are defined in an executive order (EO 12968), and its terms can be modified by the President at will.

And if the President wished to grant access to classified information to a family member, for example, there would be no legal barrier to doing so. See “Trump Will Have Wide Latitude to Let Family Into Government’s Secret Circles” by Mark Landler, New York Times, November 16.

*

Americans with relatives in China have a vanishingly small chance of getting a security clearance, according to a new analysis by attorney Sheldon I. Cohen.

“Every year American citizens with family ties in China apply for security clearances, but for them the chances of getting a security clearance are remote. Winning the lottery has better odds. After an applicant spends the time, effort, and frequently the money to hire legal counsel, the result is virtually always the same — clearance denied.”

Given current realities, Cohen wrote, the government might as well “just issue a blanket policy statement that applicants with family ties in China will not be granted a security clearance. That would save not only the applicants, but also the American taxpayers the money wasted on hearings which virtually always have a predictable outcome.” See If You Have A Family Member in China — Chances of Getting a Security Clearance Are Remote by Sheldon I. Cohen, Fall 2016.

The executive branch is reconfiguring its approach to vetting individuals for access to sensitive information and granting them security clearances in an attempt to modernize and improve its procedures, according to a new quarterly report.

“The Insider Threat and Security Clearance Reform (ITSCR) Cross Agency Priority (CAP) Goals have been re-baselined so that they are aligned with the new enterprise-wide focus . . . and its four work streams (Trusted Workforce, Modern Vetting, Secure and Modern Mission-Capable IT, and Continuous Performance Improvement) for modernizing the SSC [security, suitability/fitness, and credentialing] mission over the next five years.” See the Quarterly Progress Update on Insider Threat and Security Clearance Reform, FY2016 Quarter 3, September 2016.

Translated out of bureaucratic jargon, this statement… still remains obscure and hard to understand. But at the least, it implies a determination that existing arrangements are unsatisfactory and that they require adjustment.

Among other steps, the latest Quarterly Update says that by December of this year, the Office of the Director of National Intelligence will “Establish a policy that requires the national security population to report information of security concern to the proper authorities in a timely manner.” The exact nature of such a requirement and its likely effect on “the national security population” remain to be seen.

Though security clearance “reform” of some kind has been underway for many years, the recent arrest of former NSA contractor Harold T. Martin III on suspicion of theft and retention of classified information suggests that room for improvement still exists. (“NSA case highlights growing concerns over insider threats” by Christian Davenport, Washington Post, October 6).

The number of people with security clearances for access to classified information dropped in 2015 for the second year in a row, according to a new report to Congress from the Office of the Director of National Intelligence.

The total number of security-cleared government employees and contractors decreased by 5.9 percent in FY 2015 down to 4,249,053. That follows a 12.3 percent reduction in FY2014, from a recent peak of 5.1 million clearances in 2013. At the beginning of FY2016, there were 1.36 million persons with Top Secret clearances.

See the 2015 Annual Report on Security Clearance Determinations, Office of the Director of National Intelligence, June 2016.

Continuing reductions in the size of the security-cleared population should result in reduced costs, along with more focused and effective use of finite security resources. A smaller security clearance system may also exercise indirect pressure on national security classification policy in favor of reduced secrecy since there will be fewer persons authorized to classify or to handle classified information. For the same reason, however, some officials and contractors are concerned that the availability of fewer cleared individuals could make it harder for them to “surge” to fulfill emerging classified requirements.

“The majority of decreases [in the number of security clearances] resulted from Department of Defense’s successful implementation of data quality initiatives,” said the new ODNI report, apparently referring to DoD efforts to standardize and improve database management.

“However, some agencies indicated that decreases in their overall population were the result of efforts across the USG to review and validate whether an employee or contractor still requires access to classified information.”

The new report also discussed the time it takes for various agencies to process security clearance requests.

“The IC continues to face timeliness challenges in clearing individuals with unique or critical skills — such as highly desirable language abilities — who often have significant foreign associations that may take additional time to investigate and adjudicate,” the report said.

Regular reporting on the operation of the government-wide security clearance system was not performed prior to the Obama Administration (though GAO produced valuable investigative reports over the years). Annual reports on the security clearance system were first required by Congress in the Intelligence Authorization Act for FY 2010.

A directive signed by the Director of National Intelligence yesterday formally authorizes the use of social media by official investigators who are conducting background investigations for security clearances.

See Collection, Use, and Retention of Publicly Available Social Media Information in Personnel Security Background Investigations and Adjudications, Security Executive Agent Directive 5, May 12, 2016.

The directive was crafted to avoid undue infringements on privacy.

Investigators will be limited to considering only publicly available postings. The subjects of a background investigation “shall not be requested or required” to provide passwords for access to non-publicly available materials or to make such materials available. Agencies will not be allowed to “friend” an individual for the purposes of gaining access to materials that are not otherwise available.

And the consideration of social media must be relevant to the official guidelines for granting access to classified information. That is, they must pertain to substance abuse, criminal conduct, foreign allegiance, or other such criteria.  See Adjudicative Guidelines for Determining Eligibility for Access to Classified Information, rev. December 29, 2005.

The utility of social media for background investigations remains to be demonstrated, particularly since any public posts that do not voluntarily advertise behavior that is at odds with official guidelines would not trigger investigative attention. A pilot project will be conduct to validate the approach before it is systematically included in the investigative process.

A hearing on Incorporating Social Media into Federal Background Investigations was held today by the House Committee on Oversight and Government Reform.

“The use of social media has become an integral, and very public, part of the fabric of most Americans’ daily lives, and it is critical that we use this important source of information to help protect our nation’s security,” said William R. Evanina, director of the National Counterintelligence and Security Center, in a statement to the House Committee.