Edward Snowden's revelations of classified National Security Agency programs could set back recent progress in increasing information sharing speeding approval of security clearances, experts fear. (AFP / The Guardian)
Over the last decade, the government has fought tooth and nail — and largely succeeded —to speed up the security clearance process, eliminate a massive backlog of background checks and encourage intelligence agencies to share more information with one another.
But as Washington reels from the recent bombshell revelations on the National Security Agency’s surveillance efforts — brought to light by former NSA contractor Edward Snowden — experts fear the government will overreact and reverse those hard-won victories.
“This town tends to swing like a pendulum,” said Steven Bucci, director of the Allison Center for Foreign Policy Studies at the Heritage Foundation. “It reacts to the news of the day. I’m hoping we don’t suddenly have a flurry of legislation that limits how [security clearances are] done.”
At a Senate hearing last week, Office of Personnel Management Inspector General Patrick McFarland said a contractor’s 2011 reinvestigation of Snowden may have been faulty.
“We do believe that there may have been some problems” with the reinvestigation, McFarland said when asked whether it may not have been carried out appropriately or thoroughly. McFarland said U.S. Investigative Services of Falls Church, Va., which handles 45 percent of the federal government’s contracted background checks, conducted the reinvestigation into Snowden’s background. Later that year, McFarland’s office began investigating USIS for contract fraud, an investigation that is still ongoing.
In a statement, USIS said it received a subpoena for records from McFarland’s office in January 2012, with which it complied. USIS said it has cooperated fully with the government’s civil investigation, but said it has not been told it is under criminal investigation.
USIS would not confirm or deny whether it had conducted any investigations into Snowden, and said those investigations are confidential.
McFarland told the subcommittee that 18 background investigators and record searchers — 11 federal employees and seven contractors — have been convicted for falsifying background investigation reports since the IG began investigating so-called “fabrication cases” in 2006. The abuses included interviews that never occurred, answers to questions that were never asked and record checks that were never conducted, McFarland said.
A 19th investigator pleaded guilty last month, McFarland said, and a 20th is expected to plead guilty this week. Both investigators are contractors, he said.
McFarland’s revelation likely will increase Capitol Hill’s scrutiny of the security clearance process and the role contractors play in it.
No proposals to limit information sharing or to clamp down on security clearances have yet surfaced since Snowden leaked to the media extensive details about NSA surveillance programs that collect private online communications from companies such as Microsoft, Facebook and Google, and phone records and metadata from Verizon. But Bucci and Tom Fingar, the former deputy director of national intelligence for analysis, say such misguided efforts could be coming — either from Congress or the administration — and would do little to improve security.
“My concern is, to fix a nonexistent or limited-in-scope problem, there will be draconian efforts to roll back progress made on sharing information among a very small subset of analysts,” Fingar said.
Before Congress passed the 2004 Intelligence Reform and Terrorism Prevention Act, which ordered the government to fix the security clearance process, hundreds of thousands of federal employees, military service members and government contractors waited months for their background checks and security clearances. But after a mammoth streamlining effort, the Government Accountability Office removed the Defense Department’s security clearance process from its high-risk list in 2011. Last year, the Office of Personnel Management reported the government’s backlog was gone, and it was processing claims in 39 days — one fewer than the 2004 law required.
Gregg Prillaman, a consultant who previously served as chief human capital officer at the Department of Homeland Security, said obtaining a security clearance in a post-Snowden world will likely be much tougher and take longer.
“There will probably be fewer contractors overall [with clearances], and those contractors they do have will probably have more polygraphs,” Prillaman said. “There are thousands and thousands of contractors out there who have clearances, who work for the intelligence community. [The Office of the Director of National Intelligence] and other agencies are now going to rethink the restrictions on contractors and obviously increase them.”
The biggest changes could come for the highest level of security clearance: top secret with sensitive compartmented information, or TS/SCI, clearances. Not all TS/SCI clearances require polygraphs. But Bucci said the government may require more TS/SCI clearances to have polygraphs, or it could decide to conduct more in-depth polygraphs — possibly inquiring about a candidate’s thoughts on data security, or leaks such as Snowden’s.
Bucci isn’t sure that will help. Certified polygraphers are costly and busy and take a long time to properly conduct their tests, he said, which will drag out the clearance process considerably.
“It would add incredible amounts of time, effort and cost, but weighed against the damage done by Snowden, that may be what the government tries to do,” Bucci said. “Snowden is one guy out of tens of thousands. It would be a shame if that one bad apple damages the career opportunities for the tens of thousands who aren’t bad apples.”
Bucci also said the government could add more psychological testing to the security clearance process.
Another possible casualty could be the so-called reciprocity of security clearances, or agencies’ willingness to accept clearances granted by other agencies. For years, most agencies mistrusted each other and often re-examined background investigations for employees or contractors already granted clearances by another agency.
If agencies become more reluctant to accept security clearances granted by other agencies and start unnecessarily re-adjudicating background checks, that could create much more work and considerably slow the clearance-granting process.
The result, Prillaman said, could be the return of the backlog that plagued the government for years.
“If they do deeper investigations, it could slow the whole process down,” Prillaman said. “Invariably, there will be another backlog.”
The worst-case scenario, Bucci said, would be if Congress enacted a “stupid” and “misguided” law forbidding contractors from holding security clearances because Snowden was an employee of contractor Booz Allen Hamilton.
“That could be ... detrimental, because it would cut the workforce by 40 percent, not to mention put people out of work,” Bucci said.
The intelligence community’s progress on improving information sharing and collaboration also could suffer. Agencies used to loathe sharing information with one another, due to mistrust and competitiveness. But that lack of information sharing kept government agencies from “connecting the dots” that could have pointed to the 9/11 plot, and so the government focused on breaking down those so-called “silos.” The intelligence community, for example, created an online Library of National Intelligence and a Wikipedia-type program called Intellipedia to encourage collaboration.
But experts worry that agencies could start to withhold information from one another if they suspect someone like Snowden could leak information.
“I suspect those online libraries are going to be pretty heavily scrutinized and curtailed,” Prillaman said. “In the old days, it used to be you had a highly classified document stamped ‘TS’ with a bright banner, and you would literally walk office-to-office with it in a sealed envelope, [show it to someone,] seal it back up, and walk to the next office. When it gets online, it’s much harder to control.”
Fingar said the younger generation of analysts the intelligence community has worked so hard to recruit is most comfortable when collaborating and sharing information online. And if agencies clamp down on information and restrict their online activities, Fingar said, those highly skilled 20- and 30-something employees will start to chafe — and may even decide to find work elsewhere.
“They’ll walk,” Fingar said. “If part of the corrective mechanism is to make it harder for intelligence community people to interact in the cyberworld, on secure, high-end systems, I think it’s going to cause an attrition problem. ‘Jeez, another set of rules? I’m out of here.’ ”
Instead of limiting people’s security clearance access or ability to exchange information, Fingar said agencies should better monitor who accesses what information on secure networks. A computer could easily send an automatic alert if someone tries to access information he doesn’t need, Fingar said, and warn an agency that it should look more closely at that person.
“There may be a perfectly good reason ... why this particular individual is looking at this stuff outside his purview,” Fingar said. “Maybe that’s his next job assignment and he’s trying to look ahead of the curve. But machines can tell you, you need a human to look at this now.”
Fingar expects agencies will further compartmentalize access to information to keep future Snowdens from leaking information. But that could also inhibit crucial and legitimate information sharing, he said.
“If it results in, ‘We have to stop having so much information sharing among analysts, or between analysts and the policy people we support,’ what’s the point?” Fingar said. “Why collect and analyze information if we don’t share it with the policy guys who can benefit?”