Choking the Security State with Its Own Bottleneck

One former and one current high-ranking intelligence official (is that you Keith?) have gone to CNBC to complain that tech firms are showing reluctance to get more of their people security clearances.

U.S. government officials say privately they are frustrated that Silicon Valley technology firms are not obtaining U.S. security clearances for enough of their top executives, according to interviews with officials and executives in Washington and California. Those clearances would allow the government to talk freely with executives in a timely manner about intelligence they receive, hopefully helping to thwart the spread of a hack, or other security issues.

The lack of cooperation from Silicon Valley, Washington officials complain, injects friction into a process that everyone agrees is central to the fight to protect critical U.S. cyberinfrastructure: Real-time threat information sharing between government and the private sector.

[snip]

The former intelligence official said dealing with Silicon Valley firms is much different than his experience in other industries—or with all American companies a generation ago. “It used to be, during World War II or the Cold War, that getting cooperation from boards of directors was pretty straightforward. That’s not true today, particularly at these huge start-ups that went from nothing to billions.”

It’s interesting that this complainer went to CNBC’s Eamon Javers, who covers the overlap between corporations and intelligence, rather than someone like Kim Zetter or Shane Harris, who just finished interesting books on cybersecurity. Because the only challenge to those DC insiders’ claims about the importance of information sharing comes from this anonymous executive’s suggestion that the intelligence they’d get from the government isn’t all that useful.

In Silicon Valley, however, cybersecurity executives have a different perspective on the tension. “I believe that this is more about the overclassification of information and the relatively low value that government cyberintel has for tech firms,” said one Silicon Valley executive. “Clearances are a pain to get, despite what government people think. Filling out the paper work … is a nightmare, and the investigation takes a ridiculous amount of time.”

More generally (including in each of their books), I think people are raising more questions about the value of information sharing. At a recent panel on cybersecurity (starting at 12:20) for example, a bunch of security experts seemed to agree that information sharing shouldn’t be the priority it is. Yahoo CISO Alex Stamos (who at the same conference had this awesome exchange with NSA Director Mike Rogers) argued that the government emphasizes information sharing because it’s easy — he’d rather see the government cancel just one F-35 and put the money into bug bounties for open source software.

Nevertheless, these sources have been granted anonymity to suggest tech companies are un-American because they’re not rushing to share more data with the federal government.

Not to mention, not rushing to sign up to have their lives regulated by the McCarthyite system of security clearances.

Because it’s not just that the security clearance application that is unwieldy. It’s that clearance comes with a gag order about certain issues, backed by the threat of prison (I forget whether it was Harris’ or Zetter’s book, but one describes a tech expert talking about that aspect of clearance).

Why would anyone sign up for that if the tech companies have more that the government wants than the government has that the tech companies need?

So it will be interesting to see how the security establishment respond to this. It would be a wonderful way to force the government fix some of the problems with overclassification to be able to obtain the cooperation of what are supposed to be private corporations.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

10 replies
  1. scribe says:

    Count here yet another one, not a Silicon Valley techie by any means, vwho passes on government employment because of the need to have a clearance.
    .
    I had a clearance once. Even though it was not up to the super-duper TS/SCI level, it was still a pain in the ass. I had to police not only what I said (or did not say) but also what I read. I remember the outbrief, wherein I was reminded that telling someone that something was false was just as prohibited as confirming it to be true – intel services can get confirmation of what they want to know (or want to know about what you know) in both negative and positive directions.
    .
    And, given the topics EW covers and the sources discussed in them, I would have to conclude that merely reading this site would be something I’d have to disclose during periodic re-interviews, if it wasn’t outright prohibited. Gawd only knows whether commenting here would be permitted.
    .
    I just don’t want to deal with that kind of a pain in the ass. And I can imagine people in the cyber world who might go and get that TS/SCI would feel it even more than a mere pain in the ass, and therefore would be even more antipathetic to it than I.

  2. orionATL says:

    maybe tech companies are refusing to get clearances because doing so will cause legal grief for a valued employee or for that tech firm itself.

    the federal gov’t has yet to recognize that, in every area in which it operates, the potential oppressive, repressive, coerrcive behavior it can bring to bear on a “partner” – oppression, repression, and coerrsion powered by its excessive security system – makes gov an un-interesting, potentially dangerous, partner (except in the case of monopoly market generation and protection).

    • scribe says:

      Ask Joe Nacchio about that. You can be sure the tech companies, and especially their general counsel, are well aware of him and how he got f’d by the government, when he (and by his extension) his company balked at joining the phone dragnet (pre-9/11, BTW).

      • bmaz says:

        Well, yes, Nacchio did get screwed by the govt. By the same token, he was not exactly the principled guy he has relentlessly painted himself as and that far too many people bite off on. He ain’t that sympathetic.

  3. Robin Selk says:

    The position of the tech companies makes sense. Heck, when I was in the service we had a charge card for buying routine supplies like copy paper from civilian stores. One of the big box office supply stores had a policy of not accepting it, because they didn’t want to be in a contractor-like relationship with the US Army, subject to the requirements and limitations of a contractor.

  4. Badtux says:

    Basically, holding a security clearance means you voluntarily have given up some of your Constitutional rights. And tech companies tend to be led by rather libertarian types who don’t really go for that whole “sign away your rights” aspect of things, unless it’s customers signing away their rights voluntarily to tech corporations (which apparently is a-okay). There’s nothing stopping the government from sharing that information outside of the security clearance mechanism, but they don’t want to do that because then they’d have to admit that they’re classifying information as “states secrets” that really shouldn’t be. Heresy!

  5. wallace says:

    As I see it, this is a “divide and conquer” strategy, designed to put as many resources on one side of the battle line between those that Serve the Government, as opposed to those who still hold the view it is the government who serves the people. At this point, I don’t know how many people and company’s are serving the IC, but you can bet your sweet bippy, they, and their 5Eyes partners have already grown to the point that .001% of the planet’s population are now spying on the rest, and have sold their soul for a steady paycheck.
    It would also “appear”, that should a company CEO or some other company rep get’s a security clearance, it would place the rest of the employees in jeopardy as well. Easy way to net an entire organization into serving the IC by virtue of one single clearance.

    I know one thing. The day some hacker leaks the entire list of employees and company resources of the IC on the net, all hell will break loose.

  6. Jack Parsons says:

    The security state has a terrible problem: old spies don’t keep their secrets. About 1 in 4 old people develop some form of senility. There are so many aging spies heading into age-related dementia that unless a major magic cure appears, the deep state is going to start grabbing old people and throwing them into a hole somewhere.

  7. MrColdWaterOfRealityMan says:

    The bottom line is this. We’re not slaves and we have a choice. Security clearances means not much reward and lots of punishment. Patriotism is no better motivation than revolutionary fervor.

    Try money instead.

Comments are closed.