Posts

You Can Get Clearance If You Always Believed in the Fourth Amendment, But Not if You’re a Fourth Amendment Convert

/3 Comments/in /by

Screen Shot 2016-05-14 at 8.43.08 PMOn Thursday night at 11PM, in advance of an Oversight and Government Reform hearing scheduled at 9AM Friday, James Clapper’s office rolled out a new policy integrating the use of social media in security clearance reviews. Basically, the government can use public social media in making security clearance determinations, but can’t ask for your password, friend you to collect information, or access your non-public social media activity. They additionally claim, implausibly, they won’t keep anything unnecessary to make such determinations.

Even taking those caveats in good faith, the policy should not be regarded as a risk-free policy, because government bureaucrats don’t have a perfect record with attribution (something National Counterintelligence Director William Evanina admitted in the hearing) and they have a still worse one with irony. Plus, the history of FBI prosecutions of alleged terrorists for RTs suggests they will read certain actions in social media with a certain kind of intent that may not be true.

Worse, Evanina said two ridiculous things in the hearing that raises real questions about the policy and his ability to implement it fairly.

First, Thomas Massie asked Evanina whether political views would be considered. Massie, after having noted the committee notes suggested a social media search might have identified Snowden as a potential threat (Snowden did spend time online before his classified career, but nothing would have obviously flagged him), also noted their similar political contribution histories. “Do you take into account political support when you’re doing background research on social media?” After Evanina explained the background check would not review that, Massie asked specifically about whether a person supported a candidate who was strong on the Fourth Amendment.”Your belief in Fourth Amendment would not have any predication on whether you could hold or maintain a security clearance,” Evanina replied in response.

Breaking! You can believe in the Fourth Amendment and get a security clearance. 

Only, that’s not true if you’re a convert to the Fourth Amendment (as Snowden arguably was, given his online comments).

Barely mentioned at the hearing were the guidelines the Intelligence Authorization had laid out for this policy, which I wrote about here and here.

(C) publicly available information, whether electronic, printed, or other form, including relevant security or counterintelligence information about the covered individual or information that may suggest ill intent, vulnerability to blackmail, compulsive behavior, allegiance to another country, change in ideology, or that the covered individual lacks good judgment, reliability, or trustworthiness; [my emphasis]

One thing Congress explicitly wanted to measure was “change in ideology” (I believe this was always included in security clearance determinations, but it has a much different impact if one is reviewing everyone’s candid thoughts), the kind of thing when someone who once railed against leakers in public comments goes on to question whether surveillance has gotten out of hand, as Snowden did.

Or as a lot of other people did, when they considered the impact of their dragnets.

The other ridiculous thing Evanina said came in response to Ted Lieu’s concerns about the number of Asian Americans charged with spying charges that later collapsed (something that Judy Chu has also been hitting on). Lieu also mentioned that since the public reports of spying cases collapsing, he has heard from some people who believe they were denied security clearances because of their (presumably Chinese-American) ethnicity.

So Lieu asked Evanina if that’s ever a consideration.

Evanina not only claimed that it is not a consideration (in spite of the case of the man who was denied clearance because of the USAID-tied organization his wife worked for), but he offered up that in his 19 years at FBI, they had also never used ethnicity as a reason for investigation.

There’s one ginormous problem with that claim (which was sworn).

Evanina was at FBI when, in 2008, they changed the Domestic Investigations and Operations Guide (as noted above) to permit consideration of First Amendment protected activities, including religion, among the things FBI Agents may take into account during an investigation.

FBI employees may take appropriate cognizance of the role religion may play in the membership or motivation of a criminal or terrorism enterprise. If, for example, affiliation with a certain religious institution or a specific religious sect is a known requirement for inclusion in a violent organization that is the subject of an investigation, then whether a person of interest is a member of that institution or sect is a rational and permissible consideration. Similarly, if investigative experience and reliable intelligence reveal that members of a terrorist or criminal organization are known to commonly possess or exhibit a combination of religion-based characteristics or practices (e.g., group leaders state that acts of terrorism are based in religious doctrine), it is rational and lawful to consider such a combination in gathering intelligence about the group-even if any one of these, by itself, would constitute an impermissible consideration.

Worse, Evanina served in a policy role when, in 2011, they reinforced this permission in that year’s DIOG.

Admittedly, religion is not the same thing as ethnicity. But for a number of ethnicities, including Chinese and Muslim Arabs, religion can stand in for a kind of ethnicity.

It may be that Evanina was foolish enough to raise his FBI experience, which might be entirely unrelated to the practice of security clearance evaluations. But he did. And that raised some really good reasons (on top of the known record and explicit direction from Congress about what this social media approach should entail) to doubt his assurances to the committee about civil liberties problems with this policy.

I get that it makes sense to review someone’s social media to see if they can keep a secret. But it is also the case that the IC generally, the FBI in particular, and Evanina personally, are not credible on this point.

The Questions the NCSC Doesn’t Want to Answer

/9 Comments/in /by

A few days ago the WaPo published a story on the OPM hack, focusing (as some earlier commentary already has) on the possibility China will alter intelligence records as part of a way to infiltrate agents or increase distrust.

It’s notable because it relies on the Director of the National Counterintelligence and Security Center, Bill Evanina. The article first presents his comments about that nightmare scenario — altered records.

“The breach itself is issue A,” said William “Bill” Evanina, director of the federal National Counterintelligence and Security Center. But what the thieves do with the information is another question.

“Certainly we are concerned about the destruction of data versus the theft of data,” he said. “It’s a different type of bad situation.” Destroyed or altered records would make a security clearance hard to keep or get.

And only then relays Evanina’s concerns about the more general counterintelligence concerns raised by the heist, that China will use the data to target people for recruitment. Evanina explains he’s more worried about those without extensive operational security training than those overseas who have that experience.

While dangers from the breach for intelligence community workers posted abroad have “the highest risk equation,” Evanina said “they also have the best training to prevent nefarious activity against them. It’s the individuals who don’t have that solid background and training that we’re most concerned with, initially, to provide them with awareness training of what can happen from a foreign intelligence service to them and what to look out for.”

Using stolen personal information to compromise intelligence community members is always a worry.

“That’s a concern we take seriously,” he said.

Curiously, given his concern about those individuals without a solid CI background, Evanina provides no hint of an answer to the questions posed to him in a Ron Wyden letter last week.

  1. Did the NCSC identify OPM’s security clearance database as a counterintelligence vulnerability prior to these security incidents?
  2. Did the NCSC provide OPM with any recommendations to secure this information?
  3. At least one official has said that the background investigation information compromised in the second OPM hack included information on individuals as far back as 1985. Has the NCSC evaluated whether the retention requirements for background investigation information should be reduced to mitigate the vulnerability of maintaining personal information for a significant period of time? If not, please explain why existing retention periods are necessary?

Evanina has asserted he’s particularly worried about the kind of people who would have clearance but not be in one of the better protected (CIA) databases. But was he particularly worried about those people — and therefore OPM’s databases — before the hack?