Once upon a time one applied for a government position that required a clearance with the expectation that in three or four months the process would be completed and the authorization would or would not be issued. I experienced the drill on three occasions for top-secret clearances, once for the Department of Defense (DOD) and twice for the Central Intelligence Agency (CIA). Each government agency then managed its own security, and largely does today, in spite of last year’s creation of the National Background Investigation Board. A subsidiary of the federal government’s Office of Personnel Management, the board was intended to coordinate and resolve a massive backlog of clearances. Currently the processing delay in issuing more than 70,000 pending top-secret clearances is approaching one year and there is also a large backlog of existing clearances that are up for reauthorization and under review.
Back in my time there were major differences in how the various national-security components ran their background investigations. The DOD clearance was largely document driven, relying on police reports and public records from the various jurisdictions that I had lived in supplemented by a brief personal interview with the chief of police in the town in New Jersey where I had spent the most time. That pretty much was it and the check did not even include confirmation of the university degree that I claimed to have, as no one asked for my approval to obtain that information. The investigator clearly was looking for illegal activity and did not appear to be particularly interested in confirming that I was who I said I was.
One particular sticking point with the military was the concern over my father rather than me. He was a naturalized citizen and the investigation absolutely required production of the original document confirming that fact, which we were eventually able to produce. It struck me as odd that one part of the government could not have asked another part to confirm the information, but that was the case back then and apparently is still the case now. There is little reciprocity between agencies and information is not routinely shared.
One of the reasons why is that each agency has a different perspective on what is important and what isn’t. CIA clearances were quite different than those carried out by the Army. They required a polygraph examination at an early stage and the background checks were very thorough, including interviews with bosses from summer jobs while I was in college as well as of people I knew while I was at school. There were a number of questions about possible homosexuality both directed at friends and as part of the poly, which, of course, would not be allowed today. Public records were, of course, reviewed, as were credit reports. FBI clearances went through a similar vetting, though the polygraph exam was not mandatory in all cases. For CIA there were also follow-up reviews every five years or thereabouts, though they generally consisted of another polygraph exam with particular attention paid to concealed foreign contacts and relationships, both amorous and espionage related.
A big difference between background checks back then and now was that the investigations were initially conducted by the office of security of the actual component that one was intending to work for. Today the investigations are nearly all conducted by contractors, who are themselves hungry for a piece of what has become a multi-billion dollar business. These companies are developing highly sophisticated security software to constantly update government files on its employees.
There are nearly five million United States government employees with clearances. Since Bradley Manning and Edward Snowden, there has been considerable demand from Congress to reduce that number. But the national security industry is, if anything, slated to grow under President Donald Trump. The White House has added its own concerns over politically motivated leakers of classified information and would like to see mechanisms in place that continuously monitor activity by clearance holders to reveal who might have engaged in unauthorized exposure of the sensitive information that has wound up in the Washington Post and New York Times.
But instead of limiting the access to classified information, there has been instead a push for increased and even continuous monitoring of those who have clearances to avoid what are described as “insider threats.” Software fixes are already in place at some agencies to scour public records and also in some cases redline users who have repeated access to certain types of files that are not directly germane to their work. As we have seen in the recent case of claimed whistleblower Reality Winner, printers connected to classified computers have features that enable identification of the actual user when there is a leak.
Using computers to continuously monitor cleared employees generally employs a variation on software that has already been developed for commercial users, including air carriers, where there is high risk and major liability if an employee is responsible for a violent incident. The special software constantly reviews criminal and civil files, such as divorce filings, bankruptcies, traffic violations, unreported foreign travel, and credit reports, to identify red flags that might result in unacceptable or even aberrant behavior on the part of the employee or prospective employee. Spies are notoriously motivated by money (Aldrich Ames, Robert Hanssen) and careful review of their credit reports might have revealed that they were financially stressed before they took the step of selling secrets to the Soviet Union. Washington Navy Yard shooter Aaron Alexis, who killed 12 people in September 2013, reportedly was the subject of a Rhode Island police report that revealed that he had been “hearing voices” shortly before he went on his rampage.
Monitoring one’s civil and criminal record is not particularly easy to do, as much of the information is only available at state or even county and local levels and not all of it is online. Even though most of the information that is being screened by the government computers is public record and therefore fair game, there is concern that while something like a bankruptcy or a foreign trip is verifiable fact, other information might be either uninterpretable or completely lacking context. Even public databases frequently contain inaccurate information, including what is referred to as false negatives and false positives—and yet if they appear to cross an employer red line, they become part of the personnel file. Some of it is certainly information that once upon a time would have been regarded as both private and sensitive, such as a credit report, even though applicants for security clearances customarily waive any right to privacy when they are being background investigated.
And there is also increasing pressure coming from government managers to begin screening social media to determine if individuals are becoming disgruntled or otherwise developing hostile attitudes towards their employer. To complain about one’s job or express unpopular opinions would not exactly be criminalized but it would inevitably become an element in consideration of one’s ability to move upward in the organization, even if that is not the intention.
The bottom line is that no one has yet made the case that the continuous monitoring of five million security clearance holders would actually reduce espionage and “insider threats.” It is clear, however, that it would be enormously expensive and is therefore being pushed hard—both by prospective contractors offering their services and also hardliners in government who seek to have such a weapon in their arsenal to catch spies, leakers, and malcontents. Critics observe that while aggressive monitoring quite possibly might discover an individual instance where someone could appear to be in one of those “at risk” categories, most individuals who are moving in that direction do not necessarily allow their inner thoughts or hidden activities to become either part of the public record or an entry on Facebook.
And the greatest danger of all is over the horizon. Once the government discovers a new technology to intrude on the lives of ordinary citizens, a pretext will no doubt be developed after the next terrorist incident or insider attack to use it in ever widening circles as new threats are allegedly discovered. When that happens, we can confidently expect Patriot Act III, with a provision allowing continuous surveillance of any and all possible suspects. And there is actually a precedent. Back in 2003, the Pentagon under George W. Bush was already tinkering with what if referred to as Total Information Awareness to examine predictive behavior, described at the time as the “biggest surveillance program in the history of the United States.”
Total Information Awareness was briefly implemented before being abandoned 14 years ago. Today the technical resources available are much more impressive, with the ability to have a fully automated process that can monitor, store, and recover billions of pieces of data in real time. It means that achieving continuous monitoring for everyone who resides in or travels to the United States is now a reality. Every American will become a potential victim and part of an Orwellian nightmare as a substantially mythical national security narrative trumps privacy concerns and constitutional rights. And the government, to quell any concerns, will continue to insist that what it is doing is only done to make you safer.
Philip Giraldi, a former CIA offier, is executive director of the Council for the National Interest.