Who Really Needs A Security Clearance
USING HIS SECURITY CLEARANCE TO GAIN ACCESS to classified documents at the National Security Agency (NSA), former federal contractor Edward Snowden copied files about the agency’s secret metadata collection programs onto a USB drive and shared them with global media outlets beginning in June 2013. Snowden, a former employee at the CIA, had failed to disclose trips to India, and only his mother and girlfriend were interviewed as part of his background investigation by USIS, a private company that conducts background investigations, before being cleared to work for the NSA.
A few months later, using his security clearance to gain access to the Washington Navy Yard, former federal contractor Aaron Alexis shot and killed 12 federal workers. Alexis was allowed to maintain the security clearance he’d been given while serving in the U.S. Navy, despite multiple run-ins with law enforcement and seeking mental health counseling after being honorably discharged from the military.
Both of these contractors had undergone and passed background investigations to obtain clearances for their positions. But information was missing from each of their files that could have caused their clearances to be suspended or revoked.
In response to these issues, the Senate Homeland Security and Governmental Affairs Committee’s Subcommittee on the Efficiency and Effectiveness of Federal Programs and the Federal Workforce held a hearing to discuss how security clearances are issued and whether the process is sufficiently monitored.
The Government Accountability Office (GAO) presented recommendations for a standard process that would help agencies determine whether federal personnel require security clearances. Brenda Farrell, director of defense capabilities and management for the GAO, explained some of the office’s recommendations to the subcommittee during the hearing on November 20, saying that despite the renewed efforts of the Office of the Director of National Intelligence (ODNI) and the Office of Personnel Management (OPM) to create clear federal guidelines, more needs to be done to make sure that security clearances are only issued when absolutely necessary to the appropriate people. She said that a new process needs to be developed with clear guidelines to ensure that agencies are following federal regulations, which require that each agency determine who is “eligible for access to classified information” and that they are “kept to the minimum required for the conduct of agency functions.”
An executive order issued in 1995 outlines screening procedures for those who apply for a security clearance, including reviewing financial records, ensuring loyalty to the United States, and other factors. Another executive order, issued in 2008, further clarified the process of determining whether someone is suitable to have access to classified national security information and created a Suitability and Security Clearance Performance Accountability Council. It also established the director of OPM as the Suitability Executive Agent responsible for developing and implementing consistent policies and procedures.
However, the GAO says there is no “clearly defined policy guidance” for determining when a federal position needs a security clearance. This results in agencies using an unreliable tool—the Position Designation of National Security and Public Trust Positions—created by OPM to determine the sensitivity and risk levels of civilian positions and the type of background investigation that’s required for the person who will occupy that position.
Because the types of background investigations for positions aren’t standardized, some investigations fail to reveal information that could result in an applicant being denied a security clearance. One prime example is Alexis, the former contractor who was involved in multiple incidents with law enforcement and sought mental health counseling, but managed to retain his security clearance.
Also contributing to the tool’s unreliability is a lack of input from the ODNI, which has resulted in incorrect position designations among special-sensitive, critical-sensitive, and noncritical-sensitive used for levels of security clearance access. In an April 2012 audit of the Department of Defense (DoD), GAO found that the sensitivity levels on OPM’s designation of 39 positions differed from the DoD's designations in 26 instances.
Despite the incorrect designations and the lack of clear guidance, 4.9 million federal government employees and contractor employees held, or were eligible to hold, a security clearance in 2012 and “a high volume of clearances continue to be processed,” Farrell said.
ODNI and OPM are working to improve the designation process for when security clearances need to be issued and how they are issued through the Proposed Rule for the Designation of National Security Positions in the Competitive Service and Related Matters. The two offices posted the proposed rule in May 2013 for public comment and are in the process of reviewing those comments to address concerns.
One significant concern of the GAO is the lack of a periodic review process for security clearances. The GAO has recommended periodic reviews and assessment of whether issued security clearances are necessary because even though government agencies are required to keep security clearances to a minimum, there is no requirement for “reviews and validations of the security clearance needs of existing positions.” However, the proposed rule created by ODNI and OPM would require only a one time reassessment 24 months after a clearance is issued. By not changing the requirement, Farrell explained, this could result in a number of personnel holding security clearances that don’t meet current national security needs.
Montana Senator Jon Tester, the chairman of the subcommittee, echoed Farrell’s sentiments, saying that the “federal government is failing to properly vet the individuals who are granted access to our nation’s most sensitive information and secure facilities” and “that there’s no quick-fix to such a broken system.”
After the hearing, Tester introduced a bill calling for review of security clearances.
David Borer, general counsel for the American Federation of Government Employees, testified that that the government is overusing the designation of sensitive for positions and that will not change with the new proposed rule. “Under the proposed regulations, virtually anybody in the entire…Department of Defense could be designated as holding a sensitive position, which we’re talking about hundreds of thousands of employees,” he said.
Witnesses Brian Prioletti, assistant director of the ODNI, and Tim Curry, deputy associate director for partnership and labor relations of OPM, said that the new proposed rule would help agencies determine proper designations for personnel. The new rule would also give OPM oversight. The agency would be responsible for making sure that it is implemented properly, Curry said.
However, when questioned about how OPM would ensure that agencies were applying the proposed rule, Curry was unable to provide specific metrics or processes that would show oversight. Instead, he said that once the proposed rule goes into effect, OPM and ODNI will develop implementing guidance, training, and reporting methods for agencies to make sure there is “uniformity and consistency” across the government.
But when questioned by Tester about how OPM would ensure that the rule was adopted properly and being used correctly by all federal agencies, Curry was unable to provide specifics for enforcement. Instead, he said that agencies will still be given great freedom to designate positions that need security clearances.
Angela Canterbury, director of public policy for the Project on Government Oversight, suggested that Congress amend the law, which would give the Merit Systems Protection Board (MSPB) power of review for national security positions, and that an inventory be taken of all positions that currently are designated to hold a security clearance. “These positions need to be better understood and categorized before a finalized rule. It should have been done before the proposed rule, in our estimation,” Canterbury said.
As an example of a successful inventory process, Canterbury discussed the process that the Obama administration used to rein in the designation of information as “for official use only” versus “controlled but unclassified.” She recommended that OPM and ODNI require a complete review from all agencies of their positions with a security clearance with reasons why that clearance is necessary and the scope of the position that requires the clearance. “If we really want to get a handle on legitimate designations, then tell us what those are,” she said.
ODNI has made some moves to conduct an inventory. The director signed an executive correspondence that was sent to all government agencies requiring them to go through their clearance lists and validate their numbers, Prioletti said. The correspondence was issued on October 31, and agencies were given 90 days to comply.
In the meantime, Tester said the subcommittee and the committee itself would continue to look into the proposed rule and seek clarification about the designation process. He also said they will consider passing legislation, including the bill authored by him, to further streamline the process and ensure oversight over security clearance position designations.