Security clearance reform is climbing
up the agenda again in Washington, where high-profile
leaks and violent
incidents involving cleared personnel have shaken the government system that
conducts — and outsources — 2 million background investigations a year and
determines whether or not to grant individuals access to confidential
information and government facilities.
 |
| A security camera. |
Experts are considering new options,
like gathering information from social media, automating tasks that are
currently conducted by staff, and moving to a system of continuous review,
instead of the current five- and 10-year review requirements.
An interagency group led by the Office
of Management and Budget is currently wrapping up a 120-day review of security
clearance procedures to identify changes that can be made to ensure
higher-quality information is used in clearance decisions and to find smarter
ways to re-evaluate individuals during the course of their employment.
Earlier this week a panel of experts
and two congressmen convened on Capitol Hill to weigh in on the importance of
the effort, which is the first comprehensive security clearance reform since a
post-9/11 push to overcome the huge backlog of unprocessed clearances that
existed at that time.
Now officials are trying to maintain,
or even enhance, the efficiencies created in the Intelligence Reform and
Terrorism Prevention Act of 2004, while also ensuring the quality of the
decision-making process leaves less room for the kinds of high-profile
incidents, such as Edward Snowden’s release of troves of national security
data, which have brought scrutiny of the agencies and U.S. contracting firms
that investigate and adjudicate clearance applications.
The outcomes of this reform effort
could affect thousands of U.S. aid workers and contractors who disclose
personal information when they apply for and seek to maintain security
clearance.
The world of personal information has
changed dramatically in the last decade, and the U.S. government’s security
clearance experts are wondering what they can do — and should do — to catch up.
Social media presents a world of potential hints about applicant’s past
conduct, especially those who are not cautious enough to closely monitor their
online presence.
And with so many personal files like
employment, ownership, criminal records, and credit scores available online,
much of the investigative work currently carried out by people could be more
quickly — and perhaps even more reliably — undertaken by automated information
technology.
Both of those proposals raise
concerns.
“There’s good information, and then
there’s what’s on the internet,” said Alan Chvotkin, executive vice president
and counsel of the Professional Services Council, at the congressional panel
discussion.
And even accurate information can be
misleading when it lacks the context surrounding it. An individual’s criminal
file might show that they were arrested; but if they weren’t charged, it may
not disclose details surrounding the arrest, explained Joseph Jordan, president
of public sector at FedBid and former administrator for the Office of Federal
Procurement Policy. Since ultimately the decision to grant clearance is based
on a holistic assessment by a U.S. official of the individual applicant, those
kinds of details not easily captured through automated systems can be valuable.
Some of the proposals stemming from
recent security breaches — like whether background investigations should draw
on mental health records — carry weighty ethical implications. If applicants
think their mental health records might compromise their ability to receive a
security clearance they could be less likely to access important mental health
services.
And if those records were available to
investigators, “what would we do if we knew it?” asked Jordan.
Other reform measures could affect the
clearance review process. Currently, “secret” level clearances are valid for 10
years and “top secret” clearances for five. Some experts suggest the system
could move toward a continuous review process, which would intake information
periodically throughout the course of an individual’s employment and make note
of any red flags as information comes in.
Still, officials will have to
determine how often it is useful to know something and what sort of information
technology architecture will provide and catalogue that kind of useful
information.
The panel raised another potential
solution to reducing the burdens placed on a more risk-averse system. Agencies
could review their policies for determining who needs access to confidential
information and which information needs to be classified and try to scale back
the nearly 5 million individuals currently in the system.
No comments:
Post a Comment