Security clearance reform is climbing up the agenda again in Washington, where high-profile
leaks and violent
incidents involving cleared personnel have shaken the government system that
conducts — and outsources — 2 million background investigations a year and
determines whether or not to grant individuals access to confidential
information and government facilities.
|A security camera.|
Experts are considering new options, like gathering information from social media, automating tasks that are currently conducted by staff, and moving to a system of continuous review, instead of the current five- and 10-year review requirements.
An interagency group led by the Office of Management and Budget is currently wrapping up a 120-day review of security clearance procedures to identify changes that can be made to ensure higher-quality information is used in clearance decisions and to find smarter ways to re-evaluate individuals during the course of their employment.
Earlier this week a panel of experts and two congressmen convened on Capitol Hill to weigh in on the importance of the effort, which is the first comprehensive security clearance reform since a post-9/11 push to overcome the huge backlog of unprocessed clearances that existed at that time.
Now officials are trying to maintain, or even enhance, the efficiencies created in the Intelligence Reform and Terrorism Prevention Act of 2004, while also ensuring the quality of the decision-making process leaves less room for the kinds of high-profile incidents, such as Edward Snowden’s release of troves of national security data, which have brought scrutiny of the agencies and U.S. contracting firms that investigate and adjudicate clearance applications.
The outcomes of this reform effort could affect thousands of U.S. aid workers and contractors who disclose personal information when they apply for and seek to maintain security clearance.
The world of personal information has changed dramatically in the last decade, and the U.S. government’s security clearance experts are wondering what they can do — and should do — to catch up. Social media presents a world of potential hints about applicant’s past conduct, especially those who are not cautious enough to closely monitor their online presence.
And with so many personal files like employment, ownership, criminal records, and credit scores available online, much of the investigative work currently carried out by people could be more quickly — and perhaps even more reliably — undertaken by automated information technology.
Both of those proposals raise concerns.
“There’s good information, and then there’s what’s on the internet,” said Alan Chvotkin, executive vice president and counsel of the Professional Services Council, at the congressional panel discussion.
And even accurate information can be misleading when it lacks the context surrounding it. An individual’s criminal file might show that they were arrested; but if they weren’t charged, it may not disclose details surrounding the arrest, explained Joseph Jordan, president of public sector at FedBid and former administrator for the Office of Federal Procurement Policy. Since ultimately the decision to grant clearance is based on a holistic assessment by a U.S. official of the individual applicant, those kinds of details not easily captured through automated systems can be valuable.
Some of the proposals stemming from recent security breaches — like whether background investigations should draw on mental health records — carry weighty ethical implications. If applicants think their mental health records might compromise their ability to receive a security clearance they could be less likely to access important mental health services.
And if those records were available to investigators, “what would we do if we knew it?” asked Jordan.
Other reform measures could affect the clearance review process. Currently, “secret” level clearances are valid for 10 years and “top secret” clearances for five. Some experts suggest the system could move toward a continuous review process, which would intake information periodically throughout the course of an individual’s employment and make note of any red flags as information comes in.
Still, officials will have to determine how often it is useful to know something and what sort of information technology architecture will provide and catalogue that kind of useful information.
The panel raised another potential solution to reducing the burdens placed on a more risk-averse system. Agencies could review their policies for determining who needs access to confidential information and which information needs to be classified and try to scale back the nearly 5 million individuals currently in the system.