Last week, for those who missed it, the Chief of Information for the Navy was on CNN describing how USIS had managed to miss another one and grant a security clearance to someone who shouldn't have one. These are the same people who did Snowden's background check, leading someone who didn't know much about security clearances, to conclude this company was terrible at their job. Based on the information we have, I wonder.
First, as anyone in government security knows, USIS doesn't grant anyone a security clearance. They do a background investigation and send the results to the government for adjudication at something called a Central Adjudication Facility (CAF). The people there decide whether the person has enough in their background to warrant a denial. Less than 1% of the people who apply for clearances, don't get one. So, it would not happen very often that the CAF would say "denied". I did a study once on why clearances were suspended (what we wish would have happened when that report came in from New England saying our Navy suspect was hearing voices), denied, or revoked (what would have happened if either of them would have done enough to get the CAF to take away their clearances). None of these things happened, because the government didn't do its job.
There are a lot of very bad people in our population who do things to children, spouses, animals, or themselves, that qualify as bizarre, deviant, insane, or criminal and none of those things will necessarily be reason enough to take that person's security clearance away. Somebody has to report what happened, and we seem to be so hung up on privacy, that mental illness or deviant behavior is covered up in "rehabilitation" or "privacy protection" neither one of which have much to do with whether a person can have a security clearance. We used to suspend access to classified information until the matters in question were investigated; now, they seem to be saying "don't tell anyone and protect his privacy" when that isn't appropriate to either of these cases.
I remember a case where one of my enlisted Airmen died during the night, because he had taken drugs and drank beer to excess. After we buried him, I found out that he had been on an alcohol rehab program and should not have been working. On his job, every day, he carried a gun. One of our HR people did not want to see us "stigmatize him" by taking his gun away, so they decided not to tell us about it. That was almost 30 years ago, and things have not gotten better.
When an adult rapes a child, we don't feel much regret in reporting that incident to the police, Child Protective Services and the government agency the person works for, if they have a clearance. But, it gets to be less clear how far that reporting would go, when a person says "I hear voices and they are telling me to do something to my mother." Do you know if you would report this, if it happened at work, if you heard him say it, and if you believed it wasn't a joke being played on a friend.
When a person works for a cleared contractor, there is something that covers this in a reporting requirement called "adverse information". So, if this happens at work, and I hear it, I am required to report that to the Security Officer of my company. If my company hears about it, they are required to report it to the government sponsor of the clearance. In my experience, neither one of those things is happening with any regularity, and none of the government agencies that should be, are overseeing it. They all come up with excuses for why reporting is not such a good idea. Can I get sued? Can the Agency get sued? Will the union bring a grievance? All of these things can be true, however unlikely. When it is a clear crime, the person is arrested and carted off to jail, most times they will report. Otherwise, it is hit and miss, on something that might stop the kind of behavior we see in the two cases I mention.
These are clear examples of one thing: Privacy is not paramount in public safety or National Security. We are looking at the issues involved in each case and we are looking at the problem too closely. What did anyone know about these individuals that should have been reported? What did they actually report? What, if anything, did the government do for either one of them to make the situation better?
Are we going to change the clearance process to get it back under control of the people who employ these folks? Are we going to require adverse information reporting on a more stringent basis? Are we going to look at the reasons why clearances are granted and denied? Of course we are. It is fairly obvious that we don't do the kinds of reporting that make a security clearance anything other than a rubber stamp. And, we might also guess that those health care professionals in states that should be reporting mental health issues to keep guns out of the hands of those people don't do any better at their jobs than the security professionals do at theirs.
You can read more in Keeping Secrets, The White House, the Military and Business Leaks that Threaten our National Security. Amazon books:
No comments:
Post a Comment