On July 30, the Senate Homeland Security and Governmental Affairs Committee (“HSGAC”) passed a bill intended to identify security-cleared personnel who are at risk of becoming unstable. The bill would create a new program to do this through random, automated audits of government and public databases. Coupled with the existing security clearance review protocols, this new program would mean unprecedented scrutiny of millions of government employees and contractors, and create new incentives for clearance holders to manage their public lives carefully.
Origins: Navy Yard Shooting, Snowden and Inadequate Controls
The bill originated as a response to the September 2013 Washington Navy Yard shooting, in which Aaron Alexis fatally shot twelve people at the Navy Sea Systems Command headquarters. Alexis was a navy veteran who had been cited on at least eight occasions for misconduct, and was arrested several times, including for one incident in which he shot out the tires of a car as part of an anger-fueled blackout. Despite these events, Alexis continued to hold a “secret” security clearance and was working for a government subcontractor at the time of the shooting.
It turns out that the personnel report supporting Alexis’ clearance did not mention his previous arrests or that he had been charged with a felony. This oversight, along with the vast amounts of information leaked by another security clearance holder – Edward Snowden – caught the attention of HSGAC, which began investigating government clearances and background checks. The Committee conducted a hearing in October 2013, focusing on clearance procedures and the Navy Yard Shooting. That same month, bipartisan legislation was introduced to implement automated review of public records and databases for information about individuals possessing clearance. Subsequently, in February 2014, facing Congressional criticism, the federal government agreed to stop allowing private contractors to oversee their own work in security clearance background checks.
To address similar concerns, Congress also passed legislation empowering the Office of Personnel Management (OPM) to use additional resources to audit and investigate contractors that conduct background checks.1 This June the OPM Inspector General reported that a lack of oversight and internal contractor controls may have led to thousands of background checks passing through the system without adequate review.
In response, HSGAC’s program would supplement the government’s existing clearance review practices with random, automated reviews of government and public databases conducted at least twice every five years. The aim is to discern whether cleared personnel may be suffering from severe stress or mental instability, or are vulnerable to blackmail.
Automated Audits and Social Media Scrutiny
The idea of using automated processes to screen individuals with clearances is not a novel one; the Department of Defense has been testing similar systems that use public databases to evaluate clearance holders. The HSGAC proposal, however, would be the first legislative mandate subjecting millions of individuals to these reviews. This will increase the frequency and nature of the scrutiny of clearance holders. Currently, agencies do not re-examine a person’s fitness to hold a clearance until at intervals of five, ten, or fifteen years. Under the new system, these regular reviews would be supplemented by two random audits every five years.
In addition, the proposed audit program would look to new types of information, including the ever increasing array of social media. Although the public nature of the sources mitigates some privacy concerns, the new audits could affect the day-to-day activities of cleared personnel: They would (or should) have to moderate and maintain an awareness of their public personas.
If passed, this law would be the first law sanctioning the use of social media to validate professional worthiness. Notably, this is inconsistent with the state law trend to prohibit prospective employers from reviewing social media or asking the potential employee for a social media password prior to making a hiring decision. In addition, this law appears to buck the trend of legislation following the leaks by Edward Snowden. Snowden’s revelations caused an increased public awareness of governmental monitoring and spurred many politicians to call for new limitations and checks on the data collection practices of the NSA. In contrast, the proposed audit program represents a new and more intrusive form of governmental data collection and analysis.
Ultimately, it remains to be seen whether this proposal will pass and, if so, whether it will be effective. We have our doubts on both points. Given the current legislative enthusiasm for security clearance reform, however, there is little doubt that clearance holders will be subject to some form of additional monitoring in the near future.