Defense Department Taking Over Security Clearance Process
A long-overdue overhaul of the way the United States vets those who access classified information is underway.
We’ve known for two decades that our system for reviewing who gets access to our nation’s secrets is broken. We’re finally doing something about it.
AP (“Pentagon to take over security clearance checks“):
The Defense Department is poised to take over background investigations for the federal government, using increased automation and high-tech analysis to tighten controls and tackle an enormous backlog of workers waiting for security clearances, according to U.S. officials.
The change aims to fix a system whose weaknesses were exposed by the case of a Navy contractor who gunned down a dozen people at Washington’s Navy Yard in 2013. He was able to maintain a security clearance despite concerns about his mental health and an arrest that investigators never reviewed.
Problems had earlier surfaced with former National Security Agency contractor Edward Snowden, who now lives in Russia to avoid charges for disclosing classified material, and Army Pvt. Chelsea Manning, who went to prison for leaking classified documents, triggering calls to update the antiquated system to include more frequent criminal and financial checks of workers who have security clearances.
Another problem has been delays: a backlog of about 700,000 people, including high-ranking federal officials waiting as much as a year to get clearances. President Donald Trump’s son-in-law and senior adviser, Jared Kushner, for example, received his permanent clearance just a few weeks ago, more than 16 months after Trump took office. The delay, his lawyer said, was caused by the backlog in the new administration and Kushner’s extensive financial wealth, which required lengthy review.
Pentagon officials said that over the next three years, the Defense Department will take responsibility for all background investigations involving its military and civilian employees and contractors. But according to a U.S. official, the White House is expected to soon give the department authority to conduct security reviews for nearly all other government agencies as well. The official spoke on condition of anonymity to discuss the decision before it was publicly announced.
Plans to transfer responsibility from the Office of Personnel Management to the Pentagon for all of the roughly 3.6 million Pentagon employees, directed by defense legislation for fiscal 2017, are already in the works. The new program will involve a system of continuous checks that will automatically pull and analyze workers’ criminal, financial, substance abuse and eventually social media data on a more regular basis, rather than only every five or 10 years as it is done now.
Garry Reid, director for defense intelligence, said the shift of responsibility to the Pentagon will allow OPM officials to begin eating away at the current backlog of about 700,000, of which roughly 500,000 are Defense Department workers. The Pentagon won’t take over any of the backlogged cases because they are already underway in OPM.
[…]
It will cost an additional $40 million for fiscal year 2019. But over time, he said, the department expects to spend “significantly less” than the current $1.3 billion price tag for the program because of the increased automation and other savings.
A key problem contributing to the backlog is that field investigations into workers seeking security clearances can take up to 500 days, as investigators scour records and conduct interviews with neighbors and other acquaintances of the employee.
An analysis of the process, said Reid, found that 50 percent of the investigators’ workloads involves tasks such as driving around the country, finding sources and looking for people to talk to about the employees.
Using more automated and continuous checks, he said, “can find out that same information that’s taking hundreds of days and frankly a billion dollars a year to do, and collect similar information.”
As an example, he said an automated check could reveal information in the national criminal database about an incident that wasn’t otherwise reported or communicated between a local law enforcement agency and the military.
Carrie L. Wibben, the Pentagon’s director of counterintelligence and security, said that as a result, the department is discovering problems years before investigators would have turned them up in regularly scheduled five or 10-year checks.
So, the current system is slow and expensive, yet does very little to keep untrustworthy people away from sensitive information—the whole point of the process.
As noted here many times before, the current system is a relic of the way we lived half a century ago. Typically, people would have lived their whole lives in a single place, and thus be well known to their neighbors. They’d likely enter government service right after high school or college, and thus have very little history to comb through. For someone like myself, who has lived in more than a dozen places scattered throughout the world and been in and out of government service, it’s next to impossible to even fill out the requisite forms. I have no idea what the phone number of people I lived next to or worked for twenty years ago might be, or even if they’re still alive, but I’m required to put that information on the forms. Because of the nature of my career, I’ve had professional association with literally hundreds, maybe thousands, of foreign nationals. There’s simply no way that I could list even a fraction of them, yet the forms ask me to do so.
Because I live in the national capital region and work for the Defense Department, I’m asked several times a year to waste an hour or so of my time being interviewed about neighbors or former students. Despite telling them at the outset that I barely know the people they’re trying to vet, the investigator will nonetheless go through the entire list of questions to which I couldn’t possibly know the answer.
It’s an incredibly expensive waste of time with massive spillover effects.
As noted in the AP report, we’ve got a backlog of 700,000 people waiting for background investigations to be complete. In many cases, those are people being paid by the taxpayer who can’t actually do their jobs. In most cases, they’re people who can’t join government service for months or even years. A lot of them will ultimately not take the job for which they’re cleared. Oh, and who knows how many people who would like to serve don’t even bother to apply because they’re not willing to put up with the red tape.
Another effect of all of this is to privilege those with existing clearances, especially the coveted Top Secret/Sensitive Compartmented Information clearance. Someone leaving the government with one of those can essentially write their own ticket, since they can go to work right away without the hiring agency or contractor having to foot the bill. That’s a boon to these people—mostly military veterans or retirees—but it means that people who are otherwise better qualified for the job are being passed over.
The Jared Kushner example points to another issue: people who have been successful in the global business world are incredibly hard to vet. Indeed, we saw several would-be Trump nominees for high-level posts, including Secretary of the Army, withdraw their names in frustration with the process. To be sure, it’s hard to feel sorry for Kushner and other Trump cronies who have been stymied by the system; it might even be a blessing. But, in an ideal world, presidents would be able to tap those with executive experience in the private sector for short stints in government service. The current disclosure process makes that too hard.
The proposed reforms should go a long way to fixing most of these problems, as well as ferreting out those who were trustworthy at the time of their initial security review but got compromised later on because of grudges, financial issues, drug and alcohol abuse, or other factors.
It’s not obvious from the story, though, why OPM couldn’t do all of these things. It’s rather weird for DoD to be running security processes for other agencies. Granting that DoD is by far the largest consumer of clearances, it would make more sense for a non-aligned bureau, whether OPM or some new agency under the DNI to do this. I’m guessing the idea is to piggyback on some existing DoD technologies but it’s not obvious why others couldn’t utilize those independently.
My impression in the matter of the delay of Jared Kushner’s security clearance was that he kept “forgetting” to include very large amounts of relevant information on the forms he was filling out.
Good Trump.
Eliminating waste.
But…. This must benefit Russia somehow…
@TM01:
https://fcw.com/articles/2016/01/22/nbib-clearance-noble.aspx
With admittedly very little research, it looks like this was something started back in the Obama administration.
Wait for it…now that Obama’s involved, I’m sure you’ll find some reason to criticize it.
So…
1. The Trump Administration does something of which James Joyner almost entirely approves.
2. This action addresses a problem that has festered for years yet remained unaddressed by previous Asministrations.
3. This is a problem with which James Joyner has personal experience.
4. James Joyner not only can’t bring himself to credit the Trump Administration, he only references it as an act of character assassination.
I could almost respect this kind of “total war” approach if I thought people like James Joyner knew where it was headed, but I don’t think they do.
Mike
@MBunge:
This is just plain bullshit.
In fact, every administration for the past few decades has tried to deal with this problem. The Defense Investigative Service (now DSS) was formed back in 1972–46 years ago–to consolidate clearance investigations that had been handled by separate military branches and OPM. Since then there’s been a kind of musical chairs of who handles what, with OPM eventually assuming responsibility but delegating much of the investigative legwork to private contractors. Now we have this new framework, which, as @beth points out, was actually initiated during the Obama administration.
So, no, this problem was not “unaddressed by previous administrations.” You’re just trying to give Trump more credit than he’s due.
My last investigation was ridiculous … 3 interviews of 1+ hour each after I’d already informed them that I was moving to a new job where there was a 0% chance that I would ever have access to classified information. Talk about a waste of time and money. On a positive note, I won’t have to deal with that again for almost 10 years, and hopefully the system will be improved by then.
I had a TS when I retired from active duty. Sometimes I regret that I didn’t more fully explore its potential value in the job market at that time. But then I remember that I don’t think I’d want to have a job where I regularly had access to top secret information … likely too stressful.
@beth:
No, this is not an Obama initiative. President Obama created the NBIB (National Background Investigations Bureau), an OPM agency, by executive order in 2009. This is the agency that is currently not able to deal with the backlog (and its leadership has stated in Congressional testimony that the backlog will not improve for many years). So President Obama tried something (moving pucks around on the org chart) and it didn’t work.
This new move to put the DoD in charge of it’s own clearances did not come from the Executive branch – it was directed by Congress through the FY2018 Defense Authorization Act (passed late last year). It’s one of those rare unicorn moments when the Congress actually tried to solve a problem without punting.
Now that it is law, there is talk, as mentioned in James’ article, of simply giving the entire shebang to the DoD.
Now, it’s another question whether the DoD can live up to its promises to change the system to a “continuous evaluation” system. DoD talks about automated tools, but anyone who knows anything about government IT contracting and government computer systems and the clearance process (ie. me) knows it won’t be that easy. I’m very skeptical but hopeful that it will work because the system is LOONG overdue for a major reform.
Hmmm “continuous evaluation”.
I wonder if this means that any of us who have a security clearance should probably plan on having at least our social media accounts monitored?
I’m not convinced this would necessarily be a bad thing.
Although I do know many security clearance holders who would be up in arms over such a prospect. Oddly (or perhaps not) many in that group who would be up in arms about having their own account monitored were also the most vocal about wondering why for instance the government couldn’t have done more to know (in advance) about the plans of someone like the Fort Hood shooter Nidal Hassan (an American citizen and active duty Army officer).
@Todd:
Yes, monitoring Social Media will be a part of it. And social media can already be included in the present system but not easily or well. However, this would only be public social media activity that’s able to be captured by tools that can see public info. It’s not clear yet how this will work since it’s relatively easy to be pseudonymous.
@Andy: social media can be tricky to interpret too. Like James, I from time to time get interviewed about other people. One of the toughest questions I’ve had to think about lately was one that should be an easy no: “are they part of any organization that advocates overthrowing the government?”. What if they from time to time (to friends only) share posts from groups like the Oath Keepers? How do I honestly answer that question?
@Andy:
From the article I linked:
From the article linked in the post above:
It sure looks like something that got started during the Obama administration and continued on, and expanded, during the current administration. Note that I never said it was a purely Obama initiative; that you inferred that on your own. Either way, it seems like a much needed correction.
@beth:
Before issuing corrections, let’s get the facts straight.
The article you cite is from over two years ago and it’s talking about the NBIB, which I mentioned in my original comment. NBIB is an agency of the OPM, not the DoD. This new initiative, stemming from the FY2018 NDAA, takes away DoD clearance investigations entirely away from the NBIB and, if some people have their way, NBIB will disappear entirely and DoD will take over everything. This change did not originate in the Obama administration.
See, for example, this recent op-ed that goes over the details.
The NBIB was the Obama administration program that was supposed to fix the process – it’s simply untrue that the idea to kill the NBIB and transfer responsibility to the DoD came from that administration.
@Todd:
It’s actually pretty simple – you tell them what you know. So, in the example you give, you’d tell them you don’t know if they are part of such an organization, but you do know they have shared stuff from an extremist organization on social media. This will bring-up follow-on questions from the investigator asking for details, which you’d then provide (if you have any).
The investigators then take that information and investigate further (at least that’s what they are supposed to do). Whatever is found is collected with all the other information about that person and then it’s sent to the adjudicators.
I saw this kind of thing happen frequently when I was a security manager, but it usually involved finances or drug use rather an involvement in extremist organizations. When “negative” information came to light, the subject of the clearance review would have to answer for it, explain and provide documents as necessary.
@MBunge: So, aside from the issue noted by others upthread as to whether this started under Obama, I simply take these sort of matters as bureaucratic initiatives unless I learn otherwise. That is, I don’t think Trump had anything to do with this. I tend to think Jim Mattis just said he’d take it over and didn’t get much pushback given how much everyone hates the system. So far as I know, Trump hasn’t said much about this issue.
@Todd: In spirit, I think @Andy gets it right. But, like you—and I suspect 99% of the people in the system—we’re answering questions based on our independent judgment of whether the individual ought to have a clearance. If I think they do, I’m unlikely to supply any information that causes them grief.
@James Joyner: Yep, that’s my approach. If I didn’t know them well I very likely would say something (serves them right for supplying a contact who barely knows them). But if it’s a friend who I know well, and know to a fair degree of certainty that they are not a security risk, I’m not egoing to be eager to cause them what I know will be a signigficant amount of ass pain just for being stupid on social media.
@Todd:
Don’t the investigators find out for themselves if people have made fools of themselves on FB, Twitter, Snapchat, Instagram, etc?
Back when Facebook was limited to college students, their advisors would plead with them not to post pics of themselves staggering out of a club and vomiting into the gutter.