20 August 2014

U.S. Intelligence Community Still Years From Being Able to Track Leakers and Other Insider Threats

U.S. Intelligence Can’t Stop the Next Snowden for Years

Kimberly Dozier

The Daily Beast, August 18, 2014
A new leaker is spilling secrets while the government rushes to build systems to track access to classified info and find potential spies.

Stung by criticism over allegedly draconian surveillance of its own employees—and by the appearance of an apparent new leaker—the U.S. intelligence community is struggling to put in place sweeping new monitoring to watch the watchers, without going so far that they chill whistleblowing or go so Big Brother, they drive their workforce away.

They’re also smarting over charges that the new monitoring is taking too long to install.
U.S. intelligence officials tell The Daily Beast that they’re still almost a year away from being able to monitor public databases for signs their employees have broken U.S. laws or hit financial difficulty.

And the officials said the community is months if not years away from monitoring individual computer activity in the 70 government agencies that have access to classified information, because of the variety of computer systems and networks that span the U.S. government. They don’t even have 100 percent coverage across the intelligence agencies yet, when it comes to some of the highly classified or compartmented programs.
That delay has likely enabled a reported “second Snowden” who leaked secret files to The Intercept from the National Counterterrorism Center from August 2013—after now-fugitive NSA leaker Edward Snowden fled to Russia.

Officials are even running a pilot to monitor what those with clearances post on public social media and message boards, but they think that may be a step too far in terms of scale and intrusion on privacy.
The scope of the changes being considered under the moniker “Continuous Evaluation” show the wide-ranging impact of insider threats. These include the diplomatically embarrassing WikiLeaks cables, ex-NSA contractor Edward Snowden’s disclosure of classified documents leading to public outrage prompting changes in some NSA programs and the deadly shooting incident at the Navy Yard by contractor Aaron Alexis, whose security checks missed what investigators later called a pattern of disturbing behavior.

The intelligence community has already taken many steps to plug the leaks, from requiring two staffers to be present to access any particularly sensitive files in some agencies, to reminding workers to take notice and report on any suspicious activity by their colleagues. The director of National Intelligence, James Clapper, also rolled out a new policy on interacting with the media that bans talking about even unclassified intelligence matters with journalists without prior permission.
“To a large extent, it’s not only smart, it’s long overdue. The way the existing process works, they look at you every five to 10 years … and then they forget about you until the next review is due years later.”

Adding to that, the officials said in the interview that by next spring, the Office of the Director of National Intelligence will start checking the names of 1.5 million employees with top secret clearances against a series of publicly available and government databases, including those that show recent arrests, credit scores and large cash transactions of $10,000 or more. It’s part of upcoming changes to the Insider Threat Policy set by the Office of the National CounterintelligenceExecutive.

They will eventually monitor those databases for the activity of all the 5 million-plus people cleared to see the U.S. government’s secret documents. The officials spoke anonymously as a condition of describing the program.

If those monitoring find something amiss, they would report it to the employee or contractor’s parent agency for possible investigation—or not, at their discretion.

“To a large extent, it’s not only smart, it’s long overdue,” said Steven Aftergood, who directs the Federation of American Scientists’ Project on Government Secrecy. “The way the existing process works, they look at you every five to 10 years…and then they forget about you until the next review is due years later.”

But Aftergood and other critics on Capitol Hill say the proof will be in how it’s enacted, and how the employees feel about it—especially if it extends to monitoring online activity outside work.

“It needs to be demonstrated in practice that the triggers won’t lead to…a paranoid workplace,” he said. “They can’t push it too far or it will backfire.”

The officials said that’s why they are only looking at public databases that track things like crime or bankruptcy, which employees with clearances are supposed to reporting to their bosses anyway.

The officials described the planned monitoring of work computer terminals as limited to looking for “red flags” like massive downloads of documents on Syria by an analyst working on another part of the world.

In terms of social media, the officials said they’re testing if its even feasible to track posts on open forums from employees or contractors who hold clearances and look for signs they are ready to strike at their agency. Snowden posted comments indicating his dissatisfaction with his bosses long before he copied what intelligence officials say was more than a million documents, though he says he copied less.

But one of the key officials overseeing the program said he doubts they’ll go that far, because it’s not clear that it would be worthwhile monitoring what an employee says in what they know to be a public, and therefore easily monitored forum.

That’s because such hypothetical social media monitoring would not cover what someone says on their personal Facebook page, if the page had a high privacy setting that limited access only to family or close friends.

The official said they had already rejected the practice of some foreign intelligence agencies, in which employees have to self-report personal email addresses and social media interaction and turn over their passwords to allow the spy agency access.

“We don’t look at an employee’s personal emails or computers at home,” the senior official insisted.

Still, legislators want assurances that government employees or contractors will be able to have a reasonable degree of privacy at home, and will still be able to communicate any workplace issues to the appropriate authorities.

Senators Chuck Grassley (R-Iowa) and Ron Wyden (D-Ore.) expressed concern that the new monitoring might have a chilling effect on the confidentiality of whistleblowers to Congress or Inspectors General.

In a letter to Director of National Intelligence James Clapper in June, they wrote, “If whistleblower communications with Inspectors General or with Congress are routinely monitored and conveyed to agency leadership, it would defeat the ability to make protected disclosures confidentially.”

The officials countered that they are trying to teach employees how to express their concerns through classified channels, including detailing how best to reach out to an agency inspector general.

It’s the heightened exhortations to watch each other at work that worries Mark Zaid, a lawyer who represents whistleblowers and national security personnel. “It’s very much McCarthyism, like going back toward the 1950s,” with encouraging employees to report on their team for any indications of Communist leanings, he said Sunday.

Even before the rash of leaks, he said that he’d represented clients who were reported as possible security risks because of emotional outbursts at work or changes in mood and work habits—behavior that might indicate someone is justifiably dissatisfied with their job or their manager, not about to reveal state secrets to the national news media.

“How long will the investigation take…and how much damage it will do to that person’s career when they are on leave for six months—that’s where the dangers are,” he said.

The officials did look uncomfortable when asked to defend their boss Clapper’s new guidance for talking to members of the media, which is seen by many intelligence agency staffers as all but prohibiting even social contact without reporting it to supervisors.

One of the officials insisted that saying hello to a journalist or talking to them in a social setting was allowed—but talking about intelligence matters in any way was not.

When asked what was the difference between a current or former spy agency employee explaining intelligence matters to a journalist to protect their agency, and the leaks of Edward Snowden, one of the officials said “scale.”

“Snowden scraped more than 1 million documents off the servers,” the senior official said. “There’s no way he could have read all of them, and therefore no way he could have known who it might have harmed if released.”

No comments: