• Fixing the Security Clearance Process

    May 5, 2023 // No Comments »

    How do you fix the security clearance process?

    The security clearance process is not a real-time, ongoing endeavor. Instead, someone applies for a government or contractor job that requires a clearance, some sort of background check is done, and a clearance decision is adjudicated. Next case, please. Most clearances are only reviewed every five years and then investigators lean heavily on anything new or changed, and especially on the subject’s performance those five years. Even agencies that use the polygraph employ an abbreviated version of the test when renewing a security clearance. There is no 365/24/7 continuous reevaluation process. Of course records checks are done, a felony arrest properly documented might pop up, and many agencies yearly run standard credit checks and conduct random drug tests. But overall, absent something self-reported or too obvious to ignore, a clearance rides for five years, sometimes literally with no questions asked. How could it be otherwise with over five million active cleared Americans strung across the globe?

    It doesn’t always work out. As happened following the process’ failure with people like Edward Snowden, Chelsea Manning, now with Air National Guardsman Jack Teixeira, much noise will be generated about “doing something” to fix the clearance process. But what?

    Dramatically increasing the number and scope of on-the-street investigations as part of background checks will spiral wildly into crazy expenses and even longer waiting periods to complete clearances. It could bring the hiring process to its knees, and spawn more and more “temporary clearances,” a self-defeating act. This all with no assurance of better results due to both limitations on the whole concept (past behavior in a wholly different environment like high school may not be indicative of future intent under real-world pressures, as in the Teixeira and Manning cases) or simply human judgment errors. If done properly, such changes might even catch a few of the Teixeira’s out there, but to be honest, there are few Teixeira’s out there to begin with and most of them will be sending up obvious danger signals at work for a long time if anyone would pay attention before a clearance review catches up.

    In the interest of never letting a good crisis go to waste, the Biden Administration is now reportedly planning to increase its surveillance of social media and online chatrooms, as if not understanding the internet is a very big place. It is certain that many more in government will call for more aggressive “monitoring” of employees, having them sign away basically all of their civil rights in return for a job. The government will turn its vast intelligence gathering tools further inward and end up pointlessly compiling CIA officers’ credit card receipts from Applebee’s, the web browsing habits of diplomats’ children, and so forth. In truth, a lot of that is probably already going on now anyway (the CIA and other intel agencies have had for years robust counterintelligence operations designed specifically to spy on their own spies.) But you just can’t see into a person’s head, or his heart, via his bank account.

    In addition to a huge waste of money and resources, these measures will inevitably lead to more mistrust and paranoia inside government. Lack of sharing (the CIA believes things it shares with State get leaked, the Army won’t give things away to the Navy, the FBI hoards info so as to not let another part of the Department of Justice get credit for a bust, the NSA doesn’t trust anyone, and so forth) is already an issue among agencies, and even inside of agencies, and helped pave the way for 9/11.

    In addition, handing even more power to security teams will also not work well in the long run. Hyper-scrutiny will no doubt discourage more decent people from seeking government work, unwilling to throw their lives open for a job if they have prospects elsewhere. The Red Scare of the 1950s, and the less-known Lavender Scares, when labeling someone gay inside government would see him fired, show what happens when security holds too many cards. James Jesus Angleton’s paranoid mole hunting at CIA, which ruined many careers, is still a sore point at Langley. No, unleashing the bullies won’t help.

    As a wise man once said, cut through all the lies and there it is, right in front of you. The only answer to the clearance problem is to simply require fewer cleared people inside government.

    This will require the tsunami of document classification to be dammed. In FY2009 alone, 54 million U.S. Government documents were classified. Every one of those required cleared authors and editors, system administrators and database technicians, security personnel, and electronic repair persons. Even the cafeteria personnel who fed them lunch needed some sort of vetting.

    With fewer people to clear because there is less classified material to begin with, always-limited resources can be better focused. Better background checks can be done. Corners need not be cut, and unqualified people would not be issued clearances out of necessity. Processing time would be reduced. Human judgment, always the weak link, could be applied more slowly and more deliberately, with more checks and balances involved.

    More monitoring won’t help and will very likely hurt. In a challenge as inherently flawed as the clearance process, the only way forward is less, not more.

    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in NSA, Other Ideas, Post-Constitution America

    Why Hasn’t the U.S. Arrested WaPo Journalist for Publishing Classified Documents?

    April 28, 2023 // Comments Off on Why Hasn’t the U.S. Arrested WaPo Journalist for Publishing Classified Documents?

    Why hasn’t the U.S. government arrested WaPo journalist Shane Harris for publishing highly classified documents related to the war in Ukraine and U.S. spying on its allies? The ones leaked by Air national Guardsman Jack Teixeira?

    The documents contain significant revelations.  Among other secrets, they show the CIA recruited human agents privy to the closed-door conversations of world leaders, reveal eavesdropping that shows a Russian mercenary outfit tried to acquire weapons from NATO ally Turkey to use against Ukraine, explained what kind of satellite imagery the United States uses to track Russian forces, and made clear U.S. and NATO have special forces on the ground inside Ukraine.

    Why Shane Harris is not in jail has a long history, and a complex answer. In 1971, Daniel Ellsberg leaked the Pentagon Papers, a secret U.S. government-written history of the Vietnam War, to the New York Times. No one had ever published such classified documents before, and reporters at the Times feared they would go to jail under the Espionage Act (the same law under which Jack Teixeira is charged.) A federal court ordered the Times to cease publication after initial excerpts were printed, the first time in U.S. history a federal judge censored a newspaper via prior restraint. In the end, the Supreme Court reversed the lower courts and handed down a victory for the First Amendment in New York Times Company v. United States. The Times won the Pulitzer Prize. Ever since media have published national security secrets as they found them.

    Law professor Steve Vladeck points out “although the First Amendment separately protects the freedom of speech and the freedom of the press, the Supreme Court has long refused to give any separate substantive content to the Press Clause above and apart from the Speech Clause. The Supreme Court has never suggested that the First Amendment might protect a right to disclose national security information. Yes, the Pentagon Papers case rejected a government effort to enjoin publication, but several of the Justices in their separate opinions specifically suggested that the government could prosecute the New York Times and the Washington Post after publication, under the Espionage Act.”

    The Supreme Court left the door open for the prosecution of journalists who publish classified documents by focusing narrowly on prohibiting prior restraint. Politics and public opinion, not law, has since kept the feds exercising discretion in not prosecuting the press, a delicate dance around an 800-pound gorilla loose in the halls of democracy.

    The closest an American journalist ever came to being thrown in jail was in 2014, when the Obama administration subpoenaed New York Times reporter James Risen. They then accused former CIA officer Jeffrey Sterling of passing classified information to Risen. After a lower court ordered Risen to testify and disclose his source under threat of jail, the Supreme Court turned down his appeal, siding with the government in a confrontation between a national security prosecution and an infringement of press freedom. The Supreme Court refused to consider whether the First Amendment implied a “reporter’s privilege,” an undocumented protection beneath the handful of words in the Free Press Clause.

    In the end, the Obama administration, fearful of public opinion, punted on Risen and set precedent extra-judicially. Waving a patriotic flag over a messy situation, then-attorney general Eric Holder announced that “no reporter who is doing his job is going to go to jail.” Risen wasn’t called to testify and wasn’t punished for publishing classified material, even as the alleged leaker, Jeffrey Sterling, disappeared into prison for three and a half years. To avoid creating a precedent that might have granted some form of reporter’s privilege under the Constitution, the government set a different precedent and stepped away from the fight. That’s why Shane Harris of the Washington Post isn’t under arrest right now. For traditional media American journalists like Shane Harris, the Risen case was a turning point.

    Meanwhile Wikileaks’ Julian Assange is under arrest, rotting away in his fifth year in a UK prison fighting extradition to the United States. There are complex legal questions to be answered about who is a journalist and what is publishing in the digital world — is Assange himself a journalist like Risen or a source for journalists like Sterling was alleged to be? There is no debate over whether James Risen is a journalist and whether a book is publishing. Glenn Greenwald has written about and published online classified documents given to him by Edward Snowden, and has never been challenged by the government as a journalist or publisher.

    Assange isn’t an American, so he is vulnerable. He is unpopular, drawn into America’s 21st-century Red Scare for revealing the DNC emails. He has written nothing alongside the primary source documents on Wikileaks, has apparently done little curating or culling, and has redacted little. Publishing for him consists of uploading what has been supplied. The government would argue Assange is not entitled to First Amendment protections simply by claiming that a mouse click and some web code isn’t publishing and Assange isn’t a journalist. The simplest interpretation of 18 U.S.C. § 793(e) of the Espionage Act, that Assange willfully transmitted information relating to national defense without authorization, would apply. He would be guilty, same as the other canaries in the deep mine shaft of Washington before him, no messy balancing questions to be addressed. And with that, a unique form of online primary source journalism would be made extinct.

    And that really, really matters. Wikileaks sidestepped the restraints of traditional journalism to bring the raw material of history to the people. Never mind whether or not a court determined disclosure of secret NSA programs which spied on Americans disclosure was truly in the public interest. Never mind the New York Times gets a phone call from the President and decides not to publish something. Never mind how senior government officials are allowed to selectively leak information helpful to themselves. Never mind what parts of an anonymous technical disclosure a reporter understood well enough to write about, here are the cables, the memos, the emails, the archives themselves. Others can write summaries and interpretations if they wish (and nearly every mainstream media outlet has used Wikileaks to do that, some even while calling Assange and his sources traitors), or you as an individual can simply read the stuff yourself and make up your own damn mind about what the government is doing. Fact checks? There are the facts themselves in front of you. That is the root of an informed public, through a set of tools and freedoms never before available until the internet created them.

    Allowing these new tools to be broken over the meaning of the words journalist and publishing will stifle all of what’s left of the press. If Assange becomes the first successful prosecution of a third party under the Espionage Act, the government can then turn that precedent into a weapon to aggressively attack the media’s role in national security leaks. Is a reporter, for example, publishing a Signal number in fact soliciting people to commit national security felonies? Will media employees have to weigh for themselves the potential public interest, hoping to avoid prosecution if they differ from the government’s opinion? The Assange case may prove to be the topper in a long-running war of attrition against free speech.

    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in NSA, Other Ideas, Post-Constitution America

    Jack Teixeira, Leaks, and a Matter of Trust

    April 21, 2023 // 2 Comments »

    Despite all the precautions and double-checks, at some level it ends up a matter of trust. And in the case of Air National Guardsman Jack Teixeira, much of that trust was violated. Why couldn’t the military trust him? Why do we have to trust him?

    The charging documents against Jack Teixeira, 21-year-old going on 14-year-old airman first class who is accused of leaking classified documents, indicate that he was granted a top-secret security clearance in 2021, which was required for his job as a computer network technician in the Massachusetts Air National Guard. While that may sound like an exceptional degree of access for such a junior service member, having top secret/SCI (sensitive compartmented information) clearance in that kind of job is standard. Other recent celebrity leakers were of a similar age and experience; NSA leaker Reality Winner was arrested at age 26. Edward Snowden did his leaking from the NSA and CIA in his early thirties, and Chelsea Manning was only 22 when she exposed massive amounts of State Department and U.S. military data via Wikileaks. With the exception of Winner, all worked as network engineers of some sort, sitting at the electronic nexus between the producers of intelligence and the consumers. There is no place elsewhere on the network which offers greater visibility. Think of how much water a plumber watches pass by as he fixes your pipes.

    Though each leaker had all the requisite background checks, at their young ages there wasn’t much background to check. Teixeira joined the military at age 20 and so, like Manning and others, his suitability for a clearance was based mostly on what kind of kid he was in high school. It is unclear what a better clearance system would look like, but it is equally clear the current one has some holes in it. Right now things are based mostly on a matter of trust.

    Teixeira violated the trust put in him in a number of ways, the most significant was the actual leaking of highly classified documents. The manner in which he appears to have obtained the documents, however, suggests other steps of breach of trust along the way. The documents as they appeared online on that Discord gaming and chat server appear to be photographs of classified documents. This makes sense; the military networks are physically isolated from the outside world and so electronic outloading secrets is near impossible. If a classified document is physically printed, as in the case of the Reality Winner leaks, a secret source code is surreptitiously embedded and can be traced back to the printer. In both Manning’s and Snowden’s cases some sort of storage device was illegally brought into the secure area, in Manning’s case a read/writable CD-ROM. What Snowden used has never been publicly disclosed though Oliver Stone’s film Snowden postulates it was some sort of media smuggled in and out via a Rubik’s Cube. Teixeira seems to have acquired classified documents printed by someone else and taken cell phone photos of them, either at work or, based on the daily detritus in the frames, at home. Teixeira was trusted not to bring a phone into his secured area and not to take documents out. He violated these trusts to try impress some online friends with the level of access he had.

    Here things are on more traditional ground. Standard spy tradecraft says someone will betray their country for one or more of a fairly standard set of reasons, MICE: money, ideology, compromise and ego, with the kid Teixeira solidly on the square marked “ego.” It’s easy to screen out the drunks and gamblers and bankrupt, harder to figure out who is doing it for themselves.

    But what other matters of trust were breached in the short saga of Jack Teixeira? The MSM soiled itself once again, proving to be more a tool of the state rather than a way to inform the people about what their government is up to. Most of the MSM joined with online pundits in first claiming the Teixeira documents were fakes, or at least grossly altered. When the story first appeared Reuters claimed, based on anonymous sources, that Russia was behind it. When the documents’ veracity became too obvious to ignore, the MSM switched over into claiming whatever the documents said, it was not very important, just things everyone sort of already knew (they did the same with the Snowden info.) Then despite the documents being of no great importance, when instructed from the White House briefing podium that the documents do not belong on the front pages of American newspapers, the documents were taken off line by the MSM and replaced with blurred images. Based on publicly available information, the New York Times and Washington Post tracked down the leaker before the FBI did, practically outing him on page one for the Feds. The trust between the press and its role in a democracy, and the people, was treated with the same callousness as the trust between Teixeira and the military.

    As for other matters of trust, the Teixeira documents show that post-Snowden the U.S. still spies on its allies. Snowden revealed American spying in Western Europe, for example, was down to the level of listening in on world leaders’ personal cell phones, and that in Asia the entire Japanese phone system was compromised. Teixeira reveals the U.S. listens in on Cabinet-level internal discussions in South Korea, and on high-level deliberations in Egypt (who, speaking of matters of trust) appeared to be planning on selling arms to Russia while at the same time being the second largest recipient of U.S. foreign aid. The U.S. also listened in on Jordan’s Crown Prince Hussein and of course ally Ukraine. There was no trust despite public pronouncements of common goals and joint efforts.

    But the biggest breach of trust revealed by the Teixeira documents is between the U.S. government and the people. The leaked documents show despite claims to the contrary, there are American (special) forces on the ground in Ukraine, catching the president in a solid lie. Other NATO forces have military personnel on the ground as well, dramatically risking wider conflict even as the president begs the American people to believe all that the U.S. is doing is passively supplying weapons to Ukraine. We also learn that any pronouncements of optimism that Ukraine may force back its Russian invaders cannot be trusted; the documents show U.S. intelligence assesses the much-vaunted spring counteroffensive by Ukraine will likely fail, and that the war writ large will continue into 2024. Not only does this show administration claims of progress to be false, it raises the possibility deeper American involvement will be necessary and likely.

    It is a familiar story. The sum of the Manning leaks showed the American government could not be trusted to tell the truth about progress in the Iraq and Afghan wars (echoing the Daniel Ellsberg leaks about Vietnam known as the Pentagon Papers.) The sum of the Snowden leaks was to show the American government could not be trusted when it claimed to not spy domestically on its own citizens, or on its closest allies abroad. It becomes a sad state of affairs where we the people end up trusting leakers, people by definition untrustworthy, to accurately and completely tell us what our own government is doing behind the always happy public announcements. If the leaked documents matched the public statements there would be nothing to say, indeed, no point in leaking, for the adolescent dork or the self-styled crusader. But it never works that way.

    So when we ask why we cannot trust kids like Jack Teixeira to follow the rules and earn the trust granted them, we need to look broader, at a military-government system that pretends to be based on trust while lying its pants off. That’s how Teixeira probably grew up seeing things, you can trust me.

     

    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in NSA, Other Ideas, Post-Constitution America