Obama program requires federal workers to inform on colleagues

Posted Friday, Jun. 21, 2013  comments  Print Reprints
A

Have more to add? News tip? Tell us

Even before a former U.S. intelligence contractor exposed the secret collection of Americans’ phone records, the Obama administration was pressing a government-wide crackdown on security threats that requires federal employees to keep closer tabs on their co-workers and exhorts managers to punish those who fail to report their suspicions.

President Barack Obama’s unprecedented initiative, known as the Insider Threat Program, is sweeping in its reach. It has received scant public attention even though it extends beyond the U.S. national security bureaucracies to most federal departments and agencies nationwide, including the Peace Corps, the Social Security Administration and the Education and Agriculture departments. It emphasizes leaks of classified material, but catchall definitions of “insider threat” give agencies latitude to pursue and penalize a range of other conduct.

Government documents reviewed by McClatchy illustrate how some agencies are using that latitude to pursue unauthorized disclosures of any information, not just classified material. They also show how millions of federal employees and contractors must watch for “high-risk persons or behaviors” among co-workers and could face penalties, including criminal charges, for failing to report them. Leaks to the media are equated with espionage.

“Hammer this fact home … leaking is tantamount to aiding the enemies of the United States,” says a June 1, 2012, Defense Department strategy for the program that was obtained by McClatchy.

The Obama administration is expected to hasten the program’s implementation as the government grapples with the fallout from the leaks of top secret documents by Edward Snowden, the former National Security Agency contractor who revealed the agency’s secret telephone data collection program. The case is only the latest in a series of what the government condemns as betrayals by “trusted insiders” who have harmed national security.

“Leaks related to national security can put people at risk,” Obama said on May 16 in defending criminal investigations into leaks. “They can put men and women in uniform that I’ve sent into the battlefield at risk. They can put some of our intelligence officers, who are in various, dangerous situations that are easily compromised, at risk. . . . So I make no apologies, and I don’t think the American people would expect me as commander in chief not to be concerned about information that might compromise their missions or might get them killed.”

Whistleblowers protected

As part of the initiative, Obama ordered greater protection for whistleblowers who use the proper internal channels to report official waste, fraud and abuse, but that’s hardly comforting to some national security experts and current and former U.S. officials. They worry that the Insider Threat Program won’t just discourage whistleblowing but will have other grave consequences for the public’s right to know and national security.

The program could make it easier for the government to stifle the flow of unclassified and potentially vital information to the public, while creating toxic work environments poisoned by unfounded suspicions and spurious investigations of loyal Americans, according to these current and former officials and experts. Some non-intelligence agencies already are urging employees to watch their co-workers for “indicators” that include stress, divorce and financial problems.

“It was just a matter of time before the Department of Agriculture or the FDA (Food and Drug Administration) started implementing, `Hey, let’s get people to snitch on their friends.’ The only thing they haven’t done here is reward it,” said Kel McClanahan, a Washington lawyer who specializes in national security law. “I’m waiting for the time when you turn in a friend and you get a $50 reward.”

The Defense Department anti-leak strategy obtained by McClatchy spells out a zero-tolerance policy. Security managers, it says, “must” reprimand or revoke the security clearances — a career-killing penalty — of workers who commit a single severe infraction or multiple lesser breaches “as an unavoidable negative personnel action.”

Employees must turn themselves and others in for failing to report breaches. “Penalize clearly identifiable failures to report security infractions and violations, including any lack of self-reporting,” the strategic plan says.

The Obama administration was already pursuing an unprecedented number of leak prosecutions, and some in Congress — long one of the most prolific spillers of secrets — favor tightening restrictions on reporters’ access to federal agencies, making many U.S. officials reluctant to even disclose unclassified matters to the public.

The policy, which partly relies on behavior profiles, could also discourage creative thinking and fuel conformist “group think” of the kind that was blamed for the CIA’s erroneous assessment that Iraq was hiding weapons of mass destruction, a judgment that underpinned the 2003 U.S. invasion.

“The real danger is that you get a bland common denominator working in the government,” warned Ilana Greenstein, a former CIA case officer who says she quit the agency after being falsely accused of being a security risk. “You don’t get people speaking up when there’s wrongdoing. You don’t get people who look at things in a different way and who are willing to stand up for things. What you get are people who toe the party line, and that’s really dangerous for national security.”

Obama launched the Insider Threat Program in October 2011 after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and sent them to WikiLeaks, the anti-government-secrecy group. It also followed the 2009 killing of 13 people at Fort Hood by Army Maj. Nidal Hasan, an attack that federal authorities failed to prevent even though they were monitoring his emails to an al Qaeda-linked Islamic cleric.

An internal review launched after Manning’s leaks found “wide disparities” in the abilities of U.S. intelligence agencies to detect security risks and determined that all needed improved defenses.

Obama’s executive order formalizes broad practices that the intelligence agencies have followed for years to detect security threats and extends them to agencies that aren’t involved in national security policy but can access classified networks. Across the government, new policies are being developed.

There are, however, signs of problems with the program. Even though it severely restricts the use of removable storage devices on classified networks, Snowden, the former NSA contractor who revealed the agency’s telephone data collection operations, used a thumb drive to acquire the documents he leaked to two newspapers.

“Nothing that’s been done in the past two years stopped Snowden, and so that fact alone casts a shadow over this whole endeavor,” said Steven Aftergood, director of the non-profit Federation of American Scientists’ Project on Government Secrecy. “Whatever they’ve done is apparently inadequate.”

U.S. history is replete with cases in which federal agencies missed signs that trusted officials and military officers were stealing secrets. The CIA, for example, failed for some time to uncover Aldrich Ames, a senior officer who was one of the most prolific Soviet spies in U.S. history, despite polygraphs, drunkenness, and sudden and unexplained wealth.

Stopping a spy or a leaker has become even more difficult as the government continues to accumulate information in vast computer databases and has increased the number of people granted access to classified material to nearly 5 million.

Proper training

Administration officials say the program could help ensure that agencies catch a wide array of threats, especially if employees are properly trained in recognizing behavior that identifies potential security risks.

“If this is done correctly, an organization can get to a person who is having personal issues or problems that if not addressed by a variety of social means may lead that individual to violence, theft or espionage before it even gets to that point,” said a senior Pentagon official, who requested anonymity because he wasn’t authorized to discuss the issue publicly.

Manning, for instance, was reportedly reprimanded for posting YouTube messages describing the interior of a classified intelligence facility where he worked. He also exhibited behavior that could have forewarned his superiors that he posed a security risk, officials said.

Jonathan Pollard, a former U.S. Navy intelligence analyst sentenced in 1987 to life in prison for spying for Israel, wasn’t investigated even though he’d failed polygraph tests and lied to his supervisors. He was caught only after a co-worker saw him leave a top-secret facility with classified documents.

“If the folks who are watching within an organization for that insider threat — the lawyers, security officials and psychologists — can figure out that an individual is having money problems or decreased work performance and that person may be starting to come into the window of being an insider threat, superiors can then approach them and try to remove that stress before they become a threat to the organization,” the Pentagon official said.

Wide latitude granted

The program, however, gives agencies such wide latitude in crafting their responses to insider threats that someone deemed a risk in one agency could be characterized as harmless in another. Even inside an agency, one manager’s disgruntled employee might become another’s threat to national security.

In November, Obama approved “minimum standards” giving departments and agencies considerable leeway in developing their insider threat programs, leading to a potential hodgepodge of interpretations. He instructed them to not only root out leakers but people who might be prone to “violent acts against the government or the nation” and “potential espionage.”

The Pentagon established its own sweeping definition of an insider threat as an employee with a clearance who “wittingly or unwittingly” harms “national security interests” through “unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”

“An argument can be made that the rape of military personnel represents an insider threat. Nobody has a model of what this insider threat stuff is supposed to look like,” said the senior Pentagon official, explaining that inside the Defense Department “there are a lot of chiefs with their own agendas but no leadership.”

The Department of Education, meanwhile, informs employees that co-workers going through “certain life experiences … might turn a trusted user into an insider threat.” Those experiences, the department says in a computer training manual, include “stress, divorce, financial problems” or “frustrations with co-workers or the organization.”

An online tutorial titled “Treason 101” teaches Department of Agriculture and National Oceanic and Atmospheric Administration employees to recognize the psychological profile of spies.

A Defense Security Service online pamphlet lists a wide range of “reportable” suspicious behaviors, including working outside of normal duty hours. While conceding that not every behavior “represents a spy in our midst,” the pamphlet adds that “every situation needs to be examined to determine whether our nation’s secrets are at risk.”

The Defense Department, traditionally a leading source of media leaks, is still setting up its program, but it has taken numerous steps. They include creating a unit that reviews news reports every day for leaks of classified defense information and implementing new training courses to teach employees how to recognize security risks, including “high-risk” and “disruptive” behaviors among co-workers, according to Defense Department documents reviewed by McClatchy.

“It’s about people’s profiles, their approach to work, how they interact with management. Are they cheery? Are they looking at Salon.com or The Onion during their lunch break? This is about `The Stepford Wives,’ ” said a second senior Pentagon official, referring to online publications and a 1975 movie about robotically docile housewives. The official said he wanted to remain anonymous to avoid being punished for criticizing the program.

The emphasis on certain behaviors reminded Greenstein of her employee orientation with the CIA, when she was told to be suspicious of unhappy co-workers.

“If someone was having a bad day, the message was watch out for them,” she said.

Looking for comments?

We welcome your comments on this story, but please be civil. Do not use profanity, hate speech, threats, personal abuse, images, internet links or any device to draw undue attention. Our policy requires those wishing to post here to use their real identity.

Our commenting policy | Facebook commenting FAQ | Why Facebook?