Financial Cost of Coronavirus Leads Top Counterintelligence Official to Relax Top-Secret Clearance Rules

Newsmaker Snowden
With "continuous evaluation" slowed down by the coronavirus pandemic, will U.S. counterintelligence miss the next Edward Snowden? The Guardian/Getty

The government's top counterintelligence official is telling security officers across the Executive Branch to relax rules for vetting workers with Top Secret clearances, citing financial hardships that may hit as a result of the coronavirus. William R. Evanina, director of the National Counterintelligence and Security Center, said Monday that workers with financial problems needed to be reconsidered in a new context, not as security risks or disqualified to hold a clearance.

The new directive is needed because a little known program called "continuous evaluation" now constantly scrutinizes the activities of some 1.7 million security clearance holders—military servicemembers, civil service employees and even private industry workers—matching crime reports, court records, property transactions, and credit scores to workers and flagging activities that indicate possible wrongdoing or deception. This Big Brother automated system is used to verify and uncover facts about individuals as well as look for anomalous activity that might reveal spying for a foreign government but also provides early warning of "insider threats": the next Edward Snowden-type individual who uses their access to government secrets to make public revelations.

The program, instituted government-wide in 2018, is described by its operators as a good government measure and a money-saving blessing, an improvement over old shoe-leather methods of doing background investigations. Part of the what the federal government is calling Trusted Workforce 2.0, continuous evaluation is said to be less intrusive, cheaper and more accurate.

Continuous evaluation provides "better vetting, faster investigation timelines and enhanced mobility" for workers, Brian Dunbar, assistant director of the National Counterintelligence and Security Center, told the website ClearanceJobs last month.

But outside observers worry that continuous evaluation, while perhaps more efficient, is also the quintessential government program. "Start small, automate and expand forever until someone tells you to stop," says Steven Aftergood, a secrecy expert at the Federation of American Scientists and a close watcher of the security clearance process.

Aftergood worries that continuous evaluation is growing faster than it can be assessed, either for its effectiveness or its legality. "We need continuous evaluation of continuous evaluation," he says, labeling the program a "potentially dangerous tool that lends itself to unaccountable uses of power."

Trigger warnings

Pilot programs to build a continuous evaluation system began in 2007, when the Pentagon started using the Automated Continuing Evaluation System (ACES), a system that pinged over 40 government and commercial databases to verify information used in applications for security clearances, double checking everything from birth dates to school degrees, looking for deception on the part of applicants. ACES went through numerous upgrades until the personnel security administrators determined its "potential for streamlining the expensive and time-consuming clearance process". The software's "rules-based" triggers were also found successful in finding indicators of personal vulnerability—substance abuse, criminal behavior, financial problems—or even the possibility of espionage-related activities such as unexplained affluence, that prompted investigators to delve deeper. Automating record checks didn't replace humans in the process, but operators projected that far fewer investigators would be needed when machines were flagging issues of concern.

As ACES was moving forward, Chelsea Manning and Edward Snowden appeared in 2010 and 2013. Both held sensitive Top Secret clearances and both used their accesses to amass and then steal large numbers of government documents, transferring them from internal networks to personal computers. The government security clearance program failed to identify the two as potential risks, and they had evaded internal controls over network use. A massive "insider threat" detection program began in the federal government. New restrictions were placed on network access, removable media such as thumb drives were eliminated or placed under two-person control, and new methods were instituted for "user activity monitoring": the closer scrutiny of network activity needed to catch future threats.

Greater scrutiny for those who applied for security clearances and increased vigilance to monitor those who already held clearances collided at the same time in creating a growing backlog of investigations for the 4.6 million government and industry workers who held positions of trust. Not only did new clearance requests take longer to be processed but the backlog of "reinvestigations" of existing clearance holders—required every five years for those with Top Secret clearances—accumulated. Congressional overseers wrote in November 2017 that the entire "background investigation process is broken" and called the system, composed of decades-old practices, "grossly inefficient." The backlog of people awaiting the outcomes of investigations ballooned, reaching a peak of 725,00 cases in November 2018.

By then, the Defense Department's ACES program had transformed into Mirador—the current system of automated checks intended to provide near real-time identification of adverse information. From the initial pilot of approximately 100,000 Top Secret clearance holders in 2014 when the system went live, it quintupled to 500,000 people at the end of the Obama administration. Today, 1.4 million Defense Department clearance holders are scrutinized by Mirador. Another 300,000 are scrutinized by a parallel system under the authority of the Office of the Director of National Intelligence (of which the NCSC is part). They come from 26 Executive Branch departments and agencies, both the intelligence community agencies and civil agencies such as the Department of Health and Human Services and the Centers for Disease Control and Prevention.

In the spring of 2018, the NCSC announced its Trusted Workforce 2.0 program, a top-to-bottom overhaul the security clearance process for the Executive Branch, what Evanina called the "first transformative effort to the personnel vetting process since the immediate post-World War II era." Machines would be used in three roles—verifying data submitted in initial background investigations looking for deceptions, conducting live updating of clearances for those already with clearances (eliminating the need for across-the-board reinvestigations), and conducting the actual investigations for those granted "Secret" clearances.

A new agency was created, the Defense Counterintelligence and Security Agency, taking over clearance processing from the Office of Personnel Management. The backlog of required investigations was reduced from the high of 725,000 to 248,000 in December 2019, a large part of that attributable to continuous evaluation.

The Defense Department and the Office of the Director of National Intelligence say that they follow strict guidelines both on what the machines are looking for and how the data that is ingested is targeted. As of February 2017, DOD reported that Mirador had generated 12,400 alerts on 1,816 individuals. Only 62 cases resulted in people receiving warnings or having their clearances revoked. For Top Secret clearance holders, DOD said, risk indicators were being identified an average of 1.5 years before the old manual reinvestigations would have uncovered them. But people whose backgrounds and behaviors were scrutinized once every five years are now under constant automated evaluation.

How much information is actually used to scrutinize clearance holders, and what is looked at, is closely guarded. One military fact sheet on continuous evaluation warns servicemembers with regard to things that will trigger the machines—"failure to make child or spousal support payments," "involvement with the legal system, such as being the target of legal action, being sued, or the possibility you might be required to discuss your job under oath," "irresponsible behavior while under the influence," or "going 'on and off' the wagon." In writing about continuous evaluation earlier this month Government Executive said that NCSC was revising what it was flagging because "a $50 traffic violation may not be the best metric for trustworthiness" that would suggest a much deeper dragnet.

Where would continuous evaluation get a tip-off of a traffic violation? Government documents indicate that criminal data that feeds continuous evaluation comes from the FBI Interstate Identification Index, an aggregation of national crime information with information from all 50 states, identifying all suspected felons and many individuals arrested on misdemeanor counts who are also fingerprinted. Three primary commercial databanks are also used—Equifax financial and credits reports; PlanetRisk (formerly iMapData) citizenship, education, employment, property, criminal and court records; and Thomson Reuters World-Check, a databank of "over three million continuously updated profiles of high-risk individuals and organizations worldwide."

Whether intelligence information is used in continuous monitoring, that is, NSA intercepts or the automated collection of social media activity, is unknown. And how "user activity monitoring" is aggregated—the keystrokes and Internet-behavior of government workers, particularly when they are engaged in telework from their homes—is unknown.

Jay Stanley, a senior policy analyst at the ACLU Speech, Privacy and Technology project, particularly worries about the ingest of social media in any continuous evaluation program, saying that algorithmic decision-making has proven unable to contextually understand speech like sarcasm or hyperbole.


On March 11, Sen. Mark R. Warner (D-VA), vice chairman of the Senate Intelligence Committee, urged the federal government to revise its security rules in light of coronavirus.

"I write to ask you to issue guidance directing agencies to exercise appropriate leniency in considering how the coronavirus (COVID-19) may be negatively impacting adjudications for a security clearance or determination of trust," he wrote. COVID-19 may require government and contractor personnel to self-quarantine or tend to family members, which may cause them miss payments on things like rent, mortgage, credit cards, or other forms of debt.

In response, Evanina issued his March 23rd guidance, directing security officers to consider "mitigating factors," specifically if "loss of employment, a business downturn, unexpected medical emergency, a death, divorce or separation, clear victimization by predatory lending practices, or identity theft" results in financial problems, but in which security adjudicators deem that the cleared individual "acted responsibly under the circumstances." On Tuesday, the Defense Department announced that it would "continue to consider the 'whole person concept' when vetting personnel for positions of trust." Whole person in this regard means that no single trigger will automatically serve as disqualification—that security officers, as well as commanders and supervisors will be called upon to make judgments in cases of coronavirus-related indicators.

Steve Aftergood says the old criteria for trustworthiness and suspicion is probably obsolete anyhow. He questions whether some background investigator interviewing one's Kindergarten teacher yields much insight. "Old fashioned investigations, manual review of records and the processing of tips—the old kind of shoe leather review—is also increasingly infeasible and prone to failure," he says.

But he also questions whether continuous evaluation will get it right. "If someone does pay their credit card bills," he says, "that doesn't mean that they can't be entice or coerced" into espionage. Aftergood also worries that machines might provide a false sense of security. "If the data are missing or absent, security officers might confidently assume that they have their bases covered when they don't.

"The reality is this trend is not unique to government," Aftergood says. The general approach of this kind of continuous evaluation is all but certain to be applied in many other contexts from school admissions to private sector employment. "It is something that we are broadly all undergoing, whether that be in constant credit checks or social media scrutiny. We are increasingly being subjected to automated and ongoing evaluation. This is the world we are moving into."

According to Aftergood, it's entirely possible that some sort of continuous evaluation for health is likely to emerge from the coronavirus crisis, with health screening becoming what TSA screening became after 9/11.

"Already people who are getting off airplanes or crossing borders are immediately being tested for fever," he says. "It's another data set that lends itself to sorting and evaluation."

But Aftergood warns: "We need to stop the wheels of this automated process and think." It isn't just government continuous evaluation that is of concern, he says, but the entire world of automated systems that he says surrounds us.

"We're headed for a sort of science fiction dystopia ... a big brother system," Aftergood says, unless we set up vigorous systems of public oversight and outside review. "But we still have a choice—a choice that is going to shape the world of tomorrow."