Dozens of Security Clearance Reports FalsifiedOffice of Personnel Management IG Investigates Top Contractor
The federal government has identified dozens of cases of alleged falsification of reports submitted by investigators examining individuals being considered for security clearances.
See Also: IoT is Happening Now: Are You Prepared?
In testimony at a Senate hearing June 20, the inspector general of the Office of Personnel Management said there are 20 cases in which investigators - federal employees and contractors - were either found guilty or were about to plead guilty to falsifying security clearance reports. The office also is investigating dozens more cases, he said.
The hearing was called in the wake of revelations that former National Security Agency systems administrator Edward Snowden, who worked as a contractor for Booz Allen Hamilton, leaked information about top secret intelligence-gathering programs [see IT Tools Available to Stop NSA-Type Leak].
In a criminal complaint dated June 14, federal authorities have charged Snowden with theft of government property, unauthorized communications of national defense information and willful communications of classified communications intelligence information to an unauthorized person. News reports on June 24 say Snowden left Hong Kong over the weekend for Moscow and could be heading to Ecuador, where he would seek political asylum.
At that joint hearing of two subcommittees of the Homeland Security and Governmental Affairs Committee, OPM Inspector General Patrick McFarland confirmed the IG is conducting a criminal investigation of USIS, the largest contractor that conducts security-clearance investigations for the government.
Sen. Claire McCaskill, the Missouri Democrat who co-chaired the hearing, said the government knows Snowden received his clearance from USIS. "We know that their investigation encompasses the time he received his clearance," said McCaskill, chair of the Subcommittee on Financial & Contracting Oversight. "We need answers."
McFarland declined to provide details at the hearing on the IG's investigation of USIS.
USIS Unaware of Criminal Probe
In a statement issued after the hearing, USIS said it was never informed by the inspector general that the company was under a criminal investigation, adding that it complied with a January 2012 IG subpoena for records and has cooperated fully with the government's civil investigation.
USIS said in the statement: "Questions were raised as to whether USIS had conducted the initial background investigation, or a periodic reinvestigation, for the security clearance of Edward Snowden. USIS conducts thousands of background investigations annually for OPM and other government agencies. These investigations are confidential, and USIS does not comment on them."
Susan Ruge, the IG's associate counsel, told the Washington Post that USIS's review of Snowden's security clearance ended in April 2011 and that the IG began its probe of the firm later that year.
No Margin for Error
As of last year, about 3.5 million federal employees and 1.1 million government contractors held top security clearances. "Given the increasing number of folks with access to that information, we have a real problem on our hands if we can't get this right," said Sen. Jon Tester, D-Mont., who co-chaired the hearing with McCaskill. "There is no margin for error."
Most individuals holding top security clearances don't have the type of access to computer files that Snowden had. For example, military pilots who transport sensitive materials must gain security clearances.
Vetting individuals for top-secret security clearance is costly, topping $4,000 for each instance, according to the Government Accountability Office. A statement issued by McCaskill and Tester said OPM's security clearance and background investigations cost the federal government about $1 billion in 2012; that annual cost is expected to rise to $1.2 billion by 2014. They said OPM spends 46 percent of its funds on the contractors who perform investigations, adding that about 75 percent of all field investigators are contractors, an estimated 4,600 out of 6,200 in total.
McFarland, in his testimony, told the panel that the IG office had uncovered a number of falsifications of security-clearance investigation reports by federal employees and contractors who reported interviews that never occurred, recorded answers to questions that were never asked and documented records checks that were never conducted.
Since 2006, McFarland said, 18 background investigators and record searchers have been convicted of falsifying records, with a 19th investigator pleading guilty last month and a 20th investigator expected to plead guilty this month. The IG said his office is engaged in fabrication cases against nine other background investigators, with another 36 cases pending.
Of the 18 investigators convicted, 11 were federal employees and seven were contractors. Because of a lack of federal funding, McFarland said the IG's priority is to investigate federal employees, so these 18 cases do not necessarily reflect the rate of falsification based on employers. "If that background investigation is not thorough, accurate and reliable, then all other decisions made related to the issuance of the security clearance are suspect," he said.
The decision to grant a security clearance is made by government-employed adjudicators and not the background investigators.
Antiquated System Hindering Process
The way the federal government investigates security-clearance candidates makes the process ripe for possible falsification by some investigators, says Evan Lesser, who has closely followed the government's security-clearance apparatus since co-founding the employment site ClearanceJobs.com in 2002.
Lesser, ClearanceJobs.com managing director, characterizes investigators more as data collectors because they're required to stay close to an OPM script their given in their questioning. He says investigators go into the field with pencil and paper and not mobile computers or smart phones. The responses they receive are entered into an ancient DOS-based computer system, he says.
"If you look at some of the cases that have been brought against investigators who had falsified information, you often heard that they were under the gun and moving quickly in trying to get cases completed," Lesser tells Information Security Media Group.
Background investigators are inundated with new guidance and regulations, he says. "Like any group of people, you've got your bad apples. They're definitely a good group of people, no more or less patriotic than any other government employee or contractor. But their situation is somewhat unique by the fact that they do deal with antiquated technology, they do have high work loads and they're pressured to get things done quickly."
Age a Possible Factor
Lesser says the 30-year-old Snowden's age may have played a significant role with him getting top-security clearance [see NSA Won't Jettison Contractors, Yet].
"The younger the clearance applicant, the less financial history they have, the less foreign travel and foreign connections they have," Lesser says. "For older people, there's a lot more data. For younger people, there's just not whole out there.
"It's entirely possible that the USIS investigator who talked to Edward Snowden did his or her job 100 percent perfectly and by the book [but] they weren't able to get a whole lot of information about and from Mr. Snowden."