Leak case shows secrets no longer secure

More than 4.9M Americans have access to secret and confidential material, including about 582,500 private contractors.


By the numbers

3.5 million: Employees in U.S. with “confidential/secret” security clearance.

1.41 million: Employees in U.S. with “top secret security clearance.

791,200: Government employees with top secret clearance.

483,263: Contract employees with top secret clearance.

Source: 2012 report from the Office of the director of National Intelligence

The leak of sensitive documents by a computer analyst who worked for a private defense contractor has triggered a debate over whether Americans are put at risk by the sheer number of people who have access to sensitive national intelligence information.

“We’re very concerned about the trend in government to out-source what we consider inherently governmental functions,” said Joe Newman, spokesman for the Project on Government Oversight. “There’s just been too many cases of contractors not performing well to make us comfortable with the amount of outsourcing that’s taking place in these critical areas of national security.”

More than 4.9 million Americans have access to secret and confidential material, including about 582,500 private contractors, according to a January 2013 report from the Office of the Director of the National Intelligence. About 1.4 million Americans have top secret clearance, and about one-third of them are contractors, the report said.

In the Dayton area, 47 companies have security clearances to work at Wright-Patterson Air Force Base, according to base spokesman Brian Brackens.

One person with access can potentially expose the government’s biggest secrets. Some U.S. contractors with security clearances have proven unreliable after being caught committing crimes, abusing drugs and improperly e-mailing classified information to a personal computer and e-mail account, according to decisions from appeals hearings for security clearance.

Critics said private contracting firms are motivated by profits and not as accountable to taxpayers. They also claim private contractors do not have the same channels as federal employees to raise legal or moral objections to their work. Federal security workers, for example, can make complaints to the inspector general or Congress when they feel wrongdoing has occurred.

But private contractors say they go through the same security clearance process as government employees, and face the same penalties for unlawful disclosures.

“The increase in risk has nothing to do with contractors, but (with the increase in) people who have clearances,” said Stan Soloway, president and chief executive officer of the trade group Professional Services Council in Arlington, Va.

Breaches rare

Leaks and security breaches are very rare, and often come from government employees, according to Soloway. Since the Sept. 11, 2001, terrorist attacks, the government has had one case of a contractor employee found responsible for “a significant security breach,” said Soloway.

“There’s just no evidence” a security clearance to a contract employee increases risk to national security, he said.

Christopher W. Quillen, director of operations at the Advanced Technical Intelligence Center in Beavercreek, said he finds it ironic no one has questioned the patriotism of soldiers after Army Pfc. Bradley E. Manning was put on trial for leaking diplomatic cables.

Yet, he said, as details emerge about the Edward Snowden case, defense contractors are scrutinized as if they are the problem.

The now-fired Snowden was a computer analyst for the defense contractor Booz Allen Hamilton when he reportedly accessed and then exposed a massive surveillance program that he learned about while working at the National Security Agency.

“The vast majority of contractors have served in the military,” Quillen said. “Their patriotism remains the same, their dedication remains the same, so I’m bothered by the notion that we have to question their patriotism just because one guy decided to reveal classified information.”

Defense contractors perform a wide variety of technical and analytical tasks for government agencies, and they often provide those agencies with the skilled workers they need, said Richard Harknett, head and associate professor of international relations in the political science department at the University of Cincinnati.

Using contractors enables government agencies to be more “nimble” because they do not need to train, hire and fire staff, experts said. Many private contractors are former federal employees, and vice-versa.

Quillen said he was an Army signals intelligence analyst and a CIA analyst before he entered the private sector. “I’m the same person no matter what job I’m in or what role I’m performing,” he said.

Officials at the National Air and Space Intelligence Center at Wright-Patterson Air Force Base say contractors are invaluable for the work they do at the base. At NASIC, employees are vetted through the Air Force Central Adjudication Facility before they are allowed to work at the agency, said James Lunsford, an agency spokesman.

The center has more than 3,000 military, civil service and contractor employees who analyse intelligence data and share their findings at all levels of government, from soldiers in the field to the White House.

“I have full faith in our contractor workforce,” Col. Aaron M. Prupas, NASIC commander. He added that a security clearance does not give access to all classified information.

“There is a ‘need to know’ requirement that must be met. Additionally, everyone with a clearance — contractor, civilian and military — is obligated to protect and safeguard our nation’s secrets,” he said in a statement.

At Wright-Patterson, contractors submit to the same clearance process for access to classified information as military and civil service employees, and they must go through “periodic re-investigations and regular training to ensure they are current on regulations and procedural requirements,” Wright-Patterson spokesman Daryl Mayer said in an email.

Potent threats

Booz Allen, which provides technology consultation and cybersecurity services and has an office in Dayton, is one of the largest defense contractors in the nation, earning $5.8 billion in fiscal year 2012 and boasting about 25,000 employees, according to the company’s annual report.

In January 2010, Booz Allen said it had a staff of about 300 employees in Dayton who primarily supported the military market.

Most of the company’s revenues come from government contracts, and many of its employees have top secret security clearance.

Snowden, 29, who previously worked for the CIA, acknowledged leaking sensitive documents to the media showing that the NSA operates a secret surveillance program that collects and monitors many electronic communications. He also said he would disclose more secrets, and that he went to Hong Kong to “reveal criminality.”

House Speaker John Boehner, R-West Chester Twp., last week was among many lawmakers who referred to Snowden as a “traitor.”

Harknett said Snowden’s case shows that the most potent threats to computer networks operated by governments and corporations are people on the inside.

“It is not clear at all right now how he had access to this information,” he said. “It seems he should not have had access to it at his level, so either he hacked systems from the inside or he was given access through loose rules/protocols or material was not handled properly and he got access.”

Many details of the leak are unknown, but “the suggestion is that Booz Allen may have been caught napping by how easily Snowden got into all kinds of compartments that he should have been kept out of,” said Charles Tiefer, a law professor at the University of Baltimore School of Law.

Unless Booz Allen can prove it was not at fault for Snowden’s actions, the company should be punished by losing government contracts in the future, Tiefer said. The case should also make the government re-evaluate its growing dependence on private contractors, he said.

But that wouldn’t be easy to accomplish, and may not even be advisable. Deborah Gross, executive director of the Dayton Area Defense Contractors Association, said contractor employees are no less loyal to the purpose behind their jobs than civil service or military workers.

“I think they are every bit as dedicated, committed and patriotic as our civil service or anybody else,”said Gross, who has worked as a software manager at Wright-Patterson. In the security clearance process, people are thoroughly vetted for a job, she said.

“If they didn’t we would have seen a lot of bad things way before now,” she said.

Unpredictable individuals

The sheer number of private contractors with high levels of security access means there are some who are may not be deserving of the clearance. In 2013, dozens of contractors nationwide lost their appeals to retain their security clearance because they cheated on their taxes, paid prostitutes for sex, abused street drugs, lied on their applications for clearance, stole money, made questionable foreign contacts and e-mailed classified information to unauthorized personal accounts and computers.

“Much of this is just that humans are not always predictable, even those with a security clearance,” said Mark Stockman, associate professor of information technology at the University of Cincinnati. “Snowden is an individual and individuals are sometimes unpredictable.”

If the government cut back on contractors, it would mean the government would need to hire its own employees to do the work, Stockman said. And because of the nature of the work and technical requirements, the employees they would hire would be many of the same people who are currently government contractors, he said.

Snowden would not have been less likely to leak the information he did if he directly worked for the NSA instead of a contractor, Stockman said.

When the government issues a security clearance to a U.S. citizen it is taking a calculated risk, and everyone with clearance has access to national security information that they have a duty to protect, said Evan Lesser, managing director of ClearanceJobs.com, a company that helps U.S. citizens with security clearance find work with federal agencies and contractors.

Private contractors go through the same clearance process as federal employees, and the federal government has used contractors to provide products and services since the formation of the United States, Lesser said.

“It is a little bit of a fallacy to cast all contractors in a negative light and say government employees are inherently better, because the only real difference is where their paychecks come from,” Lesser said.

Lesser and others said there are always “bad apples” among any large group of employees, regardless of whether they work for the public or private sector.

“Unauthorized disclosure of classified information is a problem that will exist as long as there is classification of information …,” said Barbara Duncombe, a partner at Taft Stettinius & Hollister LLP. “(We) shouldn’t use one high-profile incident to cast doubt on tens of thousands of government contractors, many of whom are former service-members or government employees, who serve their country every day.”

About the Author