21 June 2013
Insider Threat Program: Leaks to Media=Espionage
Posted on Thursday, June 20, 2013
Obamas crackdown views leaks as aiding enemies of U.S.
By Marisa Taylor and Jonathan S. Landay | McClatchy Washington Bureau
WASHINGTON Even before a former U.S. intelligence contractor exposed
the secret collection of Americans phone records, the Obama administration
was pressing a government-wide crackdown on security threats that requires
federal employees to keep closer tabs on their co-workers and exhorts managers
to punish those who fail to report their suspicions.
President Barack Obamas unprecedented initiative, known as the Insider
Threat Program, is sweeping in its reach. It has received scant public attention
even though it extends beyond the U.S. national security bureaucracies to
most federal departments and agencies nationwide, including the Peace Corps,
the Social Security Administration and the Education and Agriculture departments.
It emphasizes leaks of classified material, but catchall definitions of
insider threat give agencies latitude to pursue and penalize
a range of other conduct.
Government documents reviewed by McClatchy illustrate how some agencies are
using that latitude to pursue unauthorized disclosures of any information,
not just classified material. They also show how millions of federal employees
and contractors must watch for high-risk persons or behaviors
among co-workers and could face penalties, including criminal charges, for
failing to report them. Leaks to the media are equated with espionage.
Hammer this fact home . . . leaking is tantamount to aiding the enemies
of the United States, says a June 1, 2012, Defense Department strategy
for the program that was obtained by McClatchy.
The Obama administration is expected to hasten the programs implementation
as the government grapples with the fallout from the leaks of top secret
documents by Edward Snowden, the former National Security Agency contractor
who revealed the agencys secret telephone data collection program.
The case is only the latest in a series of what the government condemns as
betrayals by trusted insiders who have harmed national security.
Leaks related to national security can put people at risk, Obama
said on May 16 in defending criminal investigations into leaks. They
can put men and women in uniform that Ive sent into the battlefield
at risk. They can put some of our intelligence officers, who are in various,
dangerous situations that are easily compromised, at risk. . . . So I make
no apologies, and I dont think the American people would expect me
as commander in chief not to be concerned about information that might compromise
their missions or might get them killed.
As part of the initiative, Obama ordered greater protection for whistleblowers
who use the proper internal channels to report official waste, fraud and
abuse, but thats hardly comforting to some national security experts
and current and former U.S. officials. They worry that the Insider Threat
Program wont just discourage whistleblowing but will have other grave
consequences for the publics right to know and national security.
The program could make it easier for the government to stifle the flow of
unclassified and potentially vital information to the public, while creating
toxic work environments poisoned by unfounded suspicions and spurious
investigations of loyal Americans, according to these current and former
officials and experts. Some non-intelligence agencies already are urging
employees to watch their co-workers for indicators that include
stress, divorce and financial problems.
It was just a matter of time before the Department of Agriculture or
the FDA (Food and Drug Administration) started implementing, Hey,
lets get people to snitch on their friends. The only thing they
havent done here is reward it, said Kel McClanahan, a Washington
lawyer who specializes in national security law. Im waiting for
the time when you turn in a friend and you get a $50 reward.
The Defense Department anti-leak strategy obtained by McClatchy spells out
a zero-tolerance policy. Security managers, it says, must reprimand
or revoke the security clearances a career-killing penalty
of workers who commit a single severe infraction or multiple lesser breaches
as an unavoidable negative personnel action.
Employees must turn themselves and others in for failing to report breaches.
Penalize clearly identifiable failures to report security infractions
and violations, including any lack of self-reporting, the strategic
The Obama administration already was pursuing an unprecedented number of
leak prosecutions, and some in Congress long one of the most prolific
spillers of secrets favor tightening restrictions on reporters
access to federal agencies, making many U.S. officials reluctant to even
disclose unclassified matters to the public.
The policy, which partly relies on behavior profiles, also could discourage
creative thinking and fuel conformist group think of the kind
that was blamed for the CIAs erroneous assessment that Iraq was hiding
weapons of mass destruction, a judgment that underpinned the 2003 U.S. invasion.
The real danger is that you get a bland common denominator working
in the government, warned Ilana Greenstein, a former CIA case officer
who says she quit the agency after being falsely accused of being a security
risk. You dont get people speaking up when theres wrongdoing.
You dont get people who look at things in a different way and who are
willing to stand up for things. What you get are people who toe the party
line, and thats really dangerous for national security.
Obama launched the Insider Threat Program in October 2011 after Army Pfc.
Bradley Manning downloaded hundreds of thousands of documents from a classified
computer network and sent them to WikiLeaks, the anti-government secrecy
group. It also followed the 2009 killing of 13 people at Fort Hood, Texas,
by Army Maj. Nidal Hasan, an attack that federal authorities failed to prevent
even though they were monitoring his emails to an al Qaida-linked Islamic
An internal review launched after Mannings leaks found wide
disparities in the abilities of U.S. intelligence agencies to detect
security risks and determined that all needed improved defenses.
Obamas executive order formalizes broad practices that the intelligence
agencies have followed for years to detect security threats and extends them
to agencies that arent involved in national security policy but can
access classified networks. Across the government, new policies are being
There are, however, signs of problems with the program. Even though it severely
restricts the use of removable storage devices on classified networks, Snowden,
the former NSA contractor who revealed the agencys telephone data
collection operations, used a thumb drive to acquire the documents he leaked
to two newspapers.
Nothing thats been done in the past two years stopped Snowden,
and so that fact alone casts a shadow over this whole endeavor, said
Steven Aftergood, director of the non-profit Federation of American
Scientists Project on Government Secrecy. Whatever theyve
done is apparently inadequate.
U.S. history is replete with cases in which federal agencies missed signs
that trusted officials and military officers were stealing secrets. The CIA,
for example, failed for some time to uncover Aldrich Ames, a senior officer
who was one of the most prolific Soviet spies in U.S. history, despite
polygraphs, drunkenness, and sudden and unexplained wealth.
Stopping a spy or a leaker has become even more difficult as the government
continues to accumulate information in vast computer databases and has increased
the number of people granted access to classified material to nearly 5 million.
Administration officials say the program could help ensure that agencies
catch a wide array of threats, especially if employees are properly trained
in recognizing behavior that identifies potential security risks.
If this is done correctly, an organization can get to a person who
is having personal issues or problems that if not addressed by a variety
of social means may lead that individual to violence, theft or espionage
before it even gets to that point, said a senior Pentagon official,
who requested anonymity because he wasnt authorized to discuss the
Manning, for instance, reportedly was reprimanded for posting YouTube messages
describing the interior of a classified intelligence facility where he worked.
He also exhibited behavior that could have forewarned his superiors that
he posed a security risk, officials said.
Jonathan Pollard, a former U.S. Navy intelligence analyst sentenced in 1987
to life in prison for spying for Israel, wasnt investigated even though
hed failed polygraph tests and lied to his supervisors. He was caught
only after a co-worker saw him leave a top-secret facility with classified
If the folks who are watching within an organization for that insider
threat the lawyers, security officials and psychologists can
figure out that an individual is having money problems or decreased work
performance and that person may be starting to come into the window of being
an insider threat, superiors can then approach them and try to remove that
stress before they become a threat to the organization, the Pentagon
The program, however, gives agencies such wide latitude in crafting their
responses to insider threats that someone deemed a risk in one agency could
be characterized as harmless in another. Even inside an agency, one
managers disgruntled employee might become anothers threat to
Obama in November approved minimum standards giving departments
and agencies considerable leeway in developing their insider threat programs,
leading to a potential hodgepodge of interpretations. He instructed them
to not only root out leakers but people who might be prone to violent
acts against the government or the nation and potential
The Pentagon established its own sweeping definition of an insider threat
as an employee with a clearance who wittingly or unwittingly
harms national security interests through unauthorized
disclosure, data modification, espionage, terrorism, or kinetic actions resulting
in loss or degradation of resources or capabilities.
An argument can be made that the rape of military personnel represents
an insider threat. Nobody has a model of what this insider threat stuff is
supposed to look like, said the senior Pentagon official, explaining
that inside the Defense Department there are a lot of chiefs with their
own agendas but no leadership.
The Department of Education, meanwhile, informs employees that co-workers
going through certain life experiences . . . might turn a trusted user
into an insider threat. Those experiences, the department says in a
computer training manual, include stress, divorce, financial
problems or frustrations with co-workers or the organization.
An online tutorial titled Treason 101 teaches Department of
Agriculture and National Oceanic and Atmospheric Administration employees
to recognize the psychological profile of spies.
A Defense Security Service online pamphlet lists a wide range of
reportable suspicious behaviors, including working outside of
normal duty hours. While conceding that not every behavior represents
a spy in our midst, the pamphlet adds that every situation needs
to be examined to determine whether our nations secrets are at risk.
The Defense Department, traditionally a leading source of media leaks, is
still setting up its program, but it has taken numerous steps. They include
creating a unit that reviews news reports every day for leaks of classified
defense information and implementing new training courses to teach employees
how to recognize security risks, including high-risk and
disruptive behaviors among co-workers, according to Defense
Department documents reviewed by McClatchy.
Its about peoples profiles, their approach to work, how
they interact with management. Are they cheery? Are they looking at Salon.com
or The Onion during their lunch break? This is about The Stepford
Wives, said a second senior Pentagon official, referring to online
publications and a 1975 movie about robotically docile housewives. The official
said he wanted to remain anonymous to avoid being punished for criticizing
The emphasis on certain behaviors reminded Greenstein of her employee orientation
with the CIA, when she was told to be suspicious of unhappy co-workers.
If someone was having a bad day, the message was watch out for them,
Some federal agencies also are using the effort to protect a broader range
of information. The Army orders its personnel to report unauthorized disclosures
of unclassified information, including details concerning military facilities,
activities and personnel.
The Peace Corps, which is in the midst of implementing its program, takes
very seriously the obligation to protect sensitive information, said
an email from a Peace Corps official who insisted on anonymity but gave no
reason for doing so.
Granting wide discretion is dangerous, some experts and officials warned,
when federal agencies are already prone to overreach in their efforts to
control information flow.
The Bush administration allegedly tried to silence two former government
climate change experts from speaking publicly on the dangers of global warming.
More recently, the FDA justified the monitoring of the personal email of
its scientists and doctors as a way to detect leaks of unclassified information.
But R. Scott Oswald, a Washington attorney of the Employment Law Group, called
the Obama administration a friend to whistleblowers, saying it
draws a distinction between legitimate whistleblowers who use internal systems
to complain of wrongdoing vs. leakers, who illegally make classified information
There are numerous cases, however, of government workers who say theyve
been forced to go public because theyve suffered retaliation after
trying to complain about waste, fraud and abuse through internal channels
or to Congress. Thomas Drake, a former senior NSA official, was indicted
in 2010 under the Espionage Act after he disclosed millions of dollars in
waste to a journalist. Hed tried for years to alert his superiors and
Congress. The administration eventually dropped the charges against him.
The Pentagon, meanwhile, declined to answer how its insider threat program
would accommodate a leak to the news media like the Pentagon Papers, a top-secret
history of U.S. involvement in Vietnam that showed how successive administrations
had misled the public and Congress on the war.
The danger is that supervisors and managers will use the profiles for
Disgruntled Employees and Insider Threats to go after
legitimate whistleblowers, said the second Pentagon official. The
executive order says you cant offend the whistleblower laws. But all
of the whistleblower laws are about retaliation. That doesnt mean you
cant profile them before theyre retaliated against.
Greenstein said she become the target of scrutiny from security officials
after she began raising allegations of mismanagement in the CIAs operations
in Baghdad. But she never leaked her complaints, which included an allegation
that her security chief deleted details about safety risks from cables. Instead,
she relied on the agencys internal process to make the allegations.
The CIA, however, tried to get the Justice Department to open a criminal
case after Greenstein mentioned during a polygraph test that she was writing
a book, which is permitted inside the agency as long as it goes through
pre-publication review. The CIA then demanded to see her personal computers.
When she got them back months later, all that shed written had been
deleted, Greenstein said.
They clearly perceived me as an insider threat, said Greenstein,
who has since rewritten the book and has received CIA permission to publish
portions of it. By saying I have a problem with this place and
I want to make it better, I was instantly turned into a security
threat, she said. The CIA declined to comment.
Email: mtaylor[at]mcclatchydc.com, jlanday[at]mcclatchydc.com