U.S. intelligence officials are planning a sweeping system of electronic monitoring that would tap into government, financial and other databases to scan the behavior of many of the 5 million federal employees with secret clearances, current and former officials told The Associated Press.
The system is intended to identify rogue agents, corrupt officials and leakers, and draws on a Defense Department model under development for more than a decade, according to officials and documents reviewed by the AP.
Intelligence officials have long wanted a computerized system that could continuously monitor employees, in part to prevent cases similar to former National Security Agency analyst Edward Snowden.
An administration review of the government’s security clearance process due this month is expected to support continuous monitoring as part of a package of comprehensive changes.
Privacy advocates and government employee union officials expressed concerns that continuous electronic monitoring could intrude into individuals’ private lives, prompt flawed investigations and put sensitive personal data at greater risk.
Workers with secret clearances are already required to undergo background checks of their finances and private lives before they are hired and again during periodic re-investigations.
“What we need is a system of continuous evaluation where when someone is in the system and they’re cleared initially, then we have a way of monitoring their behavior, both their electronic behavior on the job as well as off the job,” Director of National Intelligence James Clapper told Congress last month.
Clapper provided lawmakers with few details but said the proposed system would extend “across the government,” drawing on “six or seven data streams.” Monitoring of employees at some agencies could begin as early as September and be fully operational across the government by September 2016. The price tag, Clapper conceded, “is going to be costly.”
In separate comments last week, retiring NSA Director Keith Alexander said intelligence, Defense and Cyber Command officials are collaborating on “insider threat” planning. Recently declassified federal documents show that the NSA is already conducting electronic monitoring of agency staffers involved in surveillance operations.
Budget documents released this week show the Pentagon requesting nearly $9 million next year for its insider threat-related research.
Current and former officials familiar with the DNI’s planning said the monitoring system will collect records from multiple sources of information about employees. They will use private credit agencies, law enforcement databases and threat lists, military and other government records, licenses, data services and public record repositories. During random spot checks, the system’s software will sift through the data to spot unusual behavior patterns.
The system could also link to outside databases to flag questionable behavior, said the officials, who spoke anonymously because they were not authorized to publicly discuss the plans. Investigators will analyze the information along with data separately collected from social media and, when necessary, polygraph tests, officials said.
The proposed system would mimic monitoring systems already in use by the airline and banking industries, but it most closely draws from a 10-year-old Pentagon research project known as the Automated Continuous Evaluation System, officials said. The ACES program, designed by researchers from the Monterey, Calif.,-based Defense Personnel and Security Research Center and defense contractor Northrop Grumman, has passed several pilot tests but is not yet in full operation.
The ACES project and clearance-related Defense Department research cost more than $84 million over the past decade, documents show.
Gene Barlow Jr., a spokesman for the Office of the National Counterintelligence Executive, the DNI agency coordinating the system’s development, said ACES and any other internal monitoring systems developed by federal agencies “will align and integrate” with the DNI’s “Continuous Evaluation Solution.” The DNI’s system would extend across the executive branch, he said.
Clapper and other senior administration officials cited the ACES program in a February 2010 report laying out the government’s plan for improving security clearances. Former Adm. Mike McConnell, who headed the DNI during the Bush administration, was an early proponent of electronic monitoring research.
“If one guy has a Jaguar on a (government) GS-12 salary, that’s a red flag,” McConnell said.
According to project documents, ACES links to up to 40 databases. While many are government and public data streams already available, ACES also taps into the three major credit agencies — Experian, Equifax and Trans Union.
One former official familiar with ACES said researchers considered adding records from medical and mental health files but due to privacy concerns left that decision unresolved for policy makers.
A federal official acknowledged that outside contractors would likely be used to support electronic monitoring. It was not clear whether Northrop Grumman, the company that helped develop ACES, would have a role in its government-wide deployment.
Critics worry about the potential misuse of personal information. Private contractors supporting the monitoring system would have access to sensitive data. Credit agencies and other outside data sources would know the identities of government employees under scrutiny.
“The problem is you’re spreading all this private data around to more and more people, both inside and outside,” said David Borer, general counsel for the American Federation of Government Employees.
Lee Tien, a senior staff attorney with the Electronic Freedom Foundation, a civil liberties group, said workers’ free speech, political allegiances and outside activities could be chilled under the threat of constant monitoring. Some workers might face scrutiny because of inaccurate reporting, Tien said.
Officials familiar with the DNI’s system said internal guidelines, audits, encryption and other precautions built into the proposal were designed to minimize abuses of private information. A 2007 Homeland Security review of the ACES project concluded that “the system contains security and procedural controls to ensure that data is made available to only those with a legitimate need as defined by the underlying legal authorities.”
Congressional officials said the DNI already has sufficient permission under U.S. law to launch the new electronic monitoring on its own, but a bill recently introduced by Sen. Susan Collins, R-Maine, would provide additional legal support. Collins’ bill calls for at least two random computerized reviews every five years for each of the 5 million government workers with a secret clearance.
Intelligence community veterans said electronic monitoring was designed to detect lavish spending and discipline problems that can go undetected during the years between a worker’s first background check and re-investigation — every 5 or 10 years, depending on the clearance level.
The Intelligence and National Security Alliance, a consortium of public and private national security interests, called for continuous monitoring in a new report released last week.