Like most people, I meant to read the Consolidated Appropriations Act of 2016, but couldn’t quite work the 887-page bill into my reading schedule. In my defense, the final bill was introduced the Friday before Christmas, passed, and signed into law the same day.  Now that Christmas, New Years, and Mardi Gras are over, however, I’ve had a little time to catch up on my back reading—a list I call “Alarming Laws Passed by a Power-Mad Government”—and I am sorry to report that the news is not good.

On page 673, under division M, title III, section 306 of the spending omnibus, a major addition was introduced to part III of title 5 of the United States Code by way of a new subpart J, chapter 110, section 11001. (You know: the popular sections.) If you hold a security clearance, you might want to sit down.

Your social media profiles are now fair game in the security clearance process. Congress and the president have declared that when performing a security review of cleared (or would-be cleared) individuals, security programs of agencies shall now be “enhanced” to integrate “relevant and appropriate information from various sources, including government, publicly available and commercial data sources, consumer reporting agencies, social media and such other sources as determined by the Director of National Intelligence.” All cleared individuals will be subjected to the same social media gauntlet “not less than 2 times every 5 years.”

THE BIG PROBLEM

The items comprising the above list, according to the law, are not clarified as being “limited to,” but rather, “may include.”  Legally speaking, this gives investigators massive amounts of discretion.  According to Kel McClanahan, executive director of National Security Counselors, a non-profit law firm that specializes in issues of privacy and government secrecy, “The purpose of a security investigation is to find out what a person’s level of risk is for divulging classified information.”  A credit record can reveal if someone has financial problems that someone might offer to help with in exchange for secrets.  A criminal record uncovers a history of breaking the law.  When investigators speak with an applicant’s employers, they can learn whether or not the person is trustworthy. Monitoring social media, however, only gives insight into how someone communicates with friends—especially if he or she restricts posts to those friends. “Allowing agencies to insist that employees allow them access to social media accounts is no different than allowing them to insist that employees wear bugs at all times.”

Here’s the troubling part, if you’re not troubled already: “Publicly available” data sources and “social media” are not considered the same thing.  McClanahan says, “There is nothing in this law that prevents CIA from requiring that all of its employees give the Security Office all their social media passwords, and in fact it pretty much encourages it.  That’s why there is a distinction drawn between ‘publicly available’ information and social media.”

To be clear: It is reasonable to assume that your utterances in the public square are fair game.  If you hold a clearance while also being a vocal, public supporter of Boko Haram, the government needs—indeed, has an obligation—to know. If you’re texting known ISIS agents in the U.S., the government should know that too, and probably does. (The Foreign Intelligence Surveillance Court has seen to that.) But if you’re sending a private Facebook message to Grandma expressing reservations at the legitimacy of American exploits overseas, not only is that message fair game for investigators, but you are instantly suspect.

This is because the law doesn’t call for searches of random samplings of the clearance-holding community.  Rather, it requires forays into the Facebook profiles of every clearance holder.  It is a virtual impossibility for agencies to investigate so intimately each of its employees while still having time to investigate actual bad guys.  This almost certainly means computers will be applied to the problem.  As revealed by the Washington Post last month, law enforcement agencies now use powerful computers to search “billions of data points, including arrest reports, property records, commercial databases, deep web searches and social-media postings.”  After crunching numbers, the computer generates a “threat level score.”  How is your score calculated?  That’s a secret. But even if your troubling letter to Grandma doesn’t trigger the SWAT team, it does flag your account for further study.

WHAT IS PUBLIC?

The very nature of social media means you’ve surrendered some measure of privacy.  But it is fair to argue that in 2016, Facebook is as much a public utility—if not more of a public utility—as a home telephone.  It’s how we reach our families and reconnect with old friends.  Even after all these decades, there’s no reliable way to find someone’s email address.  It takes three seconds, however, to track down someone on LinkedIn account or Facebook profile, and to connect and correspond.  It’s a wonderful, powerful tool that has transformed the lives of millions for the better.  But it lacks protection from government intrusion.

“Frankly,” says McClanahan, “I think that the only reason they make the distinction [between social media and traditional means of communication] is because these policymakers didn’t grow up with Facebook or Instagram, and so they view it as something new and different, when in fact checking someone’s private social media accounts as part of a security investigation in 2016 is the exact same as opening their mail in 1956 or tapping their phone in 1986.”

Few would argue that the government should sit-out social media entirely when it comes to the clearance process. Investigators and clearance adjudicators are patriots doing their jobs, just as clearance holders are patriots doing theirs.  Regardless of one’s feelings on the matter, investigators are obliged to find the Chelsea Mannings and Edward Snowdens of the world.  It’s their job.  The problem resides in boundaries and protections.

“Bottom line,” according to McClanahan, “the DNI has an opportunity now to do the right thing and make a rule that says ‘The term social media will apply to any information an employee publicly posts on his or her account’….It’s still a little Orwellian, kind of like following the employee around public spaces with a boom mic, but there’s no legal impediment to it if it’s publicly available. But if he decides that the social media that agencies are allowed to use is not limited to public postings, then we have a major problem.”

Until such policies are clarified, how do you protect yourself from some foolish, life-ruining message on Facebook?  For starters, you can avoid social media entirely. (Indeed, you should avoid social media, if only so that your personal thoughts aren’t archived by corporate behemoths and sold as a commodity.)  Beyond that, it’s not a terrible idea to take the same tact on social media that uniformed soldiers are asked to take with respect to politics: Don’t endorse and don’t get involved.  While we all feel like our opinions are the most important opinions, an angry post on Facebook is not going to change the American political system.  In years past, a political rant might cost you a few friends.  Now it might cost you your job.  It’s not worth the risk.

Until investigators are given firm boundaries with respect to what is disallowed in a clearance investigation, if you want to argue politics and criticize the finer points of our foreign policy, that’s what Thanksgiving Dinner is for.

Related News

David Brown is a regular contributor to ClearanceJobs. His most recent book, THE MISSION (Custom House, 2021), is now available in bookstores everywhere in hardcover and paperback. He can be found online at https://www.dwb.io.