There continues to be an ongoing debate, and behind the scenes “political maneuvering”, with regard to how continuous evaluation (CE) information will be used to support the current investigative process. Fundamentally, it is pretty clear that implementing aperiodic checks of adjudicately relevant automated record sources during the current 5 to 10 year “information blackout period” between periodic reinvestigations (PR) can help close potentially dangerous information gaps that exist under the current personnel security program. However, there is a serious divergence of opinion developing on whether CE is an augmentation of the current investigative standards or CE will ultimately replace PRs.
The Office of the Director National Intelligence (ODNI), as the Security Executive Agent (SecEA), in accordance with E.O. 13467, is responsible for developing policies, standards, and guidance for establishing CE programs for the intelligence community and Federal Partners, and coordinates, align, and integrate their CE activities. The ODNI stated position is that continuous evaluation will augment, not replace, established personnel security processes. As defined by the ODNI, “CE is a personnel security investigative process that leverages an “automated record check” methodology and applies standardized business rules to identify adjudicatively relevant information to assess cleared individuals’ ongoing eligibility for access to classified information.” CE supplements the periodic reinvestigation security clearance process and provides insight into insider threat programs.
Despite the Security Executive Agent’s clear position on CE, the Department of Defense (DoD), has openly challenged that position by stating their view is that CE will eventually replace periodic reinvestigations. DoD senior leadership recently indicated that they hope once CE is fully implemented, the need for PRs will disappear altogether. In fact, during the recent GAO review, “Plans needed to fully implement and oversee continuous evaluation of clearance holders”, DoD told GAO “that with workload and funding issues, they see no alternative but to replace periodic reinvestigations for certain clearance holders with continuous evaluation, as the record checks conducted are the same for both processes.” Unfortunately, since “the ODNI has not yet formalized the continuous evaluation program through a Security Executive Agent Directive (SEAD),” it leaves the door open for others to try and set the future policy on the use and implementation for CE.
What are the current components of a clearance investigation?
To help evaluate the feasibility for replacing PRs exclusively with CE automated record checks, understanding the investigation components and the current method for completing these investigative leads is needed. The chart below, generally, outlines the type of information necessary to meet the federal investigative standards and the collection processes used to collect that information.
A = Automated, I = Inquiry/Voucher, R = Record (Field or Centralized Leads), P = Personal (Field)
|Type of information||Secret||Top Secret|
|Criminal History Record||A / R / P||A / R / P|
|National agency checks||A / R||A / R|
|Local agency checks||I / R||R|
|Date and place of birth||R|
|Education||I||R / P|
|Employment||I||R / P|
|References||I||R / P|
|National agency checks for spouse or cohabitant||A/ R|
|Neighborhoods||I||R / P|
|Enhanced Subject Interview||P
When information collection methodologies require multiple methods for collection, it typically indicates that the information needed is in many formats, both hardcopy and electronic, and distributed, not centralized. One stop shop for collection through automation is not possible.
Case in point, the federal investigative standards require that criminal history record information (CHRI) checks be accomplished where the subject has lived, worked, and gone to school. Additionally, investigative activity during the course of the background investigation may generate additional leads for other CHRI checks to be accomplished. As shown (above), federal background investigation service providers use a variety of methods to conduct law enforcement record searches at the Federal, State, and local level. CHRI checks can be performed using three methods: (1) electronic database searches of repositories; (2) mailed or faxed inquiries; and/or (3) in-person engagements with law enforcement agencies. With over 18,000 law enforcement agencies across the country, it is not hard to believe that there is “no single collection method that provides full and complete CHRI for each State or jurisdiction”, so a combination must be used to achieve the most comprehensive coverage.
Of the approximately 2.8 million law enforcement record checks accomplished each year, only about 40% can be completed via automated databases through the International Justice and Public Safety Network (NLETS) and statewide systems. The remaining leads are accomplished through in-person contacts with law enforcement agencies, mailed or faxed inquiries, or court checks in lieu of law checks (Task Force on Records Access for Security Clearance Background Investigations Report to Congress, May 2014).
Before we could replace PRs with CE automated record checks, three broad assumptions would have to be true:
1) All repositories would have to have electronic records that contain full, complete, and up to date information regarding the subject.
2) All adjudicatively relevant information relating to the subject’s character and conduct must reside in an accessible electronic database.
3) SecEA would have to be willing to change the federal investigative standards to align with data accessible through automated means, versus collecting information that addresses the 13 adjudicative elements.
The fact is, federal, commercial, state, and local record repositories vary dramatically on the level of reliability and completeness of information they contain. Allowing the periodic reinvestigation process to rely entirely on results obtained only through the use of automated records checks would create significant information gaps and leave critically important, adjudicatively relevant information undiscovered, consequently increasing the risk to our classified information, facilities, IT systems, and personnel.