Has “the perfect become the enemy of the good” with regard to cross-government continuous evaluation (CE) implementation? A number of different factors have led to delays on the implementation of a cross government solution. In my experience, having participated in numerous personnel security reform and CE working group meetings, the two primary delays have been due to ownership “rice bowl” issues, and because some circles believed CE was something new, requiring different processes and systems to be accomplished.
As outlined in my prior article on the status of CE and how we got here, today multiple agencies are creating their own automated record checks (ARC) systems (ODNI, DoD, State, etc.). The current ODNI concept of operations allows for departments and agencies to choose from four CE automated record check solutions. The decentralized approach regrettably has already resulted in implementation delays (increasing the risk to national security), while growing cost through system fragmentation, overlap, and duplication.
You Can’t Close All Gaps in Continuous Evaluation
It does not matter how much time the government takes to work through the implementation for CE, the final solution will never identify 100% of the possible issues that might arise between investigations. Reality check: the quality, completeness, and accessibility of record repositories does not change that often, especially those available through automated means.
For example, following the Navy Yard shooting, section 907 (f) of the 2014 National Defense Authorization Act (NDAA) established the Record Access Task Force to look at the ongoing challenges relating to quality, completeness, and accessibility of criminal history record information (CHRI). Specifically, the task force looked at law enforcement agencies record collection and dissemination standards and practices. They discovered that inconsistent record collection and content standards, across almost 18,000 law enforcement agencies nationwide, make it difficult to ensure that complete and relevant CHRI is obtained. Even CHRI searches conducted using biometric data (fingerprints, etc.) and biographic (name based) checks will miss relevant criminal history information.
Knowing that there are no perfect solutions, what would be the next best thing to do? How could the federal government implement a 70% CE solution across government quickly?
CE is not rocket science. If you look at CE as an augmentation to the current background investigations program…automated record checks being performed for initials and PRs can also be used on an aperiodic basis to support CE. Additionally, the federal government already has the systems, processes, and automation in place to implement a substantive CE solution. For example, the National Background Investigations Bureau (NBIB), already has the procedures and systems in place to conduct millions of automated record checks annually; obtain the results; document the results; notify agencies of their results, and follow up to ensure an adjudicative review has been conducted on the new information. With CE being just an aperiodic amplification and enhancement to the personnel security processes already in place today, CE can be implemented almost immediately.
Two steps should be taken directly.
First, conduct “existing CE” products available, today, through OPM’s National Background Investigations Bureau (NBIB) (with 95% of government background investigation customers) on the highest risk population. Some might be surprised to know that OPM’s Federal Investigative Services (FIS), (now NBIB) has offered CE products since August 2010. The original product, known as the Periodic Assessment Special Agreement Check (PASAC) is now offered today as the Continuous Evaluation Special Agreement Check (CE SAC). The CE special agreement check (cost $32) includes the following:
- Security/Suitability Investigations Index Check (SII): A centralized database that records investigations conducted by OPM and other authorized investigative agencies.
- National Credit Check: Automated check of national credit bureaus.
- National Crime Information Center/Interstate Identification Index (NCIC/III): (NCIC) is the United States’ central database for tracking crime-related information. III is a national index of criminal histories (or rap sheets) in the United States of America, maintained by the Federal Bureau of Investigation (FBI).
- Financial Crimes Enforcement Network Check (FinCEN): FinCEN is a Department of Treasury’s Financial Crimes Enforcement Network that collects and analyzes information about financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes.
Second, enroll the entire cleared population (fed and contractor) into the FBI Next Generation Identification (NGI) Rap Back program through their servicing investigative service provider (ISP). As outlined by the FBI, “the Rap Back service allows authorized agencies to receive notification of activity on individuals who hold positions of trust (e.g. school teachers, daycare workers) or who are under criminal justice supervision or investigation, thus eliminating the need for repeated background checks on a person from the same applicant agency. Prior to the deployment of Rap Back, the national criminal history background check system provided a “one-time snapshot” view of an individual’s criminal history status.
With Rap Back, authorized agencies can receive on-going status notifications of any criminal history reported to the FBI after the initial processing and retention of criminal or civil transactions. By using fingerprint identification to identify persons arrested and prosecuted for crimes, Rap Back provides a nationwide notice to both criminal justice and noncriminal justice authorities regarding subsequent actions. One time enrollment can provide departments and agencies near “real time” notification of new criminal history activity.
Consider Aaron Alexis, and the actions the government could have taken if his two arrests, between investigations, had been known.
Using the tools that already exist, the federal government is in a position today to substantially implement CE, comply with White House direction, accomplish statutory and congressional mandates, address GAO recommendations, fulfill security and suitability reforms, and……most importantly, reduce the risk to our national security.