7 Security Clearance Red Flags (And How to Fix Them)

Security Clearance

As defined, a “red flag” is a sign or warning of an impending problem, danger, or disaster.  Those responsible for protecting public safety, critical infrastructure, systems, and classified information rely on a number of different processes to identify, analyze, prioritize, and mitigate potential threats. For any “system” to be effective, all phases of the process must be as thorough, comprehensive, and responsive as possible.

Today, there are clear and persistent “red flags” associated with the national security background investigative program which impact the efficiency, cost, and completeness of the information provided. They also create “downstream” consequences on the quality of the adjudicative decision. Annually, the OPM background investigations program conducts more than 24 million investigative leads to complete approximately 2.2 million investigations.  In my view, there are important steps that must be taken to address the seven most serious “red flags”, impacting the quality and completeness of the current investigative process.

1. Periodic Reinvestigation Standards Compromised

Because of the current background investigations backlog, senior leadership chose to change the standards for the periodic reinvestigation (PR).  The move to a five-year standard for Tier 3 PRs, as recommended by the 120-day review following the Navy Yard shooting, has been delayed and will remain at 10 years.  In addition, Tier 5 PRs have been moved from a five to a six year initiation period following the date of the previous investigation.

2. Record Access and completeness

As previously discussed, record access and completeness varies, based on the source, type of record, and level of cooperation provided. For example, Criminal History Record Information (CHRI) checks are performed through three primary methods: electronic data searches of the National Law Enforcement Telecommunications System (NLETS) and statewide repositories; mailed inquiries; and agent/investigator engagements at the local police department.  There is no one method that guarantees full and complete CHRI for each state and jurisdiction.

In addition, national fingerprint and name checks are conducted through the Federal Bureau of Investigation, with court checks being accomplished to locate missing disposition information when CHRI information is denied by law enforcement agencies.  With approximately 17,000 law enforcement agencies in the U.S. holding CHRI material, the completeness and quality of these records vary considerably.

  • Proposed Action(s) – Address record access and completeness issues by following through with the recommendations made by the “Record Access Task Force” in the report provided to Congress in May 2014, and in accordance with the FY 2014, National Defense Authorization Act (NDAA) Section 907(f).  (Secure sufficient staffing and material resources; (2) establish record collection and dissemination standards/practices; (3) clarify Federal laws relevant to Federal background investigations and criminal history record collection; (4) clarify existing legal framework; and (5) improve physical and technical matters.

3. Voluntary nature of the investigative process

The majority of the more than 5 million personal reference, residence, and employment checks conducted annually requires an OPM federal or contract investigator to directly ask friends, associates, neighbors, employers and others about the character, conduct, reliability and trustworthiness of the subject of investigation.  First-hand knowledge and direct observation of the subject from these sources can be some of the most important and relevant information discovered during a background investigation.

Unfortunately, sources are under no obligation to cooperate with background investigators.  In addition, many companies are reluctant to provide records, and have even put policies in place to limit the information they provide to background investigators.  In many cases, companies will provide information regarding the subject’s period of employment, but refuse to discuss performance or conduct information because of concerns about possible litigation. Generally, family, friends, developed references, neighbors, employers, etc., tend to be reluctant to provide unfavorable information about the subject, even when confidentiality can be requested and assured. The value and importance of these investigative leads, combined with the interview skills of the investigator cannot be over emphasized.

  • Proposed Action(s) – Change, where possible, the voluntary nature of the background investigative process by mandating and proactively soliciting support from key information providers, employers, neighbors, associates, who may have relevant information about the character, conduct, reliability, and trustworthiness of the subject of investigation.  For example, Congress could enact legislation making it mandatory for companies, who do business with the federal government, to provide relevant information to the government associated with the subject. Especially in light of the fact the subject has signed a release authorizing the disclosure.  Another example to enhance cooperation might be a campaign, similar to “see something, say something”, soliciting support from every American citizen who might have important and pertinent information about the subject of a government background investigation.

4. Snapshot in time

The background investigation, at best, represents only a snapshot in time regarding the subject’s character, conduct, and personal history.  Once investigative record inquiries, interviews and other investigative leads are accomplished, they begin to “age” immediately.  Even before the investigative report is finally written and closed, the information on the subject of the investigation has begun to “gap”. The current investigative process does not take into account the changing nature and unexpected events in a person’s life that may dramatically change the basis for the original adjudicative decision.  A criminal arrest, financial bankruptcy, unreported foreign travel, drug abuse, mishandling of classified information, serious mental health disease, etc., could result in removal from access, if the government knew.

Waiting five (now 6 years for Top Secret) to ten years to initiate a reinvestigation increases the government’s risk significantly for having individuals cleared for an extended period of time who should no longer be in access.  Case in point, Aaron Alexis, the Washington Navy Yard shooter, was not due for a reinvestigation until April 2017.  As cited in the November 2013, DoD “Independent Review of the Washington Navy Yard Shooting”, “currently, once individuals are granted security clearance eligibility, they are not monitored or reinvestigated when they are submitted for access until their reinvestigation.” “DoD gains little to no insight into its cleared workforce between periodic reinvestigations.” Despite a subsequent criminal arrest and developing mental health issues with Alexis, because of the government’s policy for a ten-year periodic reinvestigation period for individuals cleared at the secret level, the government remained “knowingly” unaware.

  • Proposed Action(s) – The federal government has known for decades the degree of risk associated with the gaps in investigative coverage between the “initial” investigation and subsequent periodic re-investigations. The predictability of investigative activity creates risk for the government and opportunity for foreign intelligence entities (FIE) and terrorist organizations.   These gaps can be closed substantially with the implementation of continuous evaluation (CE), aperiodic investigative activity, creating a constant state of investigative activity.

5. Missed activity outside targeted investigative areas

Background investigative activities (records, employment, neighborhood, education, reference checks, etc.) converge in locations where the subject has lived, worked, and gone to school.  A major gap in the current investigative process is that adjudicative information relevant about the subject may reside in areas not targeted by the investigation.  For example, if the subject of the background investigation had a criminal arrest for public intoxication, assault, theft, etc., while on vacation or outside the locations where they have lived, worked, or gone to school, there is real potential these arrests may not be uncovered. Since all relevant criminal history record information does not reside in one centralized database, depending on the jurisdiction, the criminal record may never be uncovered, unless disclosed specifically by the Subject or someone (friend, relative, reference, co-worker, etc.) knowledgeable of the arrest.

  • Proposed Action(s) – Expand capabilities to better target investigative activities.  Fieldwork should focus on information that materially impacts the outcome of adjudications and addresses risks. To fill this gap, additional investigative analytics should be used to more effectively target leads relevant to the subject’s history.  For example, implementation of web based investigative search engines, data mining of social media, and other relevant data sources would help to more effectively “target” investigative activity.

6. Overseas Service

There is a very large cleared population of U.S. federal employees (DoD, State, USAID, Customs and Border Patrol, FBI, DEA, etc.) and contractors who live and work overseas.  Overseas duty has always created serious investigative gaps due to restrictions and limitations placed on background investigative activities in a foreign country.  When living in the U.S., background investigative leads include criminal record checks, neighborhood checks, interviews of associates, and so on.  However, when in an overseas environment, host country restrictions, counterintelligence concerns, and the limited availability of critical U.S. sources of information creates major gaps.

Today, investigative leads can only be accomplished on U.S. installations, within U.S. facilities, with interviews only of U.S citizens.  Leads with the host country law enforcement and security services, foreign companies, foreign citizens, etc., is not authorized (and not advisable).  A U.S. citizen working overseas whose primary activities, outside of work, take place with foreign nationals and within foreign establishments will seriously limit potential investigation completeness.

  • Proposed Action(s) – Unfortunately, today, many investigative service providers (ISPs) do not attempt to conduct investigative leads overseas, even those on U.S. installations, within U.S. facilities, with interviews only of U.S citizens.  It should be mandated that all ISP perform overseas leads affiliated with U.S. installations, facilities and personnel.  In addition, to narrow the current gap, consideration should be given to putting in place background investigation cooperation agreements, via “status of forces agreements,” defense cooperation agreements, and so on, with allied countries, particularly “five eyes” (FVEY) countries, and other countries we have intelligence sharing relationships with, to provide basic background information.

7. Over reliance on Subject provided information

Currently the investigative process has a significant reliance on subject provided information.  When completing the investigation questionnaire for a national security or public trust position, the subject provides the details (residence(s), employment(s), education, foreign contacts/travel, criminal history, psychological health, drug/alcohol use, etc.) which becomes the basis for the leads to be accomplished during the background investigation.  In many cases, it remains very difficult to verify or validate the accuracy of all the information provided (or not provided) by the subject, especially when there is no complete database or data-source that would be able to completely authenticate the information provided.  Many subjects intentionally fail to disclose “derogatory information” about their past history, hoping the investigation will fail to uncover the information.

  • Proposed Action(s) –  Similar to filling the gap for better targeting of investigative activity, reducing the reliance on subject provided information can be accomplished by implementing advanced investigative analytic tools (world wide web investigative search engines, data mining of social media, and other relevant data sources) to more effectively target leads relevant to the subject’s history.

Merton W. Miller is a retired Colonel and Federal Agent with the Air Force Office of Special Investigations, and former Senior Executive with the Federal Investigative Service and National Background Investigations Bureau. His duties assignments included tours as Security Advisor White House Military Office, Assistant Director Office of the Secretary of Defense Counterintelligence, Commander AFOSI Region 6, Director Counterintelligence Field Activity Counterintelligence Campaigns, Associate Director for the Federal Investigative Services, and Deputy Director for NBIB.