The latest step in the wave of security clearance reform is a renewed effort to apply ‘continuous monitoring’ to security-cleared professionals. The 2014 Intelligence Authorization Bill included a provision for ‘continuous evaluation’ – a requirement for agencies to evaluate public records such as credit histories and criminal backgrounds. Such electronic records would reveal information that would otherwise only appear in a periodic reinvestigation or as the result of a cleared professional self-reporting an issue.
With the leaks of defense contractor Edward Snowden continuing to trickle, it’s no surprise that congressional leaders are beginning to look at a program such as PRISM and wonder why it couldn’t be used to stop leaks in the first place. Continuous evaluation certainly has positive applications, given the fact that periodic reinvestigations for secret security clearances occur every 10 years, and in a world of tightening budgets the Defense Department is unlikely to find the extra dollars to make investigations happen more frequently.
Continuous monitoring, on the other hand, presents a myriad of additional issues for privacy advocates. Whether cybersecurity professionals and other in-demand workers will sign up for the government accessing their personal online actions is doubtful. And with all of that data, the question remains who would evaluate it – supervisors, security clearance investigators, adjudicators, or perhaps a completely new career field of cyber sleuths, working to snoop on cleared personnel?
And the biggest question – would it really help?