Cyber Vetting for Security Clearances
The Electronic Freedom Foundation (EFF) recently obtained information under the Freedom of Information Act regarding a June 2009 report of a study sponsored by the Office of the Director of National Intelligence (ODNI) on the use of Cyber Vetting for security clearance purposes. The study involved 349 test cases of intelligence agency applicants who consented to participating in the study and found “adverse information” on 28% of the cases. Adverse information was defined as:
Deliberate and overly descriptive posting of personal and/or work related information on public forums. This includes information about the subject’s specific work assignment, including listing descriptive information about colleagues and/or work site. Adverse classifications were also applied when references were found indicating illegal drug use or pictures appearing to show the subject engaged in illegal drug use.”
ODNI indicated that this was not a detailed study and that it would not be used to suggest modifications to existing investigative standards. “It is simply an initial approach to increase our knowledge and awareness of what types of information are posted in these sites so that educated decisions can be made regarding any future research. . . . If the results of the survey are suggestive and justify further work, the [ODNI] Special Security Center will commence design of a formal research project which will include thorough legal vetting.”
The study recommended the use of internet research, including media, blog, social networking, and professional networking sites as an adjunct to standard security clearance investigations.
Shortly after the statement of work for this study was issue in June 2008, ODNI decided more comprehensive studies were needed. In late summer 2008 ODNI issued RFPs for 2 additional studies with a total price of about $800,000. EFF is pursuing other documents related to the governments use of the internet for investigative purposes and may possibly obtain a copy of the two later studies.
ODNI has stated that:
From the perspective of personnel security, cyber-behavior represents an emerging area of behavior that should be considered as an important part of the adjudication process for granting security clearances for personnel working in national security positions. To address these challenges, adjudication policies must be modernized to incorporate a better understanding of the type and frequency of personnel IT activities. This necessitates identifying which specific cyber-behaviors are normative, acceptable, or favorable as well as identifying those that may be associated with risky or problematic cyber behavior within the workplace.